From 82b275212c41231220e652d5c7852390ddac0984 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 19 Jul 2024 22:45:20 -0600
Subject: [PATCH] handshake: remove unneeded tokenProtector interface (#4585)

---
 internal/handshake/token_generator.go      |  2 +-
 internal/handshake/token_protector.go      | 20 ++++++--------------
 internal/handshake/token_protector_test.go |  2 +-
 3 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/internal/handshake/token_generator.go b/internal/handshake/token_generator.go
index 2d91e6b25..84e58cfc7 100644
--- a/internal/handshake/token_generator.go
+++ b/internal/handshake/token_generator.go
@@ -46,7 +46,7 @@ type TokenGenerator struct {
 
 // NewTokenGenerator initializes a new TokenGenerator
 func NewTokenGenerator(key TokenProtectorKey) *TokenGenerator {
-	return &TokenGenerator{tokenProtector: newTokenProtector(key)}
+	return &TokenGenerator{tokenProtector: *newTokenProtector(key)}
 }
 
 // NewRetryToken generates a new token for a Retry for a given source address
diff --git a/internal/handshake/token_protector.go b/internal/handshake/token_protector.go
index f3a99e411..157791895 100644
--- a/internal/handshake/token_protector.go
+++ b/internal/handshake/token_protector.go
@@ -14,28 +14,20 @@ import (
 // TokenProtectorKey is the key used to encrypt both Retry and session resumption tokens.
 type TokenProtectorKey [32]byte
 
-// TokenProtector is used to create and verify a token
-type tokenProtector interface {
-	// NewToken creates a new token
-	NewToken([]byte) ([]byte, error)
-	// DecodeToken decodes a token
-	DecodeToken([]byte) ([]byte, error)
-}
-
 const tokenNonceSize = 32
 
 // tokenProtector is used to create and verify a token
-type tokenProtectorImpl struct {
+type tokenProtector struct {
 	key TokenProtectorKey
 }
 
 // newTokenProtector creates a source for source address tokens
-func newTokenProtector(key TokenProtectorKey) tokenProtector {
-	return &tokenProtectorImpl{key: key}
+func newTokenProtector(key TokenProtectorKey) *tokenProtector {
+	return &tokenProtector{key: key}
 }
 
 // NewToken encodes data into a new token.
-func (s *tokenProtectorImpl) NewToken(data []byte) ([]byte, error) {
+func (s *tokenProtector) NewToken(data []byte) ([]byte, error) {
 	var nonce [tokenNonceSize]byte
 	if _, err := rand.Read(nonce[:]); err != nil {
 		return nil, err
@@ -48,7 +40,7 @@ func (s *tokenProtectorImpl) NewToken(data []byte) ([]byte, error) {
 }
 
 // DecodeToken decodes a token.
-func (s *tokenProtectorImpl) DecodeToken(p []byte) ([]byte, error) {
+func (s *tokenProtector) DecodeToken(p []byte) ([]byte, error) {
 	if len(p) < tokenNonceSize {
 		return nil, fmt.Errorf("token too short: %d", len(p))
 	}
@@ -60,7 +52,7 @@ func (s *tokenProtectorImpl) DecodeToken(p []byte) ([]byte, error) {
 	return aead.Open(nil, aeadNonce, p[tokenNonceSize:], nil)
 }
 
-func (s *tokenProtectorImpl) createAEAD(nonce []byte) (cipher.AEAD, []byte, error) {
+func (s *tokenProtector) createAEAD(nonce []byte) (cipher.AEAD, []byte, error) {
 	h := hkdf.New(sha256.New, s.key[:], nonce, []byte("quic-go token source"))
 	key := make([]byte, 32) // use a 32 byte key, in order to select AES-256
 	if _, err := io.ReadFull(h, key); err != nil {
diff --git a/internal/handshake/token_protector_test.go b/internal/handshake/token_protector_test.go
index 74eb1f0cd..fb342f3ae 100644
--- a/internal/handshake/token_protector_test.go
+++ b/internal/handshake/token_protector_test.go
@@ -8,7 +8,7 @@ import (
 )
 
 var _ = Describe("Token Protector", func() {
-	var tp tokenProtector
+	var tp *tokenProtector
 
 	BeforeEach(func() {
 		var key TokenProtectorKey