Doesn't matter because contentKey and lengthKey are the same length,
but we should really be looping over lengthKey here.
Change-Id: Ic7af3c553eb4382239bec1c030e77c7f5baa0662
Reviewed-on: https://go-review.googlesource.com/109735
Run-TryBot: Michael Munday <mike.munday@ibm.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Use the new streaming API added in CL 104856.
Change-Id: I6453a54a9739f20fc4d05f476c6e26f720ccd354
Reviewed-on: https://go-review.googlesource.com/108656
Run-TryBot: Michael Munday <mike.munday@ibm.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Incomplete reads leave (part of) the verification tag zeroed, leading
to a failing MAC, and this is more likely to happen with larger
packets. The test added in the previous commit should stop this from
regressing.
Reinstate chacha20-poly1305 as a default cipher and prefer it over AES
CTR flavors.
Fixesgolang/go#23510
Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6
Reviewed-on: https://go-review.googlesource.com/89075
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
chacha20-poly1305 is an AEAD which performs well without hardware
support. It is recommended as a replacement for the aging arcfour128
and arcfour256 ciphers.
Fixesgolang/go#9489
Change-Id: I5d5a4620a435e65997f0ba7e683a34c29d9a396b
Reviewed-on: https://go-review.googlesource.com/87077
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
None are "wrong" per se, but there are a lot of good suggestions and
in one case a docstring that was not present in godoc due to the
presence of an extra newline.
Changed "Id" in struct properties to "ID" in some non-exported
structs. Removed a trailing period from some error messages; I believe
the exact contents of error strings are not covered by the Go
compatibility promise.
Change-Id: I7c620582dc247396f72c52d38c909ccc0ec87b83
Reviewed-on: https://go-review.googlesource.com/80145
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The macKey parameter of newGCMCipher is not used inside the function.
Remove it and adjust the only caller accordingly.
Change-Id: Ieb9c70d7f51825d734fdeedbc8962f0178fc0131
Reviewed-on: https://go-review.googlesource.com/65890
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
The writing side would generate a maximum of 19 bytes of padding, so
the reading side erroneously checked this. However, RFC 5647 specifies
255 as the maximum amount of padding for AES-GCM.
Fixesgolang/go#18953.
Change-Id: I416b0023c6e4cbd91a6a1b4214a03f1663b77248
Reviewed-on: https://go-review.googlesource.com/47590
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
3des-cbc is an insecure cipher. As such, you must explictly add it to
Config in order to use it.
Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d
Reviewed-on: https://go-review.googlesource.com/22770
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Cryptographic flaws are so hard to kill it can only be a matter of time
before they start crying “brains!” and holding their arms out straight.
Fixesgolang/go#13776.
Change-Id: Iee1c19dbe823eb8728e283dd11083638e41f7189
Reviewed-on: https://go-review.googlesource.com/18482
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This deprives an attacker of feedback for guesses against the packet
length given by the connection dropping.
Change-Id: I14939a82e5243a86d192bb18be93d45589227147
Reviewed-on: https://go-review.googlesource.com/9908
Reviewed-by: Adam Langley <agl@golang.org>
The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go
Fixes#4274.
Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>
Fixesgolang/go#4285.
Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.
In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047
These are the cosmetic cleanups from the bits of code that I
rereviewed.
1) stringLength now takes a int; the length of the string. Too many
callers were allocating with stringLength([]byte(s)) and
stringLength only needs to call len().
2) agent.go now has sendAndReceive to remove logic that was
duplicated.
3) We now reject negative DH values
4) We now reject empty packets rather than crashing.
R=dave, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/6061052
Manual edits to README.
Moved from main Go repository, deleted Makefiles, ran gofix -r go1rename.
Tested with: go test code.google.com/p/go.crypto/...
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5564059
Michael Munday
Han-Wen Nienhuys
Kevin Burke
Tobias Klauser
MiLk
Sam Hug
Adam Langley
Nathan(yinian) Hu
Yan Zou
Dave Cheney
Russ Cox