Google Git
Sign in
quiche / quiche / c1bbfe64c68dfc9db2dcf760122cfbf701cfe97a^! / . / quic / core / crypto / quic_crypto_client_config.cc
commitc1bbfe64c68dfc9db2dcf760122cfbf701cfe97a[log] [tgz]
authornharper <nharper@google.com>Fri Sep 27 16:48:40 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Tue Oct 01 12:55:56 2019 -0700
tree78b4bd094cfd263b9c40f7847bbadf1c49224a2b
parentf1e3e4abecfc2ce6346e981cb5dc8c51336ab2f2 [diff] [blame]
Use 16-byte auth tags when initial obfuscators are used

QuicFramer assumes that the auth tag is the same length for all encryption
levels. In Google QUIC crypto versions where initial obfuscators are used,
we should use IETF style crypters (different nonce/IV construction and 16
byte instead of 12 byte auth tags).

gfe-relnote: Change encryption used in QUIC. Protected by quic_enable_version_99
PiperOrigin-RevId: 271674606
Change-Id: Ic7736908068eeee8077bd3a17ec4f8b4112254f9

diff --git a/quic/core/crypto/quic_crypto_client_config.cc b/quic/core/crypto/quic_crypto_client_config.cc
index 2b458ff..75b2e6a 100644
--- a/quic/core/crypto/quic_crypto_client_config.cc
+++ b/quic/core/crypto/quic_crypto_client_config.cc

@@ -514,6 +514,7 @@
     const QuicServerId& server_id,
     QuicConnectionId connection_id,
     const ParsedQuicVersion preferred_version,
+    const ParsedQuicVersion actual_version,
     const CachedState* cached,
     QuicWallTime now,
     QuicRandom* rand,
@@ -649,12 +650,12 @@
 
   std::string* subkey_secret = &out_params->initial_subkey_secret;
 
-  if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret,
-                               out_params->aead, out_params->client_nonce,
-                               out_params->server_nonce, pre_shared_key_,
-                               hkdf_input, Perspective::IS_CLIENT,
-                               CryptoUtils::Diversification::Pending(),
-                               &out_params->initial_crypters, subkey_secret)) {
+  if (!CryptoUtils::DeriveKeys(
+          actual_version, out_params->initial_premaster_secret,
+          out_params->aead, out_params->client_nonce, out_params->server_nonce,
+          pre_shared_key_, hkdf_input, Perspective::IS_CLIENT,
+          CryptoUtils::Diversification::Pending(),
+          &out_params->initial_crypters, subkey_secret)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
@@ -767,7 +768,7 @@
 QuicErrorCode QuicCryptoClientConfig::ProcessServerHello(
     const CryptoHandshakeMessage& server_hello,
     QuicConnectionId /*connection_id*/,
-    ParsedQuicVersion /*version*/,
+    ParsedQuicVersion version,
     const ParsedQuicVersionVector& negotiated_versions,
     CachedState* cached,
     QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params,
@@ -814,8 +815,8 @@
   hkdf_input.append(out_params->hkdf_input_suffix);
 
   if (!CryptoUtils::DeriveKeys(
-          out_params->forward_secure_premaster_secret, out_params->aead,
-          out_params->client_nonce,
+          version, out_params->forward_secure_premaster_secret,
+          out_params->aead, out_params->client_nonce,
           shlo_nonce.empty() ? out_params->server_nonce : shlo_nonce,
           pre_shared_key_, hkdf_input, Perspective::IS_CLIENT,
           CryptoUtils::Diversification::Never(),