From 99c5d0df25722bef9c2fefd72dd76ec7d74190a1 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 27 Sep 2018 17:15:40 -0600
Subject: [PATCH] rename qhkdfExpand to hkdfExpandLabel, add hash parameter

---
 internal/crypto/hkdf.go             | 12 +++++++-----
 internal/crypto/key_derivation.go   |  6 ++++--
 internal/crypto/null_aead_aesgcm.go |  8 ++++----
 3 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/internal/crypto/hkdf.go b/internal/crypto/hkdf.go
index 4c6af2890..efa5a93d5 100644
--- a/internal/crypto/hkdf.go
+++ b/internal/crypto/hkdf.go
@@ -47,10 +47,12 @@ func hkdfExpand(hash crypto.Hash, prk, info []byte, l int) []byte {
 	return res
 }
 
-func qhkdfExpand(secret []byte, label string, length int) []byte {
-	qlabel := make([]byte, 2+1+5+len(label))
+// hkdfExpandLabel HKDF expands a label
+func hkdfExpandLabel(hash crypto.Hash, secret []byte, label string, length int) []byte {
+	const prefix = "QUIC "
+	qlabel := make([]byte, 2+1+len(prefix)+len(label))
 	binary.BigEndian.PutUint16(qlabel[0:2], uint16(length))
-	qlabel[2] = uint8(5 + len(label))
-	copy(qlabel[3:], []byte("QUIC "+label))
-	return hkdfExpand(crypto.SHA256, secret, qlabel, length)
+	qlabel[2] = uint8(len(prefix) + len(label))
+	copy(qlabel[3:], []byte(prefix+label))
+	return hkdfExpand(hash, secret, qlabel, length)
 }
diff --git a/internal/crypto/key_derivation.go b/internal/crypto/key_derivation.go
index fe71ab966..d635b12b2 100644
--- a/internal/crypto/key_derivation.go
+++ b/internal/crypto/key_derivation.go
@@ -1,6 +1,8 @@
 package crypto
 
 import (
+	"crypto"
+
 	"github.com/bifurcation/mint"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 )
@@ -43,7 +45,7 @@ func computeKeyAndIV(tls TLSExporter, label string) (key, iv []byte, err error)
 	if err != nil {
 		return nil, nil, err
 	}
-	key = qhkdfExpand(secret, "key", cs.KeyLen)
-	iv = qhkdfExpand(secret, "iv", cs.IvLen)
+	key = hkdfExpand(crypto.SHA256, secret, []byte("key"), cs.KeyLen)
+	iv = hkdfExpand(crypto.SHA256, secret, []byte("iv"), cs.IvLen)
 	return key, iv, nil
 }
diff --git a/internal/crypto/null_aead_aesgcm.go b/internal/crypto/null_aead_aesgcm.go
index 17148fdb5..edc24b979 100644
--- a/internal/crypto/null_aead_aesgcm.go
+++ b/internal/crypto/null_aead_aesgcm.go
@@ -28,13 +28,13 @@ func newNullAEADAESGCM(connectionID protocol.ConnectionID, pers protocol.Perspec
 
 func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []byte) {
 	handshakeSecret := hkdfExtract(crypto.SHA256, connID, quicVersion1Salt)
-	clientSecret = qhkdfExpand(handshakeSecret, "client hs", crypto.SHA256.Size())
-	serverSecret = qhkdfExpand(handshakeSecret, "server hs", crypto.SHA256.Size())
+	clientSecret = hkdfExpandLabel(crypto.SHA256, handshakeSecret, "client hs", crypto.SHA256.Size())
+	serverSecret = hkdfExpandLabel(crypto.SHA256, handshakeSecret, "server hs", crypto.SHA256.Size())
 	return
 }
 
 func computeNullAEADKeyAndIV(secret []byte) (key, iv []byte) {
-	key = qhkdfExpand(secret, "key", 16)
-	iv = qhkdfExpand(secret, "iv", 12)
+	key = hkdfExpandLabel(crypto.SHA256, secret, "key", 16)
+	iv = hkdfExpandLabel(crypto.SHA256, secret, "iv", 12)
 	return
 }