forked from quic-go/quic-go
use byte-slice instead of net.IP for generating source address tokens
This commit is contained in:
Marten Seemann
@@ -10,7 +10,6 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/lucas-clemente/quic-go/protocol"
|
||||
@@ -21,21 +20,21 @@ import (
|
||||
// StkSource is used to create and verify source address tokens
|
||||
type StkSource interface {
|
||||
// NewToken creates a new token for a given IP address
|
||||
NewToken(ip net.IP) ([]byte, error)
|
||||
NewToken(sourceAddress []byte) ([]byte, error)
|
||||
// VerifyToken verifies if a token matches a given IP address and is not outdated
|
||||
VerifyToken(ip net.IP, data []byte) error
|
||||
VerifyToken(sourceAddress []byte, data []byte) error
|
||||
}
|
||||
|
||||
type sourceAddressToken struct {
|
||||
ip net.IP
|
||||
sourceAddr []byte
|
||||
// unix timestamp in seconds
|
||||
timestamp uint64
|
||||
}
|
||||
|
||||
func (t *sourceAddressToken) serialize() []byte {
|
||||
res := make([]byte, 8+len(t.ip))
|
||||
res := make([]byte, 8+len(t.sourceAddr))
|
||||
binary.LittleEndian.PutUint64(res, t.timestamp)
|
||||
copy(res[8:], t.ip)
|
||||
copy(res[8:], t.sourceAddr)
|
||||
return res
|
||||
}
|
||||
|
||||
@@ -44,8 +43,8 @@ func parseToken(data []byte) (*sourceAddressToken, error) {
|
||||
return nil, fmt.Errorf("invalid STK length: %d", len(data))
|
||||
}
|
||||
return &sourceAddressToken{
|
||||
ip: data[8:],
|
||||
timestamp: binary.LittleEndian.Uint64(data),
|
||||
sourceAddr: data[8:],
|
||||
timestamp: binary.LittleEndian.Uint64(data),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -76,14 +75,14 @@ func NewStkSource(secret []byte) (StkSource, error) {
|
||||
return &stkSource{aead: aead}, nil
|
||||
}
|
||||
|
||||
func (s *stkSource) NewToken(ip net.IP) ([]byte, error) {
|
||||
func (s *stkSource) NewToken(sourceAddr []byte) ([]byte, error) {
|
||||
return encryptToken(s.aead, &sourceAddressToken{
|
||||
ip: ip,
|
||||
timestamp: uint64(time.Now().Unix()),
|
||||
sourceAddr: sourceAddr,
|
||||
timestamp: uint64(time.Now().Unix()),
|
||||
})
|
||||
}
|
||||
|
||||
func (s *stkSource) VerifyToken(ip net.IP, data []byte) error {
|
||||
func (s *stkSource) VerifyToken(sourceAddr []byte, data []byte) error {
|
||||
if len(data) < stkNonceSize {
|
||||
return errors.New("STK too short")
|
||||
}
|
||||
@@ -99,8 +98,8 @@ func (s *stkSource) VerifyToken(ip net.IP, data []byte) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if subtle.ConstantTimeCompare(token.ip, ip) != 1 {
|
||||
return errors.New("invalid ip in STK")
|
||||
if subtle.ConstantTimeCompare(token.sourceAddr, sourceAddr) != 1 {
|
||||
return errors.New("invalid source address in STK")
|
||||
}
|
||||
|
||||
if time.Now().Unix() > int64(token.timestamp)+protocol.STKExpiryTimeSec {
|
||||
|
||||
@@ -17,7 +17,7 @@ var _ = Describe("Source Address Tokens", func() {
|
||||
Context("tokens", func() {
|
||||
It("serializes", func() {
|
||||
ip := []byte{127, 0, 0, 1}
|
||||
token := &sourceAddressToken{ip: ip, timestamp: 0xdeadbeef}
|
||||
token := &sourceAddressToken{sourceAddr: ip, timestamp: 0xdeadbeef}
|
||||
