gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

add a method to force the encryption level when sealing a packet

Browse Source
This commit is contained in:
Marten Seemann
2017-02-25 14:18:55 +07:00
parent 178c14f1d4
commit 599926e3cb
6 changed files with 127 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
handshake/crypto_setup_server.go
View File

@@ -4,6 +4,7 @@ import (
"bytes"
"crypto/rand"
"encoding/binary"
"errors"
"io"
"sync"
@@ -195,6 +196,25 @@ func (h *cryptoSetupServer) Seal(dst, src []byte, packetNumber protocol.PacketNu
}
}
func (h *cryptoSetupServer) SealWith(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte, forceEncryptionLevel protocol.EncryptionLevel) ([]byte, protocol.EncryptionLevel, error) {
switch forceEncryptionLevel {
case protocol.EncryptionUnencrypted:
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnencrypted, nil
case protocol.EncryptionSecure:
if h.secureAEAD == nil {
return nil, protocol.EncryptionUnspecified, errors.New("CryptoSetupServer: no secureAEAD")
}
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionSecure, nil
case protocol.EncryptionForwardSecure:
if h.forwardSecureAEAD == nil {
return nil, protocol.EncryptionUnspecified, errors.New("CryptoSetupServer: no forwardSecureAEAD")
}
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionForwardSecure, nil
}
return nil, protocol.EncryptionUnspecified, errors.New("no encryption level specified")
}
func (h *cryptoSetupServer) isInchoateCHLO(cryptoData map[Tag][]byte, cert []byte) bool {
if _, ok := cryptoData[TagPUBS]; !ok {
return true