control/noise: stop using poly1305 package constants.

Signed-off-by: David Anderson <danderson@tailscale.com>
3 years ago · 4004b22fe5
parent 293431aaea
commit 4004b22fe5
3 changed files with 5 additions and 7 deletions
--- a/control/noise/conn.go
+++ b/control/noise/conn.go
@ -19,7 +19,6 @@ import (

 	"golang.org/x/crypto/blake2s"
 	chp "golang.org/x/crypto/chacha20poly1305"
-	"golang.org/x/crypto/poly1305"
 	"tailscale.com/types/key"
 )

@ -32,7 +31,7 @@ const (
 	maxCiphertextSize = maxMessageSize - headerLen
 	// maxPlaintextSize is the maximum amount of plaintext bytes that
 	// one protocol frame can carry, after encryption and framing.
-	maxPlaintextSize = maxCiphertextSize - poly1305.TagSize
+	maxPlaintextSize = maxCiphertextSize - chp.Overhead
 )

 // A Conn is a secured Noise connection. It implements the net.Conn
@ -157,7 +156,7 @@ func (c *Conn) encryptLocked(plaintext []byte) ([]byte, error) {
 		return nil, errCipherExhausted{}
 	}

-	setHeader(c.tx.buf[:headerLen], protocolVersion, msgTypeRecord, len(plaintext)+poly1305.TagSize)
+	setHeader(c.tx.buf[:headerLen], protocolVersion, msgTypeRecord, len(plaintext)+chp.Overhead)
 	ret := c.tx.cipher.Seal(c.tx.buf[:headerLen], c.tx.nonce[:], plaintext, nil)

 	// Safe to increment the nonce here, because we checked for nonce
--- a/control/noise/handshake.go
+++ b/control/noise/handshake.go
@ -19,7 +19,6 @@ import (
 	chp "golang.org/x/crypto/chacha20poly1305"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/hkdf"
-	"golang.org/x/crypto/poly1305"
 	"tailscale.com/types/key"
 )

@ -339,7 +338,7 @@ func (s *symmetricState) MixDH(priv key.MachinePrivate, pub key.MachinePublic) (
 // mixes the ciphertext into s.h, and returns the ciphertext.
 func (s *symmetricState) EncryptAndHash(cipher *singleUseCHP, ciphertext, plaintext []byte) {
 	s.checkFinished()
-	if len(ciphertext) != len(plaintext)+poly1305.TagSize {
+	if len(ciphertext) != len(plaintext)+chp.Overhead {
 		panic("ciphertext is wrong size for given plaintext")
 	}
 	ret := cipher.Seal(ciphertext[:0], plaintext, s.h[:])
@ -352,7 +351,7 @@ func (s *symmetricState) EncryptAndHash(cipher *singleUseCHP, ciphertext, plaint
 // s.h.
 func (s *symmetricState) DecryptAndHash(cipher *singleUseCHP, plaintext, ciphertext []byte) error {
 	s.checkFinished()
-	if len(ciphertext) != len(plaintext)+poly1305.TagSize {
+	if len(ciphertext) != len(plaintext)+chp.Overhead {
 		panic("plaintext is wrong size for given ciphertext")
 	}
 	if _, err := cipher.Open(plaintext[:0], ciphertext, s.h[:]); err != nil {
--- a/control/noise/handshake_test.go
+++ b/control/noise/handshake_test.go
@ -115,7 +115,7 @@ func TestNoReuse(t *testing.T) {
 		hashes[client.HandshakeHash()] = true

 		// Sending 14 bytes turns into 32 bytes on the wire (+16 for
-		// the poly1305 tag, +2 length header)
+		// the chacha20poly1305 overhead, +2 length header)
 		if _, err := io.WriteString(client, strings.Repeat("a", 14)); err != nil {
 			t.Fatalf("client>server write failed: %v", err)
 		}