use the new qtls SetWriteKey and SetReadKey interface

2025-04-03 20:27:35 +03:00 · 2019-09-06 16:25:04 +07:00 · 2019-09-06 16:25:04 +07:00 · 33b74fca79
commit 33b74fca79
parent 63c079e234
12 changed files with 78 additions and 89 deletions
--- a/go.mod
+++ b/go.mod
@ -7,9 +7,9 @@ require (
 	github.com/golang/mock v1.2.0
 	github.com/golang/protobuf v1.3.0
 	github.com/marten-seemann/qpack v0.1.0
-	github.com/marten-seemann/qtls v0.3.3
+	github.com/marten-seemann/qtls v0.4.0
 	github.com/onsi/ginkgo v1.7.0
 	github.com/onsi/gomega v1.4.3
-	golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25
-	golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7
+	golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472
+	golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
 )
--- a/go.sum
+++ b/go.sum
@ -11,24 +11,28 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/marten-seemann/qpack v0.1.0 h1:/0M7lkda/6mus9B8u34Asqm8ZhHAAt9Ho0vniNuVSVg=
 github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI=
-github.com/marten-seemann/qtls v0.3.3 h1:s6E9lHmjzoOqGnEw+7F+RREKEPq4lchp1Sl+Rj5Hqsc=
-github.com/marten-seemann/qtls v0.3.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk=
+github.com/marten-seemann/qtls v0.4.0 h1:HM9ftULNeuhGiCliIfPKvp5VDJw6pvi/Ghq6PYf7B0E=
+github.com/marten-seemann/qtls v0.4.0/go.mod h1:pxVXcHHw1pNIt8Qo0pwSYQEoZ8yYOOPXTCZLQQunvRc=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 h1:jsG6UpNLt9iAsb0S2AGW28DveNzzgmbXR+ENoPjUeIU=
-golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
+golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7 h1:Qe/u+eY379X4He4GBMFZYu3pmh1ML5yT1aL1ndNM1zQ=
 golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e h1:ZytStCyV048ZqDsWHiYDdoI2Vd4msMcrDECFxS+tL9c=
-golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd h1:DBH9mDw0zluJT/R+nGuV3jWFWLFaHyYZWD4tOT+cjn0=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
--- a/internal/handshake/aead.go
+++ b/internal/handshake/aead.go
@ -74,8 +74,8 @@ func (o *longHeaderOpener) DecryptHeader(sample []byte, firstByte *byte, pnBytes
 	o.headerProtector.DecryptHeader(sample, firstByte, pnBytes)
 }

-func createAEAD(suite cipherSuite, trafficSecret []byte) cipher.AEAD {
-	key := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic key", suite.KeyLen())
-	iv := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic iv", suite.IVLen())
+func createAEAD(suite *qtls.CipherSuiteTLS13, trafficSecret []byte) cipher.AEAD {
+	key := qtls.HkdfExpandLabel(suite.Hash, trafficSecret, []byte{}, "quic key", suite.KeyLen)
+	iv := qtls.HkdfExpandLabel(suite.Hash, trafficSecret, []byte{}, "quic iv", suite.IVLen())
 	return suite.AEAD(key, iv)
 }
--- a/internal/handshake/aead_test.go
+++ b/internal/handshake/aead_test.go
@ -19,13 +19,9 @@ var _ = Describe("AEAD", func() {
 		Expect(err).ToNot(HaveOccurred())
 		aead, err := cipher.NewGCM(block)
 		Expect(err).ToNot(HaveOccurred())
-		hpBlock, err := aes.NewCipher(hpKey)
-		Expect(err).ToNot(HaveOccurred())

-		iv := make([]byte, 12)
-		rand.Read(iv)
-		return newLongHeaderSealer(aead, newAESHeaderProtector(hpBlock, true)),
-			newLongHeaderOpener(aead, newAESHeaderProtector(hpBlock, true))
+		return newLongHeaderSealer(aead, newHeaderProtector(aesSuite, key, true)),
+			newLongHeaderOpener(aead, newAESHeaderProtector(aesSuite, key, true))
 	}

