implement HKDF extraction

internal/crypto/hkdf.go

@@ -0,0 +1,19 @@
+package crypto
+
+import (
+	"crypto"
+	"crypto/hmac"
+)
+
+// copied from https://github.com/cloudflare/tls-tris/blob/master/hkdf.go
+func hkdfExtract(hash crypto.Hash, secret, salt []byte) []byte {
+	if salt == nil {
+		salt = make([]byte, hash.Size())
+	}
+	if secret == nil {
+		secret = make([]byte, hash.Size())
+	}
+	extractor := hmac.New(hash.New, salt)
+	extractor.Write(secret)
+	return extractor.Sum(nil)
+}

internal/crypto/hkdf_test.go

@@ -0,0 +1,18 @@
+package crypto
+
+import (
+	"bytes"
+	"crypto"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("HKDF", func() {
+	// test case A.1 from https://tools.ietf.org/html/rfc5869
+	It("extracts", func() {
+		salt := []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc}
+		secret := bytes.Repeat([]byte{0x0b}, 22)
+		Expect(hkdfExtract(crypto.SHA256, secret, salt)).To(Equal([]byte{0x7, 0x77, 0x9, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0xd, 0xdc, 0x3f, 0xd, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0xf, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}))
+	})
+})

internal/crypto/null_aead_aesgcm.go

@@ -3,7 +3,6 @@ package crypto
 import (
 	"crypto"
 
-	"github.com/bifurcation/mint"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 )
 
@@ -28,7 +27,7 @@ func newNullAEADAESGCM(connectionID protocol.ConnectionID, pers protocol.Perspec
 }
 
 func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []byte) {
-	handshakeSecret := mint.HkdfExtract(crypto.SHA256, quicVersion1Salt, connID)
+	handshakeSecret := hkdfExtract(crypto.SHA256, connID, quicVersion1Salt)
 	clientSecret = qhkdfExpand(handshakeSecret, "client hs", crypto.SHA256.Size())
 	serverSecret = qhkdfExpand(handshakeSecret, "server hs", crypto.SHA256.Size())
 	return