forked from quic-go/quic-go
accept null-encrypted pckts until an encrypted pckt has ben received
this should fix issue #33
This commit is contained in:
Lucas Clemente
@@ -25,6 +25,7 @@ type CryptoSetup struct {
|
|||||||
secureAEAD crypto.AEAD
|
secureAEAD crypto.AEAD
|
||||||
forwardSecureAEAD crypto.AEAD
|
forwardSecureAEAD crypto.AEAD
|
||||||
receivedForwardSecurePacket bool
|
receivedForwardSecurePacket bool
|
||||||
|
receivedSecurePacket bool
|
||||||
|
|
||||||
keyDerivation KeyDerivationFunction
|
keyDerivation KeyDerivationFunction
|
||||||
|
|
||||||
@@ -106,7 +107,14 @@ func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if h.secureAEAD != nil {
|
if h.secureAEAD != nil {
|
||||||
return h.secureAEAD.Open(packetNumber, associatedData, ciphertext)
|
res, err := h.secureAEAD.Open(packetNumber, associatedData, ciphertext)
|
||||||
|
if err == nil {
|
||||||
|
h.receivedSecurePacket = true
|
||||||
|
return res, nil
|
||||||
|
}
|
||||||
|
if h.receivedSecurePacket {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return (&crypto.NullAEAD{}).Open(packetNumber, associatedData, ciphertext)
|
return (&crypto.NullAEAD{}).Open(packetNumber, associatedData, ciphertext)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -187,10 +187,20 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(d).To(Equal([]byte("foobar")))
|
Expect(d).To(Equal([]byte("foobar")))
|
||||||
})
|
})
|
||||||
|
|
||||||
It("is not accepted after CHLO", func() {
|
It("is still accepted after CHLO", func() {
|
||||||
doCHLO()
|
doCHLO()
|
||||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||||
_, err := cs.Open(0, []byte{}, foobarFNVSigned)
|
_, err := cs.Open(0, []byte{}, foobarFNVSigned)
|
||||||
|
Expect(err).ToNot(HaveOccurred())
|
||||||
|
})
|
||||||
|
|
||||||
|
It("is not accepted after receiving secure packet", func() {
|
||||||
|
doCHLO()
|
||||||
|
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||||
|
d, err := cs.Open(0, []byte{}, []byte("encrypted"))
|
||||||
|
Expect(err).ToNot(HaveOccurred())
|
||||||
|
Expect(d).To(Equal([]byte("decrypted")))
|
||||||
|
_, err = cs.Open(0, []byte{}, foobarFNVSigned)
|
||||||
Expect(err).To(MatchError("authentication failed"))
|
Expect(err).To(MatchError("authentication failed"))
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -231,15 +241,5 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(err).To(MatchError("authentication failed"))
|
Expect(err).To(MatchError("authentication failed"))
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
Context("forward secure encryption", func() {
|
|
||||||
It("is used after receiving forward secure packet", func() {
|
|
||||||
doCHLO()
|
|
||||||
_, err := cs.Open(0, []byte{}, []byte("forward secure encrypted"))
|
|
||||||
Expect(err).ToNot(HaveOccurred())
|
|
||||||
d := cs.Seal(0, []byte{}, []byte("foobar"))
|
|
||||||
Expect(d).To(Equal([]byte("forward secure encrypted")))
|
|
||||||
})
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user