commit 6177bf0a9f88687f906a110a72c1053a3a7e1383
parent b55002f040371af5854fdd9e4119d05a16085c3f
Author: Armin Preiml <apreiml@strohwolke.at>
Date: Sun, 5 Jan 2025 21:03:31 +0100
crypto::cipher: add gcm_unlink_block
For cases where the gcm state must be cleared but the block is going to
be reused.
Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
Diffstat:
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/crypto/cipher/gcm.ha b/crypto/cipher/gcm.ha
@@ -48,7 +48,8 @@ const gcm_vtable: io::vtable = io::vtable {
//
// The user must call [[io::close]] when they are done using the stream to
// securely erase secret information stored in the stream state. Close will
-// also finish the 'block' provided by [[gcm_init]].
+// also finish the 'block' provided by [[gcm_init]]. If the 'block' should
+// not be finished, [[gcm_unlink_block]] must be called before close.
export fn gcm() gcmstream = {
return gcmstream {
stream = &gcm_vtable,
@@ -235,6 +236,12 @@ export fn gcm_verify(s: *gcmstream, tag: []u8) (void | errors::invalid) = {
};
};
+// Unlinks the 'block' provided by [[gcm_init]] to avoid finishing it when
+// calling [[io::close]] on the stream.
+export fn gcm_unlink_block(s: *gcmstream) void = {
+ s.block = null;
+};
+
fn gcm_closer(s: *io::stream) (void | io::error) = {
let s = s: *gcmstream;
bytes::zero(s.tagbuf);
