forked from quic-go/quic-go
use separate constructors for client and server for the TLS crypto setup
This commit is contained in:
Marten Seemann
@@ -35,36 +35,52 @@ var newMintController = func(conn *mint.Conn) crypto.MintController {
|
||||
return &mintController{conn}
|
||||
}
|
||||
|
||||
// NewCryptoSetupTLS creates a new CryptoSetup instance for a server
|
||||
func NewCryptoSetupTLS(
|
||||
hostname string, // only needed for the client
|
||||
perspective protocol.Perspective,
|
||||
version protocol.VersionNumber,
|
||||
// NewCryptoSetupTLSServer creates a new TLS CryptoSetup instance for a server
|
||||
func NewCryptoSetupTLSServer(
|
||||
tlsConfig *tls.Config,
|
||||
transportParams *TransportParameters,
|
||||
aeadChanged chan<- protocol.EncryptionLevel,
|
||||
version protocol.VersionNumber,
|
||||
) (CryptoSetup, ParamsNegotiator, error) {
|
||||
mintConf, err := tlsToMintConfig(tlsConfig, perspective)
|
||||
mintConf, err := tlsToMintConfig(tlsConfig, protocol.PerspectiveServer)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
params := newParamsNegotiator(protocol.PerspectiveServer, version, transportParams)
|
||||
return &cryptoSetupTLS{
|
||||
perspective: protocol.PerspectiveServer,
|
||||
mintConf: mintConf,
|
||||
nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveServer, version),
|
||||
keyDerivation: crypto.DeriveAESKeys,
|
||||
aeadChanged: aeadChanged,
|
||||
extensionHandler: newExtensionHandlerServer(params),
|
||||
}, params, nil
|
||||
}
|
||||
|
||||
// NewCryptoSetupTLSClient creates a new TLS CryptoSetup instance for a client
|
||||
func NewCryptoSetupTLSClient(
|
||||
hostname string, // only needed for the client
|
||||
tlsConfig *tls.Config,
|
||||
transportParams *TransportParameters,
|
||||
aeadChanged chan<- protocol.EncryptionLevel,
|
||||
version protocol.VersionNumber,
|
||||
) (CryptoSetup, ParamsNegotiator, error) {
|
||||
mintConf, err := tlsToMintConfig(tlsConfig, protocol.PerspectiveClient)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
mintConf.ServerName = hostname
|
||||
|
||||
params := newParamsNegotiator(perspective, version, transportParams)
|
||||
cs := &cryptoSetupTLS{
|
||||
perspective: perspective,
|
||||
params := newParamsNegotiator(protocol.PerspectiveClient, version, transportParams)
|
||||
return &cryptoSetupTLS{
|
||||
perspective: protocol.PerspectiveClient,
|
||||
mintConf: mintConf,
|
||||
nullAEAD: crypto.NewNullAEAD(perspective, version),
|
||||
nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveClient, version),
|
||||
keyDerivation: crypto.DeriveAESKeys,
|
||||
aeadChanged: aeadChanged,
|
||||
}
|
||||
if perspective == protocol.PerspectiveClient {
|
||||
cs.extensionHandler = newExtensionHandlerClient(params)
|
||||
} else {
|
||||
cs.extensionHandler = newExtensionHandlerServer(params)
|
||||
}
|
||||
|
||||
return cs, params, nil
|
||||
extensionHandler: newExtensionHandlerClient(params),
|
||||
}, params, nil
|
||||
}
|
||||
|
||||
func (h *cryptoSetupTLS) HandleCryptoStream(cryptoStream io.ReadWriter) error {
|
||||
|
||||
@@ -40,13 +40,11 @@ var _ = Describe("TLS Crypto Setup", func() {
|
||||
|
||||
BeforeEach(func() {
|
||||
aeadChanged = make(chan protocol.EncryptionLevel, 2)
|
||||
csInt, _, err := NewCryptoSetupTLS(
|
||||
"",
|
||||
protocol.PerspectiveServer,
|
||||
protocol.VersionTLS,
|
||||
csInt, _, err := NewCryptoSetupTLSServer(
|
||||
testdata.GetTLSConfig(),
|
||||
&TransportParameters{},
|
||||
aeadChanged,
|
||||
protocol.VersionTLS,
|
||||
)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
cs = csInt.(*cryptoSetupTLS)
|
||||
|
||||
11
session.go
11
session.go
@@ -194,13 +194,11 @@ func (s *session) setup(
|
||||
return s.config.AcceptCookie(clientAddr, cookie)
|
||||
}
|
||||
if s.version.UsesTLS() {
|
||||
s.cryptoSetup, s.connParams, err = handshake.NewCryptoSetupTLS(
|
||||
"",
|
||||
s.perspective,
|
||||
s.version,
|
||||
s.cryptoSetup, s.connParams, err = handshake.NewCryptoSetupTLSServer(
|
||||
tlsConf,
|
||||
transportParams,
|
||||
aeadChanged,
|
||||
s.version,
|
||||
)
|
||||
} else {
|
||||
s.cryptoSetup, s.connParams, err = newCryptoSetup(
|
||||
@@ -216,13 +214,12 @@ func (s *session) setup(
|
||||
}
|
||||
} else {
|
||||
if s.version.UsesTLS() {
|
||||
s.cryptoSetup, s.connParams, err = handshake.NewCryptoSetupTLS(
|
||||
s.cryptoSetup, s.connParams, err = handshake.NewCryptoSetupTLSClient(
|
||||
hostname,
|
||||
s.perspective,
|
||||
s.version,
|
||||
tlsConf,
|
||||
transportParams,
|
||||
aeadChanged,
|
||||
s.version,
|
||||
)
|
||||
} else {
|
||||
transportParams.RequestConnectionIDOmission = s.config.RequestConnectionIDOmission
|
||||
|
||||
Reference in New Issue
Block a user