forked from quic-go/quic-go
create an aeadChanged channel in the client crypto setup
This commit is contained in:
Marten Seemann
@@ -40,6 +40,7 @@ type cryptoSetupClient struct {
|
||||
receivedSecurePacket bool
|
||||
secureAEAD crypto.AEAD
|
||||
forwardSecureAEAD crypto.AEAD
|
||||
aeadChanged chan struct{}
|
||||
|
||||
connectionParameters ConnectionParametersManager
|
||||
}
|
||||
@@ -60,6 +61,7 @@ func NewCryptoSetupClient(
|
||||
version protocol.VersionNumber,
|
||||
cryptoStream utils.Stream,
|
||||
connectionParameters ConnectionParametersManager,
|
||||
aeadChanged chan struct{},
|
||||
) (CryptoSetup, error) {
|
||||
return &cryptoSetupClient{
|
||||
hostname: hostname,
|
||||
@@ -69,6 +71,7 @@ func NewCryptoSetupClient(
|
||||
certManager: crypto.NewCertManager(),
|
||||
connectionParameters: connectionParameters,
|
||||
keyDerivation: crypto.DeriveKeysAESGCM,
|
||||
aeadChanged: aeadChanged,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -223,6 +226,8 @@ func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) error {
|
||||
return err
|
||||
}
|
||||
|
||||
h.aeadChanged <- struct{}{}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -399,6 +404,8 @@ func (h *cryptoSetupClient) maybeUpgradeCrypto() error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
h.aeadChanged <- struct{}{}
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
@@ -121,7 +121,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
stream = &mockStream{}
|
||||
certManager = &mockCertManager{}
|
||||
version := protocol.Version36
|
||||
csInt, err := NewCryptoSetupClient("hostname", 0, version, stream, NewConnectionParamatersManager(protocol.PerspectiveClient, version))
|
||||
csInt, err := NewCryptoSetupClient("hostname", 0, version, stream, NewConnectionParamatersManager(protocol.PerspectiveClient, version), make(chan struct{}, 1))
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
cs = csInt.(*cryptoSetupClient)
|
||||
cs.certManager = certManager
|
||||
@@ -353,6 +353,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
err := cs.handleSHLOMessage(tagMap)
|
||||
Expect(err).To(MatchError(qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message")))
|
||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||
Expect(cs.aeadChanged).ToNot(Receive())
|
||||
})
|
||||
|
||||
It("rejects SHLOs without a PUBS", func() {
|
||||
@@ -382,6 +383,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(cs.forwardSecureAEAD).ToNot(BeNil())
|
||||
Expect(cs.HandshakeComplete()).To(BeTrue())
|
||||
Expect(cs.aeadChanged).To(Receive())
|
||||
})
|
||||
})
|
||||
|
||||
@@ -541,6 +543,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
Expect(keyDerivationCalledWith.divNonce).To(Equal(cs.diversificationNonce))
|
||||
Expect(keyDerivationCalledWith.pers).To(Equal(protocol.PerspectiveClient))
|
||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||
Expect(cs.aeadChanged).To(Receive())
|
||||
})
|
||||
|
||||
It("uses the server nonce, if the server sent one", func() {
|
||||
@@ -551,18 +554,21 @@ var _ = Describe("Crypto setup", func() {
|
||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||
Expect(keyDerivationCalledWith.nonces).To(Equal(append(cs.nonc, cs.sno...)))
|
||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||
Expect(cs.aeadChanged).To(Receive())
|
||||
})
|
||||
|
||||
It("doesn't create a secureAEAD if the certificate is not yet verified, even if it has all necessary values", func() {
|
||||
err := cs.maybeUpgradeCrypto()
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(cs.secureAEAD).To(BeNil())
|
||||
Expect(cs.aeadChanged).ToNot(Receive())
|
||||
cs.serverVerified = true
|
||||
// make sure we really had all necessary values before, and only serverVerified was missing
|
||||
err = cs.maybeUpgradeCrypto()
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||
Expect(cs.aeadChanged).To(Receive())
|
||||
})
|
||||
|
||||
It("tries to escalate before reading a handshake message", func() {
|
||||
@@ -583,6 +589,7 @@ var _ = Describe("Crypto setup", func() {
|
||||
err := cs.SetDiversificationNonce([]byte("div"))
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||
Expect(cs.aeadChanged).To(Receive())
|
||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||
})
|
||||
})
|
||||
|
||||
@@ -138,7 +138,7 @@ func newClientSession(conn *net.UDPConn, addr *net.UDPAddr, hostname string, v p
|
||||
|
||||
cryptoStream, _ := session.GetOrOpenStream(1)
|
||||
var err error
|
||||
session.cryptoSetup, err = handshake.NewCryptoSetupClient(hostname, connectionID, v, cryptoStream, session.connectionParameters)
|
||||
session.cryptoSetup, err = handshake.NewCryptoSetupClient(hostname, connectionID, v, cryptoStream, session.connectionParameters, session.aeadChanged)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user