From 5d4a47a3f31d3679321d60bb96c08426b2b4e2b7 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 31 May 2019 17:57:07 +0800
Subject: [PATCH] return a crypto error when receiving unexpected handshake
 messages

---
 internal/handshake/crypto_setup.go      | 7 +++++--
 internal/handshake/crypto_setup_test.go | 7 ++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/internal/handshake/crypto_setup.go b/internal/handshake/crypto_setup.go
index e7cdea4fb..1ad306be0 100644
--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@@ -16,6 +16,9 @@ import (
 	"github.com/marten-seemann/qtls"
 )
 
+// TLS unexpected_message alert
+const alertUnexpectedMessage uint8 = 10
+
 type messageType uint8
 
 // TLS handshake message types.
@@ -333,10 +336,10 @@ func (h *cryptoSetup) checkEncryptionLevel(msgType messageType, encLevel protoco
 	case typeNewSessionTicket:
 		expected = protocol.Encryption1RTT
 	default:
-		return fmt.Errorf("unexpected handshake message: %d", msgType)
+		return qerr.CryptoError(alertUnexpectedMessage, fmt.Sprintf("unexpected handshake message: %d", msgType))
 	}
 	if encLevel != expected {
-		return fmt.Errorf("expected handshake message %s to have encryption level %s, has %s", msgType, expected, encLevel)
+		return qerr.CryptoError(alertUnexpectedMessage, fmt.Sprintf("expected handshake message %s to have encryption level %s, has %s", msgType, expected, encLevel))
 	}
 	return nil
 }
diff --git a/internal/handshake/crypto_setup_test.go b/internal/handshake/crypto_setup_test.go
index 8743a6311..cd807a8dd 100644
--- a/internal/handshake/crypto_setup_test.go
+++ b/internal/handshake/crypto_setup_test.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/lucas-clemente/quic-go/internal/protocol"
+	"github.com/lucas-clemente/quic-go/internal/qerr"
 	"github.com/lucas-clemente/quic-go/internal/testdata"
 	"github.com/lucas-clemente/quic-go/internal/utils"
 	"github.com/marten-seemann/qtls"
@@ -161,7 +162,11 @@ var _ = Describe("Crypto Setup TLS", func() {
 		go func() {
 			defer GinkgoRecover()
 			err := server.RunHandshake()
-			Expect(err).To(MatchError("expected handshake message ClientHello to have encryption level Initial, has Handshake"))
+			Expect(err).To(BeAssignableToTypeOf(&qerr.QuicError{}))
+			qerr := err.(*qerr.QuicError)
+			Expect(qerr.IsCryptoError()).To(BeTrue())
+			Expect(qerr.ErrorCode).To(BeEquivalentTo(0x100 + int(alertUnexpectedMessage)))
+			Expect(err.Error()).To(ContainSubstring("expected handshake message ClientHello to have encryption level Initial, has Handshake"))
 			close(done)
 		}()