diff options
| author | Russ Cox <rsc@golang.org> | 2017-08-03 11:59:56 -0400 |
|---|---|---|
| committer | Russ Cox <rsc@golang.org> | 2017-08-26 00:52:24 +0000 |
| commit | cb5b47443f5e3a94dc6a6563d00b08a2848afcdb (patch) | |
| tree | 5cfbccba8ae08c93a2a8804611bc29fe1cfdfa1e | |
| parent | 33ebf73c45c43624c8ab7813b0ab601b6f236754 (diff) | |
| download | go-cb5b47443f5e3a94dc6a6563d00b08a2848afcdb.tar.gz go-cb5b47443f5e3a94dc6a6563d00b08a2848afcdb.zip | |
[dev.boringcrypto.go1.8] crypto/aes: implement TLS-specific AES-GCM mode from BoringCrypto
Change-Id: I8407310e7d00eafe9208879228dbf4ac3d26a907
Reviewed-on: https://go-review.googlesource.com/55477
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-on: https://go-review.googlesource.com/57938
| -rw-r--r-- | src/crypto/internal/boring/aes.go | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go index 8b55564138..225d7469c5 100644 --- a/src/crypto/internal/boring/aes.go +++ b/src/crypto/internal/boring/aes.go @@ -36,7 +36,10 @@ type extraModes interface { NewCBCEncrypter(iv []byte) cipher.BlockMode NewCBCDecrypter(iv []byte) cipher.BlockMode NewCTR(iv []byte) cipher.Stream - NewGCM(size int) (cipher.AEAD, error) + NewGCM(nonceSize int) (cipher.AEAD, error) + + // Invented for BoringCrypto. + NewGCMTLS() (cipher.AEAD, error) } var _ extraModes = (*aesCipher)(nil) @@ -172,6 +175,14 @@ type noGCM struct { } func (c *aesCipher) NewGCM(nonceSize int) (cipher.AEAD, error) { + return c.newGCM(nonceSize, false) +} + +func (c *aesCipher) NewGCMTLS() (cipher.AEAD, error) { + return c.newGCM(gcmStandardNonceSize, true) +} + +func (c *aesCipher) newGCM(nonceSize int, tls bool) (cipher.AEAD, error) { if nonceSize != gcmStandardNonceSize { // Fall back to standard library for GCM with non-standard nonce size. return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) @@ -180,9 +191,17 @@ func (c *aesCipher) NewGCM(nonceSize int) (cipher.AEAD, error) { var aead *C.GO_EVP_AEAD switch len(c.key) * 8 { case 128: - aead = C._goboringcrypto_EVP_aead_aes_128_gcm() + if tls { + aead = C._goboringcrypto_EVP_aead_aes_128_gcm_tls12() + } else { + aead = C._goboringcrypto_EVP_aead_aes_128_gcm() + } case 256: - aead = C._goboringcrypto_EVP_aead_aes_256_gcm() + if tls { + aead = C._goboringcrypto_EVP_aead_aes_256_gcm_tls12() + } else { + aead = C._goboringcrypto_EVP_aead_aes_256_gcm() + } default: // Fall back to standard library for GCM with non-standard key size. return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) |