From 4004b22fe502d9d87dc4dc7630b94900356945da Mon Sep 17 00:00:00 2001 From: David Anderson Date: Mon, 25 Oct 2021 16:44:22 -0700 Subject: [PATCH] control/noise: stop using poly1305 package constants. Signed-off-by: David Anderson --- control/noise/conn.go | 5 ++--- control/noise/handshake.go | 5 ++--- control/noise/handshake_test.go | 2 +- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/control/noise/conn.go b/control/noise/conn.go index 6deda2ea4..334253474 100644 --- a/control/noise/conn.go +++ b/control/noise/conn.go @@ -19,7 +19,6 @@ import ( "golang.org/x/crypto/blake2s" chp "golang.org/x/crypto/chacha20poly1305" - "golang.org/x/crypto/poly1305" "tailscale.com/types/key" ) @@ -32,7 +31,7 @@ const ( maxCiphertextSize = maxMessageSize - headerLen // maxPlaintextSize is the maximum amount of plaintext bytes that // one protocol frame can carry, after encryption and framing. - maxPlaintextSize = maxCiphertextSize - poly1305.TagSize + maxPlaintextSize = maxCiphertextSize - chp.Overhead ) // A Conn is a secured Noise connection. It implements the net.Conn @@ -157,7 +156,7 @@ func (c *Conn) encryptLocked(plaintext []byte) ([]byte, error) { return nil, errCipherExhausted{} } - setHeader(c.tx.buf[:headerLen], protocolVersion, msgTypeRecord, len(plaintext)+poly1305.TagSize) + setHeader(c.tx.buf[:headerLen], protocolVersion, msgTypeRecord, len(plaintext)+chp.Overhead) ret := c.tx.cipher.Seal(c.tx.buf[:headerLen], c.tx.nonce[:], plaintext, nil) // Safe to increment the nonce here, because we checked for nonce diff --git a/control/noise/handshake.go b/control/noise/handshake.go index b8c9a5df6..5f49b048b 100644 --- a/control/noise/handshake.go +++ b/control/noise/handshake.go @@ -19,7 +19,6 @@ import ( chp "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/curve25519" "golang.org/x/crypto/hkdf" - "golang.org/x/crypto/poly1305" "tailscale.com/types/key" ) @@ -339,7 +338,7 @@ func (s *symmetricState) MixDH(priv key.MachinePrivate, pub key.MachinePublic) ( // mixes the ciphertext into s.h, and returns the ciphertext. func (s *symmetricState) EncryptAndHash(cipher *singleUseCHP, ciphertext, plaintext []byte) { s.checkFinished() - if len(ciphertext) != len(plaintext)+poly1305.TagSize { + if len(ciphertext) != len(plaintext)+chp.Overhead { panic("ciphertext is wrong size for given plaintext") } ret := cipher.Seal(ciphertext[:0], plaintext, s.h[:]) @@ -352,7 +351,7 @@ func (s *symmetricState) EncryptAndHash(cipher *singleUseCHP, ciphertext, plaint // s.h. func (s *symmetricState) DecryptAndHash(cipher *singleUseCHP, plaintext, ciphertext []byte) error { s.checkFinished() - if len(ciphertext) != len(plaintext)+poly1305.TagSize { + if len(ciphertext) != len(plaintext)+chp.Overhead { panic("plaintext is wrong size for given ciphertext") } if _, err := cipher.Open(plaintext[:0], ciphertext, s.h[:]); err != nil { diff --git a/control/noise/handshake_test.go b/control/noise/handshake_test.go index c60f48d89..108b60f56 100644 --- a/control/noise/handshake_test.go +++ b/control/noise/handshake_test.go @@ -115,7 +115,7 @@ func TestNoReuse(t *testing.T) { hashes[client.HandshakeHash()] = true // Sending 14 bytes turns into 32 bytes on the wire (+16 for - // the poly1305 tag, +2 length header) + // the chacha20poly1305 overhead, +2 length header) if _, err := io.WriteString(client, strings.Repeat("a", 14)); err != nil { t.Fatalf("client>server write failed: %v", err) }