gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

inject a random source into the token protector

Browse Source
This commit is contained in:
Marten Seemann
2020-08-23 17:03:15 +07:00
parent 166d91ae0f
commit 556bf18dbf
6 changed files with 44 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/handshake/token_protector.go
View File

@@ -3,7 +3,6 @@ package handshake
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"fmt"
"io"
@@ -26,22 +25,26 @@ const (
// tokenProtector is used to create and verify a token
type tokenProtectorImpl struct {
rand io.Reader
secret []byte
}
// newTokenProtector creates a source for source address tokens
func newTokenProtector() (tokenProtector, error) {
func newTokenProtector(rand io.Reader) (tokenProtector, error) {
secret := make([]byte, tokenSecretSize)
if _, err := rand.Read(secret); err != nil {
return nil, err
}
return &tokenProtectorImpl{secret: secret}, nil
return &tokenProtectorImpl{
rand: rand,
secret: secret,
}, nil
}
// NewToken encodes data into a new token.
func (s *tokenProtectorImpl) NewToken(data []byte) ([]byte, error) {
nonce := make([]byte, tokenNonceSize)
if _, err := rand.Read(nonce); err != nil {
if _, err := s.rand.Read(nonce); err != nil {
return nil, err
}
aead, aeadNonce, err := s.createAEAD(nonce)