change AEAD interface to use byte slices, simplifying its usage

2016-04-18 14:37:34 +02:00
parent dc4e3c73e4
commit 9cbeb49d49
8 changed files with 62 additions and 110 deletions
--- a/handshake/crypto_setup.go
+++ b/handshake/crypto_setup.go
@@ -4,8 +4,6 @@ import (
 	"bytes"
 	"crypto/rand"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"sync"

 	"github.com/lucas-clemente/quic-go/crypto"
@@ -98,17 +96,12 @@ func (h *CryptoSetup) HandleCryptoStream() {
 }

 // Open a message
-func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext io.Reader) (*bytes.Reader, error) {
+func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()

-	data, err := ioutil.ReadAll(ciphertext)
-	if err != nil {
-		return nil, err
-	}
-
 	if h.forwardSecureAEAD != nil {
-		res, err := h.forwardSecureAEAD.Open(packetNumber, associatedData, bytes.NewReader(data))
+		res, err := h.forwardSecureAEAD.Open(packetNumber, associatedData, ciphertext)
 		if err == nil {
 			h.receivedForwardSecurePacket = true
 			return res, nil
@@ -118,22 +111,22 @@ func (h *CryptoSetup) Open(packetNumber protocol.PacketNumber, associatedData []
 		}
 	}
 	if h.secureAEAD != nil {
-		return h.secureAEAD.Open(packetNumber, associatedData, bytes.NewReader(data))
+		return h.secureAEAD.Open(packetNumber, associatedData, ciphertext)
 	}
-	return (&crypto.NullAEAD{}).Open(packetNumber, associatedData, bytes.NewReader(data))
+	return (&crypto.NullAEAD{}).Open(packetNumber, associatedData, ciphertext)
 }

 // Seal a messageTag
-func (h *CryptoSetup) Seal(packetNumber protocol.PacketNumber, b *bytes.Buffer, associatedData []byte, plaintext []byte) {
+func (h *CryptoSetup) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()

 	if h.receivedForwardSecurePacket {
-		h.forwardSecureAEAD.Seal(packetNumber, b, associatedData, plaintext)
+		return h.forwardSecureAEAD.Seal(packetNumber, associatedData, plaintext)
 	} else if h.secureAEAD != nil {
-		h.secureAEAD.Seal(packetNumber, b, associatedData, plaintext)
+		return h.secureAEAD.Seal(packetNumber, associatedData, plaintext)
 	} else {
-		(&crypto.NullAEAD{}).Seal(packetNumber, b, associatedData, plaintext)
+		return (&crypto.NullAEAD{}).Seal(packetNumber, associatedData, plaintext)
 	}
 }

--- a/handshake/crypto_setup_test.go
+++ b/handshake/crypto_setup_test.go
@@ -3,8 +3,6 @@ package handshake
 import (
 	"bytes"
 	"errors"
-	"io"
-	"io/ioutil"

 	"github.com/lucas-clemente/quic-go/crypto"
 	"github.com/lucas-clemente/quic-go/protocol"
@@ -43,20 +41,18 @@ type mockAEAD struct {
 	forwardSecure bool
 }

-func (m *mockAEAD) Seal(packetNumber protocol.PacketNumber, b *bytes.Buffer, associatedData []byte, plaintext []byte) {
+func (m *mockAEAD) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte {
 	if m.forwardSecure {
-		b.Write([]byte("forward secure encrypted"))
-	} else {
-		b.Write([]byte("encrypted"))
+		return []byte("forward secure encrypted")
 	}
+	return []byte("encrypted")
 }

-func (m *mockAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext io.Reader) (*bytes.Reader, error) {
-	data, _ := ioutil.ReadAll(ciphertext)
-	if m.forwardSecure && string(data) == "forward secure encrypted" {
-		return bytes.NewReader([]byte("decrypted")), nil
-	} else if !m.forwardSecure && string(data) == "encrypted" {
-		return bytes.NewReader([]byte("decrypted")), nil
+func (m *mockAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error) {
+	if m.forwardSecure && string(ciphertext) == "forward secure encrypted" {
+		return []byte("decrypted"), nil
+	} else if !m.forwardSecure && string(ciphertext) == "encrypted" {
+		return []byte("decrypted"), nil
 	}
 	return nil, errors.New("authentication failed")
 }
@@ -88,13 +84,11 @@ var _ = Describe("Crypto setup", func() {
 		signer *mockSigner
 		scfg   *ServerConfig
 		cs     *CryptoSetup
-		buf    *bytes.Buffer
 		stream *mockStream
 	)

