crypto/x509: implement EncryptPEMBlock
Arbitrary decisions: order of the arguments and the
fact it takes a block-type argument (rather than
leaving to user to fill it in later); I'm happy whatever
colour we want to paint it.
We also change DecryptPEMBlock so that it won't
panic when the IV has the wrong size.
ha, more comments i forgot to publish https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go File src/pkg/crypto/x509/pem_decrypt.go (right): https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode95 src/pkg/crypto/x509/pem_decrypt.go:95: return nil, ...
12 years, 4 months ago
(2012-11-12 15:26:04 UTC)
#7
ha, more comments i forgot to publish
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decr...
File src/pkg/crypto/x509/pem_decrypt.go (right):
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decr...
src/pkg/crypto/x509/pem_decrypt.go:95: return nil, errors.New("x509: wrong IV
size")
On 2012/11/09 15:38:14, agl1 wrote:
> s/wrong/incorrect/
Done.
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decr...
src/pkg/crypto/x509/pem_decrypt.go:145: func EncryptPEMBlock(blockType string,
rand io.Reader, data, password []byte, alg string) (*pem.Block, error) {
On 2012/11/09 15:38:14, agl1 wrote:
> rand is typically the first argument.
>
> I also think that alg should be type and not a generic string.
>
> So
>
> type PEMCipher int
>
> const (
> PEMCipherDES PEMCipher = iota
> ...
> PEMCipherAES256
> )
>
> And I'd add PEMCipher as an element of rfc1423Algo and turn rfc1423Algos into
a
> slice, rather than a map. When we need to look one up, the code can just
iterate
> over the members.
Done. I considered keying the indexes of the slice by PEMCipher, but it seemed a
bit too precious.
I made the zero value an invalid cipher, but another possibility might be to
make the zero value be strong (e.g. PEMCipherAES256).
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decr...
src/pkg/crypto/x509/pem_decrypt.go:152: return nil, errors.New("cannot generate
IV: " + err.Error())
On 2012/11/09 15:38:14, agl1 wrote:
> "x509: "
Done.
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decr...
src/pkg/crypto/x509/pem_decrypt.go:154: key := ciph.deriveKey(password, iv[:8])
On 2012/11/09 15:38:14, agl1 wrote:
> I'll take your word that the IV is truncated for this but a reference would be
> nice if it's written down somewhere.
It matches the deriveKey call in DecryptPEMBlock. I've added a comment to that
effect.
https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decr...
src/pkg/crypto/x509/pem_decrypt.go:159: dec := cipher.NewCBCEncrypter(block, iv)
On 2012/11/09 15:38:14, agl1 wrote:
> surely the /en/crypter shouldn't be called 'dec'?
Done.
*** Submitted as http://code.google.com/p/go/source/detail?r=9ef24096faf2 *** crypto/x509: implement EncryptPEMBlock Arbitrary decisions: order of the arguments and ...
12 years, 4 months ago
(2012-11-12 15:31:36 UTC)
#8
*** Submitted as http://code.google.com/p/go/source/detail?r=9ef24096faf2 ***
crypto/x509: implement EncryptPEMBlock
Arbitrary decisions: order of the arguments and the
fact it takes a block-type argument (rather than
leaving to user to fill it in later); I'm happy whatever
colour we want to paint it.
We also change DecryptPEMBlock so that it won't
panic when the IV has the wrong size.
R=agl, agl
CC=golang-dev
http://codereview.appspot.com/6820114
Issue 6820114: code review 6820114: crypto/x509: implement EncryptPEMBlock
(Closed)
Created 12 years, 4 months ago by rog
Modified 12 years, 4 months ago
Reviewers:
Base URL:
Comments: 10
