summaryrefslogtreecommitdiff
path: root/internal/goaes.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/goaes.go')
-rw-r--r--internal/goaes.go15
1 files changed, 5 insertions, 10 deletions
diff --git a/internal/goaes.go b/internal/goaes.go
index 7d4f476..65d898d 100644
--- a/internal/goaes.go
+++ b/internal/goaes.go
@@ -20,29 +20,24 @@ const (
keyLen = 32
)
-func NewKEKFromEnvB64(passphraseEnvVar string) (KEK, Salt, error) {
+func NewKEKFromEnvB64(passphraseEnvVar string, salt Salt) (KEK, error) {
b64Passphrase := os.Getenv(passphraseEnvVar)
if b64Passphrase == "" {
- return nil, nil, fmt.Errorf("%s is not set", passphraseEnvVar)
+ return nil, fmt.Errorf("%s is not set", passphraseEnvVar)
}
passphrase, err := base64.StdEncoding.DecodeString(b64Passphrase)
if err != nil {
- return nil, nil, fmt.Errorf("decode %s base64: %w", passphraseEnvVar, err)
- }
-
- salt, err := NewSalt()
- if err != nil {
- return nil, nil, fmt.Errorf("failed to create salt %w", err)
+ return nil, fmt.Errorf("decode %s base64: %w", passphraseEnvVar, err)
}
raw := argon2.IDKey(passphrase, salt, time, memory, threads, keyLen)
if !validAESKeyLen(len(raw)) {
- return nil, nil, errBadKeyLn
+ return nil, errBadKeyLn
}
- return KEK(raw), Salt(salt), nil
+ return KEK(raw), nil
}
func NewDEK() (DEK, error) {
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 22:10:04 +0000