forked from quic-go/quic-go
return a lambda to for sealing a packet in the CryptoSetup
This commit is contained in:
Marten Seemann
@@ -185,28 +185,13 @@ var _ = Describe("Crypto setup", func() {
|
||||
cs.secureAEAD = &mockAEAD{}
|
||||
cs.receivedForwardSecurePacket = false
|
||||
|
||||
Expect(cs.DiversificationNonce(false)).To(BeEmpty())
|
||||
Expect(cs.DiversificationNonce()).To(BeEmpty())
|
||||
// Div nonce is created after CHLO
|
||||
cs.handleCHLO("", nil, map[Tag][]byte{TagNONC: nonce32})
|
||||
})
|
||||
|
||||
It("returns diversification nonces", func() {
|
||||
Expect(cs.DiversificationNonce(false)).To(HaveLen(32))
|
||||
})
|
||||
|
||||
It("does not return nonce after sending the SHLO", func() {
|
||||
cs.sentSHLO = true
|
||||
Expect(cs.DiversificationNonce(false)).To(BeEmpty())
|
||||
})
|
||||
|
||||
It("returns a nonce for a retransmission, even after sending the SHLO", func() {
|
||||
cs.sentSHLO = true
|
||||
Expect(cs.DiversificationNonce(true)).To(HaveLen(32))
|
||||
})
|
||||
|
||||
It("does not return nonce for unencrypted packets", func() {
|
||||
cs.secureAEAD = nil
|
||||
Expect(cs.DiversificationNonce(false)).To(BeEmpty())
|
||||
Expect(cs.DiversificationNonce()).To(HaveLen(32))
|
||||
})
|
||||
})
|
||||
|
||||
@@ -590,9 +575,10 @@ var _ = Describe("Crypto setup", func() {
|
||||
|
||||
Context("null encryption", func() {
|
||||
It("is used initially", func() {
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal(foobarFNVSigned))
|
||||
enc, seal := cs.GetSealer()
|
||||
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal(foobarFNVSigned))
|
||||
})
|
||||
|
||||
It("is accepted initially", func() {
|
||||
@@ -624,18 +610,20 @@ var _ = Describe("Crypto setup", func() {
|
||||
|
||||
It("is not used after CHLO", func() {
|
||||
doCHLO()
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).ToNot(Equal(foobarFNVSigned))
|
||||
enc, seal := cs.GetSealer()
|
||||
Expect(enc).ToNot(Equal(protocol.EncryptionUnencrypted))
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).ToNot(Equal(foobarFNVSigned))
|
||||
})
|
||||
})
|
||||
|
||||
Context("initial encryption", func() {
|
||||
It("is used after CHLO", func() {
|
||||
doCHLO()
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar normal sec")))
|
||||
enc, seal := cs.GetSealer()
|
||||
Expect(enc).To(Equal(protocol.EncryptionSecure))
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar normal sec")))
|
||||
})
|
||||
|
||||
It("is accepted after CHLO", func() {
|
||||
@@ -659,19 +647,23 @@ var _ = Describe("Crypto setup", func() {
|
||||
Context("forward secure encryption", func() {
|
||||
It("is used after sending out one packet with initial encryption", func() {
|
||||
doCHLO()
|
||||
_, enc := cs.Seal(nil, []byte("SHLO"), 0, []byte{})
|
||||
enc, seal := cs.GetSealer()
|
||||
Expect(enc).To(Equal(protocol.EncryptionSecure))
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar forward sec")))
|
||||
_ = seal(nil, []byte("SHLO"), 0, []byte{})
|
||||
enc, seal = cs.GetSealer()
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar forward sec")))
|
||||
})
|
||||
|
||||
It("regards the handshake as complete once it receives a forward encrypted packet", func() {
|
||||
doCHLO()
|
||||
_, enc := cs.Seal(nil, []byte("SHLO"), 0, []byte{})
|
||||
enc, seal := cs.GetSealer()
|
||||
Expect(enc).To(Equal(protocol.EncryptionSecure))
|
||||
_, enc = cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
_ = seal(nil, []byte("SHLO"), 0, []byte{})
|
||||
enc, seal = cs.GetSealer()
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
_ = seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||
cs.receivedForwardSecurePacket = true
|
||||
Expect(cs.HandshakeComplete()).To(BeTrue())
|
||||
@@ -680,43 +672,44 @@ var _ = Describe("Crypto setup", func() {
|
||||
|
||||
Context("forcing encryption levels", func() {
|
||||
It("forces null encryption", func() {
|
||||
d, enc, err := cs.SealWith(nil, []byte("foobar"), 0, []byte{}, protocol.EncryptionUnencrypted)
|
||||
seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal(foobarFNVSigned))
|
||||
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
|
||||
})
|
||||
|
||||
It("forces initial encryption", func() {
|
||||
doCHLO()
|
||||
d, enc, err := cs.SealWith(nil, []byte("foobar"), 0, []byte{}, protocol.EncryptionSecure)
|
||||
seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionSecure)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar normal sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionSecure))
|
||||
})
|
||||
|
||||
It("errors of no AEAD for initial encryption is available", func() {
|
||||
_, enc, err := cs.SealWith(nil, []byte("foobar"), 0, []byte{}, protocol.EncryptionSecure)
|
||||
seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionSecure)
|
||||
Expect(err).To(MatchError("CryptoSetupServer: no secureAEAD"))
|
||||
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
|
||||
Expect(seal).To(BeNil())
|
||||
})
|
||||
|
||||
It("forces forward-secure encryption", func() {
|
||||
doCHLO()
|
||||
d, enc, err := cs.SealWith(nil, []byte("foobar"), 0, []byte{}, protocol.EncryptionForwardSecure)
|
||||
seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionForwardSecure)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
d := seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar forward sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
})
|
||||
|
||||
It("errors of no AEAD for forward-secure encryption is available", func() {
|
||||
_, enc, err := cs.SealWith(nil, []byte("foobar"), 0, []byte{}, protocol.EncryptionForwardSecure)
|
||||
seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionForwardSecure)
|
||||
Expect(err).To(MatchError("CryptoSetupServer: no forwardSecureAEAD"))
|
||||
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
|
||||
Expect(seal).To(BeNil())
|
||||
})
|
||||
|
||||
It("errors if no encryption level is specified", func() {
|
||||
_, _, err := cs.SealWith(nil, []byte("foobar"), 0, []byte{}, protocol.EncryptionUnspecified)
|
||||
Expect(err).To(MatchError("no encryption level specified"))
|
||||
seal, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnspecified)
|
||||
Expect(err).To(MatchError("CryptoSetupServer: no encryption level specified"))
|
||||
Expect(seal).To(BeNil())
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user