forked from quic-go/quic-go
drop Handshake keys when receiving HANDSHAKE_DONE (as a client)
This commit is contained in:
Marten Seemann
@@ -221,13 +221,6 @@ func (h *cryptoSetup) ChangeConnectionID(id protocol.ConnectionID) {
|
||||
|
||||
func (h *cryptoSetup) SetLargest1RTTAcked(pn protocol.PacketNumber) {
|
||||
h.aead.SetLargestAcked(pn)
|
||||
// drop handshake keys
|
||||
if h.handshakeOpener != nil {
|
||||
h.handshakeOpener = nil
|
||||
h.handshakeSealer = nil
|
||||
h.logger.Debugf("Dropping Handshake keys.")
|
||||
h.runner.DropKeys(protocol.EncryptionHandshake)
|
||||
}
|
||||
}
|
||||
|
||||
func (h *cryptoSetup) RunHandshake() {
|
||||
@@ -564,12 +557,18 @@ func (h *cryptoSetup) dropInitialKeys() {
|
||||
}
|
||||
|
||||
func (h *cryptoSetup) DropHandshakeKeys() {
|
||||
var dropped bool
|
||||
h.mutex.Lock()
|
||||
h.handshakeOpener = nil
|
||||
h.handshakeSealer = nil
|
||||
if h.handshakeOpener != nil {
|
||||
h.handshakeOpener = nil
|
||||
h.handshakeSealer = nil
|
||||
dropped = true
|
||||
}
|
||||
h.mutex.Unlock()
|
||||
h.runner.DropKeys(protocol.EncryptionHandshake)
|
||||
h.logger.Debugf("Dropping Handshake keys.")
|
||||
if dropped {
|
||||
h.runner.DropKeys(protocol.EncryptionHandshake)
|
||||
h.logger.Debugf("Dropping Handshake keys.")
|
||||
}
|
||||
}
|
||||
|
||||
func (h *cryptoSetup) GetInitialSealer() (LongHeaderSealer, error) {
|
||||
|
||||
@@ -856,6 +856,7 @@ func (s *session) handleFrame(f wire.Frame, pn protocol.PacketNumber, encLevel p
|
||||
case *wire.RetireConnectionIDFrame:
|
||||
err = s.handleRetireConnectionIDFrame(frame)
|
||||
case *wire.HandshakeDoneFrame:
|
||||
err = s.handleHandshakeDoneFrame()
|
||||
default:
|
||||
err = fmt.Errorf("unexpected frame type: %s", reflect.ValueOf(&frame).Elem().Type().Name())
|
||||
}
|
||||
@@ -974,6 +975,14 @@ func (s *session) handleRetireConnectionIDFrame(f *wire.RetireConnectionIDFrame)
|
||||
return s.connIDGenerator.Retire(f.SequenceNumber)
|
||||
}
|
||||
|
||||
func (s *session) handleHandshakeDoneFrame() error {
|
||||
if s.perspective == protocol.PerspectiveServer {
|
||||
return qerr.Error(qerr.ProtocolViolation, "received a HANDSHAKE_DONE frame")
|
||||
}
|
||||
s.cryptoStreamHandler.DropHandshakeKeys()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *session) handleAckFrame(frame *wire.AckFrame, pn protocol.PacketNumber, encLevel protocol.EncryptionLevel) error {
|
||||
if err := s.sentPacketHandler.ReceivedAck(frame, pn, encLevel, s.lastPacketReceivedTime); err != nil {
|
||||
return err
|
||||
|
||||
@@ -404,6 +404,10 @@ var _ = Describe("Session", func() {
|
||||
Expect(sess.handleFrame(ccf, 0, protocol.EncryptionUnspecified)).To(Succeed())
|
||||
Eventually(sess.Context().Done()).Should(BeClosed())
|
||||
})
|
||||
|
||||
It("errors on HANDSHAKE_DONE frames", func() {
|
||||
Expect(sess.handleHandshakeDoneFrame()).To(MatchError("PROTOCOL_VIOLATION: received a HANDSHAKE_DONE frame"))
|
||||
})
|
||||
})
|
||||
|
||||
It("tells its versions", func() {
|
||||
@@ -1734,6 +1738,11 @@ var _ = Describe("Client Session", func() {
|
||||
Expect(sess.handleSinglePacket(&receivedPacket{buffer: getPacketBuffer()}, hdr)).To(BeTrue())
|
||||
})
|
||||
|
||||
It("handles HANDSHAKE_DONE frames", func() {
|
||||
cryptoSetup.EXPECT().DropHandshakeKeys()
|
||||
Expect(sess.handleHandshakeDoneFrame()).To(Succeed())
|
||||
})
|
||||
|
||||
Context("handling tokens", func() {
|
||||
var mockTokenStore *MockTokenStore
|
||||
|
||||
|
||||
Reference in New Issue
Block a user