use (a modified version of) the standard library TLS implementation

2019-02-07 23:13:14 +08:00
parent 4ed0ef4b9c
commit 500717066e
67 changed files with 7174 additions and 16258 deletions
--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@@ -310,6 +310,12 @@ func (h *cryptoSetup) handleMessageForServer(msgType messageType) bool {
 		case <-h.handshakeErrChan:
 			return false
 		}
+		// get the handshake read key
+		select {
+		case <-h.receivedReadKey:
+		case <-h.handshakeErrChan:
+			return false
+		}
 		// get the handshake write key
 		select {
 		case <-h.receivedWriteKey:
@@ -322,12 +328,6 @@ func (h *cryptoSetup) handleMessageForServer(msgType messageType) bool {
 		case <-h.handshakeErrChan:
 			return false
 		}
-		// get the handshake read key
-		select {
-		case <-h.receivedReadKey:
-		case <-h.handshakeErrChan:
-			return false
-		}
 		return true
 	case typeCertificate, typeCertificateVerify:
 		// nothing to do
@@ -348,18 +348,18 @@ func (h *cryptoSetup) handleMessageForServer(msgType messageType) bool {
 func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
 	switch msgType {
 	case typeServerHello:
-		// get the handshake read key
-		select {
-		case <-h.receivedReadKey:
-		case <-h.handshakeErrChan:
-			return false
-		}
 		// get the handshake write key
 		select {
 		case <-h.receivedWriteKey:
 		case <-h.handshakeErrChan:
 			return false
 		}
+		// get the handshake read key
+		select {
+		case <-h.receivedReadKey:
+		case <-h.handshakeErrChan:
+			return false
+		}
 		return true
 	case typeEncryptedExtensions:
 		select {
@@ -373,20 +373,18 @@ func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
 		// nothing to do
 		return false
 	case typeFinished:
-		// While the order of these two is not defined by the TLS spec,
-		// we have to do it on the same order as our TLS library does it.
-		// get the handshake write key
-		select {
-		case <-h.receivedWriteKey:
-		case <-h.handshakeErrChan:
-			return false
-		}
 		// get the 1-RTT read key
 		select {
 		case <-h.receivedReadKey:
 		case <-h.handshakeErrChan:
 			return false
 		}
+		// get the handshake write key
+		select {
+		case <-h.receivedWriteKey:
+		case <-h.handshakeErrChan:
+			return false
+		}
 		return true
 	default:
 		panic("unexpected handshake message: ")
--- a/internal/handshake/initial_aead.go
+++ b/internal/handshake/initial_aead.go
@@ -24,12 +24,12 @@ func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Se
 	myKey, myHPKey, myIV := computeInitialKeyAndIV(mySecret)
 	otherKey, otherHPKey, otherIV := computeInitialKeyAndIV(otherSecret)

-	encrypter := qtls.AEADAESGCM13(myKey, myIV)
+	encrypter := qtls.AEADAESGCMTLS13(myKey, myIV)
 	hpEncrypter, err := aes.NewCipher(myHPKey)
 	if err != nil {
 		return nil, nil, err
 	}
-	decrypter := qtls.AEADAESGCM13(otherKey, otherIV)
+	decrypter := qtls.AEADAESGCMTLS13(otherKey, otherIV)
 	hpDecrypter, err := aes.NewCipher(otherHPKey)
 	if err != nil {
 		return nil, nil, err
--- a/internal/handshake/qtls.go
+++ b/internal/handshake/qtls.go
@@ -44,7 +44,7 @@ func tlsConfigToQtlsConfig(c *tls.Config) *qtls.Config {
 		MaxVersion:                  maxVersion,
 		CurvePreferences:            c.CurvePreferences,
 		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
-		Renegotiation:               c.Renegotiation,
-		KeyLogWriter:                c.KeyLogWriter,
+		// Renegotiation is not supported by TLS 1.3
+		KeyLogWriter: c.KeyLogWriter,
 	}
 }