mirror of
https://github.com/refraction-networking/uquic.git
synced 2025-04-04 20:57:36 +03:00
fix retry key and nonce for draft-34
This commit is contained in:
Marten Seemann
parent
2c45f2b11d
commit
bd172b2a5a
7 changed files with 37 additions and 19 deletions
|
|
@ -10,11 +10,17 @@ import (
|
||||||
"github.com/lucas-clemente/quic-go/internal/protocol"
|
"github.com/lucas-clemente/quic-go/internal/protocol"
|
||||||
)
|
)
|
||||||
|
|
||||||
var retryAEAD cipher.AEAD
|
var (
|
||||||
|
oldRetryAEAD cipher.AEAD // used for QUIC draft versions up to 34
|
||||||
|
retryAEAD cipher.AEAD // used for QUIC draft-34
|
||||||
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
key := [16]byte{0xcc, 0xce, 0x18, 0x7e, 0xd0, 0x9a, 0x09, 0xd0, 0x57, 0x28, 0x15, 0x5a, 0x6c, 0xb9, 0x6b, 0xe1}
|
oldRetryAEAD = initAEAD([16]byte{0xcc, 0xce, 0x18, 0x7e, 0xd0, 0x9a, 0x09, 0xd0, 0x57, 0x28, 0x15, 0x5a, 0x6c, 0xb9, 0x6b, 0xe1})
|
||||||
|
retryAEAD = initAEAD([16]byte{0xbe, 0x0c, 0x69, 0x0b, 0x9f, 0x66, 0x57, 0x5a, 0x1d, 0x76, 0x6b, 0x54, 0xe3, 0x68, 0xc8, 0x4e})
|
||||||
|
}
|
||||||
|
|
||||||
|
func initAEAD(key [16]byte) cipher.AEAD {
|
||||||
aes, err := aes.NewCipher(key[:])
|
aes, err := aes.NewCipher(key[:])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
|
@ -23,24 +29,30 @@ func init() {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
retryAEAD = aead
|
return aead
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
retryBuf bytes.Buffer
|
retryBuf bytes.Buffer
|
||||||
retryMutex sync.Mutex
|
retryMutex sync.Mutex
|
||||||
retryNonce = [12]byte{0xe5, 0x49, 0x30, 0xf9, 0x7f, 0x21, 0x36, 0xf0, 0x53, 0x0a, 0x8c, 0x1c}
|
oldRetryNonce = [12]byte{0xe5, 0x49, 0x30, 0xf9, 0x7f, 0x21, 0x36, 0xf0, 0x53, 0x0a, 0x8c, 0x1c}
|
||||||
|
retryNonce = [12]byte{0x46, 0x15, 0x99, 0xd3, 0x5d, 0x63, 0x2b, 0xf2, 0x23, 0x98, 0x25, 0xbb}
|
||||||
)
|
)
|
||||||
|
|
||||||
// GetRetryIntegrityTag calculates the integrity tag on a Retry packet
|
// GetRetryIntegrityTag calculates the integrity tag on a Retry packet
|
||||||
func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte {
|
func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, version protocol.VersionNumber) *[16]byte {
|
||||||
retryMutex.Lock()
|
retryMutex.Lock()
|
||||||
retryBuf.WriteByte(uint8(origDestConnID.Len()))
|
retryBuf.WriteByte(uint8(origDestConnID.Len()))
|
||||||
retryBuf.Write(origDestConnID.Bytes())
|
retryBuf.Write(origDestConnID.Bytes())
|
||||||
retryBuf.Write(retry)
|
retryBuf.Write(retry)
|
||||||
|
|
||||||
var tag [16]byte
|
var tag [16]byte
|
||||||
sealed := retryAEAD.Seal(tag[:0], retryNonce[:], nil, retryBuf.Bytes())
|
var sealed []byte
|
||||||
|
if version != protocol.VersionDraft34 {
|
||||||
|
sealed = oldRetryAEAD.Seal(tag[:0], oldRetryNonce[:], nil, retryBuf.Bytes())
|
||||||
|
} else {
|
||||||
|
sealed = retryAEAD.Seal(tag[:0], retryNonce[:], nil, retryBuf.Bytes())
|
||||||
|
}
|
||||||
if len(sealed) != 16 {
|
if len(sealed) != 16 {
|
||||||
panic(fmt.Sprintf("unexpected Retry integrity tag length: %d", len(sealed)))
|
