mirror of
https://github.com/slackhq/nebula.git
synced 2025-11-09 00:23:58 +01:00
e0553822b0
* Use NewGCMTLS (when using experiment boringcrypto) This change only affects builds built using `GOEXPERIMENT=boringcrypto`. When built with this experiment, we use the NewGCMTLS() method exposed by goboring, which validates that the nonce is strictly monotonically increasing. This is the TLS 1.2 specification for nonce generation (which also matches the method used by the Noise Protocol) - https://github.com/golang/go/blob/go1.19/src/crypto/tls/cipher_suites.go#L520-L522 - https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L235-L237 - https://github.com/golang/go/blob/go1.19/src/crypto/internal/boring/aes.go#L250 -ae223d6138/include/openssl/aead.h (L379-L381)-ae223d6138/crypto/fipsmodule/cipher/e_aes.c (L1082-L1093)* need to lock around EncryptDanger in SendVia * fix link to test vector
16 lines
399 B
Go
16 lines
399 B
Go
//go:build !boringcrypto
|
|
// +build !boringcrypto
|
|
|
|
package noiseutil
|
|
|
|
import (
|
|
// NOTE: We have to force these imports here or boring_test.go fails to
|
|
// compile correctly. This seems to be a Go bug:
|
|
//
|
|
// $ GOEXPERIMENT=boringcrypto go test ./noiseutil
|
|
// # github.com/slackhq/nebula/noiseutil
|
|
// boring_test.go:10:2: cannot find package
|
|
|
|
_ "github.com/stretchr/testify/assert"
|
|
)
|