gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

use chacha20poly1305 instead of AES and include cert in key derivation

Browse Source 
Unfortunately QUIC uses non-standard tag sizes with both AES-GCM and
Poly1305. Adopting AES-GCM seems much harder, so I changed it to
Chacha20Poly1305 and only made some slight changes to an existing algo.
This should probably be double-checked at some point.
This commit is contained in:
Lucas Clemente
2016-04-14 23:44:31 +02:00
parent 388fdf7399
commit 86b4ffdaaf
8 changed files with 217 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/key_derivation.go
View File

@@ -11,18 +11,19 @@ import (
"golang.org/x/crypto/hkdf"
)
// DeriveKeysAESGCM derives the client and server keys and creates a matching AES-GCM instance
func DeriveKeysAESGCM(sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte) (AEAD, error) {
// DeriveKeysChacha20 derives the client and server keys and creates a matching chacha20poly1305 instance
func DeriveKeysChacha20(sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte) (AEAD, error) {
var info bytes.Buffer
info.Write([]byte("QUIC key expansion\x00"))
utils.WriteUint64(&info, uint64(connID))
info.Write(chlo)
info.Write(scfg)
info.Write(cert)
r := hkdf.New(sha256.New, sharedSecret, nonces, info.Bytes())
otherKey := make([]byte, 16)
myKey := make([]byte, 16)
otherKey := make([]byte, 32)
myKey := make([]byte, 32)
otherIV := make([]byte, 4)
myIV := make([]byte, 4)
@@ -39,5 +40,5 @@ func DeriveKeysAESGCM(sharedSecret, nonces []byte, connID protocol.ConnectionID,
return nil, err
}
return NewAEADAESGCM(otherKey, myKey, otherIV, myIV)
return NewAEADChacha20Poly1305(otherKey, myKey, otherIV, myIV)
}