panic(fmt.Sprintf("unexpected Retry integrity tag length: %d", len(sealed)))
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,22 +9,28 @@ import (
|
||||||
|
|
||||||
var _ = Describe("Retry Integrity Check", func() {
|
var _ = Describe("Retry Integrity Check", func() {
|
||||||
It("calculates retry integrity tags", func() {
|
It("calculates retry integrity tags", func() {
|
||||||
fooTag := GetRetryIntegrityTag([]byte("foo"), protocol.ConnectionID{1, 2, 3, 4})
|
fooTag := GetRetryIntegrityTag([]byte("foo"), protocol.ConnectionID{1, 2, 3, 4}, protocol.VersionDraft29)
|
||||||
barTag := GetRetryIntegrityTag([]byte("bar"), protocol.ConnectionID{1, 2, 3, 4})
|
barTag := GetRetryIntegrityTag([]byte("bar"), protocol.ConnectionID{1, 2, 3, 4}, protocol.VersionDraft29)
|
||||||
Expect(fooTag).ToNot(BeNil())
|
Expect(fooTag).ToNot(BeNil())
|
||||||
Expect(barTag).ToNot(BeNil())
|
Expect(barTag).ToNot(BeNil())
|
||||||
Expect(*fooTag).ToNot(Equal(*barTag))
|
Expect(*fooTag).ToNot(Equal(*barTag))
|
||||||
})
|
})
|
||||||
|
|
||||||
It("includes the original connection ID in the tag calculation", func() {
|
It("includes the original connection ID in the tag calculation", func() {
|
||||||
t1 := GetRetryIntegrityTag([]byte("foobar"), protocol.ConnectionID{1, 2, 3, 4})
|
t1 := GetRetryIntegrityTag([]byte("foobar"), protocol.ConnectionID{1, 2, 3, 4}, protocol.VersionDraft34)
|
||||||
t2 := GetRetryIntegrityTag([]byte("foobar"), protocol.ConnectionID{4, 3, 2, 1})
|
t2 := GetRetryIntegrityTag([]byte("foobar"), protocol.ConnectionID{4, 3, 2, 1}, protocol.VersionDraft34)
|
||||||
Expect(*t1).ToNot(Equal(*t2))
|
Expect(*t1).ToNot(Equal(*t2))
|
||||||
})
|
})
|
||||||
|
|
||||||
It("uses the test vector from the draft", func() {
|
It("uses the test vector from the draft, for old draft versions", func() {
|
||||||
connID := protocol.ConnectionID(splitHexString("0x8394c8f03e515708"))
|
connID := protocol.ConnectionID(splitHexString("0x8394c8f03e515708"))
|
||||||
data := splitHexString("ffff00001d0008f067a5502a4262b574 6f6b656ed16926d81f6f9ca2953a8aa4 575e1e49")
|
data := splitHexString("ffff00001d0008f067a5502a4262b574 6f6b656ed16926d81f6f9ca2953a8aa4 575e1e49")
|
||||||
Expect(GetRetryIntegrityTag(data[:len(data)-16], connID)[:]).To(Equal(data[len(data)-16:]))
|
Expect(GetRetryIntegrityTag(data[:len(data)-16], connID, protocol.VersionDraft29)[:]).To(Equal(data[len(data)-16:]))
|
||||||
|
})
|
||||||
|
|
||||||
|
It("uses the test vector from the draft, for draft-34", func() {
|
||||||
|
connID := protocol.ConnectionID(splitHexString("0x8394c8f03e515708"))
|
||||||
|
data := splitHexString("ff000000010008f067a5502a4262b574 6f6b656e04a265ba2eff4d829058fb3f 0f2496ba")
|
||||||
|
Expect(GetRetryIntegrityTag(data[:len(data)-16], connID, protocol.VersionDraft34)[:]).To(Equal(data[len(data)-16:]))
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -128,5 +128,5 @@ func ComposeRetryPacket(
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
data := writePacket(hdr, nil)
|
data := writePacket(hdr, nil)
|
||||||
return append(data, handshake.GetRetryIntegrityTag(data, origDestConnID)[:]...)
