Skip to content

Commit

Permalink
handle unsupported AES-CTR (#221)
Browse files Browse the repository at this point in the history
  • Loading branch information
qmuntal authored Nov 14, 2024
1 parent fd82fff commit 248af73
Showing 1 changed file with 25 additions and 8 deletions.
33 changes: 25 additions & 8 deletions aes.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ type extraModes interface {
NewGCMTLS() (cipher.AEAD, error)
}

var _ extraModes = (*aesCipher)(nil)
var _ extraModes = (*aesWithCTR)(nil)

func NewAESCipher(key []byte) (cipher.Block, error) {
var kind cipherKind
Expand All @@ -38,19 +38,32 @@ func NewAESCipher(key []byte) (cipher.Block, error) {
if err != nil {
return nil, err
}
return &aesCipher{c}, nil
ac := aesCipher{c}
// The SymCrypt provider doesn't support AES-CTR.
// Prove that the provider supports AES-CTR before
// returning an aesWithCTR.
if loadCipher(kind, cipherModeCTR) != nil {
return &aesWithCTR{ac}, nil
}
return &ac, nil
}

// NewGCMTLS returns a GCM cipher specific to TLS
// and should not be used for non-TLS purposes.
func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) {
return c.(*aesCipher).NewGCMTLS()
if c, ok := c.(*aesCipher); ok {
return c.NewGCMTLS()
}
return c.(*aesWithCTR).NewGCMTLS()
}

// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used
// for non-TLS purposes.
func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) {
return c.(*aesCipher).NewGCMTLS13()
if c, ok := c.(*aesCipher); ok {
return c.NewGCMTLS13()
}
return c.(*aesWithCTR).NewGCMTLS13()
}

type aesCipher struct {
Expand Down Expand Up @@ -83,10 +96,6 @@ func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode {
return c.newCBC(iv, cipherOpDecrypt)
}

func (c *aesCipher) NewCTR(iv []byte) cipher.Stream {
return c.newCTR(iv)
}

func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) {
return c.newGCMChecked(nonceSize, tagSize)
}
Expand All @@ -98,3 +107,11 @@ func (c *aesCipher) NewGCMTLS() (cipher.AEAD, error) {
func (c *aesCipher) NewGCMTLS13() (cipher.AEAD, error) {
return c.newGCM(cipherGCMTLS13)
}

type aesWithCTR struct {
aesCipher
}

func (c *aesWithCTR) NewCTR(iv []byte) cipher.Stream {
return c.newCTR(iv)
}

0 comments on commit 248af73

Please sign in to comment.