route/vendor/github.com/lucas-clemente/quic-go/internal/crypto/aesgcm_aead.go

package crypto

import (
	"crypto/aes"
	"crypto/cipher"
	"encoding/binary"
	"errors"

	"github.com/lucas-clemente/quic-go/internal/protocol"
)

type aeadAESGCM struct {
	otherIV   []byte
	myIV      []byte
	encrypter cipher.AEAD
	decrypter cipher.AEAD
}

var _ AEAD = &aeadAESGCM{}

const ivLen = 12

// NewAEADAESGCM creates a AEAD using AES-GCM
func NewAEADAESGCM(otherKey []byte, myKey []byte, otherIV []byte, myIV []byte) (AEAD, error) {
	// the IVs need to be at least 8 bytes long, otherwise we can't compute the nonce
	if len(otherIV) != ivLen || len(myIV) != ivLen {
		return nil, errors.New("AES-GCM: expected 12 byte IVs")
	}

	encrypterCipher, err := aes.NewCipher(myKey)
	if err != nil {
		return nil, err
	}
	encrypter, err := cipher.NewGCM(encrypterCipher)
	if err != nil {
		return nil, err
	}
	decrypterCipher, err := aes.NewCipher(otherKey)
	if err != nil {
		return nil, err
	}
	decrypter, err := cipher.NewGCM(decrypterCipher)
	if err != nil {
		return nil, err
	}

	return &aeadAESGCM{
		otherIV:   otherIV,
		myIV:      myIV,
		encrypter: encrypter,
		decrypter: decrypter,
	}, nil
}

func (aead *aeadAESGCM) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) {
	return aead.decrypter.Open(dst, aead.makeNonce(aead.otherIV, packetNumber), src, associatedData)
}

func (aead *aeadAESGCM) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
	return aead.encrypter.Seal(dst, aead.makeNonce(aead.myIV, packetNumber), src, associatedData)
}

func (aead *aeadAESGCM) makeNonce(iv []byte, packetNumber protocol.PacketNumber) []byte {
	nonce := make([]byte, ivLen)
	binary.BigEndian.PutUint64(nonce[ivLen-8:], uint64(packetNumber))
	for i := 0; i < ivLen; i++ {
		nonce[i] ^= iv[i]
	}
	return nonce
}

func (aead *aeadAESGCM) Overhead() int {
	return aead.encrypter.Overhead()
}