rename qhkdfExpand to hkdfExpandLabel, add hash parameter

2018-09-27 17:15:40 -06:00
parent 454a01b2a0
commit 99c5d0df25
3 changed files with 15 additions and 11 deletions
--- a/internal/crypto/hkdf.go
+++ b/internal/crypto/hkdf.go
@@ -47,10 +47,12 @@ func hkdfExpand(hash crypto.Hash, prk, info []byte, l int) []byte {
 	return res
 }

-func qhkdfExpand(secret []byte, label string, length int) []byte {
-	qlabel := make([]byte, 2+1+5+len(label))
+// hkdfExpandLabel HKDF expands a label
+func hkdfExpandLabel(hash crypto.Hash, secret []byte, label string, length int) []byte {
+	const prefix = "QUIC "
+	qlabel := make([]byte, 2+1+len(prefix)+len(label))
 	binary.BigEndian.PutUint16(qlabel[0:2], uint16(length))
-	qlabel[2] = uint8(5 + len(label))
-	copy(qlabel[3:], []byte("QUIC "+label))
-	return hkdfExpand(crypto.SHA256, secret, qlabel, length)
+	qlabel[2] = uint8(len(prefix) + len(label))
+	copy(qlabel[3:], []byte(prefix+label))
+	return hkdfExpand(hash, secret, qlabel, length)
 }
--- a/internal/crypto/key_derivation.go
+++ b/internal/crypto/key_derivation.go
@@ -1,6 +1,8 @@
 package crypto

 import (
+	"crypto"
+
 	"github.com/bifurcation/mint"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 )
@@ -43,7 +45,7 @@ func computeKeyAndIV(tls TLSExporter, label string) (key, iv []byte, err error)
 	if err != nil {
 		return nil, nil, err
 	}
-	key = qhkdfExpand(secret, "key", cs.KeyLen)
-	iv = qhkdfExpand(secret, "iv", cs.IvLen)
+	key = hkdfExpand(crypto.SHA256, secret, []byte("key"), cs.KeyLen)
+	iv = hkdfExpand(crypto.SHA256, secret, []byte("iv"), cs.IvLen)
 	return key, iv, nil
 }
--- a/internal/crypto/null_aead_aesgcm.go
+++ b/internal/crypto/null_aead_aesgcm.go
@@ -28,13 +28,13 @@ func newNullAEADAESGCM(connectionID protocol.ConnectionID, pers protocol.Perspec

 func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []byte) {
 	handshakeSecret := hkdfExtract(crypto.SHA256, connID, quicVersion1Salt)
-	clientSecret = qhkdfExpand(handshakeSecret, "client hs", crypto.SHA256.Size())
-	serverSecret = qhkdfExpand(handshakeSecret, "server hs", crypto.SHA256.Size())
+	clientSecret = hkdfExpandLabel(crypto.SHA256, handshakeSecret, "client hs", crypto.SHA256.Size())
+	serverSecret = hkdfExpandLabel(crypto.SHA256, handshakeSecret, "server hs", crypto.SHA256.Size())
 	return
 }

 func computeNullAEADKeyAndIV(secret []byte) (key, iv []byte) {
-	key = qhkdfExpand(secret, "key", 16)
-	iv = qhkdfExpand(secret, "iv", 12)
+	key = hkdfExpandLabel(crypto.SHA256, secret, "key", 16)
+	iv = hkdfExpandLabel(crypto.SHA256, secret, "iv", 12)
 	return
 }