 	Context("message encryption", func() {
--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@ -491,14 +491,14 @@ func (h *cryptoSetup) ReadHandshakeMessage() ([]byte, error) {
 	return msg, nil
 }

-func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuite, trafficSecret []byte) {
+func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuiteTLS13, trafficSecret []byte) {
 	h.mutex.Lock()
 	switch encLevel {
 	case qtls.EncryptionHandshake:
 		h.readEncLevel = protocol.EncryptionHandshake
 		h.handshakeOpener = newLongHeaderOpener(
 			createAEAD(suite, trafficSecret),
-			newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), true),
+			newHeaderProtector(suite, trafficSecret, true),
 		)
 		h.logger.Debugf("Installed Handshake Read keys")
 	case qtls.EncryptionApplication:
@ -513,14 +513,14 @@ func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.Ciph
 	h.receivedReadKey <- struct{}{}
 }

-func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuite, trafficSecret []byte) {
+func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuiteTLS13, trafficSecret []byte) {
 	h.mutex.Lock()
 	switch encLevel {
 	case qtls.EncryptionHandshake:
 		h.writeEncLevel = protocol.EncryptionHandshake
 		h.handshakeSealer = newLongHeaderSealer(
 			createAEAD(suite, trafficSecret),
-			newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), true),
+			newHeaderProtector(suite, trafficSecret, true),
 		)
 		h.logger.Debugf("Installed Handshake Write keys")
 	case qtls.EncryptionApplication:
--- a/internal/handshake/handshake_suite_test.go
+++ b/internal/handshake/handshake_suite_test.go
@ -1,14 +1,18 @@
 package handshake

 import (
+	"crypto"
+
 	"github.com/golang/mock/gomock"
+	"github.com/marten-seemann/qtls"
+
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"

 	"testing"
 )

-func TestQuicGo(t *testing.T) {
+func TestHandshake(t *testing.T) {
 	RegisterFailHandler(Fail)
 	RunSpecs(t, "Handshake Suite")
 }
@ -22,3 +26,10 @@ var _ = BeforeEach(func() {
 var _ = AfterEach(func() {
 	mockCtrl.Finish()
 })
+
+var aesSuite = &qtls.CipherSuiteTLS13{
+	ID:     qtls.TLS_AES_128_GCM_SHA256,
+	KeyLen: 16,
+	AEAD:   qtls.AEADAESGCMTLS13,
+	Hash:   crypto.SHA256,
+}
--- a/internal/handshake/header_protector.go
+++ b/internal/handshake/header_protector.go
@ -13,13 +13,17 @@ type headerProtector interface {
 	DecryptHeader(sample []byte, firstByte *byte, hdrBytes []byte)
 }

-func createAESHeaderProtector(suite cipherSuite, trafficSecret []byte) cipher.Block {
-	hpKey := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic hp", suite.KeyLen())
-	hp, err := aes.NewCipher(hpKey)
-	if err != nil {
-		panic(fmt.Sprintf("error creating new AES cipher: %s", err))
+func newHeaderProtector(suite *qtls.CipherSuiteTLS13, trafficSecret []byte, isLongHeader bool) headerProtector {
+	switch suite.ID {
+	case qtls.TLS_AES_128_GCM_SHA256, qtls.TLS_AES_256_GCM_SHA384:
+		return newAESHeaderProtector(suite, trafficSecret, isLongHeader)
+	case qtls.TLS_CHACHA20_POLY1305_SHA256:
+		// TODO: implement ChaCha header protection
+		fallthrough
+	default:
+		panic(fmt.Sprintf("Invalid cipher suite id: %d", suite.ID))
 	}
-	return hp
+
 }

 type aesHeaderProtector struct {
@ -30,7 +34,12 @@ type aesHeaderProtector struct {

