use the golang/x/crypto ChaCha20 implementation

https://go-review.googlesource.com/c/crypto/+/206638 added the SetCounter method required for QUIC's header protection.
2025-04-04 12:47:36 +03:00 · 2020-02-22 10:53:41 +07:00 · 2020-02-22 10:53:41 +07:00 · b658f92060
commit b658f92060
parent f5d88d3edd
3 changed files with 13 additions and 10 deletions
--- a/internal/handshake/header_protector.go
+++ b/internal/handshake/header_protector.go
@ -4,9 +4,11 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"encoding/binary"
 	"fmt"

-	"github.com/marten-seemann/chacha20"
+	"golang.org/x/crypto/chacha20"
+
 	"github.com/marten-seemann/qtls"
 )

@ -75,7 +77,6 @@ type chachaHeaderProtector struct {
 	mask [5]byte

 	key          [32]byte
-	sampleBuf    [16]byte
 	isLongHeader bool
 }

@ -117,14 +118,18 @@ func (p *chachaHeaderProtector) EncryptHeader(sample []byte, firstByte *byte, hd
 }

 func (p *chachaHeaderProtector) apply(sample []byte, firstByte *byte, hdrBytes []byte) {
-	if len(sample) < len(p.mask) {
+	if len(sample) != 16 {
 		panic("invalid sample size")
 	}
 	for i := 0; i < 5; i++ {
 		p.mask[i] = 0
 	}
-	copy(p.sampleBuf[:], sample)
-	chacha20.XORKeyStream(p.mask[:], p.mask[:], &p.sampleBuf, &p.key)
+	cipher, err := chacha20.NewUnauthenticatedCipher(p.key[:], sample[4:])
+	if err != nil {
+		panic(err)
+	}
+	cipher.SetCounter(binary.BigEndian.Uint32(sample[4:]))
+	cipher.XORKeyStream(p.mask[:], p.mask[:])
 	p.applyMask(firstByte, hdrBytes)
 }