only escalate crypto when the server config has been verified

2016-11-17 17:34:29 +07:00
parent 58b905e636
commit 3063cab7cc
2 changed files with 23 additions and 0 deletions
--- a/handshake/crypto_setup_client.go
+++ b/handshake/crypto_setup_client.go
@@ -35,6 +35,7 @@ type cryptoSetupClient struct {
 	lastSentCHLO         []byte
 	certManager          crypto.CertManager

+	serverVerified    bool // has the certificate chain and the proof already been verified
 	keyDerivation     KeyDerivationFunction
 	secureAEAD        crypto.AEAD
 	forwardSecureAEAD crypto.AEAD
@@ -182,6 +183,10 @@ func (h *cryptoSetupClient) verifyServerConfigSignature() error {
 		panic("Not a RSA.")
 	}

+	// TODO: verify certificate chain
+
+	h.serverVerified = true
+
 	return nil
 }

@@ -338,6 +343,10 @@ func (h *cryptoSetupClient) addPadding(tags map[Tag][]byte) {
 }

 func (h *cryptoSetupClient) maybeUpgradeCrypto() error {
+	if !h.serverVerified {
+		return nil
+	}
+
 	leafCert := h.certManager.GetLeafCert()

 	if h.secureAEAD == nil && (h.serverConfig != nil && len(h.serverConfig.sharedSecret) > 0 && len(h.nonc) > 0 && len(leafCert) > 0 && len(h.diversificationNonce) > 0 && len(h.lastSentCHLO) > 0) {
--- a/handshake/crypto_setup_client_test.go
+++ b/handshake/crypto_setup_client_test.go
@@ -396,13 +396,26 @@ var _ = Describe("Crypto setup", func() {
 		})

 		It("creates a secureAEAD once it has all necessary values", func() {
+			cs.serverVerified = true
 			err := cs.maybeUpgradeCrypto()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(cs.secureAEAD).ToNot(BeNil())
 		})

+		It("doesn't create a secureAEAD if the certificate is not yet verified, even if it has all necessary values", func() {
+			err := cs.maybeUpgradeCrypto()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(cs.secureAEAD).To(BeNil())
+			cs.serverVerified = true
+			// make sure we really had all necessary values before, and only serverVerified was missing
+			err = cs.maybeUpgradeCrypto()
+			Expect(err).ToNot(HaveOccurred())
+			Expect(cs.secureAEAD).ToNot(BeNil())
+		})
+
 		It("tries to escalate before reading a handshake message", func() {
 			Expect(cs.secureAEAD).To(BeNil())
+			cs.serverVerified = true
 			err := cs.HandleCryptoStream()
 			// this will throw a qerr.HandshakeFailed due to an EOF in WriteHandshakeMessage
 			// this is because the mockStream doesn't block if there's no data to read
@@ -412,6 +425,7 @@ var _ = Describe("Crypto setup", func() {

 		It("tries to escalate the crypto after receiving a diversification nonce", func() {
 			cs.diversificationNonce = nil
+			cs.serverVerified = true
 			Expect(cs.secureAEAD).To(BeNil())
 			err := cs.SetDiversificationNonce([]byte("div"))
 			Expect(err).ToNot(HaveOccurred())