X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=src%2Fcypherpunks.ru%2Fgovpn%2Faont%2Foaep.go;h=7431060fa0a6b3bb1dabdd0a0ab12a75b8239269;hb=3e56ce5dd70032b77582065691b4971b222caa22;hp=a2329a3dd28187a3dc6a83cd64de946cbada643b;hpb=6f7f0571f11f3d370b38c6de681e4b1389ba3e53;p=govpn.git diff --git a/src/cypherpunks.ru/govpn/aont/oaep.go b/src/cypherpunks.ru/govpn/aont/oaep.go index a2329a3..7431060 100644 --- a/src/cypherpunks.ru/govpn/aont/oaep.go +++ b/src/cypherpunks.ru/govpn/aont/oaep.go @@ -36,9 +36,9 @@ package aont import ( "crypto/subtle" - "errors" "chacha20" + "github.com/pkg/errors" "golang.org/x/crypto/blake2b" ) @@ -47,6 +47,9 @@ const ( HSize = 32 // RSize size of generated random output in terms of OAEP RSize = 16 + + wrapBlake2bNew256 = "blake2b.New256" + wrapHashWrite = "hash.Write" ) var ( @@ -60,16 +63,22 @@ func Encode(r *[RSize]byte, in []byte) ([]byte, error) { copy(out, in) h, err := blake2b.New256(nil) if err != nil { - return nil, err + return nil, errors.Wrap(err, wrapBlake2bNew256) + } + if _, err = h.Write(r[:]); err != nil { + return nil, errors.Wrap(err, wrapHashWrite) + } + if _, err = h.Write(in); err != nil { + return nil, errors.Wrap(err, wrapHashWrite) } - h.Write(r[:]) - h.Write(in) copy(out[len(in):], h.Sum(nil)) chachaKey := new([32]byte) copy(chachaKey[:], r[:]) chacha20.XORKeyStream(out, out, dummyNonce, chachaKey) h.Reset() - h.Write(out[:len(in)+32]) + if _, err = h.Write(out[:len(in)+32]); err != nil { + return nil, errors.Wrap(err, wrapHashWrite) + } for i, b := range h.Sum(nil)[:RSize] { out[len(in)+32+i] = b ^ r[i] } @@ -84,18 +93,24 @@ func Decode(in []byte) ([]byte, error) { } h, err := blake2b.New256(nil) if err != nil { - return nil, err + return nil, errors.Wrap(err, wrapBlake2bNew256) + } + if _, err = h.Write(in[:len(in)-RSize]); err != nil { + return nil, errors.Wrap(err, wrapHashWrite) } - h.Write(in[:len(in)-RSize]) chachaKey := new([32]byte) for i, b := range h.Sum(nil)[:RSize] { chachaKey[i] = b ^ in[len(in)-RSize+i] } h.Reset() - h.Write(chachaKey[:RSize]) + if _, err = h.Write(chachaKey[:RSize]); err != nil { + return nil, errors.Wrap(err, wrapHashWrite) + } out := make([]byte, len(in)-RSize) chacha20.XORKeyStream(out, in[:len(in)-RSize], dummyNonce, chachaKey) - h.Write(out[:len(out)-HSize]) + if _, err = h.Write(out[:len(out)-HSize]); err != nil { + return nil, errors.Wrap(err, wrapHashWrite) + } if subtle.ConstantTimeCompare(h.Sum(nil), out[len(out)-HSize:]) != 1 { return nil, errors.New("Invalid checksum") }