Merge remote-tracking branch 'origin/master' into fips140

2026-05-16 04:47:38 +02:00 · 2026-04-27 14:13:47 -04:00
parent 6fa1ecdc29 1ab1f71dba
commit 2d5d86f24d
117 changed files with 6608 additions and 2221 deletions
--- a/noise.go
+++ b/noise.go
@@ -15,14 +15,12 @@ type endianness interface {
 var noiseEndianness endianness = binary.BigEndian

 type NebulaCipherState struct {
-	c noise.Cipher
-	//k [32]byte
-	//n uint64
+	c cipher.AEAD
 }

 func NewNebulaCipherState(s *noise.CipherState) *NebulaCipherState {
-	return &NebulaCipherState{c: s.Cipher()}
-
+	x := s.Cipher()
+	return &NebulaCipherState{c: x.(cipher.AEAD)}
 }

 type cipherAEADDanger interface {
@@ -40,25 +38,20 @@ type cipherAEADDanger interface {
 //     be re-used by callers to minimize garbage collection.
 func (s *NebulaCipherState) EncryptDanger(out, ad, plaintext []byte, n uint64, nb []byte) ([]byte, error) {
 	if s != nil {
-		switch ce := s.c.(type) {
-		case cipherAEADDanger:
-			return ce.EncryptDanger(out, ad, plaintext, n, nb)
-		default:
-			// TODO: Is this okay now that we have made messageCounter atomic?
-			// Alternative may be to split the counter space into ranges
-			//if n <= s.n {
-			//	return nil, errors.New("CRITICAL: a duplicate counter value was used")
-			//}
-			//s.n = n
-			nb[0] = 0
-			nb[1] = 0
-			nb[2] = 0
-			nb[3] = 0
-			noiseEndianness.PutUint64(nb[4:], n)
-			out = s.c.(cipher.AEAD).Seal(out, nb, plaintext, ad)
-			//l.Debugf("Encryption: outlen: %d, nonce: %d, ad: %s, plainlen %d", len(out), n, ad, len(plaintext))
-			return out, nil
-		}
+		// TODO: Is this okay now that we have made messageCounter atomic?
+		// Alternative may be to split the counter space into ranges
+		//if n <= s.n {
+		//	return nil, errors.New("CRITICAL: a duplicate counter value was used")
+		//}
+		//s.n = n
+		nb[0] = 0
+		nb[1] = 0
+		nb[2] = 0
+		nb[3] = 0
+		noiseEndianness.PutUint64(nb[4:], n)
+		out = s.c.Seal(out, nb, plaintext, ad)
+		//l.Debugf("Encryption: outlen: %d, nonce: %d, ad: %s, plainlen %d", len(out), n, ad, len(plaintext))
+		return out, nil
 	} else {
 		return nil, errors.New("no cipher state available to encrypt")
 	}
@@ -66,17 +59,12 @@ func (s *NebulaCipherState) EncryptDanger(out, ad, plaintext []byte, n uint64, n

 func (s *NebulaCipherState) DecryptDanger(out, ad, ciphertext []byte, n uint64, nb []byte) ([]byte, error) {
 	if s != nil {
-		switch ce := s.c.(type) {
-		case cipherAEADDanger:
-			return ce.DecryptDanger(out, ad, ciphertext, n, nb)
-		default:
-			nb[0] = 0
-			nb[1] = 0
-			nb[2] = 0
-			nb[3] = 0
-			noiseEndianness.PutUint64(nb[4:], n)
-			return s.c.(cipher.AEAD).Open(out, nb, ciphertext, ad)
-		}
+		nb[0] = 0
+		nb[1] = 0
+		nb[2] = 0
+		nb[3] = 0
+		noiseEndianness.PutUint64(nb[4:], n)
+		return s.c.Open(out, nb, ciphertext, ad)
 	} else {
 		return []byte{}, nil
 	}
@@ -84,7 +72,7 @@ func (s *NebulaCipherState) DecryptDanger(out, ad, ciphertext []byte, n uint64,

 func (s *NebulaCipherState) Overhead() int {
 	if s != nil {
-		return s.c.(cipher.AEAD).Overhead()
+		return s.c.Overhead()
 	}
 	return 0
 }