feat: bulit-in qtls cipher suite implementation

2026-04-20 12:39:12 -04:00 · 2023-07-17 12:38:25 +08:00
parent 093d7b0b6f
commit 8c5bcacb99
6 changed files with 30 additions and 41 deletions
--- a/common/protocol/quic/cipher_suite.go
+++ b/common/protocol/quic/cipher_suite.go
@@ -0,0 +1,23 @@
+package quic
+
+import (
+	"crypto"
+	"crypto/cipher"
+	_ "crypto/tls"
+	_ "unsafe"
+)
+
+// copied from github.com/quic-go/quic-go/internal/qtls/cipher_suite_go121.go
+
+type cipherSuiteTLS13 struct {
+	ID     uint16
+	KeyLen int
+	AEAD   func(key, fixedNonce []byte) cipher.AEAD
+	Hash   crypto.Hash
+}
+
+// github.com/quic-go/quic-go/internal/handshake/cipher_suite.go describes these cipher suite implementations are copied from the standard library crypto/tls package.
+// So we can user go:linkname to implement the same feature.
+
+//go:linkname aeadAESGCMTLS13 crypto/tls.aeadAESGCMTLS13
+func aeadAESGCMTLS13(key, nonceMask []byte) cipher.AEAD
--- a/common/protocol/quic/qtls_go119.go
+++ b/common/protocol/quic/qtls_go119.go
@@ -1,18 +0,0 @@
-//go:build go1.19 && !go1.20
-
-package quic
-
-import (
-	"crypto/cipher"
-
-	"github.com/quic-go/qtls-go1-19"
-)
-
-type (
-	// A CipherSuiteTLS13 is a cipher suite for TLS 1.3
-	CipherSuiteTLS13 = qtls.CipherSuiteTLS13
-)
-
-func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
-	return qtls.AEADAESGCMTLS13(key, fixedNonce)
-}
--- a/common/protocol/quic/qtls_go120.go
+++ b/common/protocol/quic/qtls_go120.go
@@ -1,18 +0,0 @@
-//go:build go1.20
-
-package quic
-
-import (
-	"crypto/cipher"
-
-	"github.com/quic-go/qtls-go1-20"
-)
-
-type (
-	// A CipherSuiteTLS13 is a cipher suite for TLS 1.3
-	CipherSuiteTLS13 = qtls.CipherSuiteTLS13
-)
-
-func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD {
-	return qtls.AEADAESGCMTLS13(key, fixedNonce)
-}
--- a/common/protocol/quic/sniff.go
+++ b/common/protocol/quic/sniff.go
@@ -37,10 +37,10 @@ const (
 var (
 	quicSaltOld  = []byte{0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99}
 	quicSalt     = []byte{0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a}
-	initialSuite = &CipherSuiteTLS13{
+	initialSuite = &cipherSuiteTLS13{
 		ID:     tls.TLS_AES_128_GCM_SHA256,
 		KeyLen: 16,
-		AEAD:   AEADAESGCMTLS13,
+		AEAD:   aeadAESGCMTLS13,
 		Hash:   crypto.SHA256,
 	}
 	errNotQuic        = errors.New("not quic")
@@ -153,7 +153,7 @@ func SniffQUIC(b []byte) (*SniffHeader, error) {

 	key := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic key", 16)
 	iv := hkdfExpandLabel(crypto.SHA256, secret, []byte{}, "quic iv", 12)
-	cipher := AEADAESGCMTLS13(key, iv)
+	cipher := aeadAESGCMTLS13(key, iv)
 	nonce := cache.Extend(int32(cipher.NonceSize()))
 	binary.BigEndian.PutUint64(nonce[len(nonce)-8:], uint64(packetNumber))
 	decrypted, err := cipher.Open(b[extHdrLen:extHdrLen], nonce, data, b[:extHdrLen])