Home Esplora Aiuto
Accedi
golang
/
nebula
mirror da https://github.com/slackhq/nebula
2
0
Forka 0
File Problemi 0 Wiki
Ramo (Branch): cross-stack-relay
Rami (Branch) Tag
nebula
/
noiseutil
/
boring.go

boring.go 2.4 KB
Permalink Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. //go:build boringcrypto
    2. 

  2. // +build boringcrypto
    3. 

  3. 

  4. package noiseutil
    5. 

  5. 

  6. import (
    7. 

  7. 	"crypto/aes"
    8. 

  8. 	"crypto/cipher"
    9. 

  9. 	"encoding/binary"
    10. 

  10. 

  11. 	// unsafe needed for go:linkname
    12. 

  12. 	_ "unsafe"
    13. 

  13. 

  14. 	"github.com/flynn/noise"
    15. 

  15. )
    16. 

  16. 

  17. // EncryptLockNeeded indicates if calls to Encrypt need a lock
    18. 

  18. // This is true for boringcrypto because the Seal function verifies that the
    19. 

  19. // nonce is strictly increasing.
    20. 

  20. const EncryptLockNeeded = true
    21. 

  21. 

  22. // NewGCMTLS is no longer exposed in go1.19+, so we need to link it in
    23. 

  23. // See: https://github.com/golang/go/issues/56326
    24. 

  24. //
    25. 

  25. // NewGCMTLS is the internal method used with boringcrypto that provices a
    26. 

  26. // validated mode of AES-GCM which enforces the nonce is strictly
    27. 

  27. // monotonically increasing.  This is the TLS 1.2 specification for nonce
    28. 

  28. // generation (which also matches the method used by the Noise Protocol)
    29. 

  29. //
    30. 

  30. // - https://github.com/golang/go/blob/go1.19/src/crypto/tls/cipher_suites.go#L520-L522
    31. 

  31. // - https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L235-L237
    32. 

  32. // - https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L250
    33. 

  33. // - https://github.com/google/boringssl/blob/ae223d6138807a13006342edfeef32e813246b39/include/openssl/aead.h#L379-L381
    34. 

  34. // - https://github.com/google/boringssl/blob/ae223d6138807a13006342edfeef32e813246b39/crypto/fipsmodule/cipher/e_aes.c#L1082-L1093
    35. 

  35. //
    36. 

  36. //go:linkname newGCMTLS crypto/internal/boring.NewGCMTLS
    37. 

  37. func newGCMTLS(c cipher.Block) (cipher.AEAD, error)
    38. 

  38. 

  39. type cipherFn struct {
    40. 

  40. 	fn   func([32]byte) noise.Cipher
    41. 

  41. 	name string
    42. 

  42. }
    43. 

  43. 

  44. func (c cipherFn) Cipher(k [32]byte) noise.Cipher { return c.fn(k) }
    45. 

  45. func (c cipherFn) CipherName() string             { return c.name }
    46. 

  46. 

  47. // CipherAESGCM is the AES256-GCM AEAD cipher (using NewGCMTLS when GoBoring is present)
    48. 

  48. var CipherAESGCM noise.CipherFunc = cipherFn{cipherAESGCMBoring, "AESGCM"}
    49. 

  49. 

  50. func cipherAESGCMBoring(k [32]byte) noise.Cipher {
    51. 

  51. 	c, err := aes.NewCipher(k[:])
    52. 

  52. 	if err != nil {
    53. 

  53. 		panic(err)
    54. 

  54. 	}
    55. 

  55. 	gcm, err := newGCMTLS(c)
    56. 

  56. 	if err != nil {
    57. 

  57. 		panic(err)
    58. 

  58. 	}
    59. 

  59. 	return aeadCipher{
    60. 

  60. 		gcm,
    61. 

  61. 		func(n uint64) []byte {
    62. 

  62. 			var nonce [12]byte
    63. 

  63. 			binary.BigEndian.PutUint64(nonce[4:], n)
    64. 

  64. 			return nonce[:]
    65. 

  65. 		},
    66. 

  66. 	}
    67. 

  67. }
    68. 

  68. 

  69. type aeadCipher struct {
    70. 

  70. 	cipher.AEAD
    71. 

  71. 	nonce func(uint64) []byte
    72. 

  72. }
    73. 

  73. 

  74. func (c aeadCipher) Encrypt(out []byte, n uint64, ad, plaintext []byte) []byte {
    75. 

  75. 	return c.Seal(out, c.nonce(n), plaintext, ad)
    76. 

  76. }
    77. 

  77. 

  78. func (c aeadCipher) Decrypt(out []byte, n uint64, ad, ciphertext []byte) ([]byte, error) {
    79. 

  79. 	return c.Open(out, c.nonce(n), ciphertext, ad)
    80. 

  80. }
    81.