forked from quic-go/quic-go
delay server nonce generation until after the CHLO
fixes the second part of #136
This commit is contained in:
Lucas Clemente
@@ -25,7 +25,6 @@ type CryptoSetup struct {
|
|||||||
ip net.IP
|
ip net.IP
|
||||||
version protocol.VersionNumber
|
version protocol.VersionNumber
|
||||||
scfg *ServerConfig
|
scfg *ServerConfig
|
||||||
nonce []byte
|
|
||||||
diversificationNonce []byte
|
diversificationNonce []byte
|
||||||
|
|
||||||
secureAEAD crypto.AEAD
|
secureAEAD crypto.AEAD
|
||||||
@@ -56,16 +55,11 @@ func NewCryptoSetup(
|
|||||||
connectionParametersManager *ConnectionParametersManager,
|
connectionParametersManager *ConnectionParametersManager,
|
||||||
aeadChanged chan struct{},
|
aeadChanged chan struct{},
|
||||||
) (*CryptoSetup, error) {
|
) (*CryptoSetup, error) {
|
||||||
nonce := make([]byte, 32)
|
|
||||||
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &CryptoSetup{
|
return &CryptoSetup{
|
||||||
connID: connID,
|
connID: connID,
|
||||||
ip: ip,
|
ip: ip,
|
||||||
version: version,
|
version: version,
|
||||||
scfg: scfg,
|
scfg: scfg,
|
||||||
nonce: nonce,
|
|
||||||
keyDerivation: crypto.DeriveKeysAESGCM,
|
keyDerivation: crypto.DeriveKeysAESGCM,
|
||||||
keyExchange: crypto.NewCurve25519KEX,
|
keyExchange: crypto.NewCurve25519KEX,
|
||||||
cryptoStream: cryptoStream,
|
cryptoStream: cryptoStream,
|
||||||
@@ -240,8 +234,13 @@ func (h *CryptoSetup) handleCHLO(sni string, data []byte, cryptoData map[Tag][]b
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
nonce := make([]byte, 32)
|
||||||
|
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
h.diversificationNonce = make([]byte, 32)
|
h.diversificationNonce = make([]byte, 32)
|
||||||
if _, err := io.ReadFull(rand.Reader, h.diversificationNonce); err != nil {
|
if _, err = io.ReadFull(rand.Reader, h.diversificationNonce); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -263,7 +262,7 @@ func (h *CryptoSetup) handleCHLO(sni string, data []byte, cryptoData map[Tag][]b
|
|||||||
// Generate a new curve instance to derive the forward secure key
|
// Generate a new curve instance to derive the forward secure key
|
||||||
var fsNonce bytes.Buffer
|
var fsNonce bytes.Buffer
|
||||||
fsNonce.Write(cryptoData[TagNONC])
|
fsNonce.Write(cryptoData[TagNONC])
|
||||||
fsNonce.Write(h.nonce)
|
fsNonce.Write(nonce)
|
||||||
ephermalKex, err := h.keyExchange()
|
ephermalKex, err := h.keyExchange()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -294,7 +293,7 @@ func (h *CryptoSetup) handleCHLO(sni string, data []byte, cryptoData map[Tag][]b
|
|||||||
replyMap := h.connectionParametersManager.GetSHLOMap()
|
replyMap := h.connectionParametersManager.GetSHLOMap()
|
||||||
// add crypto parameters
|
// add crypto parameters
|
||||||
replyMap[TagPUBS] = ephermalKex.PublicKey()
|
replyMap[TagPUBS] = ephermalKex.PublicKey()
|
||||||
replyMap[TagSNO] = h.nonce
|
replyMap[TagSNO] = nonce
|
||||||
replyMap[TagVER] = protocol.SupportedVersionsAsTags
|
replyMap[TagVER] = protocol.SupportedVersionsAsTags
|
||||||
|
|
||||||
var reply bytes.Buffer
|
var reply bytes.Buffer
|
||||||
|
|||||||
@@ -167,15 +167,6 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
cs.keyExchange = func() (crypto.KeyExchange, error) { return &mockKEX{ephermal: true}, nil }
|
cs.keyExchange = func() (crypto.KeyExchange, error) { return &mockKEX{ephermal: true}, nil }
|
||||||
})
|
})
|
||||||
|
|
||||||
It("has a nonce", func() {
|
|
||||||
Expect(cs.nonce).To(HaveLen(32))
|
|
||||||
s := 0
|
|
||||||
for _, b := range cs.nonce {
|
|
||||||
s += int(b)
|
|
||||||
}
|
|
||||||
Expect(s).ToNot(BeZero())
|
|
||||||
})
|
|
||||||
|
|
||||||
Context("diversification nonce", func() {
|
Context("diversification nonce", func() {
|
||||||
BeforeEach(func() {
|
BeforeEach(func() {
|
||||||
cs.version = protocol.Version33
|
cs.version = protocol.Version33
|
||||||
@@ -232,7 +223,7 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
Expect(response).To(HavePrefix("SHLO"))
|
Expect(response).To(HavePrefix("SHLO"))
|
||||||
Expect(response).To(ContainSubstring("ephermal pub"))
|
Expect(response).To(ContainSubstring("ephermal pub"))
|
||||||
Expect(response).To(ContainSubstring(string(cs.nonce)))
|
Expect(response).To(ContainSubstring("SNO\x00"))
|
||||||
Expect(response).To(ContainSubstring(string(protocol.SupportedVersionsAsTags)))
|
Expect(response).To(ContainSubstring(string(protocol.SupportedVersionsAsTags)))
|
||||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||||
Expect(cs.secureAEAD.(*mockAEAD).forwardSecure).To(BeFalse())
|
Expect(cs.secureAEAD.(*mockAEAD).forwardSecure).To(BeFalse())
|
||||||
|
|||||||
Reference in New Issue
Block a user