 var _ headerProtector = &aesHeaderProtector{}

-func newAESHeaderProtector(block cipher.Block, isLongHeader bool) headerProtector {
+func newAESHeaderProtector(suite *qtls.CipherSuiteTLS13, trafficSecret []byte, isLongHeader bool) headerProtector {
+	hpKey := qtls.HkdfExpandLabel(suite.Hash, trafficSecret, []byte{}, "quic hp", suite.KeyLen)
+	block, err := aes.NewCipher(hpKey)
+	if err != nil {
+		panic(fmt.Sprintf("error creating new AES cipher: %s", err))
+	}
 	return &aesHeaderProtector{
 		block:        block,
 		mask:         make([]byte, block.BlockSize()),
--- a/internal/handshake/initial_aead.go
+++ b/internal/handshake/initial_aead.go
@ -2,7 +2,6 @@ package handshake

 import (
 	"crypto"
-	"crypto/aes"

 	"github.com/lucas-clemente/quic-go/internal/protocol"
 	"github.com/marten-seemann/qtls"
@ -10,6 +9,13 @@ import (

 var quicVersion1Salt = []byte{0x7f, 0xbc, 0xdb, 0x0e, 0x7c, 0x66, 0xbb, 0xe9, 0x19, 0x3a, 0x96, 0xcd, 0x21, 0x51, 0x9e, 0xbd, 0x7a, 0x02, 0x64, 0x4a}

+var initialSuite = &qtls.CipherSuiteTLS13{
+	ID:     qtls.TLS_AES_128_GCM_SHA256,
+	KeyLen: 16,
+	AEAD:   qtls.AEADAESGCMTLS13,
+	Hash:   crypto.SHA256,
+}
+
 // NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
 func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener, error) {
 	clientSecret, serverSecret := computeSecrets(connID)
@ -21,21 +27,14 @@ func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Lo
 		mySecret = serverSecret
 		otherSecret = clientSecret
 	}
-	myKey, myHPKey, myIV := computeInitialKeyAndIV(mySecret)
-	otherKey, otherHPKey, otherIV := computeInitialKeyAndIV(otherSecret)
+	myKey, myIV := computeInitialKeyAndIV(mySecret)
+	otherKey, otherIV := computeInitialKeyAndIV(otherSecret)

 	encrypter := qtls.AEADAESGCMTLS13(myKey, myIV)
-	encrypterBlock, err := aes.NewCipher(myHPKey)
-	if err != nil {
-		return nil, nil, err
-	}
 	decrypter := qtls.AEADAESGCMTLS13(otherKey, otherIV)
-	decrypterBlock, err := aes.NewCipher(otherHPKey)
-	if err != nil {
-		return nil, nil, err
-	}
-	return newLongHeaderSealer(encrypter, newAESHeaderProtector(encrypterBlock, true)),
-		newLongHeaderOpener(decrypter, newAESHeaderProtector(decrypterBlock, true)),
+
+	return newLongHeaderSealer(encrypter, newHeaderProtector(initialSuite, mySecret, true)),
+		newLongHeaderOpener(decrypter, newAESHeaderProtector(initialSuite, otherSecret, true)),
 		nil
 }

@ -46,9 +45,8 @@ func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret []
 	return
 }

-func computeInitialKeyAndIV(secret []byte) (key, hpKey, iv []byte) {
+func computeInitialKeyAndIV(secret []byte) (key, iv []byte) {
 	key = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
-	hpKey = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic hp", 16)
 	iv = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
 	return
 }
--- a/internal/handshake/initial_aead_test.go
+++ b/internal/handshake/initial_aead_test.go
@ -42,19 +42,17 @@ var _ = Describe("Initial AEAD using AES-GCM", func() {
 		It("computes the client key and IV", func() {
 			clientSecret, _ := computeSecrets(connID)
 			Expect(clientSecret).To(Equal(split("8a3515a14ae3c31b9c2d6d5bc58538ca 5cd2baa119087143e60887428dcb52f6")))
-			key, hpKey, iv := computeInitialKeyAndIV(clientSecret)
+			key, iv := computeInitialKeyAndIV(clientSecret)
 			Expect(key).To(Equal(split("98b0d7e5e7a402c67c33f350fa65ea54")))
 			Expect(iv).To(Equal(split("19e94387805eb0b46c03a788")))
-			Expect(hpKey).To(Equal(split("0edd982a6ac527f2eddcbb7348dea5d7")))
 		})

