forked from quic-go/quic-go
use the mint default cookie protector to encrypt and decrypt cookies
This commit is contained in:
Marten Seemann
@@ -6,7 +6,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/lucas-clemente/quic-go/internal/crypto"
|
||||
"github.com/bifurcation/mint"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -29,17 +29,17 @@ type token struct {
|
||||
|
||||
// A CookieGenerator generates Cookies
|
||||
type CookieGenerator struct {
|
||||
cookieSource crypto.StkSource
|
||||
cookieProtector mint.CookieProtector
|
||||
}
|
||||
|
||||
// NewCookieGenerator initializes a new CookieGenerator
|
||||
func NewCookieGenerator() (*CookieGenerator, error) {
|
||||
stkSource, err := crypto.NewStkSource()
|
||||
cookieProtector, err := mint.NewDefaultCookieProtector()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &CookieGenerator{
|
||||
cookieSource: stkSource,
|
||||
cookieProtector: cookieProtector,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ func (g *CookieGenerator) NewToken(raddr net.Addr) ([]byte, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return g.cookieSource.NewToken(data)
|
||||
return g.cookieProtector.NewToken(data)
|
||||
}
|
||||
|
||||
// DecodeToken decodes a Cookie
|
||||
@@ -62,7 +62,7 @@ func (g *CookieGenerator) DecodeToken(encrypted []byte) (*Cookie, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
data, err := g.cookieSource.DecodeToken(encrypted)
|
||||
data, err := g.cookieProtector.DecodeToken(encrypted)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ var _ = Describe("Cookie Generator", func() {
|
||||
})
|
||||
|
||||
It("rejects tokens that cannot be decoded", func() {
|
||||
token, err := cookieGen.cookieSource.NewToken([]byte("foobar"))
|
||||
token, err := cookieGen.cookieProtector.NewToken([]byte("foobar"))
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
_, err = cookieGen.DecodeToken(token)
|
||||
Expect(err).To(HaveOccurred())
|
||||
@@ -59,7 +59,7 @@ var _ = Describe("Cookie Generator", func() {
|
||||
t, err := asn1.Marshal(token{Data: []byte("foobar")})
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
t = append(t, []byte("rest")...)
|
||||
enc, err := cookieGen.cookieSource.NewToken(t)
|
||||
enc, err := cookieGen.cookieProtector.NewToken(t)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
_, err = cookieGen.DecodeToken(enc)
|
||||
Expect(err).To(MatchError("rest when unpacking token: 4"))
|
||||
@@ -69,7 +69,7 @@ var _ = Describe("Cookie Generator", func() {
|
||||
It("doesn't panic if a tokens has no data", func() {
|
||||
t, err := asn1.Marshal(token{Data: []byte("")})
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
enc, err := cookieGen.cookieSource.NewToken(t)
|
||||
enc, err := cookieGen.cookieProtector.NewToken(t)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
_, err = cookieGen.DecodeToken(enc)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
|
||||
@@ -7,6 +7,8 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/bifurcation/mint"
|
||||
|
||||
"github.com/lucas-clemente/quic-go/internal/crypto"
|
||||
"github.com/lucas-clemente/quic-go/internal/mocks/crypto"
|
||||
"github.com/lucas-clemente/quic-go/internal/protocol"
|
||||
@@ -91,18 +93,18 @@ func (s *mockStream) Reset(error) { panic("not implemente
|
||||
func (mockStream) CloseRemote(offset protocol.ByteCount) { panic("not implemented") }
|
||||
func (s mockStream) StreamID() protocol.StreamID { panic("not implemented") }
|
||||
|
||||
type mockCookieSource struct {
|
||||
type mockCookieProtector struct {
|
||||
data []byte
|
||||
decodeErr error
|
||||
}
|
||||
|
||||
var _ crypto.StkSource = &mockCookieSource{}
|
||||
var _ mint.CookieProtector = &mockCookieProtector{}
|
||||
|
||||
func (mockCookieSource) NewToken(sourceAddr []byte) ([]byte, error) {
|
||||
func (mockCookieProtector) NewToken(sourceAddr []byte) ([]byte, error) {
|
||||
return append([]byte("token "), sourceAddr...), nil
|
||||
}
|
||||
|
||||
func (s mockCookieSource) DecodeToken(data []byte) ([]byte, error) {
|
||||
func (s mockCookieProtector) DecodeToken(data []byte) ([]byte, error) {
|
||||
if s.decodeErr != nil {
|
||||
return nil, s.decodeErr
|
||||
}
|
||||
@@ -170,7 +172,7 @@ var _ = Describe("Server Crypto Setup", func() {
|
||||
)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
cs = csInt.(*cryptoSetupServer)
|
||||
cs.scfg.cookieGenerator.cookieSource = &mockCookieSource{}
|
||||
cs.scfg.cookieGenerator.cookieProtector = &mockCookieProtector{}
|
||||
validSTK, err = cs.scfg.cookieGenerator.NewToken(remoteAddr)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
sourceAddrValid = true
|
||||
@@ -409,7 +411,7 @@ var _ = Describe("Server Crypto Setup", func() {
|
||||
|
||||
It("recognizes inchoate CHLOs with an invalid STK", func() {
|
||||
testErr := errors.New("STK invalid")
|
||||
cs.scfg.cookieGenerator.cookieSource.(*mockCookieSource).decodeErr = testErr
|
||||
cs.scfg.cookieGenerator.cookieProtector.(*mockCookieProtector).decodeErr = testErr
|
||||
Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue())
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user