MCPcopy
hub / github.com/grpc/grpc-go / rekeyIfRequired

Method rekeyIfRequired

credentials/alts/internal/conn/aeadrekey.go:90–102  ·  view source on GitHub ↗

rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil or cannot be used with given nonce.

(nonce []byte)

Source from the content-addressed store, hash-verified

88// rekeyIfRequired creates a new aes128gcm AEAD if the existing AEAD is nil
89// or cannot be used with given nonce.
90func (s *rekeyAEAD) rekeyIfRequired(nonce []byte) error {
91 newKdfCounter := nonce[kdfCounterOffset : kdfCounterOffset+kdfCounterLen]
92 if s.gcmAEAD != nil && bytes.Equal(newKdfCounter, s.kdfCounter) {
93 return nil
94 }
95 copy(s.kdfCounter, newKdfCounter)
96 a, err := aes.NewCipher(hkdfExpand(s.kdfKey, s.kdfCounter))
97 if err != nil {
98 return err
99 }
100 s.gcmAEAD, err = cipher.NewGCM(a)
101 return err
102}
103
104// maskNonce XORs the given nonce with the mask and stores the result in dst.
105func maskNonce(dst, nonce, mask []byte) {

Callers 2

SealMethod · 0.95
OpenMethod · 0.95

Calls 2

hkdfExpandFunction · 0.85
EqualMethod · 0.65

Tested by

no test coverage detected