| Age | Commit message (Collapse) | Author |
|---|
|
The existing code uses cbcMinPaddingSize incorrectly. That value is
also used in the first parameter of the max call, meaning it will
never be used.
Fixes golang/go#78062
Change-Id: I4243ab668168313919df33d78c6965e9eff0e934
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/754780
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
|
|
Unsupported algoritms are silently ignored and not negotiated, or
rejected
Fixes golang/go#75061
Change-Id: I08d50d10a97c08e78aedead89ca61beceff88918
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/698795
Reviewed-by: Mio Mio <miomio0086@gmail.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes golang/go#58523
Fixes golang/go#46638
Change-Id: Ic64bd2fdd6e9ec96acac3ed4be842e2fbb15231d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/538235
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes golang/go#61537
Change-Id: If3478121e3ae445391e3faeceeb889d75e9e3214
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/531935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Change-Id: I91caf3bda3dfd00c050f5ebf23c2a35a04c5762b
GitHub-Last-Rev: 6e71340e7960b5b6f71f7b96eeeaf8dfb268e306
GitHub-Pull-Request: golang/crypto#127
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/223518
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
|
|
pkgsite automatically links /RFC \d+/ to the mentioned RFC. Insert a
bunch of spaces into doc-comments for that to match.
Change-Id: I01834d7573428563f21c37e43316442e148dd8c4
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/442055
Reviewed-by: Joedian Reid <joedian@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
For golang/go#45557
Change-Id: I447530cc66896aef7a8d528ccb8d095b80e3cf47
GitHub-Last-Rev: 5f385ff46487ac318bd1147cdbbd26bb0ffd0426
GitHub-Pull-Request: golang/crypto#230
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/430797
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Meng Zhuo <mzh@golangcn.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Gofmt to update doc comments to the new formatting.
For golang/go#51082.
Change-Id: I076031b6613691eefbb0f21739366e3fd2011ec9
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/399356
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
When reading GCM and ChaChaPoly1305 packets, don't make assumptions
about the size of the enciphered plaintext. This fixes two panics
caused by standards non-compliant malformed packets.
Thanks to Rod Hynes, Psiphon Inc. for reporting this issue.
Fixes golang/go#49932
Fixes CVE-2021-43565
Change-Id: I660cff39d197e0d04ec44d11d792b22d954df2ef
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1262659
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/368814
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
Fixes golang/go#36646
Change-Id: Ic19dd2171c84472fc9d3f44803224b87fc5c0417
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/345649
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
The original referenced paper is no longer available. I contacted the author, and this is the reference he supplied.
Change-Id: Ib5ad88932f2bfc12ff62639f7fb7c3ee568610d6
GitHub-Last-Rev: 2cf7d15c63a114952c90a018ea5afe085965202e
GitHub-Pull-Request: golang/crypto#132
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/228638
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
const KeySize = 32
const NonceSize = 12
func HChaCha20(key, nonce []byte) ([]byte, error)
type Cipher struct {}
func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error)
func (s *Cipher) XORKeyStream(dst, src []byte)
Small performance hit in chacha20poly1305, probably due to the loss
of the Advance API, which we might consider adding later. No new
allocations, thanks to the mid-stack inliner.
name old time/op new time/op delta
Chacha20Poly1305/Open-64-8 1.60µs ± 0% 1.68µs ± 1% +4.94% (p=0.000 n=9+10)
Chacha20Poly1305/Seal-64-8 1.56µs ± 0% 1.64µs ± 1% +5.21% (p=0.000 n=8+10)
Chacha20Poly1305/Open-64-X-8 2.10µs ± 1% 2.22µs ± 1% +5.81% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-64-X-8 2.07µs ± 1% 2.17µs ± 0% +4.88% (p=0.000 n=10+10)
Chacha20Poly1305/Open-1350-8 15.4µs ± 0% 15.7µs ± 1% +1.65% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-1350-8 15.6µs ± 2% 15.9µs ± 1% +1.58% (p=0.028 n=10+9)
Chacha20Poly1305/Open-1350-X-8 16.0µs ± 1% 16.3µs ± 2% +2.00% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-1350-X-8 15.9µs ± 0% 16.3µs ± 1% +1.91% (p=0.000 n=10+8)
Chacha20Poly1305/Open-8192-8 85.6µs ± 0% 86.6µs ± 1% +1.21% (p=0.000 n=10+10)
Chacha20Poly1305/Seal-8192-8 85.7µs ± 0% 86.3µs ± 0% +0.68% (p=0.001 n=9+9)
Chacha20Poly1305/Open-8192-X-8 86.4µs ± 1% 87.1µs ± 1% +0.76% (p=0.035 n=10+9)
Chacha20Poly1305/Seal-8192-X-8 86.0µs ± 0% 87.0µs ± 1% +1.14% (p=0.000 n=9+9)
Updates golang/go#24485
Change-Id: I2ec2ef487a03f013049915d9063751c75a78408b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/185980
Reviewed-by: Michael Munday <mike.munday@ibm.com>
|
|
The new name readCipherPacket/writeCipherPacket disambiguates method
calls from packetConn.{read,write}Packet, which has a different
signature, and is called in different layers of the stack.
Change-Id: I02ca83e28f74f0a347a1cde665efdfb78f3f51bb
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/171657
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Doesn't matter because contentKey and lengthKey are the same length,
but we should really be looping over lengthKey here.
