forked from quic-go/quic-go
improve inchoate CHLO recognition
This commit is contained in:
Lucas Clemente
@@ -66,7 +66,7 @@ func (h *CryptoSetup) HandleCryptoStream() {
|
||||
chloData := cachingReader.Get()
|
||||
|
||||
var reply []byte
|
||||
if scid, ok := cryptoData[TagSCID]; ok && bytes.Equal(h.scfg.ID, scid) {
|
||||
if !h.isInchoateCHLO(cryptoData) {
|
||||
// We have a CHLO with a proper server config ID, do a 0-RTT handshake
|
||||
reply, err = h.handleCHLO(chloData, cryptoData)
|
||||
if err != nil {
|
||||
@@ -81,7 +81,7 @@ func (h *CryptoSetup) HandleCryptoStream() {
|
||||
return
|
||||
}
|
||||
|
||||
// We have an inacholate or non-matching CHLO, we now send a rejection
|
||||
// We have an inchoate or non-matching CHLO, we now send a rejection
|
||||
reply, err = h.handleInchoateCHLO(chloData)
|
||||
if err != nil {
|
||||
fmt.Printf("error in crypto stream (TODO: handle): %s", err.Error())
|
||||
@@ -130,6 +130,18 @@ func (h *CryptoSetup) Seal(packetNumber protocol.PacketNumber, associatedData []
|
||||
}
|
||||
}
|
||||
|
||||
func (h *CryptoSetup) isInchoateCHLO(cryptoData map[Tag][]byte) bool {
|
||||
scid, ok := cryptoData[TagSCID]
|
||||
if !ok || !bytes.Equal(h.scfg.ID, scid) {
|
||||
return true
|
||||
}
|
||||
sno, ok := cryptoData[TagSNO]
|
||||
if !ok || !bytes.Equal(h.nonce, sno) {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
|
||||
var chloOrNil []byte
|
||||
if h.version > protocol.VersionNumber(30) {
|
||||
|
||||
@@ -138,18 +138,30 @@ var _ = Describe("Crypto setup", func() {
|
||||
|
||||
It("handles long handshake", func() {
|
||||
WriteHandshakeMessage(&stream.dataToRead, TagCHLO, map[Tag][]byte{})
|
||||
WriteHandshakeMessage(&stream.dataToRead, TagCHLO, map[Tag][]byte{TagSCID: scfg.ID})
|
||||
WriteHandshakeMessage(&stream.dataToRead, TagCHLO, map[Tag][]byte{TagSCID: scfg.ID, TagSNO: cs.nonce})
|
||||
cs.HandleCryptoStream()
|
||||
Expect(stream.dataWritten.Bytes()).To(HavePrefix("REJ"))
|
||||
Expect(stream.dataWritten.Bytes()).To(ContainSubstring("SHLO"))
|
||||
})
|
||||
|
||||
It("handles 0-RTT handshake", func() {
|
||||
WriteHandshakeMessage(&stream.dataToRead, TagCHLO, map[Tag][]byte{TagSCID: scfg.ID})
|
||||
WriteHandshakeMessage(&stream.dataToRead, TagCHLO, map[Tag][]byte{TagSCID: scfg.ID, TagSNO: cs.nonce})
|
||||
cs.HandleCryptoStream()
|
||||
Expect(stream.dataWritten.Bytes()).To(HavePrefix("SHLO"))
|
||||
Expect(stream.dataWritten.Bytes()).ToNot(ContainSubstring("REJ"))
|
||||
})
|
||||
|
||||
It("recognizes inchoate CHLOs missing SCID", func() {
|
||||
Expect(cs.isInchoateCHLO(map[Tag][]byte{TagSNO: cs.nonce})).To(BeTrue())
|
||||
})
|
||||
|
||||
It("recognizes inchoate CHLOs missing SNO", func() {
|
||||
Expect(cs.isInchoateCHLO(map[Tag][]byte{TagSCID: scfg.ID})).To(BeTrue())
|
||||
})
|
||||
|
||||
It("recognizes proper CHLOs", func() {
|
||||
Expect(cs.isInchoateCHLO(map[Tag][]byte{TagSCID: scfg.ID, TagSNO: cs.nonce})).To(BeFalse())
|
||||
})
|
||||
})
|
||||
|
||||
Context("escalating crypto", func() {
|
||||
|
||||
Reference in New Issue
Block a user