gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

don't drop Handshake keys when receiving an ACK for a 0-RTT packet

Browse Source
This commit is contained in:
Marten Seemann
2019-06-27 13:05:09 +08:00
parent d6b50cf15a
commit 0b65a0c75e
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/handshake/updatable_aead.go
View File

@@ -47,6 +47,7 @@ type updatableAEAD struct {
keyPhase protocol.KeyPhase keyPhase protocol.KeyPhase
largestAcked protocol.PacketNumber largestAcked protocol.PacketNumber
firstPacketNumber protocol.PacketNumber
keyUpdateInterval uint64 keyUpdateInterval uint64
// Time when the keys should be dropped. Keys are dropped on the next call to Open(). // Time when the keys should be dropped. Keys are dropped on the next call to Open().
@@ -83,6 +84,7 @@ var _ ShortHeaderSealer = &updatableAEAD{}
func newUpdatableAEAD(rttStats *congestion.RTTStats, logger utils.Logger) *updatableAEAD { func newUpdatableAEAD(rttStats *congestion.RTTStats, logger utils.Logger) *updatableAEAD {
return &updatableAEAD{ return &updatableAEAD{
firstPacketNumber: protocol.InvalidPacketNumber,
largestAcked: protocol.InvalidPacketNumber, largestAcked: protocol.InvalidPacketNumber,
firstRcvdWithCurrentKey: protocol.InvalidPacketNumber, firstRcvdWithCurrentKey: protocol.InvalidPacketNumber,
firstSentWithCurrentKey: protocol.InvalidPacketNumber, firstSentWithCurrentKey: protocol.InvalidPacketNumber,
@@ -199,6 +201,9 @@ func (a *updatableAEAD) Seal(dst, src []byte, pn protocol.PacketNumber, ad []byt
if a.firstSentWithCurrentKey == protocol.InvalidPacketNumber { if a.firstSentWithCurrentKey == protocol.InvalidPacketNumber {
a.firstSentWithCurrentKey = pn a.firstSentWithCurrentKey = pn
} }
if a.firstPacketNumber == protocol.InvalidPacketNumber {
a.firstPacketNumber = pn
}
a.numSentWithCurrentKey++ a.numSentWithCurrentKey++
binary.BigEndian.PutUint64(a.nonceBuf[len(a.nonceBuf)-8:], uint64(pn)) binary.BigEndian.PutUint64(a.nonceBuf[len(a.nonceBuf)-8:], uint64(pn))
// The AEAD we're using here will be the qtls.aeadAESGCM13. // The AEAD we're using here will be the qtls.aeadAESGCM13.
@@ -249,3 +254,7 @@ func (a *updatableAEAD) EncryptHeader(sample []byte, firstByte *byte, hdrBytes [
func (a *updatableAEAD) DecryptHeader(sample []byte, firstByte *byte, hdrBytes []byte) { func (a *updatableAEAD) DecryptHeader(sample []byte, firstByte *byte, hdrBytes []byte) {
a.headerDecrypter.DecryptHeader(sample, firstByte, hdrBytes) a.headerDecrypter.DecryptHeader(sample, firstByte, hdrBytes)
} }
func (a *updatableAEAD) FirstPacketNumber() protocol.PacketNumber {
return a.firstPacketNumber
}

7
internal/handshake/updatable_aead_test.go
View File

@@ -75,6 +75,13 @@ var _ = Describe("Updatable AEAD", func() {
Expect(opened).To(Equal(msg)) Expect(opened).To(Equal(msg))
}) })
It("saves the first packet number", func() {
client.Seal(nil, msg, 0x1337, ad)
Expect(client.FirstPacketNumber()).To(Equal(protocol.PacketNumber(0x1337)))
client.Seal(nil, msg, 0x1338, ad)
Expect(client.FirstPacketNumber()).To(Equal(protocol.PacketNumber(0x1337)))
})
It("fails to open a message if the associated data is not the same", func() { It("fails to open a message if the associated data is not the same", func() {
encrypted := client.Seal(nil, msg, 0x1337, ad) encrypted := client.Seal(nil, msg, 0x1337, ad)
_, err := server.Open(nil, encrypted, time.Now(), 0x1337, protocol.KeyPhaseZero, []byte("wrong ad")) _, err := server.Open(nil, encrypted, time.Now(), 0x1337, protocol.KeyPhaseZero, []byte("wrong ad"))