diff --git a/aead/aes_gcm_key_manager_test.go b/aead/aes_gcm_key_manager_test.go index 82e64b1..21bbc18 100644 --- a/aead/aes_gcm_key_manager_test.go +++ b/aead/aes_gcm_key_manager_test.go @@ -445,9 +445,6 @@ func validateAESGCMKey(key *gcmpb.AesGcmKey, format *gcmpb.AesGcmKeyFormat) erro func validateAESGCMPrimitive(p any, key *gcmpb.AesGcmKey) error { cipher := p.(*subtle.AESGCM) - if !bytes.Equal(cipher.Key(), key.KeyValue) { - return fmt.Errorf("key and primitive don't match") - } // try to encrypt and decrypt pt := random.GetRandomBytes(32) aad := random.GetRandomBytes(32) diff --git a/aead/aes_gcm_siv_key_manager_test.go b/aead/aes_gcm_siv_key_manager_test.go index 27dd6b8..954297b 100644 --- a/aead/aes_gcm_siv_key_manager_test.go +++ b/aead/aes_gcm_siv_key_manager_test.go @@ -299,9 +299,6 @@ func validateAESGCMSIVKey(key *gcmsivpb.AesGcmSivKey, format *gcmsivpb.AesGcmSiv func validateAESGCMSIVPrimitive(p any, key *gcmsivpb.AesGcmSivKey) error { cipher := p.(*subtle.AESGCMSIV) - if !bytes.Equal(cipher.Key, key.KeyValue) { - return fmt.Errorf("Inputted key and primitive key don't match; input=%v, primitive=%v", key.KeyValue, cipher.Key) - } // Try to encrypt and decrypt random data. pt := random.GetRandomBytes(32) aad := random.GetRandomBytes(32) diff --git a/aead/subtle/aes_ctr.go b/aead/subtle/aes_ctr.go index 78e3385..66f56c6 100644 --- a/aead/subtle/aes_ctr.go +++ b/aead/subtle/aes_ctr.go @@ -32,7 +32,7 @@ const ( // AESCTR is an implementation of AEAD interface. type AESCTR struct { - Key []byte + key []byte IVSize int } @@ -48,7 +48,7 @@ func NewAESCTR(key []byte, ivSize int) (*AESCTR, error) { if ivSize < AESCTRMinIVSize || ivSize > aes.BlockSize { return nil, fmt.Errorf("aes_ctr: invalid IV size: %d", ivSize) } - return &AESCTR{Key: key, IVSize: ivSize}, nil + return &AESCTR{key: key, IVSize: ivSize}, nil } // Encrypt encrypts plaintext using AES in CTR mode. @@ -59,7 +59,7 @@ func (a *AESCTR) Encrypt(plaintext []byte) ([]byte, error) { return nil, fmt.Errorf("aes_ctr: plaintext too long") } iv := a.newIV() - stream, err := newCipher(a.Key, iv) + stream, err := newCipher(a.key, iv) if err != nil { return nil, err } @@ -80,7 +80,7 @@ func (a *AESCTR) Decrypt(ciphertext []byte) ([]byte, error) { } iv := ciphertext[:a.IVSize] - stream, err := newCipher(a.Key, iv) + stream, err := newCipher(a.key, iv) if err != nil { return nil, err } diff --git a/aead/subtle/aes_ctr_test.go b/aead/subtle/aes_ctr_test.go index 39f735d..45479ac 100644 --- a/aead/subtle/aes_ctr_test.go +++ b/aead/subtle/aes_ctr_test.go @@ -43,10 +43,6 @@ func TestNewAESCTR(t *testing.T) { if err != nil { t.Errorf("want: valid cipher (key size=%d), got: error %v", len(k), err) } - // Verify that the struct contents are correctly set. - if len(c.Key) != len(k) { - t.Errorf("want: key size=%d, got: key size=%d", len(k), len(c.Key)) - } if c.IVSize != subtle.AESCTRMinIVSize { t.Errorf("want: IV size=%d, got: IV size=%d", subtle.AESCTRMinIVSize, c.IVSize) } @@ -66,9 +62,6 @@ func TestNewAESCTR(t *testing.T) { if err != nil { t.Errorf("want: valid cipher (IV size=%d), got: error %v", i, err) } - if len(c.Key) != len(k) { - t.Errorf("want: key size=%d, got: key size=%d", len(k), len(c.Key)) - } if c.IVSize != i { t.Errorf("want: IV size=%d, got: IV size=%d", i, c.IVSize) } diff --git a/aead/subtle/aes_gcm.go b/aead/subtle/aes_gcm.go index f0803e7..a0637e9 100644 --- a/aead/subtle/aes_gcm.go +++ b/aead/subtle/aes_gcm.go @@ -64,8 +64,3 @@ func (a *AESGCM) Decrypt(ciphertext, associatedData []byte) ([]byte, error) { iv := ciphertext[:AESGCMIVSize] return a.aesGCMInsecureIV.Decrypt(iv, ciphertext, associatedData) } - -// Key returns the AES key. -func (a *AESGCM) Key() []byte { - return a.aesGCMInsecureIV.Key -} diff --git a/aead/subtle/aes_gcm_siv.go b/aead/subtle/aes_gcm_siv.go index acea873..655bc04 100644 --- a/aead/subtle/aes_gcm_siv.go +++ b/aead/subtle/aes_gcm_siv.go @@ -48,7 +48,7 @@ const ( // AESGCMSIV is an implementation of AEAD interface. type AESGCMSIV struct { - Key []byte + key []byte } // NewAESGCMSIV returns an AESGCMSIV instance. @@ -59,7 +59,7 @@ func NewAESGCMSIV(key []byte) (*AESGCMSIV, error) { if err := ValidateAESKeySize(keySize); err != nil { return nil, fmt.Errorf("aes_gcm_siv: %s", err) } - return &AESGCMSIV{Key: key}, nil + return &AESGCMSIV{key: key}, nil } // Encrypt encrypts plaintext with associatedData. @@ -155,7 +155,7 @@ func (a *AESGCMSIV) deriveKeys(nonce []byte) ([]byte, []byte, error) { } nonceBlock := make([]byte, aesgcmsivBlockSize) copy(nonceBlock[aesgcmsivBlockSize-AESGCMSIVNonceSize:], nonce) - block, err := aes.NewCipher(a.Key) + block, err := aes.NewCipher(a.key) if err != nil { return nil, nil, fmt.Errorf("aes_gcm_siv: failed to create block cipher, error: %v", err) } @@ -171,11 +171,11 @@ func (a *AESGCMSIV) deriveKeys(nonce []byte) ([]byte, []byte, error) { kdfAes(0, authKey[0:8]) kdfAes(1, authKey[8:16]) - encKey := make([]byte, len(a.Key)) + encKey := make([]byte, len(a.key)) kdfAes(2, encKey[0:8]) kdfAes(3, encKey[8:16]) - if len(a.Key) == 32 { + if len(a.key) == 32 { kdfAes(4, encKey[16:24]) kdfAes(5, encKey[24:32]) } diff --git a/aead/subtle/xchacha20poly1305.go b/aead/subtle/xchacha20poly1305.go index 4b09e11..f56668b 100644 --- a/aead/subtle/xchacha20poly1305.go +++ b/aead/subtle/xchacha20poly1305.go @@ -27,7 +27,7 @@ import ( // XChaCha20Poly1305 is an implementation of AEAD interface. type XChaCha20Poly1305 struct { - Key []byte + key []byte } // Assert that XChaCha20Poly1305 implements the AEAD interface. @@ -40,7 +40,7 @@ func NewXChaCha20Poly1305(key []byte) (*XChaCha20Poly1305, error) { return nil, errors.New("xchacha20poly1305: bad key length") } - return &XChaCha20Poly1305{Key: key}, nil + return &XChaCha20Poly1305{key: key}, nil } // Encrypt encrypts plaintext with associatedData. @@ -52,7 +52,7 @@ func (x *XChaCha20Poly1305) Encrypt(plaintext []byte, associatedData []byte) ([] if len(plaintext) > maxInt-chacha20poly1305.NonceSizeX-poly1305TagSize { return nil, fmt.Errorf("xchacha20poly1305: plaintext too long") } - c, err := chacha20poly1305.NewX(x.Key) + c, err := chacha20poly1305.NewX(x.key) if err != nil { return nil, err } @@ -75,7 +75,7 @@ func (x *XChaCha20Poly1305) Decrypt(ciphertext []byte, associatedData []byte) ([ return nil, fmt.Errorf("xchacha20poly1305: ciphertext too short") } - c, err := chacha20poly1305.NewX(x.Key) + c, err := chacha20poly1305.NewX(x.key) if err != nil { return nil, err } diff --git a/aead/xchacha20poly1305_key_manager_test.go b/aead/xchacha20poly1305_key_manager_test.go index 6d6a2e1..fea0e80 100644 --- a/aead/xchacha20poly1305_key_manager_test.go +++ b/aead/xchacha20poly1305_key_manager_test.go @@ -305,9 +305,6 @@ func TestXChaCha20Poly1305DeriveKeyFailsWithInsufficientRandomness(t *testing.T) func validateXChaCha20Poly1305Primitive(p any, key *xpb.XChaCha20Poly1305Key) error { cipher := p.(*subtle.XChaCha20Poly1305) - if !bytes.Equal(cipher.Key, key.KeyValue) { - return fmt.Errorf("key and primitive don't match") - } // Try to encrypt and decrypt. pt := random.GetRandomBytes(32) diff --git a/daead/subtle/aes_siv.go b/daead/subtle/aes_siv.go index 87878d5..c06c0ef 100644 --- a/daead/subtle/aes_siv.go +++ b/daead/subtle/aes_siv.go @@ -52,11 +52,11 @@ import ( // and RFC 5297 only supports same size encryption and MAC keys this // implies that keys must be 64 bytes (2*256 bits) long. type AESSIV struct { - K1 []byte - K2 []byte - CmacK1 []byte - CmacK2 []byte - Cipher cipher.Block + k1 []byte + k2 []byte + cmacK1 []byte + cmacK2 []byte + cipher cipher.Block } const ( @@ -90,11 +90,11 @@ func NewAESSIV(key []byte) (*AESSIV, error) { copy(cmacK2, block) return &AESSIV{ - K1: k1, - K2: k2, - CmacK1: cmacK1, - CmacK2: cmacK2, - Cipher: c, + k1: k1, + k2: k2, + cmacK1: cmacK1, + cmacK2: cmacK2, + cipher: c, }, nil } @@ -159,7 +159,7 @@ func (asc *AESSIV) ctrCrypt(siv, in, out []byte) error { iv[8] &= 0x7f iv[12] &= 0x7f - c, err := aes.NewCipher(asc.K2) + c, err := aes.NewCipher(asc.k2) if err != nil { return fmt.Errorf("aes_siv: aes.NewCipher() failed: %v", err) } @@ -202,7 +202,7 @@ func (asc *AESSIV) cmacLong(data, last, mac []byte) { idx := aes.BlockSize for aes.BlockSize <= len(data)-idx { - asc.Cipher.Encrypt(block, block) + asc.cipher.Encrypt(block, block) xorBlock(data[idx:idx+aes.BlockSize], block) idx += aes.BlockSize } @@ -212,18 +212,18 @@ func (asc *AESSIV) cmacLong(data, last, mac []byte) { block[remaining+i] ^= last[i] } if remaining == 0 { - xorBlock(asc.CmacK1, block) + xorBlock(asc.cmacK1, block) } else { - asc.Cipher.Encrypt(block, block) + asc.cipher.Encrypt(block, block) for i := 0; i < remaining; i++ { block[i] ^= last[aes.BlockSize-remaining+i] block[i] ^= data[idx+i] } block[remaining] ^= 0x80 - xorBlock(asc.CmacK2, block) + xorBlock(asc.cmacK2, block) } - asc.Cipher.Encrypt(mac, block) + asc.cipher.Encrypt(mac, block) } // cmac computes a CMAC of some data. @@ -238,7 +238,7 @@ func (asc *AESSIV) cmac(data, mac []byte) { idx := 0 for i := 0; i < numBs-1; i++ { xorBlock(data[idx:idx+aes.BlockSize], block) - asc.Cipher.Encrypt(block, block) + asc.cipher.Encrypt(block, block) idx += aes.BlockSize } for j := 0; j < lastBSize; j++ { @@ -246,13 +246,13 @@ func (asc *AESSIV) cmac(data, mac []byte) { } if lastBSize == aes.BlockSize { - xorBlock(asc.CmacK1, block) + xorBlock(asc.cmacK1, block) } else { block[lastBSize] ^= 0x80 - xorBlock(asc.CmacK2, block) + xorBlock(asc.cmacK2, block) } - asc.Cipher.Encrypt(mac, block) + asc.cipher.Encrypt(mac, block) } // xorBlock sets block[i] = x[i] ^ block[i]. diff --git a/internal/aead/aes_gcm_insecure_iv.go b/internal/aead/aes_gcm_insecure_iv.go index a9241b6..bfa15ab 100644 --- a/internal/aead/aes_gcm_insecure_iv.go +++ b/internal/aead/aes_gcm_insecure_iv.go @@ -42,7 +42,7 @@ const ( // AESGCMInsecureIV is an insecure implementation of the AEAD interface that // permits the user to set the IV. type AESGCMInsecureIV struct { - Key []byte + key []byte prependIV bool } @@ -57,7 +57,7 @@ func NewAESGCMInsecureIV(key []byte, prependIV bool) (*AESGCMInsecureIV, error) return nil, fmt.Errorf("invalid AES key size: %s", err) } return &AESGCMInsecureIV{ - Key: key, + key: key, prependIV: prependIV, }, nil } @@ -144,7 +144,7 @@ func (i *AESGCMInsecureIV) Decrypt(iv, ciphertext, associatedData []byte) ([]byt // newCipher creates a new AES-GCM cipher using the given key and the crypto // library. func (i *AESGCMInsecureIV) newCipher() (cipher.AEAD, error) { - aesCipher, err := aes.NewCipher(i.Key) + aesCipher, err := aes.NewCipher(i.key) if err != nil { return nil, errors.New("failed to initialize cipher") } diff --git a/mac/subtle/hmac.go b/mac/subtle/hmac.go index d9cdf4e..53b469e 100644 --- a/mac/subtle/hmac.go +++ b/mac/subtle/hmac.go @@ -39,7 +39,7 @@ var errHMACInvalidInput = errors.New("HMAC: invalid input") // HMAC implementation of interface tink.MAC type HMAC struct { HashFunc func() hash.Hash - Key []byte + key []byte TagSize uint32 } @@ -55,7 +55,7 @@ func NewHMAC(hashAlg string, key []byte, tagSize uint32) (*HMAC, error) { } return &HMAC{ HashFunc: hashFunc, - Key: key, + key: key, TagSize: tagSize, }, nil } @@ -85,7 +85,7 @@ func (h *HMAC) ComputeMAC(data []byte) ([]byte, error) { if h.HashFunc == nil { return nil, fmt.Errorf("hmac: invalid hash algorithm") } - mac := hmac.New(h.HashFunc, h.Key) + mac := hmac.New(h.HashFunc, h.key) mac.Write(data) tag := mac.Sum(nil) return tag[:h.TagSize], nil diff --git a/streamingaead/aes_ctr_hmac_key_manager_test.go b/streamingaead/aes_ctr_hmac_key_manager_test.go index 15b2f79..3a90124 100644 --- a/streamingaead/aes_ctr_hmac_key_manager_test.go +++ b/streamingaead/aes_ctr_hmac_key_manager_test.go @@ -17,7 +17,6 @@ package streamingaead_test import ( - "bytes" "fmt" "testing" @@ -340,8 +339,5 @@ func validateAESCTRHMACKey(key *ctrhmacpb.AesCtrHmacStreamingKey, format *ctrhma func validateAESCTRHMACPrimitive(p any, key *ctrhmacpb.AesCtrHmacStreamingKey) error { cipher := p.