TUN-4922: Downgrade quic-go library to 0.20.0

2025-07-28 06:49:58 +00:00 · 2021-08-13 15:45:13 +01:00
parent 5f6e867685
commit 1082ac1c36
278 changed files with 3528 additions and 18344 deletions
--- a/vendor/github.com/lucas-clemente/quic-go/internal/handshake/crypto_setup.go
+++ b/vendor/github.com/lucas-clemente/quic-go/internal/handshake/crypto_setup.go
@@ -403,10 +403,7 @@ func (h *cryptoSetup) checkEncryptionLevel(msgType messageType, encLevel protoco
 func (h *cryptoSetup) handleTransportParameters(data []byte) {
 	var tp wire.TransportParameters
 	if err := tp.Unmarshal(data, h.perspective.Opposite()); err != nil {
-		h.runner.OnError(&qerr.TransportError{
-			ErrorCode:    qerr.TransportParameterError,
-			ErrorMessage: err.Error(),
-		})
+		h.runner.OnError(qerr.NewError(qerr.TransportParameterError, err.Error()))
 	}
 	h.peerParams = &tp
 	h.runner.OnReceivedParams(h.peerParams)
@@ -558,7 +555,7 @@ func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.Ciph
 			newHeaderProtector(suite, trafficSecret, true),
 		)
 		h.mutex.Unlock()
-		h.logger.Debugf("Installed 0-RTT Read keys (using %s)", tls.CipherSuiteName(suite.ID))
+		h.logger.Debugf("Installed 0-RTT Read keys (using %s)", qtls.CipherSuiteName(suite.ID))
 		if h.tracer != nil {
 			h.tracer.UpdatedKeyFromTLS(protocol.Encryption0RTT, h.perspective.Opposite())
 		}
@@ -571,12 +568,12 @@ func (h *cryptoSetup) SetReadKey(encLevel qtls.EncryptionLevel, suite *qtls.Ciph
 			h.dropInitialKeys,
 			h.perspective,
 		)
-		h.logger.Debugf("Installed Handshake Read keys (using %s)", tls.CipherSuiteName(suite.ID))
+		h.logger.Debugf("Installed Handshake Read keys (using %s)", qtls.CipherSuiteName(suite.ID))
 	case qtls.EncryptionApplication:
 		h.readEncLevel = protocol.Encryption1RTT
 		h.aead.SetReadKey(suite, trafficSecret)
 		h.has1RTTOpener = true
-		h.logger.Debugf("Installed 1-RTT Read keys (using %s)", tls.CipherSuiteName(suite.ID))
+		h.logger.Debugf("Installed 1-RTT Read keys (using %s)", qtls.CipherSuiteName(suite.ID))
 	default:
 		panic("unexpected read encryption level")
 	}
@@ -598,7 +595,7 @@ func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.Cip
 			newHeaderProtector(suite, trafficSecret, true),
 		)
 		h.mutex.Unlock()
-		h.logger.Debugf("Installed 0-RTT Write keys (using %s)", tls.CipherSuiteName(suite.ID))
+		h.logger.Debugf("Installed 0-RTT Write keys (using %s)", qtls.CipherSuiteName(suite.ID))
 		if h.tracer != nil {
 			h.tracer.UpdatedKeyFromTLS(protocol.Encryption0RTT, h.perspective)
 		}
@@ -611,12 +608,12 @@ func (h *cryptoSetup) SetWriteKey(encLevel qtls.EncryptionLevel, suite *qtls.Cip
 			h.dropInitialKeys,
 			h.perspective,
 		)
-		h.logger.Debugf("Installed Handshake Write keys (using %s)", tls.CipherSuiteName(suite.ID))
+		h.logger.Debugf("Installed Handshake Write keys (using %s)", qtls.CipherSuiteName(suite.ID))
 	case qtls.EncryptionApplication:
 		h.writeEncLevel = protocol.Encryption1RTT
 		h.aead.SetWriteKey(suite, trafficSecret)
 		h.has1RTTSealer = true
-		h.logger.Debugf("Installed 1-RTT Write keys (using %s)", tls.CipherSuiteName(suite.ID))
+		h.logger.Debugf("Installed 1-RTT Write keys (using %s)", qtls.CipherSuiteName(suite.ID))
 		if h.zeroRTTSealer != nil {
 			h.zeroRTTSealer = nil
 			h.logger.Debugf("Dropping 0-RTT keys.")
--- a/vendor/github.com/lucas-clemente/quic-go/internal/handshake/initial_aead.go
+++ b/vendor/github.com/lucas-clemente/quic-go/internal/handshake/initial_aead.go
@@ -4,8 +4,6 @@ import (
 	"crypto"
 	"crypto/tls"