 		It("computes the server key and IV", func() {
 			_, serverSecret := computeSecrets(connID)
 			Expect(serverSecret).To(Equal(split("47b2eaea6c266e32c0697a9e2a898bdf 5c4fb3e5ac34f0e549bf2c58581a3811")))
-			key, hpKey, iv := computeInitialKeyAndIV(serverSecret)
+			key, iv := computeInitialKeyAndIV(serverSecret)
 			Expect(key).To(Equal(split("9a8be902a9bdd91d16064ca118045fb4")))
 			Expect(iv).To(Equal(split("0a82086d32205ba22241d8dc")))
-			Expect(hpKey).To(Equal(split("94b9452d2b3c7c7f6da7fdd8593537fd")))
 		})

 		It("encrypts the client's Initial", func() {
--- a/internal/handshake/qtls.go
+++ b/internal/handshake/qtls.go
@ -1,8 +1,6 @@
 package handshake

 import (
-	"crypto"
-	"crypto/cipher"
 	"crypto/tls"
 	"net"
 	"time"
@ -11,13 +9,6 @@ import (
 	"github.com/marten-seemann/qtls"
 )

-type cipherSuite interface {
-	Hash() crypto.Hash
-	KeyLen() int
-	IVLen() int
-	AEAD(key, nonce []byte) cipher.AEAD
-}
-
 type conn struct {
 	remoteAddr net.Addr
 }
--- a/internal/handshake/updatable_aead.go
+++ b/internal/handshake/updatable_aead.go
@ -43,7 +43,7 @@ func setKeyUpdateInterval() {
 }

 type updatableAEAD struct {
-	suite cipherSuite
+	suite *qtls.CipherSuiteTLS13

 	keyPhase          protocol.KeyPhase
 	largestAcked      protocol.PacketNumber
@ -103,8 +103,8 @@ func (a *updatableAEAD) rollKeys(now time.Time) {
 	a.rcvAEAD = a.nextRcvAEAD
 	a.sendAEAD = a.nextSendAEAD

-	a.nextRcvTrafficSecret = a.getNextTrafficSecret(a.suite.Hash(), a.nextRcvTrafficSecret)
-	a.nextSendTrafficSecret = a.getNextTrafficSecret(a.suite.Hash(), a.nextSendTrafficSecret)
+	a.nextRcvTrafficSecret = a.getNextTrafficSecret(a.suite.Hash, a.nextRcvTrafficSecret)
+	a.nextSendTrafficSecret = a.getNextTrafficSecret(a.suite.Hash, a.nextSendTrafficSecret)
 	a.nextRcvAEAD = createAEAD(a.suite, a.nextRcvTrafficSecret)
 	a.nextSendAEAD = createAEAD(a.suite, a.nextSendTrafficSecret)
 }
@ -115,31 +115,31 @@ func (a *updatableAEAD) getNextTrafficSecret(hash crypto.Hash, ts []byte) []byte

 // For the client, this function is called before SetWriteKey.
 // For the server, this function is called after SetWriteKey.
-func (a *updatableAEAD) SetReadKey(suite cipherSuite, trafficSecret []byte) {
+func (a *updatableAEAD) SetReadKey(suite *qtls.CipherSuiteTLS13, trafficSecret []byte) {
 	a.rcvAEAD = createAEAD(suite, trafficSecret)
-	a.headerDecrypter = newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), false)
+	a.headerDecrypter = newHeaderProtector(suite, trafficSecret, false)
 	if a.suite == nil {
 		a.nonceBuf = make([]byte, a.rcvAEAD.NonceSize())
 		a.aeadOverhead = a.rcvAEAD.Overhead()
 		a.suite = suite
 	}