(*subtle.AESCTRHMAC) - if !bytes.Equal(cipher.MainKey, key.KeyValue) { - return fmt.Errorf("main key and primitive don't match") - } return encryptDecrypt(cipher, cipher, 32, 32) } diff --git a/streamingaead/aes_gcm_hkdf_key_manager_test.go b/streamingaead/aes_gcm_hkdf_key_manager_test.go index 7ba769e..5ab6df7 100644 --- a/streamingaead/aes_gcm_hkdf_key_manager_test.go +++ b/streamingaead/aes_gcm_hkdf_key_manager_test.go @@ -591,8 +591,5 @@ func validateAESGCMHKDFKey(key *gcmhkdfpb.AesGcmHkdfStreamingKey, format *gcmhkd func validatePrimitive(p any, key *gcmhkdfpb.AesGcmHkdfStreamingKey) error { cipher := p.(*subtle.AESGCMHKDF) - if !bytes.Equal(cipher.MainKey, key.KeyValue) { - return fmt.Errorf("main key and primitive don't match") - } return encryptDecrypt(cipher, cipher, 32, 32) } diff --git a/streamingaead/subtle/aes_ctr_hmac.go b/streamingaead/subtle/aes_ctr_hmac.go index f2732d3..1f74551 100644 --- a/streamingaead/subtle/aes_ctr_hmac.go +++ b/streamingaead/subtle/aes_ctr_hmac.go @@ -48,7 +48,7 @@ const ( // HKDF and are derived from the key derivation key, a randomly chosen salt of // the same size as the key and a nonce prefix. type AESCTRHMAC struct { - MainKey []byte + mainKey []byte hkdfAlg string keySizeInBytes int tagAlg string @@ -102,7 +102,7 @@ func NewAESCTRHMAC(mainKey []byte, hkdfAlg string, keySizeInBytes int, tagAlg st copy(keyClone, mainKey) return &AESCTRHMAC{ - MainKey: keyClone, + mainKey: keyClone, hkdfAlg: hkdfAlg, keySizeInBytes: keySizeInBytes, tagAlg: tagAlg, @@ -123,7 +123,7 @@ func (a *AESCTRHMAC) HeaderLength() int { // They are derived from the main key using salt and aad as parameters. func (a *AESCTRHMAC) deriveKeys(salt, aad []byte) ([]byte, []byte, error) { keyMaterialSize := a.keySizeInBytes + AESCTRHMACKeySizeInBytes - km, err := subtle.ComputeHKDF(a.hkdfAlg, a.MainKey, salt, aad, uint32(keyMaterialSize)) + km, err := subtle.ComputeHKDF(a.hkdfAlg, a.mainKey, salt, aad, uint32(keyMaterialSize)) if err != nil { return nil, nil, err } diff --git a/streamingaead/subtle/aes_gcm_hkdf.go b/streamingaead/subtle/aes_gcm_hkdf.go index b6f697b..2cb5a36 100644 --- a/streamingaead/subtle/aes_gcm_hkdf.go +++ b/streamingaead/subtle/aes_gcm_hkdf.go @@ -49,7 +49,7 @@ const ( // and are derived from the key derivation key, a randomly chosen salt of the // same size as the key and a nonce prefix. type AESGCMHKDF struct { - MainKey []byte + mainKey []byte hkdfAlg string keySizeInBytes int ciphertextSegmentSize int @@ -86,7 +86,7 @@ func NewAESGCMHKDF(mainKey []byte, hkdfAlg string, keySizeInBytes, ciphertextSeg copy(keyClone, mainKey) return &AESGCMHKDF{ - MainKey: keyClone, + mainKey: keyClone, hkdfAlg: hkdfAlg, keySizeInBytes: keySizeInBytes, ciphertextSegmentSize: ciphertextSegmentSize, @@ -103,7 +103,7 @@ func (a *AESGCMHKDF) HeaderLength() int { // deriveKey returns a key derived from the given main key using salt and aad // parameters. func (a *AESGCMHKDF) deriveKey(salt, aad []byte) ([]byte, error) { - return subtle.ComputeHKDF(a.hkdfAlg, a.MainKey, salt, aad, uint32(a.keySizeInBytes)) + return subtle.ComputeHKDF(a.hkdfAlg, a.mainKey, salt, aad, uint32(a.keySizeInBytes)) } // newCipher creates a new AES-GCM cipher using the given key and the crypto library.