From 623bf065fd51b4143461ec8b8f347799e1f8f322 Mon Sep 17 00:00:00 2001
From: Lucas Clemente <lucas@clemente.io>
Date: Mon, 2 May 2016 14:38:05 +0200
Subject: [PATCH] accept null-encrypted pckts until an encrypted pckt has ben
 received

this should fix issue #33
---
 handshake/crypto_setup.go      | 10 +++++++++-
 handshake/crypto_setup_test.go | 22 +++++++++++-----------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/handshake/crypto_setup.go b/handshake/crypto_setup.go
index 78856ac49..389401f49 100644
--- a/handshake/crypto_setup.go
+++ b/handshake/crypto_setup.go
@@ -25,6 +25,7 @@ type CryptoSetup struct {
 	secureAEAD                  crypto.AEAD
 	forwardSecureAEAD           crypto.AEAD
 	receivedForwardSecurePacket bool
+	receivedSecurePacket        bool
 
 	keyDerivation KeyDerivationFunction
 
@@ -106,7 +107,14 @@ func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []
 		}
 	}
 	if h.secureAEAD != nil {
-		return h.secureAEAD.Open(packetNumber, associatedData, ciphertext)
+		res, err := h.secureAEAD.Open(packetNumber, associatedData, ciphertext)
+		if err == nil {
+			h.receivedSecurePacket = true
+			return res, nil
+		}
+		if h.receivedSecurePacket {
+			return nil, err
+		}
 	}
 	return (&crypto.NullAEAD{}).Open(packetNumber, associatedData, ciphertext)
 }
diff --git a/handshake/crypto_setup_test.go b/handshake/crypto_setup_test.go
index f808a9ee1..8dc6324bb 100644
--- a/handshake/crypto_setup_test.go
+++ b/handshake/crypto_setup_test.go
@@ -187,10 +187,20 @@ var _ = Describe("Crypto setup", func() {
 				Expect(d).To(Equal([]byte("foobar")))
 			})
 
-			It("is not accepted after CHLO", func() {
+			It("is still accepted after CHLO", func() {
 				doCHLO()
 				Expect(cs.secureAEAD).ToNot(BeNil())
 				_, err := cs.Open(0, []byte{}, foobarFNVSigned)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			It("is not accepted after receiving secure packet", func() {
+				doCHLO()
+				Expect(cs.secureAEAD).ToNot(BeNil())
+				d, err := cs.Open(0, []byte{}, []byte("encrypted"))
+				Expect(err).ToNot(HaveOccurred())
+				Expect(d).To(Equal([]byte("decrypted")))
+				_, err = cs.Open(0, []byte{}, foobarFNVSigned)
 				Expect(err).To(MatchError("authentication failed"))
 			})
 
@@ -231,15 +241,5 @@ var _ = Describe("Crypto setup", func() {
 				Expect(err).To(MatchError("authentication failed"))
 			})
 		})
-
-		Context("forward secure encryption", func() {
-			It("is used after receiving forward secure packet", func() {
-				doCHLO()
-				_, err := cs.Open(0, []byte{}, []byte("forward secure encrypted"))
-				Expect(err).ToNot(HaveOccurred())
-				d := cs.Seal(0, []byte{}, []byte("foobar"))
-				Expect(d).To(Equal([]byte("forward secure encrypted")))
-			})
-		})
 	})
 })