gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

add tests for incorrect nullAEAD signatures in both cryptoSetups

Browse Source
This commit is contained in:
Marten Seemann
2017-03-22 19:32:54 +07:00
parent 19aad731ed
commit 584fc021bf
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
handshake/crypto_setup_client_test.go
View File

@@ -578,7 +578,7 @@ var _ = Describe("Crypto setup", func() {
})
Context("escalating crypto", func() {
foobarFNVSigned := []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
var foobarFNVSigned []byte
doCompleteREJ := func() {
cs.serverVerified = true
@@ -595,6 +595,7 @@ var _ = Describe("Crypto setup", func() {
// sets all values necessary for escalating to secureAEAD
BeforeEach(func() {
foobarFNVSigned = []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
kex, err := crypto.NewCurve25519KEX()
Expect(err).ToNot(HaveOccurred())
cs.serverConfig = &serverConfigClient{
@@ -706,6 +707,13 @@ var _ = Describe("Crypto setup", func() {
Expect(err).To(MatchError("authentication failed"))
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
})
It("errors if the has the wrong hash", func() {
foobarFNVSigned[0]++
_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
Expect(err).To(MatchError("NullAEAD: failed to authenticate received data"))
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
})
})
Context("initial encryption", func() {

13
handshake/crypto_setup_server_test.go
View File

@@ -475,7 +475,11 @@ var _ = Describe("Crypto setup", func() {
})
Context("escalating crypto", func() {
foobarFNVSigned := []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
var foobarFNVSigned []byte
BeforeEach(func() {
foobarFNVSigned = []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
})
doCHLO := func() {
_, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{
@@ -502,6 +506,13 @@ var _ = Describe("Crypto setup", func() {
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
})
It("errors if the has the wrong hash", func() {
foobarFNVSigned[0]++
_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
Expect(err).To(MatchError("NullAEAD: failed to authenticate received data"))
Expect(enc).To(Equal(protocol.EncryptionUnspecified))
})
It("is still accepted after CHLO", func() {
doCHLO()
Expect(cs.secureAEAD).ToNot(BeNil())