 	BeforeEach(func() {
 		stream = &mockStream{}
-		buf = &bytes.Buffer{}
 		kex = &mockKEX{}
 		signer = &mockSigner{}
 		scfg = NewServerConfig(kex, signer)
@@ -168,14 +162,11 @@ var _ = Describe("Crypto setup", func() {

 		Context("null encryption", func() {
 			It("is used initially", func() {
-				cs.Seal(0, buf, []byte{}, []byte("foobar"))
-				Expect(buf.Bytes()).To(Equal(foobarFNVSigned))
+				Expect(cs.Seal(0, []byte{}, []byte("foobar"))).To(Equal(foobarFNVSigned))
 			})

 			It("is accepted initially", func() {
-				r, err := cs.Open(0, []byte{}, bytes.NewReader(foobarFNVSigned))
-				Expect(err).ToNot(HaveOccurred())
-				d, err := ioutil.ReadAll(r)
+				d, err := cs.Open(0, []byte{}, foobarFNVSigned)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(d).To(Equal([]byte("foobar")))
 			})
@@ -183,46 +174,44 @@ var _ = Describe("Crypto setup", func() {
 			It("is not accepted after CHLO", func() {
 				doCHLO()
 				Expect(cs.secureAEAD).ToNot(BeNil())
-				_, err := cs.Open(0, []byte{}, bytes.NewReader(foobarFNVSigned))
+				_, err := cs.Open(0, []byte{}, foobarFNVSigned)
 				Expect(err).To(MatchError("authentication failed"))
 			})

 			It("is not used after CHLO", func() {
 				doCHLO()
-				cs.Seal(0, buf, []byte{}, []byte("foobar"))
-				Expect(buf.Bytes()).ToNot(Equal(foobarFNVSigned))
+				d := cs.Seal(0, []byte{}, []byte("foobar"))
+				Expect(d).ToNot(Equal(foobarFNVSigned))
 			})
 		})

 		Context("initial encryption", func() {
 			It("is used after CHLO", func() {
 				doCHLO()
-				cs.Seal(0, buf, []byte{}, []byte("foobar"))
-				Expect(buf.Bytes()).To(Equal([]byte("encrypted")))
+				d := cs.Seal(0, []byte{}, []byte("foobar"))
+				Expect(d).To(Equal([]byte("encrypted")))
 			})

 			It("is accepted after CHLO", func() {
 				doCHLO()
-				r, err := cs.Open(0, []byte{}, bytes.NewReader([]byte("encrypted")))
-				Expect(err).ToNot(HaveOccurred())
-				d, err := ioutil.ReadAll(r)
+				d, err := cs.Open(0, []byte{}, []byte("encrypted"))
 				Expect(err).ToNot(HaveOccurred())
 				Expect(d).To(Equal([]byte("decrypted")))
 			})

 			It("is not used after receiving forward secure packet", func() {
 				doCHLO()
-				_, err := cs.Open(0, []byte{}, bytes.NewReader([]byte("forward secure encrypted")))
+				_, err := cs.Open(0, []byte{}, []byte("forward secure encrypted"))
 				Expect(err).ToNot(HaveOccurred())
-				cs.Seal(0, buf, []byte{}, []byte("foobar"))
-				Expect(buf.Bytes()).To(Equal([]byte("forward secure encrypted")))
+				d := cs.Seal(0, []byte{}, []byte("foobar"))
+				Expect(d).To(Equal([]byte("forward secure encrypted")))
 			})

 			It("is not accepted after receiving forward secure packet", func() {
 				doCHLO()
-				_, err := cs.Open(0, []byte{}, bytes.NewReader([]byte("forward secure encrypted")))
+				_, err := cs.Open(0, []byte{}, []byte("forward secure encrypted"))
 				Expect(err).ToNot(HaveOccurred())
-				_, err = cs.Open(0, []byte{}, bytes.NewReader([]byte("encrypted")))
+				_, err = cs.Open(0, []byte{}, []byte("encrypted"))
 				Expect(err).To(MatchError("authentication failed"))
 			})
 		})
@@ -230,10 +219,10 @@ var _ = Describe("Crypto setup", func() {
 		Context("forward secure encryption", func() {
 			It("is used after receiving forward secure packet", func() {
 				doCHLO()
-				_, err := cs.Open(0, []byte{}, bytes.NewReader([]byte("forward secure encrypted")))
+				_, err := cs.Open(0, []byte{}, []byte("forward secure encrypted"))
 				Expect(err).ToNot(HaveOccurred())
-				cs.Seal(0, buf, []byte{}, []byte("foobar"))
-				Expect(buf.Bytes()).To(Equal([]byte("forward secure encrypted")))
+				d := cs.Seal(0, []byte{}, []byte("foobar"))
+				Expect(d).To(Equal([]byte("forward secure encrypted")))
 			})
 		})
 	})