gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

check that the peer doesn't update keys too quickly

Browse Source
This commit is contained in:
Marten Seemann
2019-06-12 22:45:31 +08:00
parent 1ef54db63f
commit 55b88be009
2 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/handshake/updatable_aead.go
View File

@@ -112,12 +112,14 @@ func (a *updatableAEAD) Open(dst, src []byte, pn protocol.PacketNumber, kp proto
// try opening the packet with the next key phase
dec, err := a.nextRcvAEAD.Open(dst, a.nonceBuf, src, ad)
if err != nil {
err = ErrDecryptionFailed
} else {
// if opening succeeds, roll over to the next key phase
a.rollKeys()
a.firstRcvdWithCurrentKey = pn
return nil, ErrDecryptionFailed
}
// Opening succeeded. Check if the peer was allowed to update.
if a.firstSentWithCurrentKey == protocol.InvalidPacketNumber {
return nil, qerr.Error(qerr.ProtocolViolation, "keys updated too quickly")
}
a.rollKeys()
a.firstRcvdWithCurrentKey = pn
return dec, err
}
// The AEAD we're using here will be the qtls.aeadAESGCM13.