gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

move the STK expiration check to the cryptoSetup

Browse Source
This commit is contained in:
Marten Seemann
2017-04-01 12:10:09 +07:00
parent e68e2d287a
commit 81985f44bd
4 changed files with 76 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
handshake/crypto_setup_server_test.go
View File

@@ -5,6 +5,7 @@ import (
"encoding/binary"
"errors"
"net"
"time"
"github.com/lucas-clemente/quic-go/crypto"
"github.com/lucas-clemente/quic-go/protocol"
@@ -127,27 +128,33 @@ func (s mockStream) StreamID() protocol.StreamID { panic("not implemente
type mockStkSource struct {
verifyErr error
stkTime time.Time
}
var _ crypto.StkSource = &mockStkSource{}
func (mockStkSource) NewToken(sourceAddr []byte) ([]byte, error) {
return append([]byte("token "), sourceAddr...), nil
}
func (s mockStkSource) VerifyToken(sourceAddr []byte, token []byte) error {
func (s mockStkSource) VerifyToken(sourceAddr []byte, token []byte) (time.Time, error) {
if s.verifyErr != nil {
return s.verifyErr
return time.Time{}, s.verifyErr
}
split := bytes.Split(token, []byte(" "))
if len(split) != 2 {
return errors.New("stk required")
return time.Time{}, errors.New("stk required")
}
if !bytes.Equal(split[0], []byte("token")) {
return errors.New("no prefix match")
return time.Time{}, errors.New("no prefix match")
}
if !bytes.Equal(split[1], sourceAddr) {
return errors.New("ip wrong")
return time.Time{}, errors.New("ip wrong")
}
return nil
if !s.stkTime.IsZero() {
return s.stkTime, nil
}
return time.Now(), nil
}
var _ = Describe("Server Crypto Setup", func() {
@@ -433,6 +440,11 @@ var _ = Describe("Server Crypto Setup", func() {
Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue())
})
It("REJ messages that have an expired STK", func() {
cs.scfg.stkSource.(*mockStkSource).stkTime = time.Now().Add(-protocol.STKExpiryTimeSec * time.Second).Add(-time.Second)
Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeTrue())
})
It("recognizes proper CHLOs", func() {
Expect(cs.isInchoateCHLO(fullCHLO, cert)).To(BeFalse())
})