crypto: add `GenerateIV` from random IV generation (#6215)

This commit adds a `GenerateIV` function to simplify
the generation of random IVs.

It adds some unit tests for `GenerateIV` in key_test.go
master
Andreas Auernhammer 6 years ago committed by kannappanr
parent 8e6d756e3a
commit 76c423392a
  1. 17
      cmd/crypto/key.go
  2. 26
      cmd/crypto/key_test.go

@ -35,8 +35,8 @@ import (
type ObjectKey [32]byte type ObjectKey [32]byte
// GenerateKey generates a unique ObjectKey from a 256 bit external key // GenerateKey generates a unique ObjectKey from a 256 bit external key
// and a source of randomness. If random is nil the default PRNG of system // and a source of randomness. If random is nil the default PRNG of the
// (crypto/rand) is used. // system (crypto/rand) is used.
func GenerateKey(extKey [32]byte, random io.Reader) (key ObjectKey) { func GenerateKey(extKey [32]byte, random io.Reader) (key ObjectKey) {
if random == nil { if random == nil {
random = rand.Reader random = rand.Reader
@ -52,6 +52,19 @@ func GenerateKey(extKey [32]byte, random io.Reader) (key ObjectKey) {
return key return key
} }
// GenerateIV generates a new random 256 bit IV from the provided source
// of randomness. If random is nil the default PRNG of the system
// (crypto/rand) is used.
func GenerateIV(random io.Reader) (iv [32]byte) {
if random == nil {
random = rand.Reader
}
if _, err := io.ReadFull(random, iv[:]); err != nil {
logger.CriticalIf(context.Background(), errOutOfEntropy)
}
return iv
}
// SealedKey represents a sealed object key. It can be stored // SealedKey represents a sealed object key. It can be stored
// at an untrusted location. // at an untrusted location.
type SealedKey struct { type SealedKey struct {

@ -61,6 +61,32 @@ func TestGenerateKey(t *testing.T) {
} }
} }
var generateIVTests = []struct {
Random io.Reader
ShouldPass bool
}{
{Random: nil, ShouldPass: true}, // 0
{Random: rand.Reader, ShouldPass: true}, // 1
{Random: shortRandom(32), ShouldPass: true}, // 2
{Random: shortRandom(31), ShouldPass: false}, // 3
}
func TestGenerateIV(t *testing.T) {
defer func(disableLog bool) { logger.Disable = disableLog }(logger.Disable)
logger.Disable = true
for i, test := range generateIVTests {
i, test := i, test
func() {
defer recoverTest(i, test.ShouldPass, t)
iv := GenerateIV(test.Random)
if iv == [32]byte{} {
t.Errorf("Test %d: generated IV is zero IV", i) // check that we generate random and unique IV
}
}()
}
}
var sealUnsealKeyTests = []struct { var sealUnsealKeyTests = []struct {
SealExtKey, SealIV [32]byte SealExtKey, SealIV [32]byte
SealDomain, SealBucket, SealObject string SealDomain, SealBucket, SealObject string

Loading…
Cancel
Save