Mercurial > hg > nginx-tests
comparison lib/Test/Nginx/HTTP3.pm @ 1884:6f1508d53a26
Tests: fixed extracting QUIC early secret if PSK is not in use.
Although, PSK binder values in the pre-shared key extension are constructed
with a binder key derived from the early secret extracted with input keying
material of the corresponding offered PSK, an actual early secret should be
recomputed with a selected PSK. See RFC 8446, section 7.1 and 4.2.11.2.
Seen with QuicTLS and disabled session tickets, which, unlike in BoringSSL,
still sends session tickets but doesn't accept any pre-shared keys.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 18 Jan 2023 16:04:33 +0400 |
| parents | ff50c265a5ac |
| children | 90a310f3cee6 |
comparison
equal
deleted
inserted
replaced
| 1883:ff50c265a5ac | 1884:6f1508d53a26 |
|---|---|
| 162 $pk->import_key_raw($pub, "public"); | 162 $pk->import_key_raw($pub, "public"); |
| 163 my $shared_secret = $self->{sk}->shared_secret($pk); | 163 my $shared_secret = $self->{sk}->shared_secret($pk); |
| 164 Test::Nginx::log_core('||', "shared = " . unpack("H*", $shared_secret)); | 164 Test::Nginx::log_core('||', "shared = " . unpack("H*", $shared_secret)); |
| 165 | 165 |
| 166 # tls13_advance_key_schedule | 166 # tls13_advance_key_schedule |
| 167 | |
| 168 my $psk = pre_shared_key($extens); | |
| 169 $self->{psk} = (defined $psk && $self->{psk_list}[$psk]) || undef; | |
| 170 $self->{es_prk} = Crypt::KeyDerivation::hkdf_extract( | |
| 171 $self->{psk}->{secret} || pack("x32"), pack("x32"), 'SHA256'); | |
| 167 | 172 |
| 168 $self->{hs_prk} = hkdf_advance($shared_secret, $self->{es_prk}); | 173 $self->{hs_prk} = hkdf_advance($shared_secret, $self->{es_prk}); |
| 169 Test::Nginx::log_core('||', "hs = " . unpack("H*", $self->{hs_prk})); | 174 Test::Nginx::log_core('||', "hs = " . unpack("H*", $self->{hs_prk})); |
| 170 | 175 |
| 171 # derive_secret_with_transcript | 176 # derive_secret_with_transcript |
| 1802 } | 1807 } |
| 1803 $offset += 4 + $len; | 1808 $offset += 4 + $len; |
| 1804 } | 1809 } |
| 1805 } | 1810 } |
| 1806 | 1811 |
| 1812 sub pre_shared_key { | |
| 1813 my ($extens) = @_; | |
| 1814 my $offset = 0; | |
| 1815 while ($offset < length($extens)) { | |
| 1816 my $ext = substr($extens, $offset, 2); | |
| 1817 my $len = unpack("C", substr($extens, $offset + 2, 1)) * 8 + | |
| 1818 unpack("C", substr($extens, $offset + 3, 1)); | |
| 1819 if ($ext eq "\x00\x29") { | |
| 1820 return unpack("n", substr($extens, $offset + 4, $len)); | |
| 1821 } | |
| 1822 $offset += 4 + $len; | |
| 1823 } | |
| 1824 return; | |
| 1825 } | |
| 1826 | |
| 1807 ############################################################################### | 1827 ############################################################################### |
| 1808 | 1828 |
| 1809 sub build_cc { | 1829 sub build_cc { |
| 1810 my ($code, $reason) = @_; | 1830 my ($code, $reason) = @_; |
| 1811 "\x1d" . build_int($code) . build_int(length($reason)) . $reason; | 1831 "\x1d" . build_int($code) . build_int(length($reason)) . $reason; |