use a prefix for client session cache keys

This prevents cross-protocol ticket reuse (when the same Config is used for TCP and QUIC).
quic-go · Mar 18, 2023 · 9b58331 · 9b58331
1 parent 97fbf25
commit 9b58331
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 16 deletions.
diff --git a/cipher_suites.go b/cipher_suites.go
@@ -15,10 +15,8 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"hash"
-	"runtime"
 
 	"golang.org/x/crypto/chacha20poly1305"
-	"golang.org/x/sys/cpu"
 )
 
 // CipherSuite is a TLS cipher suite. Note that most functions in this package
@@ -364,18 +362,6 @@ var defaultCipherSuitesTLS13NoAES = []uint16{
 	TLS_AES_256_GCM_SHA384,
 }
 
-var (
-	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
-	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
-	// Keep in sync with crypto/aes/cipher_s390x.go.
-	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR &&
-		(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
-
-	hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 ||
-		runtime.GOARCH == "arm64" && hasGCMAsmARM64 ||
-		runtime.GOARCH == "s390x" && hasGCMAsmS390X
-)
-
 var aesgcmCiphers = map[uint16]bool{
 	// TLS 1.2
 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:   true,

diff --git a/cpu.go b/cpu.go
@@ -0,0 +1,22 @@
+//go:build !js
+// +build !js
+
+package qtls
+
+import (
+	"runtime"
+
+	"golang.org/x/sys/cpu"
+)
+
+var (
+	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+	// Keep in sync with crypto/aes/cipher_s390x.go.
+	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR &&
+		(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
+
+	hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 ||
+		runtime.GOARCH == "arm64" && hasGCMAsmARM64 ||
+		runtime.GOARCH == "s390x" && hasGCMAsmS390X
+)
diff --git a/cpu_other.go b/cpu_other.go
@@ -0,0 +1,12 @@
+//go:build js
+// +build js
+
+package qtls
+
+var (
+	hasGCMAsmAMD64 = false
+	hasGCMAsmARM64 = false
+	hasGCMAsmS390X = false
+
+	hasAESGCMHardwareSupport = false
+)
diff --git a/handshake_client.go b/handshake_client.go
@@ -1090,13 +1090,15 @@ func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate,
 	return new(Certificate), nil
 }
 
+const clientSessionCacheKeyPrefix = "qtls-"
+
 // clientSessionCacheKey returns a key used to cache sessionTickets that could
 // be used to resume previously negotiated TLS sessions with a server.
 func clientSessionCacheKey(serverAddr net.Addr, config *config) string {
 	if len(config.ServerName) > 0 {
-		return config.ServerName
+		return clientSessionCacheKeyPrefix + config.ServerName
 	}
-	return serverAddr.String()
+	return clientSessionCacheKeyPrefix + serverAddr.String()
 }
 
 // hostnameInSNI converts name into an appropriate hostname for SNI.