gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

create forwardSecureAEAD after receiving all necessary values

Browse Source
This commit is contained in:
Marten Seemann
2016-11-13 11:53:10 +07:00
parent 2e0eae1a1d
commit 0b736b2cce
2 changed files with 90 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
handshake/crypto_setup_client.go
View File

@@ -29,8 +29,9 @@ type cryptoSetupClient struct {
lastSentCHLO []byte
certManager crypto.CertManager
keyDerivation KeyDerivationFunction
secureAEAD crypto.AEAD
keyDerivation KeyDerivationFunction
secureAEAD crypto.AEAD
forwardSecureAEAD crypto.AEAD
}
var _ crypto.AEAD = &cryptoSetupClient{}
@@ -83,7 +84,10 @@ func (h *cryptoSetupClient) HandleCryptoStream() error {
if messageTag == TagSHLO {
utils.Debugf("Got SHLO:\n%s", printHandshakeMessage(cryptoData))
panic("SHLOs not yet implemented.")
err = h.handleSHLOMessage(cryptoData)
if err != nil {
return err
}
}
if messageTag == TagREJ {
@@ -134,7 +138,51 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
return nil
}
func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) error {
serverPubs, ok := cryptoData[TagPUBS]
if !ok {
return qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS")
}
if sno, ok := cryptoData[TagSNO]; ok {
h.sno = sno
}
nonce := append(h.nonc, h.sno...)
ephermalSharedSecret, err := h.serverConfig.kex.CalculateSharedKey(serverPubs)
if err != nil {
return err
}
leafCert := h.certManager.GetLeafCert()
h.forwardSecureAEAD, err = h.keyDerivation(
true,
ephermalSharedSecret,
nonce,
h.connID,
h.lastSentCHLO,
h.serverConfig.Get(),
leafCert,
nil,
protocol.PerspectiveClient,
)
if err != nil {
return err
}
return nil
}
func (h *cryptoSetupClient) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) {
if h.forwardSecureAEAD != nil {
data, err := h.forwardSecureAEAD.Open(dst, src, packetNumber, associatedData)
if err == nil {
return data, nil
}
return nil, err
}
if h.secureAEAD != nil {
data, err := h.secureAEAD.Open(dst, src, packetNumber, associatedData)
if err == nil {
@@ -146,6 +194,9 @@ func (h *cryptoSetupClient) Open(dst, src []byte, packetNumber protocol.PacketNu
}
func (h *cryptoSetupClient) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
if h.forwardSecureAEAD != nil {
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData)
}
if h.secureAEAD != nil {
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData)
}

37
handshake/crypto_setup_client_test.go
View File

@@ -40,7 +40,7 @@ var _ = Describe("Crypto setup", func() {
cs.certManager = certManager
})
Context("Reading SHLOs", func() {
Context("Reading REJ", func() {
var tagMap map[Tag][]byte
BeforeEach(func() {
@@ -134,6 +134,41 @@ var _ = Describe("Crypto setup", func() {
})
})
Context("Reading SHLO", func() {
var tagMap map[Tag][]byte
BeforeEach(func() {
tagMap = make(map[Tag][]byte)
tagMap[TagPUBS] = []byte{0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
kex, err := crypto.NewCurve25519KEX()
Expect(err).ToNot(HaveOccurred())
serverConfig := &serverConfigClient{
kex: kex,
}
cs.serverConfig = serverConfig
})
It("rejects SHLOs without a PUBS", func() {
delete(tagMap, TagPUBS)
err := cs.handleSHLOMessage(tagMap)
Expect(err).To(MatchError(qerr.Error(qerr.CryptoMessageParameterNotFound, "PUBS")))
})
It("reads the server nonce, if set", func() {
tagMap[TagSNO] = []byte("server nonce")
err := cs.handleSHLOMessage(tagMap)
Expect(err).ToNot(HaveOccurred())
Expect(cs.sno).To(Equal(tagMap[TagSNO]))
})
It("creates a forwardSecureAEAD", func() {
tagMap[TagSNO] = []byte("server nonce")
err := cs.handleSHLOMessage(tagMap)
Expect(err).ToNot(HaveOccurred())
Expect(cs.forwardSecureAEAD).ToNot(BeNil())
})
})
Context("CHLO generation", func() {
It("is longer than the miminum client hello size", func() {
err := cs.sendCHLO()