forked from quic-go/quic-go
handshake: remove unneeded tokenProtector interface (#4585)
This commit is contained in:
Marten Seemann
@@ -46,7 +46,7 @@ type TokenGenerator struct {
|
|||||||
|
|
||||||
// NewTokenGenerator initializes a new TokenGenerator
|
// NewTokenGenerator initializes a new TokenGenerator
|
||||||
func NewTokenGenerator(key TokenProtectorKey) *TokenGenerator {
|
func NewTokenGenerator(key TokenProtectorKey) *TokenGenerator {
|
||||||
return &TokenGenerator{tokenProtector: newTokenProtector(key)}
|
return &TokenGenerator{tokenProtector: *newTokenProtector(key)}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewRetryToken generates a new token for a Retry for a given source address
|
// NewRetryToken generates a new token for a Retry for a given source address
|
||||||
|
|||||||
@@ -14,28 +14,20 @@ import (
|
|||||||
// TokenProtectorKey is the key used to encrypt both Retry and session resumption tokens.
|
// TokenProtectorKey is the key used to encrypt both Retry and session resumption tokens.
|
||||||
type TokenProtectorKey [32]byte
|
type TokenProtectorKey [32]byte
|
||||||
|
|
||||||
// TokenProtector is used to create and verify a token
|
|
||||||
type tokenProtector interface {
|
|
||||||
// NewToken creates a new token
|
|
||||||
NewToken([]byte) ([]byte, error)
|
|
||||||
// DecodeToken decodes a token
|
|
||||||
DecodeToken([]byte) ([]byte, error)
|
|
||||||
}
|
|
||||||
|
|
||||||
const tokenNonceSize = 32
|
const tokenNonceSize = 32
|
||||||
|
|
||||||
// tokenProtector is used to create and verify a token
|
// tokenProtector is used to create and verify a token
|
||||||
type tokenProtectorImpl struct {
|
type tokenProtector struct {
|
||||||
key TokenProtectorKey
|
key TokenProtectorKey
|
||||||
}
|
}
|
||||||
|
|
||||||
// newTokenProtector creates a source for source address tokens
|
// newTokenProtector creates a source for source address tokens
|
||||||
func newTokenProtector(key TokenProtectorKey) tokenProtector {
|
func newTokenProtector(key TokenProtectorKey) *tokenProtector {
|
||||||
return &tokenProtectorImpl{key: key}
|
return &tokenProtector{key: key}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewToken encodes data into a new token.
|
// NewToken encodes data into a new token.
|
||||||
func (s *tokenProtectorImpl) NewToken(data []byte) ([]byte, error) {
|
func (s *tokenProtector) NewToken(data []byte) ([]byte, error) {
|
||||||
var nonce [tokenNonceSize]byte
|
var nonce [tokenNonceSize]byte
|
||||||
if _, err := rand.Read(nonce[:]); err != nil {
|
if _, err := rand.Read(nonce[:]); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -48,7 +40,7 @@ func (s *tokenProtectorImpl) NewToken(data []byte) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// DecodeToken decodes a token.
|
// DecodeToken decodes a token.
|
||||||
func (s *tokenProtectorImpl) DecodeToken(p []byte) ([]byte, error) {
|
func (s *tokenProtector) DecodeToken(p []byte) ([]byte, error) {
|
||||||
if len(p) < tokenNonceSize {
|
if len(p) < tokenNonceSize {
|
||||||
return nil, fmt.Errorf("token too short: %d", len(p))
|
return nil, fmt.Errorf("token too short: %d", len(p))
|
||||||
}
|
}
|
||||||
@@ -60,7 +52,7 @@ func (s *tokenProtectorImpl) DecodeToken(p []byte) ([]byte, error) {
|
|||||||
return aead.Open(nil, aeadNonce, p[tokenNonceSize:], nil)
|
return aead.Open(nil, aeadNonce, p[tokenNonceSize:], nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *tokenProtectorImpl) createAEAD(nonce []byte) (cipher.AEAD, []byte, error) {
|
func (s *tokenProtector) createAEAD(nonce []byte) (cipher.AEAD, []byte, error) {
|
||||||
h := hkdf.New(sha256.New, s.key[:], nonce, []byte("quic-go token source"))
|
h := hkdf.New(sha256.New, s.key[:], nonce, []byte("quic-go token source"))
|
||||||
key := make([]byte, 32) // use a 32 byte key, in order to select AES-256
|
key := make([]byte, 32) // use a 32 byte key, in order to select AES-256
|
||||||
if _, err := io.ReadFull(h, key); err != nil {
|
if _, err := io.ReadFull(h, key); err != nil {
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var _ = Describe("Token Protector", func() {
|
var _ = Describe("Token Protector", func() {
|
||||||
var tp tokenProtector
|
var tp *tokenProtector
|
||||||
|
|
||||||
BeforeEach(func() {
|
BeforeEach(func() {
|
||||||
var key TokenProtectorKey
|
var key TokenProtectorKey
|
||||||
|
|||||||
Reference in New Issue
Block a user