loading up the forgejo repo on tangled to test page performance
Merge pull request 'feat: harden keying implementation' (#6368) from gusted/forgejo-harden-keying into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6368
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
+9
-6
+9
-6
modules/keying/keying.go
+9
-6
modules/keying/keying.go
···
28
28
// The hash used for HKDF.
29
29
hash = sha256.New
30
30
// The AEAD used for encryption/decryption.
31
-
aead = chacha20poly1305.NewX
31
+
aead = chacha20poly1305.NewX
32
+
// The pseudorandom key generated by HKDF-Extract.
33
+
prk []byte
34
+
)
35
+
36
+
const (
32
37
aeadKeySize = chacha20poly1305.KeySize
33
38
aeadNonceSize = chacha20poly1305.NonceSizeX
34
-
// The pseudorandom key generated by HKDF-Extract.
35
-
prk []byte
36
39
)
37
40
38
41
// Set the main IKM for this module.
···
55
58
// Derive *the* key for a given context, this is a deterministic function.
56
59
// The same key will be provided for the same context.
57
60
func DeriveKey(context Context) *Key {
58
-
if len(prk) == 0 {
61
+
if len(prk) != sha256.Size {
59
62
panic("keying: not initialized")
60
63
}
61
64
···
63
66
64
67
key := make([]byte, aeadKeySize)
65
68
// This should never return an error, but if it does, panic.
66
-
if _, err := r.Read(key); err != nil {
69
+
if n, err := r.Read(key); err != nil || n != aeadKeySize {
67
70
panic(err)
68
71
}
69
72
···
92
95
93
96
// Generate a random nonce.
94
97
nonce := make([]byte, aeadNonceSize)
95
-
if _, err := rand.Read(nonce); err != nil {
98
+
if n, err := rand.Read(nonce); err != nil || n != aeadNonceSize {
96
99
panic(err)
97
100
}
98
101