Mercurial > hg > nginx-tests
comparison lib/Test/Nginx/HTTP3.pm @ 1884:6f1508d53a26
Tests: fixed extracting QUIC early secret if PSK is not in use.
Although, PSK binder values in the pre-shared key extension are constructed
with a binder key derived from the early secret extracted with input keying
material of the corresponding offered PSK, an actual early secret should be
recomputed with a selected PSK. See RFC 8446, section 7.1 and 4.2.11.2.
Seen with QuicTLS and disabled session tickets, which, unlike in BoringSSL,
still sends session tickets but doesn't accept any pre-shared keys.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 18 Jan 2023 16:04:33 +0400 |
parents | ff50c265a5ac |
children | 90a310f3cee6 |
comparison
equal
deleted
inserted
replaced
1883:ff50c265a5ac | 1884:6f1508d53a26 |
---|---|
162 $pk->import_key_raw($pub, "public"); | 162 $pk->import_key_raw($pub, "public"); |
163 my $shared_secret = $self->{sk}->shared_secret($pk); | 163 my $shared_secret = $self->{sk}->shared_secret($pk); |
164 Test::Nginx::log_core('||', "shared = " . unpack("H*", $shared_secret)); | 164 Test::Nginx::log_core('||', "shared = " . unpack("H*", $shared_secret)); |
165 | 165 |
166 # tls13_advance_key_schedule | 166 # tls13_advance_key_schedule |
167 | |
168 my $psk = pre_shared_key($extens); | |
169 $self->{psk} = (defined $psk && $self->{psk_list}[$psk]) || undef; | |
170 $self->{es_prk} = Crypt::KeyDerivation::hkdf_extract( | |
171 $self->{psk}->{secret} || pack("x32"), pack("x32"), 'SHA256'); | |
167 | 172 |
168 $self->{hs_prk} = hkdf_advance($shared_secret, $self->{es_prk}); | 173 $self->{hs_prk} = hkdf_advance($shared_secret, $self->{es_prk}); |
169 Test::Nginx::log_core('||', "hs = " . unpack("H*", $self->{hs_prk})); | 174 Test::Nginx::log_core('||', "hs = " . unpack("H*", $self->{hs_prk})); |
170 | 175 |
171 # derive_secret_with_transcript | 176 # derive_secret_with_transcript |
1802 } | 1807 } |
1803 $offset += 4 + $len; | 1808 $offset += 4 + $len; |
1804 } | 1809 } |
1805 } | 1810 } |
1806 | 1811 |
1812 sub pre_shared_key { | |
1813 my ($extens) = @_; | |
1814 my $offset = 0; | |
1815 while ($offset < length($extens)) { | |
1816 my $ext = substr($extens, $offset, 2); | |
1817 my $len = unpack("C", substr($extens, $offset + 2, 1)) * 8 + | |
1818 unpack("C", substr($extens, $offset + 3, 1)); | |
1819 if ($ext eq "\x00\x29") { | |
1820 return unpack("n", substr($extens, $offset + 4, $len)); | |
1821 } | |
1822 $offset += 4 + $len; | |
1823 } | |
1824 return; | |
1825 } | |
1826 | |
1807 ############################################################################### | 1827 ############################################################################### |
1808 | 1828 |
1809 sub build_cc { | 1829 sub build_cc { |
1810 my ($code, $reason) = @_; | 1830 my ($code, $reason) = @_; |
1811 "\x1d" . build_int($code) . build_int(length($reason)) . $reason; | 1831 "\x1d" . build_int($code) . build_int(length($reason)) . $reason; |