|
return append(data, handshake.GetRetryIntegrityTag(data, origDestConnID, version)[:]...)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -575,7 +575,7 @@ func (s *baseServer) sendRetry(remoteAddr net.Addr, hdr *wire.Header) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// append the Retry integrity tag
|
// append the Retry integrity tag
|
||||||
tag := handshake.GetRetryIntegrityTag(buf.Bytes(), hdr.DestConnectionID)
|
tag := handshake.GetRetryIntegrityTag(buf.Bytes(), hdr.DestConnectionID, hdr.Version)
|
||||||
buf.Write(tag[:])
|
buf.Write(tag[:])
|
||||||
if s.config.Tracer != nil {
|
if s.config.Tracer != nil {
|
||||||
s.config.Tracer.SentPacket(remoteAddr, &replyHdr.Header, protocol.ByteCount(buf.Len()), nil)
|
s.config.Tracer.SentPacket(remoteAddr, &replyHdr.Header, protocol.ByteCount(buf.Len()), nil)
|
||||||
|
|
|
||||||
|
|
@ -476,7 +476,7 @@ var _ = Describe("Server", func() {
|
||||||
Expect(replyHdr.SrcConnectionID).ToNot(Equal(hdr.DestConnectionID))
|
Expect(replyHdr.SrcConnectionID).ToNot(Equal(hdr.DestConnectionID))
|
||||||
Expect(replyHdr.DestConnectionID).To(Equal(hdr.SrcConnectionID))
|
Expect(replyHdr.DestConnectionID).To(Equal(hdr.SrcConnectionID))
|
||||||
Expect(replyHdr.Token).ToNot(BeEmpty())
|
Expect(replyHdr.Token).ToNot(BeEmpty())
|
||||||
Expect(b[len(b)-16:]).To(Equal(handshake.GetRetryIntegrityTag(b[:len(b)-16], hdr.DestConnectionID)[:]))
|
Expect(b[len(b)-16:]).To(Equal(handshake.GetRetryIntegrityTag(b[:len(b)-16], hdr.DestConnectionID, hdr.Version)[:]))
|
||||||
return len(b), nil
|
return len(b), nil
|
||||||
})
|
})
|
||||||
serv.handlePacket(packet)
|
serv.handlePacket(packet)
|
||||||
|
|
|
||||||
|
|
@ -970,7 +970,7 @@ func (s *session) handleRetryPacket(hdr *wire.Header, data []byte) bool /* was t
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
tag := handshake.GetRetryIntegrityTag(data[:len(data)-16], destConnID)
|
tag := handshake.GetRetryIntegrityTag(data[:len(data)-16], destConnID, hdr.Version)
|
||||||
if !bytes.Equal(data[len(data)-16:], tag[:]) {
|
if !bytes.Equal(data[len(data)-16:], tag[:]) {
|
||||||
if s.tracer != nil {
|
if s.tracer != nil {
|
||||||
s.tracer.DroppedPacket(logging.PacketTypeRetry, protocol.ByteCount(len(data)), logging.PacketDropPayloadDecryptError)
|
s.tracer.DroppedPacket(logging.PacketTypeRetry, protocol.ByteCount(len(data)), logging.PacketDropPayloadDecryptError)
|
||||||
|
|
|
||||||
|
|
@ -2660,7 +2660,7 @@ var _ = Describe("Client Session", func() {
|
||||||
getRetryTag := func(hdr *wire.ExtendedHeader) []byte {
|
getRetryTag := func(hdr *wire.ExtendedHeader) []byte {
|
||||||
buf := &bytes.Buffer{}
|
buf := &bytes.Buffer{}
|
||||||
hdr.Write(buf, sess.version)
|
hdr.Write(buf, sess.version)
|
||||||
return handshake.GetRetryIntegrityTag(buf.Bytes(), origDestConnID)[:]
|
return handshake.GetRetryIntegrityTag(buf.Bytes(), origDestConnID, hdr.Version)[:]
|
||||||
}
|
}
|
||||||
|
|
||||||
It("handles Retry packets", func() {
|
It("handles Retry packets", func() {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue