Skip to content

Commit

Permalink
Allow exporting key material and init of cipherstate
Browse files Browse the repository at this point in the history
  • Loading branch information
aidantwoods-1p committed Feb 1, 2024
1 parent acf4844 commit cbd42bc
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions state.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,18 @@ const MaxNonce = uint64(math.MaxUint64) - 1
var ErrMaxNonce = errors.New("noise: cipherstate has reached maximum n, a new handshake must be performed")
var ErrCipherSuiteCopied = errors.New("noise: CipherSuite has been copied, state is invalid")

// UnsafeNewCipherState allows a CipherState to be reconstructed from exported components.
// Note that it is important that, if resuming from exported state, then care is taken
// to synchronize the nonce state and not allow rollbacks.
func UnsafeNewCipherState(cs CipherSuite, k [32]byte, n uint64) *CipherState {
return &CipherState{
cs: cs,
c: cs.Cipher(k),
k: k,
n: n,
}
}

// Encrypt encrypts the plaintext and then appends the ciphertext and an
// authentication tag across the ciphertext and optional authenticated data to
// out. This method automatically increments the nonce after every call, so
Expand Down Expand Up @@ -91,6 +103,13 @@ func (s *CipherState) SetNonce(n uint64) {
s.n = n
}

// UnsafeKey returns the current value of k. This can be used to export the current key
// for the CipherState. Intended to be used alongside UnsafeNewCipherState to resume
// a CipherState at a later point.
func (s *CipherState) UnsafeKey() [32]byte {
return s.k
}

func (s *CipherState) Rekey() {
var zeros [32]byte
var out []byte
Expand Down

0 comments on commit cbd42bc

Please sign in to comment.