mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix regression when calculating token using chacha20 (#281)

Browse Source
This commit is contained in:
Lenin Alevski
2020-09-17 18:21:54 -07:00
committed by GitHub
parent 064533d8aa
commit 666904f902
3 changed files with 103 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/auth/token.go
View File

@@ -158,7 +158,7 @@ const (
// iv | AEAD ID | nonce | encrypted data
// 32 1 12 ~ len(data)
func encrypt(plaintext, associatedData []byte) ([]byte, error) {
iv, err := sioutil.Random(32) // 32 bit IV
iv, err := sioutil.Random(32) // 32 bytes IV
if err != nil {
return nil, err
}
@@ -186,7 +186,7 @@ func encrypt(plaintext, associatedData []byte) ([]byte, error) {
}
case c20p1305:
var sealingKey []byte
sealingKey, err = chacha20.HChaCha20(derivedKey, iv)
sealingKey, err = chacha20.HChaCha20(derivedKey, iv[:16]) // HChaCha20 expects nonce of 16 bytes
if err != nil {
return nil, err
}
@@ -249,7 +249,7 @@ func decrypt(ciphertext []byte, associatedData []byte) ([]byte, error) {
return nil, err
}
case c20p1305:
sealingKey, err := chacha20.HChaCha20(derivedKey, iv[:])
sealingKey, err := chacha20.HChaCha20(derivedKey, iv[:16]) // HChaCha20 expects nonce of 16 bytes
if err != nil {
return nil, err
}