Delete AESGCMInsecureIV inlining cipher.AEAD usage

This is more readable, and avoids duplicate testing. PiperOrigin-RevId: 690592032 Change-Id: Id76b081105155937587ca9c086ab0755c5902a31
tink-crypto · Oct 28, 2024 · 3cf2455 · 3cf2455
1 parent 1e587f0
commit 3cf2455
Show file tree

Hide file tree

Showing 7 changed files with 214 additions and 516 deletions.
diff --git a/aead/subtle/aes_gcm.go b/aead/subtle/aes_gcm.go
@@ -15,6 +15,7 @@
 package subtle
 
 import (
+	"crypto/cipher"
 	"fmt"
 
 	internalaead "github.com/tink-crypto/tink-go/v2/internal/aead"
@@ -27,11 +28,13 @@ const (
 	AESGCMIVSize = 12
 	// AESGCMTagSize is the acceptable tag size defined by RFC 5116.
 	AESGCMTagSize = 16
+
+	maxIntPlaintextSize = maxInt - AESGCMIVSize - AESGCMTagSize
 )
 
 // AESGCM is an implementation of AEAD interface.
 type AESGCM struct {
-	aesGCMInsecureIV *internalaead.AESGCMInsecureIV
+	cipher cipher.AEAD
 }
 
 // Assert that AESGCM implements the AEAD interface.
@@ -40,8 +43,11 @@ var _ tink.AEAD = (*AESGCM)(nil)
 // NewAESGCM returns an AESGCM instance, where key is the AES key with length
 // 16 bytes (AES-128) or 32 bytes (AES-256).
 func NewAESGCM(key []byte) (*AESGCM, error) {
-	aesGCMInsecureIV, err := internalaead.NewAESGCMInsecureIV(key, true /*=prependIV*/)
-	return &AESGCM{aesGCMInsecureIV}, err
+	c, err := internalaead.NewAESGCMCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	return &AESGCM{cipher: c}, nil
 }
 
 // Encrypt encrypts plaintext with associatedData. The returned ciphertext
@@ -50,15 +56,20 @@ func NewAESGCM(key []byte) (*AESGCM, error) {
 // Note: The crypto library's AES-GCM implementation always returns the
 // ciphertext with an AESGCMTagSize (16-byte) tag.
 func (a *AESGCM) Encrypt(plaintext, associatedData []byte) ([]byte, error) {
+	if err := internalaead.CheckPlaintextSize(uint64(len(plaintext))); err != nil {
+		return nil, err
+	}
 	iv := random.GetRandomBytes(AESGCMIVSize)
-	return a.aesGCMInsecureIV.Encrypt(iv, plaintext, associatedData)
+	dst := make([]byte, 0, len(iv)+len(plaintext)+a.cipher.Overhead())
+	dst = append(dst, iv...)
+	return a.cipher.Seal(dst, iv, plaintext, associatedData), nil
 }
 
 // Decrypt decrypts ciphertext with associatedData.
 func (a *AESGCM) Decrypt(ciphertext, associatedData []byte) ([]byte, error) {
-	if len(ciphertext) < AESGCMIVSize {
+	if len(ciphertext) < AESGCMIVSize+AESGCMTagSize {
 		return nil, fmt.Errorf("ciphertext with size %d is too short", len(ciphertext))
 	}
 	iv := ciphertext[:AESGCMIVSize]
-	return a.aesGCMInsecureIV.Decrypt(iv, ciphertext, associatedData)
+	return a.cipher.Open(nil, iv, ciphertext[AESGCMIVSize:], associatedData)
 }
diff --git a/aead/subtle/aes_gcm_test.go b/aead/subtle/aes_gcm_test.go
@@ -47,7 +47,7 @@ func TestAESGCMTagLength(t *testing.T) {
 		}
 		actualTagSize := len(ct) - subtle.AESGCMIVSize - len(pt)
 		if actualTagSize != subtle.AESGCMTagSize {
-			t.Errorf("tag size is not 128 bit, it is %d bit", actualTagSize*8)
+			t.Errorf("tag size is not 16, it is %d", actualTagSize)
 		}
 	}
 }

diff --git a/hybrid/internal/hpke/aes_gcm_aead.go b/hybrid/internal/hpke/aes_gcm_aead.go
@@ -46,32 +46,35 @@ func (a *aesGCMAEAD) seal(key, nonce, plaintext, associatedData []byte) ([]byte,
 	if len(key) != a.keyLen {
 		return nil, fmt.Errorf("unexpected key length: got %d, want %d", len(key), a.keyLen)
 	}
-	i, err := internalaead.NewAESGCMInsecureIV(key, false /*=prependIV*/)
+	if len(nonce) != a.nonceLength() {
+		return nil, fmt.Errorf("unexpected nonce length: got %d, want %d", len(nonce), a.nonceLength())
+	}
+	if err := internalaead.CheckPlaintextSize(uint64(len(plaintext))); err != nil {
+		return nil, err
+	}
+	c, err := internalaead.NewAESGCMCipher(key)
 	if err != nil {
-		return nil, fmt.Errorf("NewAESGCMInsecureIV: %v", err)
+		return nil, err
 	}
-	return i.Encrypt(nonce, plaintext, associatedData)
+	return c.Seal(nil, nonce, plaintext, associatedData), nil
 }
 
 func (a *aesGCMAEAD) open(key, nonce, ciphertext, associatedData []byte) ([]byte, error) {
 	if len(key) != a.keyLen {
 		return nil, fmt.Errorf("unexpected key length: got %d, want %d", len(key), a.keyLen)
 	}
-	i, err := internalaead.NewAESGCMInsecureIV(key, false /*=prependIV*/)
+	if len(nonce) != a.nonceLength() {
+		return nil, fmt.Errorf("unexpected nonce length: got %d, want %d", len(nonce), a.nonceLength())
+	}
+	c, err := internalaead.NewAESGCMCipher(key)
 	if err != nil {
-		return nil, fmt.Errorf("NewAESGCMInsecureIV: %v", err)
+		return nil, err
 	}
-	return i.Decrypt(nonce, ciphertext, associatedData)
+	return c.Open(nil, nonce, ciphertext, associatedData)
 }
 
-func (a *aesGCMAEAD) id() uint16 {
-	return a.aeadID
-}
+func (a *aesGCMAEAD) id() uint16 { return a.aeadID }
 
-func (a *aesGCMAEAD) keyLength() int {
-	return a.keyLen
-}
+func (a *aesGCMAEAD) keyLength() int { return a.keyLen }
 
-func (a *aesGCMAEAD) nonceLength() int {
-	return internalaead.AESGCMIVSize
-}
+func (a *aesGCMAEAD) nonceLength() int { return internalaead.AESGCMIVSize }
diff --git a/internal/aead/aes_gcm_insecure_iv.go b/internal/aead/aes_gcm_insecure_iv.go