diff options
author | Christian Pointner <equinox@anytun.org> | 2017-10-14 16:15:28 +0200 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2017-10-14 16:15:28 +0200 |
commit | 00cd2b7984bc9125668782254dfad2a3089dbaf1 (patch) | |
tree | ffb13779557e39c0c7473dab2326b60dba396a2a /satp/crypto-kd-aesctr.go | |
parent | nicer test output (diff) |
role is now part of kd
Diffstat (limited to 'satp/crypto-kd-aesctr.go')
-rw-r--r-- | satp/crypto-kd-aesctr.go | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/satp/crypto-kd-aesctr.go b/satp/crypto-kd-aesctr.go index 749e3dc..b3f2907 100644 --- a/satp/crypto-kd-aesctr.go +++ b/satp/crypto-kd-aesctr.go @@ -46,15 +46,16 @@ const ( type AESCTRKeyDerivation struct { cipher cipher.Block salt []byte + role KDRole } -func (kd *AESCTRKeyDerivation) generateCTR(role KDRole, dir Direction, usage KeyUsage, sequenceNumber uint32, ctr []byte) { +func (kd *AESCTRKeyDerivation) generateCTR(dir Direction, usage KeyUsage, sequenceNumber uint32, ctr []byte) { ctr[aes.BlockSize-1] = 0 ctr[aes.BlockSize-2] = 0 subtle.ConstantTimeCopy(1, ctr[:len(kd.salt)], kd.salt) keyID := [8]byte{} - binary.BigEndian.PutUint32(keyID[:4], getKDLabel(role, dir, usage)) + binary.BigEndian.PutUint32(keyID[:4], getKDLabel(kd.role, dir, usage)) binary.BigEndian.PutUint32(keyID[4:], sequenceNumber) // unfortunately crypto.xorBytes is not exported... @@ -65,11 +66,11 @@ func (kd *AESCTRKeyDerivation) generateCTR(role KDRole, dir Direction, usage Key } } -func (kd *AESCTRKeyDerivation) Generate(role KDRole, dir Direction, usage KeyUsage, sequenceNumber uint32, out []byte) error { +func (kd *AESCTRKeyDerivation) Generate(dir Direction, usage KeyUsage, sequenceNumber uint32, out []byte) error { // this needs to stay in this function so that the go compiler can detect that it doesn't escape // from this function and whence will get allocated on the stack ctr := [aes.BlockSize]byte{} - kd.generateCTR(role, dir, usage, sequenceNumber, ctr[:]) + kd.generateCTR(dir, usage, sequenceNumber, ctr[:]) for i := range out { // unfortunately there is no memset-style function in go... out[i] = 0 } @@ -78,12 +79,12 @@ func (kd *AESCTRKeyDerivation) Generate(role KDRole, dir Direction, usage KeyUsa return nil } -func NewAESCTRKeyDerivation(key, salt []byte) (KeyDerivation, error) { +func NewAESCTRKeyDerivation(key, salt []byte, role KDRole) (KeyDerivation, error) { if len(salt) != AES_CTR_KD_SALT_LENGTH { return nil, errors.New("invalid salt size: " + strconv.Itoa(len(salt))) } - kd := &AESCTRKeyDerivation{salt: salt} + kd := &AESCTRKeyDerivation{salt: salt, role: role} var err error if kd.cipher, err = aes.NewCipher(key); err != nil { |