Merge pull request #300 from zlabjp/genkey-helper

Add GenerateCryptoKey helper function
zlabjp · Feb 6, 2024 · 2e447bd · 2e447bd
2 parents 6926873 + b04950a
commit 2e447bd
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 35 deletions.
diff --git a/pkg/nghttpx/quic.go b/pkg/nghttpx/quic.go
@@ -3,16 +3,11 @@ package nghttpx
 import (
 	"bufio"
 	"bytes"
-	"crypto/rand"
-	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"io"
 	"math/bits"
 	"path/filepath"
 	"strings"
-
-	"golang.org/x/crypto/hkdf"
 )
 
 const (
@@ -89,20 +84,9 @@ func VerifyQUICKeyingMaterials(km []byte) error {
 
 // NewQUICKeyingMaterial returns new QUIC keying material.
 func NewQUICKeyingMaterial() ([]byte, error) {
-	const ikmLen = 8
-
-	ikmSalt := make([]byte, ikmLen+sha256.Size)
-	if _, err := rand.Read(ikmSalt); err != nil {
-		return nil, err
-	}
-
-	ikm := ikmSalt[:ikmLen]
-	salt := ikmSalt[ikmLen:]
-
-	r := hkdf.New(sha256.New, ikm, salt, []byte("quic key"))
-
 	b := make([]byte, QUICKeyingMaterialsSize)
-	if _, err := io.ReadFull(r, b); err != nil {
+
+	if err := GenerateCryptoKey(b, []byte("quic key")); err != nil {
 		return nil, err
 	}
 

diff --git a/pkg/nghttpx/tls.go b/pkg/nghttpx/tls.go
@@ -27,19 +27,15 @@ package nghttpx
 import (
 	"bytes"
 	"context"
-	"crypto/rand"
-	"crypto/sha256"
 	"crypto/x509"
 	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"io"
 	"path/filepath"
 	"sort"
 	"time"
 
-	"golang.org/x/crypto/hkdf"
 	"k8s.io/klog/v2"
 )
 
@@ -248,20 +244,9 @@ func NormalizePEM(data []byte) ([]byte, error) {
 }
 
 func NewTLSTicketKey() ([]byte, error) {
-	const ikmLen = 8
-
-	ikmSalt := make([]byte, ikmLen+sha256.Size)
-	if _, err := rand.Read(ikmSalt); err != nil {
-		return nil, err
-	}
-
-	ikm := ikmSalt[:ikmLen]
-	salt := ikmSalt[ikmLen:]
-
-	r := hkdf.New(sha256.New, ikm, salt, []byte("tls ticket key"))
-
 	key := make([]byte, TLSTicketKeySize)
-	if _, err := io.ReadFull(r, key); err != nil {
+
+	if err := GenerateCryptoKey(key, []byte("tls ticket key")); err != nil {
 		return nil, err
 	}
 

diff --git a/pkg/nghttpx/utils.go b/pkg/nghttpx/utils.go
@@ -27,6 +27,7 @@ package nghttpx
 import (
 	"bytes"
 	"context"
+	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
 	"io"
@@ -36,6 +37,7 @@ import (
 	"time"
 
 	"github.com/pmezard/go-difflib/difflib"
+	"golang.org/x/crypto/hkdf"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/klog/v2"
 )
@@ -283,3 +285,28 @@ func nghttpxDuration(d time.Duration) string {
 	}
 	return fmt.Sprintf("%vms", msec)
 }
+
+// GenerateCryptoKey generates cryptographic key of length len(out) in out.  info is an optional context information.
+func GenerateCryptoKey(out, info []byte) error {
+	if len(out) == 0 {
+		return nil
+	}
+
+	const ikmLen = 8
+
+	ikmSalt := make([]byte, ikmLen+sha256.Size)
+	if _, err := rand.Read(ikmSalt); err != nil {
+		return err
+	}
+
+	ikm := ikmSalt[:ikmLen]
+	salt := ikmSalt[ikmLen:]
+
+	r := hkdf.New(sha256.New, ikm, salt, info)
+
+	if _, err := io.ReadFull(r, out); err != nil {
+		return err
+	}
+
+	return nil
+}