mirror of
https://github.com/slackhq/nebula.git
synced 2026-07-02 03:20:29 +02:00
cleanup
This commit is contained in:
@@ -58,9 +58,9 @@ jobs:
|
|||||||
e2e-cmd: make e2evv
|
e2e-cmd: make e2evv
|
||||||
- name: linux-boringcrypto
|
- name: linux-boringcrypto
|
||||||
os: ubuntu-latest
|
os: ubuntu-latest
|
||||||
build-cmd: make bin-boringcrypto
|
build-cmd: make boringcrypto
|
||||||
test-cmd: make test-boringcrypto
|
test-cmd: make boringcrypto test
|
||||||
e2e-cmd: make e2e GOEXPERIMENT=boringcrypto CGO_ENABLED=1 TEST_ENV="TEST_LOGS=1" TEST_FLAGS="-v -ldflags -checklinkname=0"
|
e2e-cmd: make boringcrypto e2evv
|
||||||
- name: linux-fips140
|
- name: linux-fips140
|
||||||
os: ubuntu-latest
|
os: ubuntu-latest
|
||||||
build-cmd: make fips140
|
build-cmd: make fips140
|
||||||
|
|||||||
@@ -287,6 +287,20 @@ ifeq ($(words $(MAKECMDGOALS)),1)
|
|||||||
@$(MAKE) fips140 ${.DEFAULT_GOAL} --no-print-directory
|
@$(MAKE) fips140 ${.DEFAULT_GOAL} --no-print-directory
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# Useful to chain together, like:
|
||||||
|
# - make boringcrypto e2evv
|
||||||
|
# - make boringcrypto smoke-docker
|
||||||
|
# Use `release-boringcrypto` or `bin-boringcrypto` to build release binaries
|
||||||
|
boringcrypto:
|
||||||
|
@echo > $(NULL_FILE)
|
||||||
|
$(eval GOENV += GOEXPERIMENT=boringcrypto CGO_ENABLED=1)
|
||||||
|
$(eval LDFLAGS += -checklinkname=0)
|
||||||
|
$(eval TEST_FLAGS += -ldflags -checklinkname=0)
|
||||||
|
$(eval TEST_ENV += $(GOENV))
|
||||||
|
ifeq ($(words $(MAKECMDGOALS)),1)
|
||||||
|
@$(MAKE) boringcrypto ${.DEFAULT_GOAL} --no-print-directory
|
||||||
|
endif
|
||||||
|
|
||||||
bin-docker: bin build/linux-amd64/nebula build/linux-amd64/nebula-cert
|
bin-docker: bin build/linux-amd64/nebula build/linux-amd64/nebula-cert
|
||||||
|
|
||||||
smoke-docker: bin-docker
|
smoke-docker: bin-docker
|
||||||
|
|||||||
@@ -29,6 +29,9 @@ type CipherState interface {
|
|||||||
// NewCipherState wraps the post-handshake noise.CipherState in the per-cipher type that matches cipherFunc.
|
// NewCipherState wraps the post-handshake noise.CipherState in the per-cipher type that matches cipherFunc.
|
||||||
// cipherFunc must be the same cipher used to build the noise CipherSuite that produced s.
|
// cipherFunc must be the same cipher used to build the noise CipherSuite that produced s.
|
||||||
func NewCipherState(s *noise.CipherState, cipherFunc noise.CipherFunc) CipherState {
|
func NewCipherState(s *noise.CipherState, cipherFunc noise.CipherFunc) CipherState {
|
||||||
|
if cs, ok := s.Cipher().(CipherState); ok {
|
||||||
|
return cs
|
||||||
|
}
|
||||||
switch cipherFunc.CipherName() {
|
switch cipherFunc.CipherName() {
|
||||||
case CipherAESGCM.CipherName():
|
case CipherAESGCM.CipherName():
|
||||||
return NewCipherStateAESGCM(s)
|
return NewCipherStateAESGCM(s)
|
||||||
|
|||||||
@@ -34,12 +34,12 @@ func (c cipherFn) Cipher(k [32]byte) noise.Cipher { return c.fn(k) }
|
|||||||
func (c cipherFn) CipherName() string { return c.name }
|
func (c cipherFn) CipherName() string { return c.name }
|
||||||
|
|
||||||
// CipherAESGCM is the AES256-GCM AEAD cipher (using aeadAESGCM when fips140 is enabled)
|
// CipherAESGCM is the AES256-GCM AEAD cipher (using aeadAESGCM when fips140 is enabled)
|
||||||
var CipherAESGCM noise.CipherFunc = cipherFn{cipherAESGCM, "AESGCM"}
|
var CipherAESGCM noise.CipherFunc = cipherFn{cipherAESGCMFIPS140, "AESGCM"}
|
||||||
|
|
||||||
// tls.aeadAESGCM uses a 4 byte static prefix and an 8 byte nonce
|
// tls.aeadAESGCM uses a 4 byte static prefix and an 8 byte nonce
|
||||||
var emptyPrefix = []byte{0, 0, 0, 0}
|
var emptyPrefix = []byte{0, 0, 0, 0}
|
||||||
|
|
||||||
func cipherAESGCM(k [32]byte) noise.Cipher {
|
func cipherAESGCMFIPS140(k [32]byte) noise.Cipher {
|
||||||
gcm := aeadAESGCM(k[:], emptyPrefix)
|
gcm := aeadAESGCM(k[:], emptyPrefix)
|
||||||
return aeadCipher{
|
return aeadCipher{
|
||||||
gcm,
|
gcm,
|
||||||
|
|||||||
Reference in New Issue
Block a user