From 05af55b0c9fd5185fbef87030096dac6b179f20b Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Mon, 10 May 2021 17:04:59 -0700 Subject: [PATCH] use a pre-generated test vectors to test hkdfExpandLabel The only reason we were using qtls.HkdfExpandLabel was to test our own implementation of HKDF-Expand-Label. By using a pre-generated test vector, we won't have to expose this function from qtls any more. --- internal/handshake/hkdf_test.go | 22 ++++------------------ internal/qtls/go115.go | 7 +------ internal/qtls/go116.go | 5 ----- 3 files changed, 5 insertions(+), 29 deletions(-) diff --git a/internal/handshake/hkdf_test.go b/internal/handshake/hkdf_test.go index ca37d2091..16154199d 100644 --- a/internal/handshake/hkdf_test.go +++ b/internal/handshake/hkdf_test.go @@ -2,30 +2,16 @@ package handshake import ( "crypto" - "crypto/rand" - mrand "math/rand" - - "github.com/lucas-clemente/quic-go/internal/qtls" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) var _ = Describe("Initial AEAD using AES-GCM", func() { + // Result generated by running in qtls: + // cipherSuiteTLS13ByID(TLS_AES_128_GCM_SHA256).expandLabel([]byte("secret"), []byte("context"), "label", 42) It("gets the same results as qtls", func() { - for i := 0; i < 20; i++ { - secret := make([]byte, 32) - rand.Read(secret) - context := make([]byte, mrand.Intn(100)) - rand.Read(context) - labelB := make([]byte, mrand.Intn(100)) - rand.Read(labelB) - label := string(labelB) - length := mrand.Intn(100) - - expanded := hkdfExpandLabel(crypto.SHA256, secret, context, label, length) - expandedQTLS := qtls.HkdfExpandLabel(crypto.SHA256, secret, context, label, length) - Expect(expanded).To(Equal(expandedQTLS)) - } + expanded := hkdfExpandLabel(crypto.SHA256, []byte("secret"), []byte("context"), "label", 42) + Expect(expanded).To(Equal([]byte{0x78, 0x87, 0x6a, 0xb5, 0x84, 0xa2, 0x26, 0xb7, 0x8, 0x5a, 0x7b, 0x3a, 0x4c, 0xbb, 0x1e, 0xbc, 0x2f, 0x9b, 0x67, 0xd0, 0x6a, 0xa2, 0x24, 0xb4, 0x7d, 0x29, 0x3c, 0x7a, 0xce, 0xc7, 0xc3, 0x74, 0xcd, 0x59, 0x7a, 0xa8, 0x21, 0x5e, 0xe7, 0xca, 0x1, 0xda})) }) }) diff --git a/internal/qtls/go115.go b/internal/qtls/go115.go index bd11d0175..6f9d1ccb2 100644 --- a/internal/qtls/go115.go +++ b/internal/qtls/go115.go @@ -10,7 +10,7 @@ import ( "net" "unsafe" - qtls "github.com/marten-seemann/qtls-go1-15" + "github.com/marten-seemann/qtls-go1-15" ) type ( @@ -63,11 +63,6 @@ func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte { return qtls.HkdfExtract(hash, newSecret, currentSecret) } -// HkdfExpandLabel HKDF expands a label -func HkdfExpandLabel(hash crypto.Hash, secret, hashValue []byte, label string, L int) []byte { - return qtls.HkdfExpandLabel(hash, secret, hashValue, label, L) -} - // AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { return qtls.AEADAESGCMTLS13(key, fixedNonce) diff --git a/internal/qtls/go116.go b/internal/qtls/go116.go index 5e64a6fb6..c162b3069 100644 --- a/internal/qtls/go116.go +++ b/internal/qtls/go116.go @@ -62,11 +62,6 @@ func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte { return qtls.HkdfExtract(hash, newSecret, currentSecret) } -// HkdfExpandLabel HKDF expands a label -func HkdfExpandLabel(hash crypto.Hash, secret, hashValue []byte, label string, L int) []byte { - return qtls.HkdfExpandLabel(hash, secret, hashValue, label, L) -} - // AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { return qtls.AEADAESGCMTLS13(key, fixedNonce)