From fd780e3eab87b1f656b704aa439c21ac5ec1db76 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 3 Sep 2017 21:18:19 +0800 Subject: [PATCH] move the nonce generation to the AEAD implementations The AES AEAD used by IETF QUIC uses a different nonce format. --- crypto/aesgcm_aead.go | 12 ++++++++++-- crypto/chacha20poly1305_aead.go | 12 ++++++++++-- crypto/nonce.go | 14 -------------- 3 files changed, 20 insertions(+), 18 deletions(-) delete mode 100644 crypto/nonce.go diff --git a/crypto/aesgcm_aead.go b/crypto/aesgcm_aead.go index baaed5c82..0997c3186 100644 --- a/crypto/aesgcm_aead.go +++ b/crypto/aesgcm_aead.go @@ -2,6 +2,7 @@ package crypto import ( "crypto/cipher" + "encoding/binary" "errors" "github.com/lucas-clemente/aes12" @@ -50,9 +51,16 @@ func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) ( } func (aead *aeadAESGCM) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) { - return aead.decrypter.Open(dst, makeNonce(aead.otherIV, packetNumber), src, associatedData) + return aead.decrypter.Open(dst, aead.makeNonce(aead.otherIV, packetNumber), src, associatedData) } func (aead *aeadAESGCM) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { - return aead.encrypter.Seal(dst, makeNonce(aead.myIV, packetNumber), src, associatedData) + return aead.encrypter.Seal(dst, aead.makeNonce(aead.myIV, packetNumber), src, associatedData) +} + +func (aead *aeadAESGCM) makeNonce(iv []byte, packetNumber protocol.PacketNumber) []byte { + res := make([]byte, 12) + copy(res[0:4], iv) + binary.LittleEndian.PutUint64(res[4:12], uint64(packetNumber)) + return res } diff --git a/crypto/chacha20poly1305_aead.go b/crypto/chacha20poly1305_aead.go index 3e9c1deeb..5d2e36f9f 100644 --- a/crypto/chacha20poly1305_aead.go +++ b/crypto/chacha20poly1305_aead.go @@ -4,6 +4,7 @@ package crypto import ( "crypto/cipher" + "encoding/binary" "errors" "github.com/aead/chacha20" @@ -45,9 +46,16 @@ func NewAEADChacha20Poly1305(otherKey []byte, myKey []byte, otherIV []byte, myIV } func (aead *aeadChacha20Poly1305) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) { - return aead.decrypter.Open(dst, makeNonce(aead.otherIV, packetNumber), src, associatedData) + return aead.decrypter.Open(dst, aead.makeNonce(aead.otherIV, packetNumber), src, associatedData) } func (aead *aeadChacha20Poly1305) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { - return aead.encrypter.Seal(dst, makeNonce(aead.myIV, packetNumber), src, associatedData) + return aead.encrypter.Seal(dst, aead.makeNonce(aead.myIV, packetNumber), src, associatedData) +} + +func (aead *aeadChacha20Poly1305) makeNonce(iv []byte, packetNumber protocol.PacketNumber) []byte { + res := make([]byte, 12) + copy(res[0:4], iv) + binary.LittleEndian.PutUint64(res[4:12], uint64(packetNumber)) + return res } diff --git a/crypto/nonce.go b/crypto/nonce.go deleted file mode 100644 index f862f461d..000000000 --- a/crypto/nonce.go +++ /dev/null @@ -1,14 +0,0 @@ -package crypto - -import ( - "encoding/binary" - - "github.com/lucas-clemente/quic-go/internal/protocol" -) - -func makeNonce(iv []byte, packetNumber protocol.PacketNumber) []byte { - res := make([]byte, 12) - copy(res[0:4], iv) - binary.LittleEndian.PutUint64(res[4:12], uint64(packetNumber)) - return res -}