This is an automated email from the ASF dual-hosted git repository. cmorris pushed a commit to branch splitroles-blockchain in repository https://gitbox.apache.org/repos/asf/incubator-milagro-dta.git
commit 2209bdbae7383dfdf8365c4fea8b8f07f172a9d9 Author: Christopher Morris <[email protected]> AuthorDate: Wed Sep 25 13:08:54 2019 +0100 Use dup function to unchanged input params --- .gitignore | 1 + cmd/service/__debug_bin | Bin 51655380 -> 0 bytes libs/documents/crypto.go | 30 ++++++++++-------------------- 3 files changed, 11 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index b2ed953..9d69337 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ target/ vendor/ libs/crypto/libpqnist/build/ +/cmd/service/__debug_bin diff --git a/cmd/service/__debug_bin b/cmd/service/__debug_bin deleted file mode 100755 index 583f2a3..0000000 Binary files a/cmd/service/__debug_bin and /dev/null differ diff --git a/libs/documents/crypto.go b/libs/documents/crypto.go index 8861e0e..9038963 100644 --- a/libs/documents/crypto.go +++ b/libs/documents/crypto.go @@ -43,22 +43,19 @@ func decapsulate(recipientCID string, recipients []*Recipient, sikeSK []byte) ([ return nil, errRecipientNotFound } +func dup(orig []byte) []byte { + dupSlice := make([]byte, len(orig)) + copy(dupSlice, orig) + return dupSlice +} + func decapsulateWithRecipient(recipient Recipient, sikeSK []byte) ([]byte, error) { cipherText := recipient.CipherText encapsulatedKey := recipient.EncapsulatedKey encapIV := recipient.IV - cipherTextTemp := make([]byte, len(cipherText)) - encapIVTemp := make([]byte, len(encapIV)) - sikeSKTemp := make([]byte, len(sikeSK)) - encapsulatedKeyTemp := make([]byte, len(encapsulatedKey)) - - copy(cipherTextTemp, cipherText) - copy(encapIVTemp, encapIV) - copy(sikeSKTemp, sikeSK) - copy(encapsulatedKeyTemp, encapsulatedKey) - - rc, recreatedAesKey := crypto.DecapsulateDecrypt(cipherTextTemp, encapIVTemp, sikeSKTemp, encapsulatedKeyTemp) + //Use duplicates of params, as DecapsulateDecrypt is destructive to inputs + rc, recreatedAesKey := crypto.DecapsulateDecrypt(dup(cipherText), dup(encapIV), dup(sikeSK), dup(encapsulatedKey)) if rc != 0 { return nil, errFailedDecapsulation @@ -77,15 +74,8 @@ func encapsulateKeyForRecipient(recipientsIDDocs map[string]IDDoc, secret []byte r.IV = iv sikePK := idDocument.SikePublicKey - //Make Copies of EncapsulateEncrypt's input params as its destructive - secretTemp := make([]byte, len(secret)) - ivTemp := make([]byte, len(iv)) - sikePKtemp := make([]byte, len(sikePK)) - copy(secretTemp, secret) - copy(ivTemp, iv) - copy(sikePKtemp, sikePK) - - rc, cipherText, encapsulatedKey := crypto.EncapsulateEncrypt(secretTemp, ivTemp, sikePKtemp) + //Use duplicates of params, as EncapsulateEncrypt is destructive to inputs + rc, cipherText, encapsulatedKey := crypto.EncapsulateEncrypt(dup(secret), dup(iv), dup(sikePK)) if rc != 0 { return nil, errFailedToGenerateAESKey