Change-Id: Ic7af3c553eb4382239bec1c030e77c7f5baa0662
Reviewed-on: https://go-review.googlesource.com/109735
Run-TryBot: Michael Munday <mike.munday@ibm.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Use the new streaming API added in CL 104856.
Change-Id: I6453a54a9739f20fc4d05f476c6e26f720ccd354
Reviewed-on: https://go-review.googlesource.com/108656
Run-TryBot: Michael Munday <mike.munday@ibm.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: I6cc94ae8dbc65f394550551eaad88594d22eda42
Reviewed-on: https://go-review.googlesource.com/89095
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Incomplete reads leave (part of) the verification tag zeroed, leading
to a failing MAC, and this is more likely to happen with larger
packets. The test added in the previous commit should stop this from
regressing.
Reinstate chacha20-poly1305 as a default cipher and prefer it over AES
CTR flavors.
Fixes golang/go#23510
Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6
Reviewed-on: https://go-review.googlesource.com/89075
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Change-Id: I0e6ac0a381ffa53650304f0bea2ba79c3cf1d8c2
Reviewed-on: https://go-review.googlesource.com/87196
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
chacha20-poly1305 is an AEAD which performs well without hardware
support. It is recommended as a replacement for the aging arcfour128
and arcfour256 ciphers.
Fixes golang/go#9489
Change-Id: I5d5a4620a435e65997f0ba7e683a34c29d9a396b
Reviewed-on: https://go-review.googlesource.com/87077
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
None are "wrong" per se, but there are a lot of good suggestions and
in one case a docstring that was not present in godoc due to the
presence of an extra newline.
Changed "Id" in struct properties to "ID" in some non-exported
structs. Removed a trailing period from some error messages; I believe
the exact contents of error strings are not covered by the Go
compatibility promise.
Change-Id: I7c620582dc247396f72c52d38c909ccc0ec87b83
Reviewed-on: https://go-review.googlesource.com/80145
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
The macKey parameter of newGCMCipher is not used inside the function.
Remove it and adjust the only caller accordingly.
Change-Id: Ieb9c70d7f51825d734fdeedbc8962f0178fc0131
Reviewed-on: https://go-review.googlesource.com/65890
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
|
|
The writing side would generate a maximum of 19 bytes of padding, so
the reading side erroneously checked this. However, RFC 5647 specifies
255 as the maximum amount of padding for AES-GCM.
Fixes golang/go#18953.
Change-Id: I416b0023c6e4cbd91a6a1b4214a03f1663b77248
Reviewed-on: https://go-review.googlesource.com/47590
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Fixes golang/go#17676
Change-Id: I96c51431b174898a6bc0f6bec7f4561d5d64819f
Reviewed-on: https://go-review.googlesource.com/35513
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
3des-cbc is an insecure cipher. As such, you must explictly add it to
Config in order to use it.
Change-Id: Ifd15cde46a9908eefef1c75bae7e97b05767361d
Reviewed-on: https://go-review.googlesource.com/22770
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
|
|
Cryptographic flaws are so hard to kill it can only be a matter of time
before they start crying “brains!” and holding their arms out straight.
Fixes golang/go#13776.
Change-Id: Iee1c19dbe823eb8728e283dd11083638e41f7189
Reviewed-on: https://go-review.googlesource.com/18482
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
This deprives an attacker of feedback for guesses against the packet
length given by the connection dropping.
Change-Id: I14939a82e5243a86d192bb18be93d45589227147
Reviewed-on: https://go-review.googlesource.com/9908
Reviewed-by: Adam Langley <agl@golang.org>
|
|
The aes128cbc cipher is commented out in cipher.go on purpose, anyone wants to
use the cipher needs to uncomment line 119 in cipher.go
Fixes #4274.
Change-Id: I4bbc88ab884bda821c5f155dcf495bb7235c8605
Reviewed-on: https://go-review.googlesource.com/8396
Reviewed-by: Adam Langley <agl@golang.org>
|
|
LGTM=hanwen
R=agl, hanwen
CC=golang-codereviews
https://golang.org/cl/86600044
|
|
See https://groups.google.com/d/msg/Golang-nuts/AoVxQ4bB5XQ/i8kpMxdbVlEJ
R=hanwen
CC=golang-codereviews
https://golang.org/cl/86190043
|
|
Implement elliptic-curve Diffie-Hellman, including host key signature
verification.
Moves host key cryptographic verification to ClientConn.handshake(), so
RSA host keys are also verified.
Fixes golang/go#6158.
R=dave, agl
CC=golang-dev
https://golang.org/cl/13021045
|
|
Fixes golang/go#4285.
Adding a new cipher that is supported by the remote end, but not supported by our client causes that cipher to be considered a valid candidate. This fails later in setupKeys when there is no cipherModes configuration.
In summary, unsupported ciphers cannot be willed into existence by adding them to the client config. This change enforces this.
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6780047
|
|
These are the cosmetic cleanups from the bits of code that I
rereviewed.
1) stringLength now takes a int; the length of the string. Too many
callers were allocating with stringLength([]byte(s)) and
stringLength only needs to call len().
2) agent.go now has sendAndReceive to remove logic that was
duplicated.
3) We now reject negative DH values
4) We now reject empty packets rather than crashing.
R=dave, jonathan.mark.pittman
CC=golang-dev
https://golang.org/cl/6061052
|
|
Manual edits to README.
Moved from main Go repository, deleted Makefiles, ran gofix -r go1rename.
Tested with: go test code.google.com/p/go.crypto/...
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5564059
|
