forked from quic-go/quic-go
87 lines
2.4 KiB
Go
87 lines
2.4 KiB
Go
package crypto
|
|
|
|
import (
|
|
"github.com/lucas-clemente/quic-go/protocol"
|
|
|
|
. "github.com/onsi/ginkgo"
|
|
. "github.com/onsi/gomega"
|
|
)
|
|
|
|
var _ = Describe("KeyDerivation", func() {
|
|
It("derives non-fs keys", func() {
|
|
aead, err := DeriveKeysChacha20(
|
|
32,
|
|
false,
|
|
[]byte("0123456789012345678901"),
|
|
[]byte("nonce"),
|
|
protocol.ConnectionID(42),
|
|
[]byte("chlo"),
|
|
[]byte("scfg"),
|
|
[]byte("cert"),
|
|
nil,
|
|
)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
chacha := aead.(*aeadChacha20Poly1305)
|
|
// If the IVs match, the keys will match too, since the keys are read earlier
|
|
Expect(chacha.myIV).To(Equal([]byte{0xf0, 0xf5, 0x4c, 0xa8}))
|
|
Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d}))
|
|
})
|
|
|
|
It("derives fs keys", func() {
|
|
aead, err := DeriveKeysChacha20(
|
|
32,
|
|
true,
|
|
[]byte("0123456789012345678901"),
|
|
[]byte("nonce"),
|
|
protocol.ConnectionID(42),
|
|
[]byte("chlo"),
|
|
[]byte("scfg"),
|
|
[]byte("cert"),
|
|
nil,
|
|
)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
chacha := aead.(*aeadChacha20Poly1305)
|
|
// If the IVs match, the keys will match too, since the keys are read earlier
|
|
Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79}))
|
|
Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c}))
|
|
})
|
|
|
|
It("does not use diversification nonces in FS key derivation", func() {
|
|
aead, err := DeriveKeysChacha20(
|
|
33,
|
|
true,
|
|
[]byte("0123456789012345678901"),
|
|
[]byte("nonce"),
|
|
protocol.ConnectionID(42),
|
|
[]byte("chlo"),
|
|
[]byte("scfg"),
|
|
[]byte("cert"),
|
|
[]byte("divnonce"),
|
|
)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
chacha := aead.(*aeadChacha20Poly1305)
|
|
// If the IVs match, the keys will match too, since the keys are read earlier
|
|
Expect(chacha.myIV).To(Equal([]byte{0xf5, 0x73, 0x11, 0x79}))
|
|
Expect(chacha.otherIV).To(Equal([]byte{0xf7, 0x26, 0x4d, 0x2c}))
|
|
})
|
|
|
|
It("uses diversification nonces in initial key derivation", func() {
|
|
aead, err := DeriveKeysChacha20(
|
|
33,
|
|
false,
|
|
[]byte("0123456789012345678901"),
|
|
[]byte("nonce"),
|
|
protocol.ConnectionID(42),
|
|
[]byte("chlo"),
|
|
[]byte("scfg"),
|
|
[]byte("cert"),
|
|
[]byte("divnonce"),
|
|
)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
chacha := aead.(*aeadChacha20Poly1305)
|
|
// If the IVs match, the keys will match too, since the keys are read earlier
|
|
Expect(chacha.myIV).To(Equal([]byte{0xc4, 0x12, 0x25, 0x64}))
|
|
Expect(chacha.otherIV).To(Equal([]byte{0x75, 0xd8, 0xa2, 0x8d}))
|
|
})
|
|
})
|