Expect(token.serialize()).To(Equal([]byte{
|
||||
0xef, 0xbe, 0xad, 0xde, 0x00, 0x00, 0x00, 0x00,
|
||||
127, 0, 0, 1,
|
||||
@@ -30,7 +30,7 @@ var _ = Describe("Source Address Tokens", func() {
|
||||
127, 0, 0, 1,
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(token.ip).To(Equal(net.IP{127, 0, 0, 1}))
|
||||
Expect(token.sourceAddr).To(Equal([]byte{127, 0, 0, 1}))
|
||||
Expect(token.timestamp).To(Equal(uint64(0xdeadbeef)))
|
||||
})
|
||||
|
||||
@@ -96,8 +96,8 @@ var _ = Describe("Source Address Tokens", func() {
|
||||
|
||||
It("should reject outdated tokens", func() {
|
||||
stk, err := encryptToken(source.aead, &sourceAddressToken{
|
||||
ip: ip4,
|
||||
timestamp: uint64(time.Now().Unix() - protocol.STKExpiryTimeSec - 1),
|
||||
sourceAddr: ip4,
|
||||
timestamp: uint64(time.Now().Unix() - protocol.STKExpiryTimeSec - 1),
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
err = source.VerifyToken(ip4, stk)
|
||||
@@ -107,12 +107,12 @@ var _ = Describe("Source Address Tokens", func() {
|
||||
It("should reject tokens with wrong IP addresses", func() {
|
||||
otherIP := net.ParseIP("4.3.2.1")
|
||||
stk, err := encryptToken(source.aead, &sourceAddressToken{
|
||||
ip: otherIP,
|
||||
timestamp: uint64(time.Now().Unix()),
|
||||
sourceAddr: otherIP,
|
||||
timestamp: uint64(time.Now().Unix()),
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
err = source.VerifyToken(ip4, stk)
|
||||
Expect(err).To(MatchError("invalid ip in STK"))
|
||||
Expect(err).To(MatchError("invalid source address in STK"))
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
"crypto/rand"
|
||||
"encoding/binary"
|
||||
"io"
|
||||
"net"
|
||||
"sync"
|
||||
|
||||
"github.com/lucas-clemente/quic-go/crypto"
|
||||
@@ -23,7 +22,7 @@ type KeyExchangeFunction func() crypto.KeyExchange
|
||||
// The CryptoSetupServer handles all things crypto for the Session
|
||||
type cryptoSetupServer struct {
|
||||
connID protocol.ConnectionID
|
||||
ip net.IP
|
||||
sourceAddr []byte
|
||||
version protocol.VersionNumber
|
||||
scfg *ServerConfig
|
||||
diversificationNonce []byte
|
||||
@@ -49,7 +48,7 @@ var _ crypto.AEAD = &cryptoSetupServer{}
|
||||
// NewCryptoSetup creates a new CryptoSetup instance for a server
|
||||
func NewCryptoSetup(
|
||||
connID protocol.ConnectionID,
|
||||
ip net.IP,
|
||||
sourceAddr []byte,
|
||||
version protocol.VersionNumber,
|
||||
scfg *ServerConfig,
|
||||
cryptoStream utils.Stream,
|
||||
@@ -58,7 +57,7 @@ func NewCryptoSetup(
|
||||
) (CryptoSetup, error) {
|
||||
return &cryptoSetupServer{
|
||||
connID: connID,
|
||||
ip: ip,
|
||||
sourceAddr: sourceAddr,
|
||||
version: version,
|
||||
scfg: scfg,
|
||||
keyDerivation: crypto.DeriveKeysAESGCM,
|
||||
@@ -207,7 +206,7 @@ func (h *cryptoSetupServer) isInchoateCHLO(cryptoData map[Tag][]byte, cert []byt
|
||||
if crypto.HashCert(cert) != xlct {
|
||||
return true
|
||||
}
|
||||
if err := h.scfg.stkSource.VerifyToken(h.ip, cryptoData[TagSTK]); err != nil {
|
||||
if err := h.scfg.stkSource.VerifyToken(h.sourceAddr, cryptoData[TagSTK]); err != nil {
|
||||
utils.Infof("STK invalid: %s", err.Error())
|
||||
return true
|
||||
}
|
