gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

Merge pull request #3173 from lucas-clemente/use-x-crypto-hkdf-expand

Browse Source 
use HkdfExtract from x/crypto
This commit is contained in:
Marten Seemann
2021-05-30 20:48:50 -07:00
committed by GitHub
parent 31191f7091 22112b7b66
commit 99a936b124
4 changed files with 3 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/handshake/initial_aead.go
View File

@@ -4,6 +4,8 @@ import (
"crypto" "crypto"
"crypto/tls" "crypto/tls"
"golang.org/x/crypto/hkdf"
"github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/protocol"
"github.com/lucas-clemente/quic-go/internal/qtls" "github.com/lucas-clemente/quic-go/internal/qtls"
) )
@@ -49,7 +51,7 @@ func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v p
} }
func computeSecrets(connID protocol.ConnectionID, v protocol.VersionNumber) (clientSecret, serverSecret []byte) { func computeSecrets(connID protocol.ConnectionID, v protocol.VersionNumber) (clientSecret, serverSecret []byte) {
initialSecret := qtls.HkdfExtract(crypto.SHA256, connID, getSalt(v)) initialSecret := hkdf.Extract(crypto.SHA256.New, connID, getSalt(v))
clientSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size()) clientSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size())
serverSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "server in", crypto.SHA256.Size()) serverSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "server in", crypto.SHA256.Size())
return return

5
internal/qtls/go115.go
View File

@@ -53,11 +53,6 @@ const (
EncryptionApplication = qtls.EncryptionApplication EncryptionApplication = qtls.EncryptionApplication
) )
// HkdfExtract generates a pseudorandom key for use with Expand from an input secret and an optional independent salt.
func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte {
return qtls.HkdfExtract(hash, newSecret, currentSecret)
}
// AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 // AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3
func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
return qtls.AEADAESGCMTLS13(key, fixedNonce) return qtls.AEADAESGCMTLS13(key, fixedNonce)

5
internal/qtls/go116.go
View File

@@ -53,11 +53,6 @@ const (
EncryptionApplication = qtls.EncryptionApplication EncryptionApplication = qtls.EncryptionApplication
) )
// HkdfExtract generates a pseudorandom key for use with Expand from an input secret and an optional independent salt.
func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte {
return qtls.HkdfExtract(hash, newSecret, currentSecret)
}
// AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 // AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3
func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
return qtls.AEADAESGCMTLS13(key, fixedNonce) return qtls.AEADAESGCMTLS13(key, fixedNonce)

5
internal/qtls/go117.go
View File

@@ -62,11 +62,6 @@ func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte {
return qtls.HkdfExtract(hash, newSecret, currentSecret) return qtls.HkdfExtract(hash, newSecret, currentSecret)
} }
// HkdfExpandLabel HKDF expands a label
func HkdfExpandLabel(hash crypto.Hash, secret, hashValue []byte, label string, L int) []byte {
return qtls.HkdfExpandLabel(hash, secret, hashValue, label, L)
}
// AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 // AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3
func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
return qtls.AEADAESGCMTLS13(key, fixedNonce) return qtls.AEADAESGCMTLS13(key, fixedNonce)