rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil or cannot be used with given nonce.
(nonce []byte)
| 88 | // rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil |
| 89 | // or cannot be used with given nonce. |
| 90 | func (s *rekeyAEAD) rekeyIfRequired(nonce []byte) error { |
| 91 | newKdfCounter := nonce[kdfCounterOffset : kdfCounterOffset+kdfCounterLen] |
| 92 | if s.gcmAEAD != nil && bytes.Equal(newKdfCounter, s.kdfCounter) { |
| 93 | return nil |
| 94 | } |
| 95 | copy(s.kdfCounter, newKdfCounter) |
| 96 | a, err := aes.NewCipher(hkdfExpand(s.kdfKey, s.kdfCounter)) |
| 97 | if err != nil { |
| 98 | return err |
| 99 | } |
| 100 | s.gcmAEAD, err = cipher.NewGCM(a) |
| 101 | return err |
| 102 | } |
| 103 | |
| 104 | // maskNonce XORs the given nonce with the mask and stores the result in dst. |
| 105 | func maskNonce(dst, nonce, mask []byte) { |
no test coverage detected