||||
@@ -219,7 +218,7 @@ func (h *cryptoSetupServer) handleInchoateCHLO(sni string, chlo []byte, cryptoDa
|
||||
return nil, qerr.Error(qerr.CryptoInvalidValueLength, "CHLO too small")
|
||||
}
|
||||
|
||||
token, err := h.scfg.stkSource.NewToken(h.ip)
|
||||
token, err := h.scfg.stkSource.NewToken(h.sourceAddr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -230,7 +229,7 @@ func (h *cryptoSetupServer) handleInchoateCHLO(sni string, chlo []byte, cryptoDa
|
||||
TagSVID: []byte("quic-go"),
|
||||
}
|
||||
|
||||
if h.scfg.stkSource.VerifyToken(h.ip, cryptoData[TagSTK]) == nil {
|
||||
if h.scfg.stkSource.VerifyToken(h.sourceAddr, cryptoData[TagSTK]) == nil {
|
||||
proof, err := h.scfg.Sign(sni, chlo)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -115,11 +115,11 @@ func (s mockStream) StreamID() protocol.StreamID { panic("not implemente
|
||||
|
||||
type mockStkSource struct{}
|
||||
|
||||
func (mockStkSource) NewToken(ip net.IP) ([]byte, error) {
|
||||
return append([]byte("token "), ip...), nil
|
||||
func (mockStkSource) NewToken(sourceAddr []byte) ([]byte, error) {
|
||||
return append([]byte("token "), sourceAddr...), nil
|
||||
}
|
||||
|
||||
func (mockStkSource) VerifyToken(ip net.IP, token []byte) error {
|
||||
func (mockStkSource) VerifyToken(sourceAddr []byte, token []byte) error {
|
||||
split := bytes.Split(token, []byte(" "))
|
||||
if len(split) != 2 {
|
||||
return errors.New("stk required")
|
||||
@@ -127,7 +127,7 @@ func (mockStkSource) VerifyToken(ip net.IP, token []byte) error {
|
||||
if !bytes.Equal(split[0], []byte("token")) {
|
||||
return errors.New("no prefix match")
|
||||
}
|
||||
if !bytes.Equal(split[1], ip) {
|
||||
if !bytes.Equal(split[1], sourceAddr) {
|
||||
return errors.New("ip wrong")
|
||||
}
|
||||
return nil
|
||||
@@ -144,7 +144,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
aeadChanged chan struct{}
|
||||
nonce32 []byte
|
||||
versionTag []byte
|
||||
ip net.IP
|
||||
sourceAddr []byte
|
||||
validSTK []byte
|
||||
aead []byte
|
||||
kexs []byte
|
||||
@@ -152,8 +152,8 @@ var _ = Describe("Crypto setup", func() {
|
||||
|
||||
BeforeEach(func() {
|
||||
var err error
|
||||
ip = net.ParseIP("1.2.3.4")
|
||||
validSTK, err = mockStkSource{}.NewToken(ip)
|
||||
sourceAddr = net.ParseIP("1.2.3.4")
|
||||
validSTK, err = mockStkSource{}.NewToken(sourceAddr)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
expectedInitialNonceLen = 32
|
||||
expectedFSNonceLen = 64
|
||||
@@ -172,7 +172,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
scfg.stkSource = &mockStkSource{}
|
||||
v := protocol.SupportedVersions[len(protocol.SupportedVersions)-1]
|
||||
cpm = NewConnectionParamatersManager(protocol.PerspectiveServer, protocol.VersionWhatever)
|
||||
csInt, err := NewCryptoSetup(protocol.ConnectionID(42), ip, v, scfg, stream, cpm, aeadChanged)
|
||||
csInt, err := NewCryptoSetup(protocol.ConnectionID(42), sourceAddr, v, scfg, stream, cpm, aeadChanged)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
cs = csInt.(*cryptoSetupServer)
|
||||
cs.keyDerivation = mockKeyDerivation
|
||||
|
||||
Reference in New Issue
Block a user