-	"golang.org/x/crypto/hkdf"
-
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 	"github.com/lucas-clemente/quic-go/internal/qtls"
 )
@@ -16,7 +14,7 @@ var (
 )

 func getSalt(v protocol.VersionNumber) []byte {
-	if v == protocol.VersionDraft34 || v == protocol.Version1 {
+	if v == protocol.VersionDraft34 {
 		return quicSaltDraft34
 	}
 	return quicSaltOld
@@ -51,7 +49,7 @@ func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v p
 }

 func computeSecrets(connID protocol.ConnectionID, v protocol.VersionNumber) (clientSecret, serverSecret []byte) {
-	initialSecret := hkdf.Extract(crypto.SHA256.New, connID, getSalt(v))
+	initialSecret := qtls.HkdfExtract(crypto.SHA256, connID, getSalt(v))
 	clientSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size())
 	serverSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "server in", crypto.SHA256.Size())
 	return
--- a/vendor/github.com/lucas-clemente/quic-go/internal/handshake/retry.go
+++ b/vendor/github.com/lucas-clemente/quic-go/internal/handshake/retry.go
@@ -48,7 +48,7 @@ func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID, ve

 	var tag [16]byte
 	var sealed []byte
-	if version != protocol.VersionDraft34 && version != protocol.Version1 {
+	if version != protocol.VersionDraft34 {
 		sealed = oldRetryAEAD.Seal(tag[:0], oldRetryNonce[:], nil, retryBuf.Bytes())
 	} else {
 		sealed = retryAEAD.Seal(tag[:0], retryNonce[:], nil, retryBuf.Bytes())
--- a/vendor/github.com/lucas-clemente/quic-go/internal/handshake/tls_extension_handler.go
+++ b/vendor/github.com/lucas-clemente/quic-go/internal/handshake/tls_extension_handler.go
@@ -24,7 +24,7 @@ var _ tlsExtensionHandler = &extensionHandler{}
 // newExtensionHandler creates a new extension handler
 func newExtensionHandler(params []byte, pers protocol.Perspective, v protocol.VersionNumber) tlsExtensionHandler {
 	et := uint16(quicTLSExtensionType)
-	if v != protocol.VersionDraft34 && v != protocol.Version1 {
+	if v != protocol.VersionDraft34 {
 		et = quicTLSExtensionTypeOldDrafts
 	}
 	return &extensionHandler{
--- a/vendor/github.com/lucas-clemente/quic-go/internal/handshake/updatable_aead.go
+++ b/vendor/github.com/lucas-clemente/quic-go/internal/handshake/updatable_aead.go
@@ -163,7 +163,7 @@ func (a *updatableAEAD) Open(dst, src []byte, rcvTime time.Time, pn protocol.Pac
 	if err == ErrDecryptionFailed {
 		a.invalidPacketCount++
 		if a.invalidPacketCount >= a.invalidPacketLimit {
-			return nil, &qerr.TransportError{ErrorCode: qerr.AEADLimitReached}
+			return nil, qerr.AEADLimitReached
 		}
 	}
 	if err == nil {
@@ -201,10 +201,7 @@ func (a *updatableAEAD) open(dst, src []byte, rcvTime time.Time, pn protocol.Pac
 		}
 		// Opening succeeded. Check if the peer was allowed to update.
 		if a.keyPhase > 0 && a.firstSentWithCurrentKey == protocol.InvalidPacketNumber {
-			return nil, &qerr.TransportError{
-				ErrorCode:    qerr.KeyUpdateError,
-				ErrorMessage: "keys updated too quickly",
-			}
+			return nil, qerr.NewError(qerr.KeyUpdateError, "keys updated too quickly")
 		}
 		a.rollKeys()
 		a.logger.Debugf("Peer updated keys to %d", a.keyPhase)
@@ -253,10 +250,7 @@ func (a *updatableAEAD) Seal(dst, src []byte, pn protocol.PacketNumber, ad []byt
 func (a *updatableAEAD) SetLargestAcked(pn protocol.PacketNumber) error {
 	if a.firstSentWithCurrentKey != protocol.InvalidPacketNumber &&
 		pn >= a.firstSentWithCurrentKey && a.numRcvdWithCurrentKey == 0 {
-		return &qerr.TransportError{
-			ErrorCode:    qerr.KeyUpdateError,
-			ErrorMessage: fmt.Sprintf("received ACK for key phase %d, but peer didn't update keys", a.keyPhase),
-		}
+		return qerr.NewError(qerr.KeyUpdateError, fmt.Sprintf("received ACK for key phase %d, but peer didn't update keys", a.keyPhase))
 	}
 	a.largestAcked = pn
 	return nil