Revert "alts: Reduce ALTS counter overflow length from 5 to 4. (grpc#…

…6699)" (grpc#6746) This reverts commit 7b8d0fd.
dfawley · Oct 24, 2023 · 6e14274 · 6e14274
1 parent 7b8d0fd
commit 6e14274
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 24 deletions.
diff --git a/credentials/alts/internal/conn/aes128gcm.go b/credentials/alts/internal/conn/aes128gcm.go
@@ -28,7 +28,7 @@ import (
 const (
 	// Overflow length n in bytes, never encrypt more than 2^(n*8) frames (in
 	// each direction).
-	overflowLenAES128GCM = 4
+	overflowLenAES128GCM = 5
 )
 
 // aes128gcm is the struct that holds necessary information for ALTS record.

diff --git a/credentials/alts/internal/conn/aes128gcmrekey.go b/credentials/alts/internal/conn/aes128gcmrekey.go
@@ -27,7 +27,7 @@ import (
 const (
 	// Overflow length n in bytes, never encrypt more than 2^(n*8) frames (in
 	// each direction).
-	overflowLenAES128GCMRekey = 4
+	overflowLenAES128GCMRekey = 8
 	nonceLen                  = 12
 	aeadKeyLen                = 16
 	kdfKeyLen                 = 32

diff --git a/credentials/alts/internal/conn/counter_test.go b/credentials/alts/internal/conn/counter_test.go
@@ -52,9 +52,8 @@ func (s) TestCounterSides(t *testing.T) {
 
 func (s) TestCounterInc(t *testing.T) {
 	for _, test := range []struct {
-		counter       []byte
-		want          []byte
-		expectInvalid bool
+		counter []byte
+		want    []byte
 	}{
 		{
 			counter: []byte{0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -73,32 +72,19 @@ func (s) TestCounterInc(t *testing.T) {
 			want:    []byte{0x43, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
 		},
 		{
-			counter: []byte{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-			want:    []byte{0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+			counter: []byte{0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+			want:    []byte{0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
 		},
 		{
-			counter: []byte{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
-			want:    []byte{0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
-		},
-		{
-			counter:       []byte{0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-			want:          []byte{},
-			expectInvalid: true,
-		},
-		{
-			counter:       []byte{0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
-			want:          []byte{},
-			expectInvalid: true,
+			counter: []byte{0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+			want:    []byte{0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
 		},
 	} {
 		c := CounterFromValue(test.counter, overflowLenAES128GCM)
 		c.Inc()
 		value, _ := c.Value()
-		if got, want := c.invalid, test.expectInvalid; got != want {
-			t.Errorf("counter.invalid=%t, want=%t", got, want)
-		}
-		if got, want := value, test.want; !bytes.Equal(got, want) {
-			t.Errorf("counter(%v).Inc() =\n%v, want\n%v", test.counter, got, want)
+		if g, w := value, test.want; !bytes.Equal(g, w) || c.invalid {
+			t.Errorf("counter(%v).Inc() =\n%v, want\n%v", test.counter, g, w)
 		}
 	}
 }