From 9b58331bdba9490fb21af085dde6ffda674b0776 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 20 Aug 2020 13:15:37 +0700 Subject: [PATCH] use a prefix for client session cache keys This prevents cross-protocol ticket reuse (when the same Config is used for TCP and QUIC). --- cipher_suites.go | 14 -------------- cpu.go | 22 ++++++++++++++++++++++ cpu_other.go | 12 ++++++++++++ handshake_client.go | 6 ++++-- 4 files changed, 38 insertions(+), 16 deletions(-) create mode 100644 cpu.go create mode 100644 cpu_other.go diff --git a/cipher_suites.go b/cipher_suites.go index 919105f..43d2131 100644 --- a/cipher_suites.go +++ b/cipher_suites.go @@ -15,10 +15,8 @@ import ( "crypto/sha256" "fmt" "hash" - "runtime" "golang.org/x/crypto/chacha20poly1305" - "golang.org/x/sys/cpu" ) // CipherSuite is a TLS cipher suite. Note that most functions in this package @@ -364,18 +362,6 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ TLS_AES_256_GCM_SHA384, } -var ( - hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ - hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL - // Keep in sync with crypto/aes/cipher_s390x.go. - hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && - (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) - - hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || - runtime.GOARCH == "arm64" && hasGCMAsmARM64 || - runtime.GOARCH == "s390x" && hasGCMAsmS390X -) - var aesgcmCiphers = map[uint16]bool{ // TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: true, diff --git a/cpu.go b/cpu.go new file mode 100644 index 0000000..1219450 --- /dev/null +++ b/cpu.go @@ -0,0 +1,22 @@ +//go:build !js +// +build !js + +package qtls + +import ( + "runtime" + + "golang.org/x/sys/cpu" +) + +var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + // Keep in sync with crypto/aes/cipher_s390x.go. + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && + (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM) + + hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 || + runtime.GOARCH == "arm64" && hasGCMAsmARM64 || + runtime.GOARCH == "s390x" && hasGCMAsmS390X +) diff --git a/cpu_other.go b/cpu_other.go new file mode 100644 index 0000000..33f7d21 --- /dev/null +++ b/cpu_other.go @@ -0,0 +1,12 @@ +//go:build js +// +build js + +package qtls + +var ( + hasGCMAsmAMD64 = false + hasGCMAsmARM64 = false + hasGCMAsmS390X = false + + hasAESGCMHardwareSupport = false +) diff --git a/handshake_client.go b/handshake_client.go index 9f6eacb..6749032 100644 --- a/handshake_client.go +++ b/handshake_client.go @@ -1090,13 +1090,15 @@ func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate, return new(Certificate), nil } +const clientSessionCacheKeyPrefix = "qtls-" + // clientSessionCacheKey returns a key used to cache sessionTickets that could // be used to resume previously negotiated TLS sessions with a server. func clientSessionCacheKey(serverAddr net.Addr, config *config) string { if len(config.ServerName) > 0 { - return config.ServerName + return clientSessionCacheKeyPrefix + config.ServerName } - return serverAddr.String() + return clientSessionCacheKeyPrefix + serverAddr.String() } // hostnameInSNI converts name into an appropriate hostname for SNI.