[golang-dev] Re: code review 6820114: crypto/x509: implement EncryptPEMBlock (issue 6820114)

[golang-dev] Re: code review 6820114: crypto/x509: implement EncryptPEMBlock (issue 6820114)

	Rogpeppe
	Nov 12, 2012 at 10:22 am

Hello [email protected], [email protected] (cc:
[email protected]),

Please take another look.

http://codereview.appspot.com/6820114/

Search Discussions

3 responses
Oldest
Nested

Agl LGTM https://codereview.appspot.com/6820114/

Agl at Nov 12, 2012 at 2:00 pm ⇧

LGTM

https://codereview.appspot.com/6820114/

reply | permalink

Rogpeppe

at Nov 12, 2012 at 3:26 pm

⇧

ha, more comments i forgot to publish

https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go
File src/pkg/crypto/x509/pem_decrypt.go (right):

https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode95
src/pkg/crypto/x509/pem_decrypt.go:95: return nil, errors.New("x509:
wrong IV size")

On 2012/11/09 15:38:14, agl1 wrote:
s/wrong/incorrect/

Done.

https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode145
src/pkg/crypto/x509/pem_decrypt.go:145: func EncryptPEMBlock(blockType
string, rand io.Reader, data, password []byte, alg string) (*pem.Block,
error) {

On 2012/11/09 15:38:14, agl1 wrote:
rand is typically the first argument.
I also think that alg should be type and not a generic string.
So
type PEMCipher int
const (
PEMCipherDES PEMCipher = iota
...
PEMCipherAES256
)
And I'd add PEMCipher as an element of rfc1423Algo and turn
rfc1423Algos into a
slice, rather than a map. When we need to look one up, the code can
just iterate
over the members.

Done. I considered keying the indexes of the slice by PEMCipher, but it
seemed a bit too precious.

I made the zero value an invalid cipher, but another possibility might
be to make the zero value be strong (e.g. PEMCipherAES256).

https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode152
src/pkg/crypto/x509/pem_decrypt.go:152: return nil, errors.New("cannot
generate IV: " + err.Error())

On 2012/11/09 15:38:14, agl1 wrote:
"x509: "

Done.

https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode154
src/pkg/crypto/x509/pem_decrypt.go:154: key := ciph.deriveKey(password,
iv[:8])

On 2012/11/09 15:38:14, agl1 wrote:
I'll take your word that the IV is truncated for this but a reference would be
nice if it's written down somewhere.

It matches the deriveKey call in DecryptPEMBlock. I've added a comment
to that effect.

https://codereview.appspot.com/6820114/diff/6006/src/pkg/crypto/x509/pem_decrypt.go#newcode159
src/pkg/crypto/x509/pem_decrypt.go:159: dec :=
cipher.NewCBCEncrypter(block, iv)

On 2012/11/09 15:38:14, agl1 wrote:
surely the /en/crypter shouldn't be called 'dec'?

Done.

https://codereview.appspot.com/6820114/

reply | permalink

Rogpeppe

at Nov 12, 2012 at 3:31 pm

⇧

*** Submitted as
http://code.google.com/p/go/source/detail?r=9ef24096faf2 ***

crypto/x509: implement EncryptPEMBlock

Arbitrary decisions: order of the arguments and the
fact it takes a block-type argument (rather than
leaving to user to fill it in later); I'm happy whatever
colour we want to paint it.

We also change DecryptPEMBlock so that it won't
panic when the IV has the wrong size.

R=agl, agl
CC=golang-dev
http://codereview.appspot.com/6820114

http://codereview.appspot.com/6820114/

reply | permalink

Related Discussions

Discussion Navigation

view	thread \| post

Discussion Overview

group	golang-dev @
categories	go
posted	Nov 12, '12 at 10:22a
active	Nov 12, '12 at 3:31p
posts	4
users	2
website	golang.org

responses	expanded	Hotkey: s
font	variable	Hotkey: f
user style	avatars	Hotkey: a

[golang-dev] Re: code review 6820114: crypto/x509: implement EncryptPEMBlock (issue 6820114)

Search Discussions

Related Discussions

2 users in discussion