diff --git a/internal/handshake/crypto_setup_server.go b/internal/handshake/crypto_setup_server.go index ab1a30ba5..8e290a564 100644 --- a/internal/handshake/crypto_setup_server.go +++ b/internal/handshake/crypto_setup_server.go @@ -26,7 +26,6 @@ type cryptoSetupServer struct { connID protocol.ConnectionID remoteAddr net.Addr scfg *ServerConfig - stkGenerator *CookieGenerator diversificationNonce []byte version protocol.VersionNumber @@ -78,18 +77,12 @@ func NewCryptoSetup( paramsChan chan<- TransportParameters, aeadChanged chan<- protocol.EncryptionLevel, ) (CryptoSetup, error) { - stkGenerator, err := NewCookieGenerator() - if err != nil { - return nil, err - } - return &cryptoSetupServer{ connID: connID, remoteAddr: remoteAddr, version: version, supportedVersions: supportedVersions, scfg: scfg, - stkGenerator: stkGenerator, keyDerivation: crypto.DeriveQuicCryptoAESKeys, keyExchange: getEphermalKEX, nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveServer, version), @@ -296,7 +289,7 @@ func (h *cryptoSetupServer) isInchoateCHLO(cryptoData map[Tag][]byte, cert []byt } func (h *cryptoSetupServer) acceptSTK(token []byte) bool { - stk, err := h.stkGenerator.DecodeToken(token) + stk, err := h.scfg.cookieGenerator.DecodeToken(token) if err != nil { utils.Debugf("STK invalid: %s", err.Error()) return false @@ -309,7 +302,7 @@ func (h *cryptoSetupServer) handleInchoateCHLO(sni string, chlo []byte, cryptoDa return nil, qerr.Error(qerr.CryptoInvalidValueLength, "CHLO too small") } - token, err := h.stkGenerator.NewToken(h.remoteAddr) + token, err := h.scfg.cookieGenerator.NewToken(h.remoteAddr) if err != nil { return nil, err } diff --git a/internal/handshake/crypto_setup_server_test.go b/internal/handshake/crypto_setup_server_test.go index 0819e1b28..637524576 100644 --- a/internal/handshake/crypto_setup_server_test.go +++ b/internal/handshake/crypto_setup_server_test.go @@ -214,8 +214,8 @@ var _ = Describe("Server Crypto Setup", func() { ) Expect(err).NotTo(HaveOccurred()) cs = csInt.(*cryptoSetupServer) - cs.stkGenerator.cookieSource = &mockCookieSource{} - validSTK, err = cs.stkGenerator.NewToken(remoteAddr) + cs.scfg.cookieGenerator.cookieSource = &mockCookieSource{} + validSTK, err = cs.scfg.cookieGenerator.NewToken(remoteAddr) Expect(err).NotTo(HaveOccurred()) sourceAddrValid = true cs.acceptSTKCallback = func(_ net.Addr, _ *Cookie) bool { return sourceAddrValid } @@ -438,7 +438,7 @@ var _ = Describe("Server Crypto Setup", func() { It("recognizes inchoate CHLOs with an invalid STK", func() { testErr := errors.New("STK invalid") - cs.stkGenerator.cookieSource.(*mockCookieSource).decodeErr = testErr + cs.scfg.cookieGenerator.cookieSource.(*mockCookieSource).decodeErr = testErr Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue()) }) diff --git a/internal/handshake/server_config.go b/internal/handshake/server_config.go index ccbc1bba8..2b7fba67b 100644 --- a/internal/handshake/server_config.go +++ b/internal/handshake/server_config.go @@ -13,6 +13,7 @@ type ServerConfig struct { certChain crypto.CertChain ID []byte obit []byte + cookieGenerator *CookieGenerator } // NewServerConfig creates a new server config @@ -28,11 +29,18 @@ func NewServerConfig(kex crypto.KeyExchange, certChain crypto.CertChain) (*Serve return nil, err } + cookieGenerator, err := NewCookieGenerator() + + if err != nil { + return nil, err + } + return &ServerConfig{ kex: kex, certChain: certChain, ID: id, obit: obit, + cookieGenerator: cookieGenerator, }, nil } diff --git a/internal/handshake/server_config_test.go b/internal/handshake/server_config_test.go index 2147a8da5..f942b4872 100644 --- a/internal/handshake/server_config_test.go +++ b/internal/handshake/server_config_test.go @@ -27,6 +27,7 @@ var _ = Describe("ServerConfig", func() { Expect(err).ToNot(HaveOccurred()) Expect(scfg1.ID).ToNot(Equal(scfg2.ID)) Expect(scfg1.obit).ToNot(Equal(scfg2.obit)) + Expect(scfg1.cookieGenerator).ToNot(Equal(scfg2.cookieGenerator)) }) It("gets the proper binary representation", func() {