import (
"crypto/subtle"
- "errors"
"chacha20"
+ "github.com/pkg/errors"
"golang.org/x/crypto/blake2b"
)
HSize = 32
// RSize size of generated random output in terms of OAEP
RSize = 16
+
+ wrapBlake2bNew256 = "blake2b.New256"
+ wrapHashWrite = "hash.Write"
)
var (
copy(out, in)
h, err := blake2b.New256(nil)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, wrapBlake2bNew256)
+ }
+ if _, err = h.Write(r[:]); err != nil {
+ return nil, errors.Wrap(err, wrapHashWrite)
+ }
+ if _, err = h.Write(in); err != nil {
+ return nil, errors.Wrap(err, wrapHashWrite)
}
- h.Write(r[:])
- h.Write(in)
copy(out[len(in):], h.Sum(nil))
chachaKey := new([32]byte)
copy(chachaKey[:], r[:])
chacha20.XORKeyStream(out, out, dummyNonce, chachaKey)
h.Reset()
- h.Write(out[:len(in)+32])
+ if _, err = h.Write(out[:len(in)+32]); err != nil {
+ return nil, errors.Wrap(err, wrapHashWrite)
+ }
for i, b := range h.Sum(nil)[:RSize] {
out[len(in)+32+i] = b ^ r[i]
}
}
h, err := blake2b.New256(nil)
if err != nil {
- return nil, err
+ return nil, errors.Wrap(err, wrapBlake2bNew256)
+ }
+ if _, err = h.Write(in[:len(in)-RSize]); err != nil {
+ return nil, errors.Wrap(err, wrapHashWrite)
}
- h.Write(in[:len(in)-RSize])
chachaKey := new([32]byte)
for i, b := range h.Sum(nil)[:RSize] {
chachaKey[i] = b ^ in[len(in)-RSize+i]
}
h.Reset()
- h.Write(chachaKey[:RSize])
+ if _, err = h.Write(chachaKey[:RSize]); err != nil {
+ return nil, errors.Wrap(err, wrapHashWrite)
+ }
out := make([]byte, len(in)-RSize)
chacha20.XORKeyStream(out, in[:len(in)-RSize], dummyNonce, chachaKey)
- h.Write(out[:len(out)-HSize])
+ if _, err = h.Write(out[:len(out)-HSize]); err != nil {
+ return nil, errors.Wrap(err, wrapHashWrite)
+ }
if subtle.ConstantTimeCompare(h.Sum(nil), out[len(out)-HSize:]) != 1 {
return nil, errors.New("Invalid checksum")
}