TUN-4597: Add a QUIC server skeleton

- Added a QUIC server to accept streams - Unit test for this server also tests ALPN - Temporary echo capability for HTTP ConnectionType
2025-07-28 13:29:57 +00:00 · 2021-08-03 10:04:02 +01:00
parent fd4000184c
commit ed024d0741
768 changed files with 84848 additions and 15639 deletions
--- a/vendor/github.com/lucas-clemente/quic-go/internal/handshake/initial_aead.go
+++ b/vendor/github.com/lucas-clemente/quic-go/internal/handshake/initial_aead.go
@@ -0,0 +1,64 @@
+package handshake
+
+import (
+	"crypto"
+	"crypto/tls"
+
+	"golang.org/x/crypto/hkdf"
+
+	"github.com/lucas-clemente/quic-go/internal/protocol"
+	"github.com/lucas-clemente/quic-go/internal/qtls"
+)
+
+var (
+	quicSaltOld     = []byte{0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99}
+	quicSaltDraft34 = []byte{0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a}
+)
+
+func getSalt(v protocol.VersionNumber) []byte {
+	if v == protocol.VersionDraft34 || v == protocol.Version1 {
+		return quicSaltDraft34
+	}
+	return quicSaltOld
+}
+
+var initialSuite = &qtls.CipherSuiteTLS13{
+	ID:     tls.TLS_AES_128_GCM_SHA256,
+	KeyLen: 16,
+	AEAD:   qtls.AEADAESGCMTLS13,
+	Hash:   crypto.SHA256,
+}
+
+// NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
+func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective, v protocol.VersionNumber) (LongHeaderSealer, LongHeaderOpener) {
+	clientSecret, serverSecret := computeSecrets(connID, v)
+	var mySecret, otherSecret []byte
+	if pers == protocol.PerspectiveClient {
+		mySecret = clientSecret
+		otherSecret = serverSecret
+	} else {
+		mySecret = serverSecret
+		otherSecret = clientSecret
+	}
+	myKey, myIV := computeInitialKeyAndIV(mySecret)
+	otherKey, otherIV := computeInitialKeyAndIV(otherSecret)
+
+	encrypter := qtls.AEADAESGCMTLS13(myKey, myIV)
+	decrypter := qtls.AEADAESGCMTLS13(otherKey, otherIV)
+
+	return newLongHeaderSealer(encrypter, newHeaderProtector(initialSuite, mySecret, true)),
+		newLongHeaderOpener(decrypter, newAESHeaderProtector(initialSuite, otherSecret, true))
+}
+
+func computeSecrets(connID protocol.ConnectionID, v protocol.VersionNumber) (clientSecret, serverSecret []byte) {
+	initialSecret := hkdf.Extract(crypto.SHA256.New, connID, getSalt(v))
+	clientSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "client in", crypto.SHA256.Size())
+	serverSecret = hkdfExpandLabel(crypto.SHA256, initialSecret, []byte{}, "server in", crypto.SHA256.Size())
+	return
+}
+
+func computeInitialKeyAndIV(secret []byte) (key, iv []byte) {
+	key = hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
+	iv = hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
+	return
+}