gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

initialize the connection parameters manager in the crypto setup

Browse Source
This commit is contained in:
Marten Seemann
2017-09-25 14:21:32 +07:00
parent 565869723a
commit 95901cdee4
12 changed files with 234 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
internal/handshake/crypto_setup_server_test.go
View File

@@ -167,7 +167,6 @@ var _ = Describe("Server Crypto Setup", func() {
scfg *ServerConfig
cs *cryptoSetupServer
stream *mockStream
cpm ConnectionParametersManager
aeadChanged chan protocol.EncryptionLevel
nonce32 []byte
versionTag []byte
@@ -198,19 +197,16 @@ var _ = Describe("Server Crypto Setup", func() {
Expect(err).NotTo(HaveOccurred())
version = protocol.SupportedVersions[len(protocol.SupportedVersions)-1]
supportedVersions = []protocol.VersionNumber{version, 98, 99}
cpm = NewConnectionParamatersManager(
protocol.PerspectiveServer,
protocol.VersionWhatever,
protocol.DefaultMaxReceiveStreamFlowControlWindowServer, protocol.DefaultMaxReceiveConnectionFlowControlWindowServer,
protocol.DefaultIdleTimeout,
)
csInt, err := NewCryptoSetup(
csInt, _, err := NewCryptoSetup(
protocol.ConnectionID(42),
remoteAddr,
version,
scfg,
stream,
cpm,
&TransportParameters{
MaxReceiveStreamFlowControlWindow: protocol.DefaultMaxReceiveStreamFlowControlWindowServer,
MaxReceiveConnectionFlowControlWindow: protocol.DefaultMaxReceiveConnectionFlowControlWindowServer,
IdleTimeout: protocol.DefaultIdleTimeout,
},
supportedVersions,
nil,
aeadChanged,
@@ -225,6 +221,7 @@ var _ = Describe("Server Crypto Setup", func() {
cs.keyDerivation = mockQuicCryptoKeyDerivation
cs.keyExchange = func() crypto.KeyExchange { return &mockKEX{ephermal: true} }
cs.nullAEAD = &mockAEAD{encLevel: protocol.EncryptionUnencrypted}
cs.cryptoStream = stream
})
AfterEach(func() {
@@ -277,7 +274,7 @@ var _ = Describe("Server Crypto Setup", func() {
TagFHL2: []byte("foobar"),
},
}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(ErrHOLExperiment))
})
@@ -288,7 +285,7 @@ var _ = Describe("Server Crypto Setup", func() {
TagNSTP: []byte("foobar"),
},
}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(ErrNSTPExperiment))
})
@@ -361,7 +358,7 @@ var _ = Describe("Server Crypto Setup", func() {
},
}.Write(&stream.dataToRead)
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).NotTo(HaveOccurred())
Expect(stream.dataWritten.Bytes()).To(HavePrefix("REJ"))
Expect(aeadChanged).To(Receive(Equal(protocol.EncryptionSecure)))
@@ -373,14 +370,14 @@ var _ = Describe("Server Crypto Setup", func() {
It("rejects client nonces that have the wrong length", func() {
fullCHLO[TagNONC] = []byte("too short client nonce")
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "invalid client nonce length")))
})
It("rejects client nonces that have the wrong OBIT value", func() {
fullCHLO[TagNONC] = make([]byte, 32) // the OBIT value is nonce[4:12] and here just initialized to 0
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "OBIT not matching")))
})
@@ -388,13 +385,13 @@ var _ = Describe("Server Crypto Setup", func() {
testErr := errors.New("test error")
kex.sharedKeyError = testErr
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(testErr))
})
It("handles 0-RTT handshake", func() {
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).NotTo(HaveOccurred())
Expect(stream.dataWritten.Bytes()).To(HavePrefix("SHLO"))
Expect(stream.dataWritten.Bytes()).ToNot(ContainSubstring("REJ"))
@@ -451,14 +448,14 @@ var _ = Describe("Server Crypto Setup", func() {
TagSNI: []byte("quic.clemente.io"),
},
}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "client hello missing version tag")))
})
It("rejects CHLOs with a version tag that has the wrong length", func() {
fullCHLO[TagVER] = []byte{0x13, 0x37} // should be 4 bytes
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.InvalidCryptoMessageParameter, "incorrect version tag")))
})
@@ -471,7 +468,7 @@ var _ = Describe("Server Crypto Setup", func() {
binary.LittleEndian.PutUint32(b, protocol.VersionNumberToTag(lowestSupportedVersion))
fullCHLO[TagVER] = b
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.VersionNegotiationMismatch, "Downgrade attack detected")))
})
@@ -484,35 +481,35 @@ var _ = Describe("Server Crypto Setup", func() {
binary.LittleEndian.PutUint32(b, protocol.VersionNumberToTag(unsupportedVersion))
fullCHLO[TagVER] = b
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).ToNot(HaveOccurred())
})
It("errors if the AEAD tag is missing", func() {
delete(fullCHLO, TagAEAD)
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS")))
})
It("errors if the AEAD tag has the wrong value", func() {
fullCHLO[TagAEAD] = []byte("wrong")
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS")))
})
It("errors if the KEXS tag is missing", func() {
delete(fullCHLO, TagKEXS)
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS")))
})
It("errors if the KEXS tag has the wrong value", func() {
fullCHLO[TagKEXS] = []byte("wrong")
HandshakeMessage{Tag: TagCHLO, Data: fullCHLO}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.Error(qerr.CryptoNoSupport, "Unsupported AEAD or KEXS")))
})
})
@@ -524,7 +521,7 @@ var _ = Describe("Server Crypto Setup", func() {
TagSTK: validSTK,
},
}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError("CryptoMessageParameterNotFound: SNI required"))
})
@@ -536,19 +533,19 @@ var _ = Describe("Server Crypto Setup", func() {
TagSNI: nil,
},
}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError("CryptoMessageParameterNotFound: SNI required"))
})
It("errors with invalid message", func() {
stream.dataToRead.Write([]byte("invalid message"))
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.HandshakeFailed))
})
It("errors with non-CHLO message", func() {
HandshakeMessage{Tag: TagPAD, Data: nil}.Write(&stream.dataToRead)
err := cs.HandleCryptoStream()
err := cs.HandleCryptoStream(stream)
Expect(err).To(MatchError(qerr.InvalidCryptoMessageType))
})