From ed15c1838780a759f14a5784a946430eed161c91 Mon Sep 17 00:00:00 2001 From: Lucas Clemente Date: Mon, 1 Aug 2016 16:28:22 +0200 Subject: [PATCH] disable chacha20 build until we have solved the dependency situation --- crypto/chacha20poly1305_aead.go | 2 + crypto/chacha20poly1305_aead_test.go | 2 + crypto/key_derivation.go | 14 +-- crypto/key_derivation_test.go | 154 +++++++++++++-------------- 4 files changed, 88 insertions(+), 84 deletions(-) diff --git a/crypto/chacha20poly1305_aead.go b/crypto/chacha20poly1305_aead.go index 37cc53e3..5c58c4e3 100644 --- a/crypto/chacha20poly1305_aead.go +++ b/crypto/chacha20poly1305_aead.go @@ -1,3 +1,5 @@ +// +build ignore + package crypto import ( diff --git a/crypto/chacha20poly1305_aead_test.go b/crypto/chacha20poly1305_aead_test.go index 63d8b638..9d5197bd 100644 --- a/crypto/chacha20poly1305_aead_test.go +++ b/crypto/chacha20poly1305_aead_test.go @@ -1,3 +1,5 @@ +// +build ignore + package crypto import ( diff --git a/crypto/key_derivation.go b/crypto/key_derivation.go index 3c3973de..37c98ddc 100644 --- a/crypto/key_derivation.go +++ b/crypto/key_derivation.go @@ -12,13 +12,13 @@ import ( ) // DeriveKeysChacha20 derives the client and server keys and creates a matching chacha20poly1305 AEAD instance -func DeriveKeysChacha20(version protocol.VersionNumber, forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (AEAD, error) { - otherKey, myKey, otherIV, myIV, err := deriveKeys(version, forwardSecure, sharedSecret, nonces, connID, chlo, scfg, cert, divNonce, 32) - if err != nil { - return nil, err - } - return NewAEADChacha20Poly1305(otherKey, myKey, otherIV, myIV) -} +// func DeriveKeysChacha20(version protocol.VersionNumber, forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (AEAD, error) { +// otherKey, myKey, otherIV, myIV, err := deriveKeys(version, forwardSecure, sharedSecret, nonces, connID, chlo, scfg, cert, divNonce, 32) +// if err != nil { +// return nil, err +// } +// return NewAEADChacha20Poly1305(otherKey, myKey, otherIV, myIV) +// } // DeriveKeysAESGCM derives the client and server keys and creates a matching AES-GCM AEAD instance func DeriveKeysAESGCM(version protocol.VersionNumber, forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte) (AEAD, error) { diff --git a/crypto/key_derivation_test.go b/crypto/key_derivation_test.go index 96ae8537..e3a660c7 100644 --- a/crypto/key_derivation_test.go +++ b/crypto/key_derivation_test.go @@ -8,83 +8,83 @@ import ( ) var _ = Describe("KeyDerivation", func() { - Context("chacha20poly1305", func() { - It("derives non-fs keys", func() { - aead, err := DeriveKeysChacha20( - protocol.Version32, - false, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID(42), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - nil, - ) - Expect(err).ToNot(HaveOccurred()) - chacha := aead.(*aeadChacha20Poly1305) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(chacha.myIV).To(Equal([]byte{0xf0, 0xf5, 0x4c, 0xa8})) - Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d})) - }) - - It("derives fs keys", func() { - aead, err := DeriveKeysChacha20( - protocol.Version32, - true, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID(42), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - nil, - ) - Expect(err).ToNot(HaveOccurred()) - chacha := aead.(*aeadChacha20Poly1305) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79})) - Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c})) - }) - - It("does not use diversification nonces in FS key derivation", func() { - aead, err := DeriveKeysChacha20( - protocol.Version33, - true, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID(42), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("divnonce"), - ) - Expect(err).ToNot(HaveOccurred()) - chacha := aead.(*aeadChacha20Poly1305) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79})) - Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c})) - }) - - It("uses diversification nonces in initial key derivation", func() { - aead, err := DeriveKeysChacha20( - protocol.Version33, - false, - []byte("0123456789012345678901"), - []byte("nonce"), - protocol.ConnectionID(42), - []byte("chlo"), - []byte("scfg"), - []byte("cert"), - []byte("divnonce"), - ) - Expect(err).ToNot(HaveOccurred()) - chacha := aead.(*aeadChacha20Poly1305) - // If the IVs match, the keys will match too, since the keys are read earlier - Expect(chacha.myIV).To(Equal([]byte{0xc4, 0x12, 0x25, 0x64})) - Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d})) - }) - }) + // Context("chacha20poly1305", func() { + // It("derives non-fs keys", func() { + // aead, err := DeriveKeysChacha20( + // protocol.Version32, + // false, + // []byte("0123456789012345678901"), + // []byte("nonce"), + // protocol.ConnectionID(42), + // []byte("chlo"), + // []byte("scfg"), + // []byte("cert"), + // nil, + // ) + // Expect(err).ToNot(HaveOccurred()) + // chacha := aead.(*aeadChacha20Poly1305) + // // If the IVs match, the keys will match too, since the keys are read earlier + // Expect(chacha.myIV).To(Equal([]byte{0xf0, 0xf5, 0x4c, 0xa8})) + // Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d})) + // }) + // + // It("derives fs keys", func() { + // aead, err := DeriveKeysChacha20( + // protocol.Version32, + // true, + // []byte("0123456789012345678901"), + // []byte("nonce"), + // protocol.ConnectionID(42), + // []byte("chlo"), + // []byte("scfg"), + // []byte("cert"), + // nil, + // ) + // Expect(err).ToNot(HaveOccurred()) + // chacha := aead.(*aeadChacha20Poly1305) + // // If the IVs match, the keys will match too, since the keys are read earlier + // Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79})) + // Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c})) + // }) + // + // It("does not use diversification nonces in FS key derivation", func() { + // aead, err := DeriveKeysChacha20( + // protocol.Version33, + // true, + // []byte("0123456789012345678901"), + // []byte("nonce"), + // protocol.ConnectionID(42), + // []byte("chlo"), + // []byte("scfg"), + // []byte("cert"), + // []byte("divnonce"), + // ) + // Expect(err).ToNot(HaveOccurred()) + // chacha := aead.(*aeadChacha20Poly1305) + // // If the IVs match, the keys will match too, since the keys are read earlier + // Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79})) + // Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c})) + // }) + // + // It("uses diversification nonces in initial key derivation", func() { + // aead, err := DeriveKeysChacha20( + // protocol.Version33, + // false, + // []byte("0123456789012345678901"), + // []byte("nonce"), + // protocol.ConnectionID(42), + // []byte("chlo"), + // []byte("scfg"), + // []byte("cert"), + // []byte("divnonce"), + // ) + // Expect(err).ToNot(HaveOccurred()) + // chacha := aead.(*aeadChacha20Poly1305) + // // If the IVs match, the keys will match too, since the keys are read earlier + // Expect(chacha.myIV).To(Equal([]byte{0xc4, 0x12, 0x25, 0x64})) + // Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d})) + // }) + // }) Context("AES-GCM", func() { It("derives non-fs keys", func() {