From 8df2cb3b1ddb9d365a293a6fa8d4ab2f88a4be2e Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 3 Sep 2017 21:33:59 +0800 Subject: [PATCH] rename the current key derivation function TLS will use a completely different key derivation function. --- ...derivation.go => key_derivation_quic_crypto.go} | 4 ++-- ..._test.go => key_derivation_quic_crypto_test.go} | 14 +++++++------- handshake/crypto_setup_client.go | 4 ++-- handshake/crypto_setup_server.go | 8 ++++---- 4 files changed, 15 insertions(+), 15 deletions(-) rename crypto/{key_derivation.go => key_derivation_quic_crypto.go} (89%) rename crypto/{key_derivation_test.go => key_derivation_quic_crypto_test.go} (95%) diff --git a/crypto/key_derivation.go b/crypto/key_derivation_quic_crypto.go similarity index 89% rename from crypto/key_derivation.go rename to crypto/key_derivation_quic_crypto.go index 86b68e304..ca07d72b5 100644 --- a/crypto/key_derivation.go +++ b/crypto/key_derivation_quic_crypto.go @@ -20,8 +20,8 @@ import ( // return NewAEADChacha20Poly1305(otherKey, myKey, otherIV, myIV) // } -// DeriveKeysAESGCM derives the client and server keys and creates a matching AES-GCM AEAD instance -func DeriveKeysAESGCM(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error) { +// DeriveQuicCryptoAESKeys derives the client and server keys and creates a matching AES-GCM AEAD instance +func DeriveQuicCryptoAESKeys(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (AEAD, error) { var swap bool if pers == protocol.PerspectiveClient { swap = true diff --git a/crypto/key_derivation_test.go b/crypto/key_derivation_quic_crypto_test.go similarity index 95% rename from crypto/key_derivation_test.go rename to crypto/key_derivation_quic_crypto_test.go index f929e73fa..642e4da60 100644 --- a/crypto/key_derivation_test.go +++ b/crypto/key_derivation_quic_crypto_test.go @@ -7,7 +7,7 @@ import ( . "github.com/onsi/gomega" ) -var _ = Describe("KeyDerivation", func() { +var _ = Describe("QUIC Crypto Key Derivation", func() { // Context("chacha20poly1305", func() { // It("derives non-fs keys", func() { // aead, err := DeriveKeysChacha20( @@ -88,7 +88,7 @@ var _ = Describe("KeyDerivation", func() { Context("AES-GCM", func() { It("derives non-forward secure keys", func() { - aead, err := DeriveKeysAESGCM( + aead, err := DeriveQuicCryptoAESKeys( false, []byte("0123456789012345678901"), []byte("nonce"), @@ -107,7 +107,7 @@ var _ = Describe("KeyDerivation", func() { }) It("uses the diversification nonce when generating non-forwared secure keys", func() { - aead1, err := DeriveKeysAESGCM( + aead1, err := DeriveQuicCryptoAESKeys( false, []byte("0123456789012345678901"), []byte("nonce"), @@ -119,7 +119,7 @@ var _ = Describe("KeyDerivation", func() { protocol.PerspectiveServer, ) Expect(err).ToNot(HaveOccurred()) - aead2, err := DeriveKeysAESGCM( + aead2, err := DeriveQuicCryptoAESKeys( false, []byte("0123456789012345678901"), []byte("nonce"), @@ -138,7 +138,7 @@ var _ = Describe("KeyDerivation", func() { }) It("derives non-forward secure keys, for the other side", func() { - aead, err := DeriveKeysAESGCM( + aead, err := DeriveQuicCryptoAESKeys( false, []byte("0123456789012345678901"), []byte("nonce"), @@ -157,7 +157,7 @@ var _ = Describe("KeyDerivation", func() { }) It("derives forward secure keys", func() { - aead, err := DeriveKeysAESGCM( + aead, err := DeriveQuicCryptoAESKeys( true, []byte("0123456789012345678901"), []byte("nonce"), @@ -176,7 +176,7 @@ var _ = Describe("KeyDerivation", func() { }) It("does not use div-nonce for FS key derivation", func() { - aead, err := DeriveKeysAESGCM( + aead, err := DeriveQuicCryptoAESKeys( true, []byte("0123456789012345678901"), []byte("nonce"), diff --git a/handshake/crypto_setup_client.go b/handshake/crypto_setup_client.go index f26750d3e..110a81114 100644 --- a/handshake/crypto_setup_client.go +++ b/handshake/crypto_setup_client.go @@ -42,7 +42,7 @@ type cryptoSetupClient struct { clientHelloCounter int serverVerified bool // has the certificate chain and the proof already been verified - keyDerivation KeyDerivationFunction + keyDerivation QuicCryptoKeyDerivationFunction keyExchange KeyExchangeFunction receivedSecurePacket bool @@ -82,7 +82,7 @@ func NewCryptoSetupClient( cryptoStream: cryptoStream, certManager: crypto.NewCertManager(tlsConfig), connectionParameters: connectionParameters, - keyDerivation: crypto.DeriveKeysAESGCM, + keyDerivation: crypto.DeriveQuicCryptoAESKeys, keyExchange: getEphermalKEX, nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveClient, version), aeadChanged: aeadChanged, diff --git a/handshake/crypto_setup_server.go b/handshake/crypto_setup_server.go index e10abdb32..ac317c458 100644 --- a/handshake/crypto_setup_server.go +++ b/handshake/crypto_setup_server.go @@ -15,8 +15,8 @@ import ( "github.com/lucas-clemente/quic-go/qerr" ) -// KeyDerivationFunction is used for key derivation -type KeyDerivationFunction func(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) +// QuicCryptoKeyDerivationFunction is used for key derivation +type QuicCryptoKeyDerivationFunction func(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) // KeyExchangeFunction is used to make a new KEX type KeyExchangeFunction func() crypto.KeyExchange @@ -42,7 +42,7 @@ type cryptoSetupServer struct { sentSHLO chan struct{} // this channel is closed as soon as the SHLO has been written aeadChanged chan<- protocol.EncryptionLevel - keyDerivation KeyDerivationFunction + keyDerivation QuicCryptoKeyDerivationFunction keyExchange KeyExchangeFunction cryptoStream io.ReadWriter @@ -87,7 +87,7 @@ func NewCryptoSetup( supportedVersions: supportedVersions, scfg: scfg, stkGenerator: stkGenerator, - keyDerivation: crypto.DeriveKeysAESGCM, + keyDerivation: crypto.DeriveQuicCryptoAESKeys, keyExchange: getEphermalKEX, nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveServer, version), cryptoStream: cryptoStream,