generate the diversification nonce when creating the server crypto setup

2018-03-24 08:36:52 +00:00
parent 69f6427d3c
commit 6c1eba5848
9 changed files with 41 additions and 66 deletions
--- a/internal/handshake/crypto_setup_client.go
+++ b/internal/handshake/crypto_setup_client.go
@@ -373,10 +373,6 @@ func (h *cryptoSetupClient) GetSealerWithEncryptionLevel(encLevel protocol.Encry
 	return nil, errors.New("CryptoSetupClient: no encryption level specified")
 }

-func (h *cryptoSetupClient) DiversificationNonce() []byte {
-	panic("not needed for cryptoSetupClient")
-}
-
 func (h *cryptoSetupClient) ConnectionState() ConnectionState {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
--- a/internal/handshake/crypto_setup_server.go
+++ b/internal/handshake/crypto_setup_server.go
@@ -73,6 +73,7 @@ func NewCryptoSetup(
 	connID protocol.ConnectionID,
 	remoteAddr net.Addr,
 	version protocol.VersionNumber,
+	divNonce []byte,
 	scfg *ServerConfig,
 	params *TransportParameters,
 	supportedVersions []protocol.VersionNumber,
@@ -85,20 +86,21 @@ func NewCryptoSetup(
 		return nil, err
 	}
 	return &cryptoSetupServer{
-		cryptoStream:      cryptoStream,
-		connID:            connID,
-		remoteAddr:        remoteAddr,
-		version:           version,
-		supportedVersions: supportedVersions,
-		scfg:              scfg,
-		keyDerivation:     crypto.DeriveQuicCryptoAESKeys,
-		keyExchange:       getEphermalKEX,
-		nullAEAD:          nullAEAD,
-		params:            params,
-		acceptSTKCallback: acceptSTK,
-		sentSHLO:          make(chan struct{}),
-		paramsChan:        paramsChan,
-		handshakeEvent:    handshakeEvent,
+		cryptoStream:         cryptoStream,
+		connID:               connID,
+		remoteAddr:           remoteAddr,
+		version:              version,
+		supportedVersions:    supportedVersions,
+		diversificationNonce: divNonce,
+		scfg:                 scfg,
+		keyDerivation:        crypto.DeriveQuicCryptoAESKeys,
+		keyExchange:          getEphermalKEX,
+		nullAEAD:             nullAEAD,
+		params:               params,
+		acceptSTKCallback:    acceptSTK,
+		sentSHLO:             make(chan struct{}),
+		paramsChan:           paramsChan,
+		handshakeEvent:       handshakeEvent,
 	}, nil
 }

@@ -364,11 +366,6 @@ func (h *cryptoSetupServer) handleCHLO(sni string, data []byte, cryptoData map[T
 		return nil, err
 	}

-	h.diversificationNonce = make([]byte, 32)
-	if _, err = rand.Read(h.diversificationNonce); err != nil {
-		return nil, err
-	}
-
 	clientNonce := cryptoData[TagNONC]
 	err = h.validateClientNonce(clientNonce)
 	if err != nil {
@@ -450,11 +447,6 @@ func (h *cryptoSetupServer) handleCHLO(sni string, data []byte, cryptoData map[T
 	return reply.Bytes(), nil
 }

-// DiversificationNonce returns the diversification nonce
-func (h *cryptoSetupServer) DiversificationNonce() []byte {
-	return h.diversificationNonce
-}
-
 func (h *cryptoSetupServer) ConnectionState() ConnectionState {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
--- a/internal/handshake/crypto_setup_server_test.go
+++ b/internal/handshake/crypto_setup_server_test.go
@@ -164,6 +164,7 @@ var _ = Describe("Server Crypto Setup", func() {
 			protocol.ConnectionID(42),
 			remoteAddr,
 			version,
+			make([]byte, 32), // div nonce
 			scfg,
 			&TransportParameters{IdleTimeout: protocol.DefaultIdleTimeout},
 			supportedVersions,
@@ -184,21 +185,6 @@ var _ = Describe("Server Crypto Setup", func() {
 		cs.cryptoStream = stream
 	})

-	Context("diversification nonce", func() {
-		BeforeEach(func() {
-			cs.secureAEAD = mockcrypto.NewMockAEAD(mockCtrl)
-			cs.receivedForwardSecurePacket = false
-
-			Expect(cs.DiversificationNonce()).To(BeEmpty())
-			// Div nonce is created after CHLO
-			cs.handleCHLO("", nil, map[Tag][]byte{TagNONC: nonce32})
-		})
-
-		It("returns diversification nonces", func() {
-			Expect(cs.DiversificationNonce()).To(HaveLen(32))
-		})
-	})
-
 	Context("when responding to client messages", func() {
 		var cert []byte
 		var xlct []byte
--- a/internal/handshake/crypto_setup_tls.go
+++ b/internal/handshake/crypto_setup_tls.go
@@ -157,10 +157,6 @@ func (h *cryptoSetupTLS) GetSealerForCryptoStream() (protocol.EncryptionLevel, S
 	return protocol.EncryptionUnencrypted, h.nullAEAD
 }

-func (h *cryptoSetupTLS) DiversificationNonce() []byte {
-	panic("diversification nonce not needed for TLS")
-}
-
 func (h *cryptoSetupTLS) ConnectionState() ConnectionState {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
--- a/internal/handshake/interface.go
+++ b/internal/handshake/interface.go
@@ -39,8 +39,6 @@ type MintTLS interface {
 type CryptoSetup interface {
 	Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error)
 	HandleCryptoStream() error
-	// TODO: clean up this interface
-	DiversificationNonce() []byte // only needed for cryptoSetupServer
 	ConnectionState() ConnectionState

 	GetSealer() (protocol.EncryptionLevel, Sealer)