-func blake256() hash.Hash {
- h, err := blake2b.New256(nil)
- if err != nil {
- panic(err)
+func aeadProcess(
+ aead cipher.AEAD,
+ nonce []byte,
+ doEncrypt bool,
+ r io.Reader,
+ w io.Writer,
+) (int, error) {
+ var blkCtr uint64
+ ciphCtr := nonce[len(nonce)-8:]
+ buf := make([]byte, EncBlkSize+aead.Overhead())
+ var toRead []byte
+ var toWrite []byte
+ var n int
+ var readBytes int
+ var err error
+ if doEncrypt {
+ toRead = buf[:EncBlkSize]
+ } else {
+ toRead = buf
+ }
+ for {
+ n, err = io.ReadFull(r, toRead)
+ if err != nil {
+ if err == io.EOF {
+ break
+ }
+ if err != io.ErrUnexpectedEOF {
+ return readBytes + n, err
+ }
+ }
+ readBytes += n
+ blkCtr++
+ binary.BigEndian.PutUint64(ciphCtr, blkCtr)
+ if doEncrypt {
+ toWrite = aead.Seal(buf[:0], nonce, buf[:n], nil)
+ } else {
+ toWrite, err = aead.Open(buf[:0], nonce, buf[:n], nil)
+ if err != nil {
+ return readBytes, err
+ }
+ }
+ if _, err = w.Write(toWrite); err != nil {
+ return readBytes, err
+ }