From 33b74fca79cea3befbc62be48fcbe45dfceb2b9b Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 6 Sep 2019 16:25:04 +0700 Subject: [PATCH] use the new qtls SetWriteKey and SetReadKey interface --- go.mod | 6 ++--- go.sum | 16 ++++++++----- internal/handshake/aead.go | 6 ++--- internal/handshake/aead_test.go | 8 ++----- internal/handshake/crypto_setup.go | 8 +++---- internal/handshake/handshake_suite_test.go | 13 +++++++++- internal/handshake/header_protector.go | 23 ++++++++++++------ internal/handshake/initial_aead.go | 28 ++++++++++------------ internal/handshake/initial_aead_test.go | 6 ++--- internal/handshake/qtls.go | 9 ------- internal/handshake/updatable_aead.go | 18 +++++++------- internal/handshake/updatable_aead_test.go | 26 ++++---------------- 12 files changed, 78 insertions(+), 89 deletions(-) diff --git a/go.mod b/go.mod index 3d6f0545..32a1df7f 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ require ( github.com/golang/mock v1.2.0 github.com/golang/protobuf v1.3.0 github.com/marten-seemann/qpack v0.1.0 - github.com/marten-seemann/qtls v0.3.3 + github.com/marten-seemann/qtls v0.4.0 github.com/onsi/ginkgo v1.7.0 github.com/onsi/gomega v1.4.3 - golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 - golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7 + golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 + golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 ) diff --git a/go.sum b/go.sum index cfbfeb74..c534a87a 100644 --- a/go.sum +++ b/go.sum @@ -11,24 +11,28 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/marten-seemann/qpack v0.1.0 h1:/0M7lkda/6mus9B8u34Asqm8ZhHAAt9Ho0vniNuVSVg= github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI= -github.com/marten-seemann/qtls v0.3.3 h1:s6E9lHmjzoOqGnEw+7F+RREKEPq4lchp1Sl+Rj5Hqsc= -github.com/marten-seemann/qtls v0.3.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk= +github.com/marten-seemann/qtls v0.4.0 h1:HM9ftULNeuhGiCliIfPKvp5VDJw6pvi/Ghq6PYf7B0E= +github.com/marten-seemann/qtls v0.4.0/go.mod h1:pxVXcHHw1pNIt8Qo0pwSYQEoZ8yYOOPXTCZLQQunvRc= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 h1:jsG6UpNLt9iAsb0S2AGW28DveNzzgmbXR+ENoPjUeIU= -golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM= +golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7 h1:Qe/u+eY379X4He4GBMFZYu3pmh1ML5yT1aL1ndNM1zQ= golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e h1:ZytStCyV048ZqDsWHiYDdoI2Vd4msMcrDECFxS+tL9c= -golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd h1:DBH9mDw0zluJT/R+nGuV3jWFWLFaHyYZWD4tOT+cjn0= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= diff --git a/internal/handshake/aead.go b/internal/handshake/aead.go index 00043113..e0ef7041 100644 --- a/internal/handshake/aead.go +++ b/internal/handshake/aead.go @@ -74,8 +74,8 @@ func (o *longHeaderOpener) DecryptHeader(sample []byte, firstByte *byte, pnBytes o.headerProtector.DecryptHeader(sample, firstByte, pnBytes) } -func createAEAD(suite cipherSuite, trafficSecret []byte) cipher.AEAD { - key := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic key", suite.KeyLen()) - iv := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic iv", suite.IVLen()) +func createAEAD(suite *qtls.CipherSuiteTLS13, trafficSecret []byte) cipher.AEAD { + key := qtls.HkdfExpandLabel(suite.Hash, trafficSecret, []byte{}, "quic key", suite.KeyLen) + iv := qtls.HkdfExpandLabel(suite.Hash, trafficSecret, []byte{}, "quic iv", suite.IVLen()) return suite.AEAD(key, iv) } diff --git a/internal/handshake/aead_test.go b/internal/handshake/aead_test.go index 15391472..407da319 100644 --- a/internal/handshake/aead_test.go +++ b/internal/handshake/aead_test.go @@ -19,13 +19,9 @@ var _ = Describe("AEAD", func() { Expect(err).ToNot(HaveOccurred()) aead, err := cipher.NewGCM(block) Expect(err).ToNot(HaveOccurred()) - hpBlock, err := aes.NewCipher(hpKey) - Expect(err).ToNot(HaveOccurred()) - iv := make([]byte, 12) - rand.Read(iv) - return newLongHeaderSealer(aead, newAESHeaderProtector(hpBlock, true)), - newLongHeaderOpener(aead, newAESHeaderProtector(hpBlock, true)) + return newLongHeaderSealer(aead, newHeaderProtector(aesSuite, key, true)), + newLongHeaderOpener(aead, newAESHeaderProtector(aesSuite, key, true)) } Context("message encryption", func() { diff --git a/internal/handshake/crypto_setup.go b/internal/handshake/crypto_setup.go index 85b6e1f1..c67108e2 100644 --- a/internal/handshake/crypto_setup.go +++ b/internal/handshake/crypto_setup.go @@ -491,14 +491,14 @@ func (h *cryptoSetup) ReadHandshakeMessage() ([]byte, error) { return msg, nil } -func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuite, trafficSecret []byte) { +func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuiteTLS13, trafficSecret []byte) { h.mutex.Lock() switch encLevel { case qtls.EncryptionHandshake: h.readEncLevel = protocol.EncryptionHandshake h.handshakeOpener = newLongHeaderOpener( createAEAD(suite, trafficSecret), - newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), true), + newHeaderProtector(suite, trafficSecret, true), ) h.logger.Debugf("Installed Handshake Read keys") case qtls.EncryptionApplication: @@ -513,14 +513,14 @@ func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.Ciph h.receivedReadKey <- struct{}{} } -func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuite, trafficSecret []byte) { +func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.CipherSuiteTLS13, trafficSecret []byte) { h.mutex.Lock() switch encLevel { case qtls.EncryptionHandshake: h.writeEncLevel = protocol.EncryptionHandshake h.handshakeSealer = newLongHeaderSealer( createAEAD(suite, trafficSecret), - newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), true), + newHeaderProtector(suite, trafficSecret, true), ) h.logger.Debugf("Installed Handshake Write keys") case qtls.EncryptionApplication: diff --git a/internal/handshake/handshake_suite_test.go b/internal/handshake/handshake_suite_test.go index 91f3d14b..10645e50 100644 --- a/internal/handshake/handshake_suite_test.go +++ b/internal/handshake/handshake_suite_test.go @@ -1,14 +1,18 @@ package handshake import ( + "crypto" + "github.com/golang/mock/gomock" + "github.com/marten-seemann/qtls" + . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "testing" ) -func TestQuicGo(t *testing.T) { +func TestHandshake(t *testing.T) { RegisterFailHandler(Fail) RunSpecs(t, "Handshake Suite") } @@ -22,3 +26,10 @@ var _ = BeforeEach(func() { var _ = AfterEach(func() { mockCtrl.Finish() }) + +var aesSuite = &qtls.CipherSuiteTLS13{ + ID: qtls.TLS_AES_128_GCM_SHA256, + KeyLen: 16, + AEAD: qtls.AEADAESGCMTLS13, + Hash: crypto.SHA256, +} diff --git a/internal/handshake/header_protector.go b/internal/handshake/header_protector.go index b6a7b7ea..17e8fcd4 100644 --- a/internal/handshake/header_protector.go +++ b/internal/handshake/header_protector.go @@ -13,13 +13,17 @@ type headerProtector interface { DecryptHeader(sample []byte, firstByte *byte, hdrBytes []byte) } -func createAESHeaderProtector(suite cipherSuite, trafficSecret []byte) cipher.Block { - hpKey := qtls.HkdfExpandLabel(suite.Hash(), trafficSecret, []byte{}, "quic hp", suite.KeyLen()) - hp, err := aes.NewCipher(hpKey) - if err != nil { - panic(fmt.Sprintf("error creating new AES cipher: %s", err)) +func newHeaderProtector(suite *qtls.CipherSuiteTLS13, trafficSecret []byte, isLongHeader bool) headerProtector { + switch suite.ID { + case qtls.TLS_AES_128_GCM_SHA256, qtls.TLS_AES_256_GCM_SHA384: + return newAESHeaderProtector(suite, trafficSecret, isLongHeader) + case qtls.TLS_CHACHA20_POLY1305_SHA256: + // TODO: implement ChaCha header protection + fallthrough + default: + panic(fmt.Sprintf("Invalid cipher suite id: %d", suite.ID)) } - return hp + } type aesHeaderProtector struct { @@ -30,7 +34,12 @@ type aesHeaderProtector struct { var _ headerProtector = &aesHeaderProtector{} -func newAESHeaderProtector(block cipher.Block, isLongHeader bool) headerProtector { +func newAESHeaderProtector(suite *qtls.CipherSuiteTLS13, trafficSecret []byte, isLongHeader bool) headerProtector { + hpKey := qtls.HkdfExpandLabel(suite.Hash, trafficSecret, []byte{}, "quic hp", suite.KeyLen) + block, err := aes.NewCipher(hpKey) + if err != nil { + panic(fmt.Sprintf("error creating new AES cipher: %s", err)) + } return &aesHeaderProtector{ block: block, mask: make([]byte, block.BlockSize()), diff --git a/internal/handshake/initial_aead.go b/internal/handshake/initial_aead.go index eb90122b..d29b48af 100644 --- a/internal/handshake/initial_aead.go +++ b/internal/handshake/initial_aead.go @@ -2,7 +2,6 @@ package handshake import ( "crypto" - "crypto/aes" "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/marten-seemann/qtls" @@ -10,6 +9,13 @@ import ( var quicVersion1Salt = []byte{0x7f, 0xbc, 0xdb, 0x0e, 0x7c, 0x66, 0xbb, 0xe9, 0x19, 0x3a, 0x96, 0xcd, 0x21, 0x51, 0x9e, 0xbd, 0x7a, 0x02, 0x64, 0x4a} +var initialSuite = &qtls.CipherSuiteTLS13{ + ID: qtls.TLS_AES_128_GCM_SHA256, + KeyLen: 16, + AEAD: qtls.AEADAESGCMTLS13, + Hash: crypto.SHA256, +} + // NewInitialAEAD creates a new AEAD for Initial encryption / decryption. func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, LongHeaderOpener, error) { clientSecret, serverSecret := computeSecrets(connID) @@ -21,21 +27,14 @@ func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Lo mySecret = serverSecret otherSecret = clientSecret } - myKey, myHPKey, myIV := computeInitialKeyAndIV(mySecret) - otherKey, otherHPKey, otherIV := computeInitialKeyAndIV(otherSecret) + myKey, myIV := computeInitialKeyAndIV(mySecret) + otherKey, otherIV := computeInitialKeyAndIV(otherSecret) encrypter := qtls.AEADAESGCMTLS13(myKey, myIV) - encrypterBlock, err := aes.NewCipher(myHPKey) - if err != nil { - return nil, nil, err - } decrypter := qtls.AEADAESGCMTLS13(otherKey, otherIV) - decrypterBlock, err := aes.NewCipher(otherHPKey) - if err != nil { - return nil, nil, err - } - return newLongHeaderSealer(encrypter, newAESHeaderProtector(encrypterBlock, true)), - newLongHeaderOpener(decrypter, newAESHeaderProtector(decrypterBlock, true)), + + return newLongHeaderSealer(encrypter, newHeaderProtector(initialSuite, mySecret, true)), + newLongHeaderOpener(decrypter, newAESHeaderProtector(initialSuite, otherSecret, true)), nil } @@ -46,9 +45,8 @@ func computeSecrets(connID protocol.ConnectionID) (clientSecret, serverSecret [] return } -func computeInitialKeyAndIV(secret []byte) (key, hpKey, iv []byte) { +func computeInitialKeyAndIV(secret []byte) (key, iv []byte) { key = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16) - hpKey = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic hp", 16) iv = qtls.HkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12) return } diff --git a/internal/handshake/initial_aead_test.go b/internal/handshake/initial_aead_test.go index 0cac773b..e978b860 100644 --- a/internal/handshake/initial_aead_test.go +++ b/internal/handshake/initial_aead_test.go @@ -42,19 +42,17 @@ var _ = Describe("Initial AEAD using AES-GCM", func() { It("computes the client key and IV", func() { clientSecret, _ := computeSecrets(connID) Expect(clientSecret).To(Equal(split("8a3515a14ae3c31b9c2d6d5bc58538ca 5cd2baa119087143e60887428dcb52f6"))) - key, hpKey, iv := computeInitialKeyAndIV(clientSecret) + key, iv := computeInitialKeyAndIV(clientSecret) Expect(key).To(Equal(split("98b0d7e5e7a402c67c33f350fa65ea54"))) Expect(iv).To(Equal(split("19e94387805eb0b46c03a788"))) - Expect(hpKey).To(Equal(split("0edd982a6ac527f2eddcbb7348dea5d7"))) }) It("computes the server key and IV", func() { _, serverSecret := computeSecrets(connID) Expect(serverSecret).To(Equal(split("47b2eaea6c266e32c0697a9e2a898bdf 5c4fb3e5ac34f0e549bf2c58581a3811"))) - key, hpKey, iv := computeInitialKeyAndIV(serverSecret) + key, iv := computeInitialKeyAndIV(serverSecret) Expect(key).To(Equal(split("9a8be902a9bdd91d16064ca118045fb4"))) Expect(iv).To(Equal(split("0a82086d32205ba22241d8dc"))) - Expect(hpKey).To(Equal(split("94b9452d2b3c7c7f6da7fdd8593537fd"))) }) It("encrypts the client's Initial", func() { diff --git a/internal/handshake/qtls.go b/internal/handshake/qtls.go index 52d0723f..cd093142 100644 --- a/internal/handshake/qtls.go +++ b/internal/handshake/qtls.go @@ -1,8 +1,6 @@ package handshake import ( - "crypto" - "crypto/cipher" "crypto/tls" "net" "time" @@ -11,13 +9,6 @@ import ( "github.com/marten-seemann/qtls" ) -type cipherSuite interface { - Hash() crypto.Hash - KeyLen() int - IVLen() int - AEAD(key, nonce []byte) cipher.AEAD -} - type conn struct { remoteAddr net.Addr } diff --git a/internal/handshake/updatable_aead.go b/internal/handshake/updatable_aead.go index 172c3e79..2444bc50 100644 --- a/internal/handshake/updatable_aead.go +++ b/internal/handshake/updatable_aead.go @@ -43,7 +43,7 @@ func setKeyUpdateInterval() { } type updatableAEAD struct { - suite cipherSuite + suite *qtls.CipherSuiteTLS13 keyPhase protocol.KeyPhase largestAcked protocol.PacketNumber @@ -103,8 +103,8 @@ func (a *updatableAEAD) rollKeys(now time.Time) { a.rcvAEAD = a.nextRcvAEAD a.sendAEAD = a.nextSendAEAD - a.nextRcvTrafficSecret = a.getNextTrafficSecret(a.suite.Hash(), a.nextRcvTrafficSecret) - a.nextSendTrafficSecret = a.getNextTrafficSecret(a.suite.Hash(), a.nextSendTrafficSecret) + a.nextRcvTrafficSecret = a.getNextTrafficSecret(a.suite.Hash, a.nextRcvTrafficSecret) + a.nextSendTrafficSecret = a.getNextTrafficSecret(a.suite.Hash, a.nextSendTrafficSecret) a.nextRcvAEAD = createAEAD(a.suite, a.nextRcvTrafficSecret) a.nextSendAEAD = createAEAD(a.suite, a.nextSendTrafficSecret) } @@ -115,31 +115,31 @@ func (a *updatableAEAD) getNextTrafficSecret(hash crypto.Hash, ts []byte) []byte // For the client, this function is called before SetWriteKey. // For the server, this function is called after SetWriteKey. -func (a *updatableAEAD) SetReadKey(suite cipherSuite, trafficSecret []byte) { +func (a *updatableAEAD) SetReadKey(suite *qtls.CipherSuiteTLS13, trafficSecret []byte) { a.rcvAEAD = createAEAD(suite, trafficSecret) - a.headerDecrypter = newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), false) + a.headerDecrypter = newHeaderProtector(suite, trafficSecret, false) if a.suite == nil { a.nonceBuf = make([]byte, a.rcvAEAD.NonceSize()) a.aeadOverhead = a.rcvAEAD.Overhead() a.suite = suite } - a.nextRcvTrafficSecret = a.getNextTrafficSecret(suite.Hash(), trafficSecret) + a.nextRcvTrafficSecret = a.getNextTrafficSecret(suite.Hash, trafficSecret) a.nextRcvAEAD = createAEAD(suite, a.nextRcvTrafficSecret) } // For the client, this function is called after SetReadKey. // For the server, this function is called before SetWriteKey. -func (a *updatableAEAD) SetWriteKey(suite cipherSuite, trafficSecret []byte) { +func (a *updatableAEAD) SetWriteKey(suite *qtls.CipherSuiteTLS13, trafficSecret []byte) { a.sendAEAD = createAEAD(suite, trafficSecret) - a.headerEncrypter = newAESHeaderProtector(createAESHeaderProtector(suite, trafficSecret), false) + a.headerEncrypter = newHeaderProtector(suite, trafficSecret, false) if a.suite == nil { a.nonceBuf = make([]byte, a.sendAEAD.NonceSize()) a.aeadOverhead = a.sendAEAD.Overhead() a.suite = suite } - a.nextSendTrafficSecret = a.getNextTrafficSecret(suite.Hash(), trafficSecret) + a.nextSendTrafficSecret = a.getNextTrafficSecret(suite.Hash, trafficSecret) a.nextSendAEAD = createAEAD(suite, a.nextSendTrafficSecret) } diff --git a/internal/handshake/updatable_aead_test.go b/internal/handshake/updatable_aead_test.go index 44df1295..80c1721f 100644 --- a/internal/handshake/updatable_aead_test.go +++ b/internal/handshake/updatable_aead_test.go @@ -1,9 +1,6 @@ package handshake import ( - "crypto" - "crypto/aes" - "crypto/cipher" "crypto/rand" "os" "time" @@ -15,21 +12,6 @@ import ( . "github.com/onsi/gomega" ) -type mockCipherSuite struct{} - -var _ cipherSuite = &mockCipherSuite{} - -func (c *mockCipherSuite) Hash() crypto.Hash { return crypto.SHA256 } -func (c *mockCipherSuite) KeyLen() int { return 16 } -func (c *mockCipherSuite) IVLen() int { return 12 } -func (c *mockCipherSuite) AEAD(key, _ []byte) cipher.AEAD { - block, err := aes.NewCipher(key) - Expect(err).ToNot(HaveOccurred()) - gcm, err := cipher.NewGCM(block) - Expect(err).ToNot(HaveOccurred()) - return gcm -} - var _ = Describe("Updatable AEAD", func() { getPeers := func(rttStats *congestion.RTTStats) (client, server *updatableAEAD) { trafficSecret1 := make([]byte, 16) @@ -39,10 +21,10 @@ var _ = Describe("Updatable AEAD", func() { client = newUpdatableAEAD(rttStats, utils.DefaultLogger) server = newUpdatableAEAD(rttStats, utils.DefaultLogger) - client.SetReadKey(&mockCipherSuite{}, trafficSecret2) - client.SetWriteKey(&mockCipherSuite{}, trafficSecret1) - server.SetReadKey(&mockCipherSuite{}, trafficSecret1) - server.SetWriteKey(&mockCipherSuite{}, trafficSecret2) + client.SetReadKey(aesSuite, trafficSecret2) + client.SetWriteKey(aesSuite, trafficSecret1) + server.SetReadKey(aesSuite, trafficSecret1) + server.SetWriteKey(aesSuite, trafficSecret2) return }