gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

Added tests to check if PUBS is invalid and made sure a valid PUBS is requested by default

Browse Source
This commit is contained in:
Jan Rüth
2017-05-11 21:15:52 +02:00
parent f558bdebed
commit 6a0b2d04d6
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
handshake/server_config_client.go
View File

@@ -110,13 +110,21 @@ func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error {
err := binary.Read(bytes.NewReader([]byte{pubs[i], pubs[i+1], pubs[i+2], 0x00}), binary.LittleEndian, &last_len); err := binary.Read(bytes.NewReader([]byte{pubs[i], pubs[i+1], pubs[i+2], 0x00}), binary.LittleEndian, &last_len);
if err != nil { if err != nil {
return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS not decodable")
}
if last_len == 0 {
return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS") return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS")
} }
if i+3+int(last_len) > len(pubs) {
return qerr.Error(qerr.CryptoInvalidValueLength, "PUBS")
}
pubs_kexs = append(pubs_kexs, struct{Length uint32; Value []byte}{last_len, pubs[i+3:i+3+int(last_len)]}) pubs_kexs = append(pubs_kexs, struct{Length uint32; Value []byte}{last_len, pubs[i+3:i+3+int(last_len)]})
} }
if c255Foundat >= len(pubs_kexs) { if c255Foundat >= len(pubs_kexs) {
return qerr.Error(qerr.CryptoInvalidValueLength, "KEXS not in PUBS") return qerr.Error(qerr.CryptoMessageParameterNotFound, "KEXS not in PUBS")
} }
if pubs_kexs[c255Foundat].Length != 32 { if pubs_kexs[c255Foundat].Length != 32 {

8
handshake/server_config_client_test.go
View File

@@ -15,7 +15,7 @@ func getDefaultServerConfigClient() map[Tag][]byte {
TagSCID: bytes.Repeat([]byte{'F'}, 16), TagSCID: bytes.Repeat([]byte{'F'}, 16),
TagKEXS: []byte("C255"), TagKEXS: []byte("C255"),
TagAEAD: []byte("AESG"), TagAEAD: []byte("AESG"),
TagPUBS: bytes.Repeat([]byte{0}, 35), TagPUBS: append([]byte{0x20, 0x00, 0x00}, bytes.Repeat([]byte{0}, 32)...),
TagOBIT: bytes.Repeat([]byte{0}, 8), TagOBIT: bytes.Repeat([]byte{0}, 8),
TagEXPY: []byte{0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24 TagEXPY: []byte{0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24
} }
@@ -184,6 +184,12 @@ var _ = Describe("Server Config", func() {
Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS")) Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS"))
}) })
It("rejects PUBS values that have a zero length", func() {
tagMap[TagPUBS] = bytes.Repeat([]byte{0}, 100) // completely wrong length
err := scfg.parseValues(tagMap)
Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS"))
})
It("errors if the PUBS is missing", func() { It("errors if the PUBS is missing", func() {
delete(tagMap, TagPUBS) delete(tagMap, TagPUBS)
err := scfg.parseValues(tagMap) err := scfg.parseValues(tagMap)