-	a.nextRcvTrafficSecret = a.getNextTrafficSecret(suite.Hash(), trafficSecret)
+	a.nextRcvTrafficSecret = a.getNextTrafficSecret(suite.Hash, trafficSecret)
 	a.nextRcvAEAD = createAEAD(suite, a.nextRcvTrafficSecret)
 }

 // For the client, this function is called after SetReadKey.
 // For the server, this function is called before SetWriteKey.
-func (a *updatableAEAD) SetWriteKey(suite cipherSuite, trafficSecret []byte) {
+func (a *updatableAEAD) SetWriteKey(suite *qtls.CipherSuiteTLS13, trafficSecret []byte) {
 	a.sendAEAD = createAEAD(suite, trafficSecret)
-	a.headerEncrypter = newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), false)
+	a.headerEncrypter = newHeaderProtector(suite, trafficSecret, false)
 	if a.suite == nil {
 		a.nonceBuf = make([]byte, a.sendAEAD.NonceSize())
 		a.aeadOverhead = a.sendAEAD.Overhead()
 		a.suite = suite
 	}

-	a.nextSendTrafficSecret = a.getNextTrafficSecret(suite.Hash(), trafficSecret)
+	a.nextSendTrafficSecret = a.getNextTrafficSecret(suite.Hash, trafficSecret)
 	a.nextSendAEAD = createAEAD(suite, a.nextSendTrafficSecret)
 }

--- a/internal/handshake/updatable_aead_test.go
+++ b/internal/handshake/updatable_aead_test.go
@ -1,9 +1,6 @@
 package handshake

 import (
-	"crypto"
-	"crypto/aes"
-	"crypto/cipher"
 	"crypto/rand"
 	"os"
 	"time"
@ -15,21 +12,6 @@ import (
 	. "github.com/onsi/gomega"
 )

-type mockCipherSuite struct{}
-
-var _ cipherSuite = &mockCipherSuite{}
-
-func (c *mockCipherSuite) Hash() crypto.Hash { return crypto.SHA256 }
-func (c *mockCipherSuite) KeyLen() int       { return 16 }
-func (c *mockCipherSuite) IVLen() int        { return 12 }
-func (c *mockCipherSuite) AEAD(key, _ []byte) cipher.AEAD {
-	block, err := aes.NewCipher(key)
-	Expect(err).ToNot(HaveOccurred())
-	gcm, err := cipher.NewGCM(block)
-	Expect(err).ToNot(HaveOccurred())
-	return gcm
-}
-
 var _ = Describe("Updatable AEAD", func() {
 	getPeers := func(rttStats *congestion.RTTStats) (client, server *updatableAEAD) {
 		trafficSecret1 := make([]byte, 16)
@ -39,10 +21,10 @@ var _ = Describe("Updatable AEAD", func() {

 		client = newUpdatableAEAD(rttStats, utils.DefaultLogger)
 		server = newUpdatableAEAD(rttStats, utils.DefaultLogger)
-		client.SetReadKey(&mockCipherSuite{}, trafficSecret2)
-		client.SetWriteKey(&mockCipherSuite{}, trafficSecret1)
-		server.SetReadKey(&mockCipherSuite{}, trafficSecret1)
-		server.SetWriteKey(&mockCipherSuite{}, trafficSecret2)
+		client.SetReadKey(aesSuite, trafficSecret2)
+		client.SetWriteKey(aesSuite, trafficSecret1)
+		server.SetReadKey(aesSuite, trafficSecret1)
+		server.SetWriteKey(aesSuite, trafficSecret2)
 		return
 	}