mirror of
https://github.com/slackhq/nebula.git
synced 2025-01-11 03:48:12 +00:00
e0553822b0
* Use NewGCMTLS (when using experiment boringcrypto) This change only affects builds built using `GOEXPERIMENT=boringcrypto`. When built with this experiment, we use the NewGCMTLS() method exposed by goboring, which validates that the nonce is strictly monotonically increasing. This is the TLS 1.2 specification for nonce generation (which also matches the method used by the Noise Protocol) - https://github.com/golang/go/blob/go1.19/src/crypto/tls/cipher_suites.go#L520-L522 - https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L235-L237 - https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L250 -ae223d6138/include/openssl/aead.h (L379-L381)-ae223d6138/crypto/fipsmodule/cipher/e_aes.c (L1082-L1093)* need to lock around EncryptDanger in SendVia * fix link to test vector
14 lines
342 B
Go
14 lines
342 B
Go
//go:build !boringcrypto
|
|
// +build !boringcrypto
|
|
|
|
package noiseutil
|
|
|
|
import (
|
|
"github.com/flynn/noise"
|
|
)
|
|
|
|
// EncryptLockNeeded indicates if calls to Encrypt need a lock
|
|
const EncryptLockNeeded = false
|
|
|
|
// CipherAESGCM is the standard noise.CipherAESGCM when boringcrypto is not enabled
|
|
var CipherAESGCM noise.CipherFunc = noise.CipherAESGCM
|