gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

add tests for incorrect nullAEAD signatures in both cryptoSetups

Browse Source
This commit is contained in:
Marten Seemann
2017-03-22 19:32:54 +07:00
parent 19aad731ed
commit 584fc021bf
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
handshake/crypto_setup_client_test.go
View File

@@ -578,7 +578,7 @@ var _ = Describe("Crypto setup", func() {
}) })
Context("escalating crypto", func() { Context("escalating crypto", func() {
foobarFNVSigned := []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72} var foobarFNVSigned []byte
doCompleteREJ := func() { doCompleteREJ := func() {
cs.serverVerified = true cs.serverVerified = true
@@ -595,6 +595,7 @@ var _ = Describe("Crypto setup", func() {
// sets all values necessary for escalating to secureAEAD // sets all values necessary for escalating to secureAEAD
BeforeEach(func() { BeforeEach(func() {
foobarFNVSigned = []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
kex, err := crypto.NewCurve25519KEX() kex, err := crypto.NewCurve25519KEX()
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
cs.serverConfig = &serverConfigClient{ cs.serverConfig = &serverConfigClient{
@@ -706,6 +707,13 @@ var _ = Describe("Crypto setup", func() {
Expect(err).To(MatchError("authentication failed")) Expect(err).To(MatchError("authentication failed"))
Expect(enc).To(Equal(protocol.EncryptionUnspecified)) Expect(enc).To(Equal(protocol.EncryptionUnspecified))
}) })
It("errors if the has the wrong hash", func() {
foobarFNVSigned[0]++
_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
Expect(err).To(MatchError("NullAEAD: failed to authenticate received data"))
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
})
}) })
Context("initial encryption", func() { Context("initial encryption", func() {

13
handshake/crypto_setup_server_test.go
View File

@@ -475,7 +475,11 @@ var _ = Describe("Crypto setup", func() {
}) })
Context("escalating crypto", func() { Context("escalating crypto", func() {
foobarFNVSigned := []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72} var foobarFNVSigned []byte
BeforeEach(func() {
foobarFNVSigned = []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
})
doCHLO := func() { doCHLO := func() {
_, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{ _, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{
@@ -502,6 +506,13 @@ var _ = Describe("Crypto setup", func() {
Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
}) })
It("errors if the has the wrong hash", func() {
foobarFNVSigned[0]++
_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
Expect(err).To(MatchError("NullAEAD: failed to authenticate received data"))
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
})
It("is still accepted after CHLO", func() { It("is still accepted after CHLO", func() {
doCHLO() doCHLO()
Expect(cs.secureAEAD).ToNot(BeNil()) Expect(cs.secureAEAD).ToNot(BeNil())