forked from quic-go/quic-go
create an aeadChanged channel in the client crypto setup
This commit is contained in:
Marten Seemann
@@ -40,6 +40,7 @@ type cryptoSetupClient struct {
|
|||||||
receivedSecurePacket bool
|
receivedSecurePacket bool
|
||||||
secureAEAD crypto.AEAD
|
secureAEAD crypto.AEAD
|
||||||
forwardSecureAEAD crypto.AEAD
|
forwardSecureAEAD crypto.AEAD
|
||||||
|
aeadChanged chan struct{}
|
||||||
|
|
||||||
connectionParameters ConnectionParametersManager
|
connectionParameters ConnectionParametersManager
|
||||||
}
|
}
|
||||||
@@ -60,6 +61,7 @@ func NewCryptoSetupClient(
|
|||||||
version protocol.VersionNumber,
|
version protocol.VersionNumber,
|
||||||
cryptoStream utils.Stream,
|
cryptoStream utils.Stream,
|
||||||
connectionParameters ConnectionParametersManager,
|
connectionParameters ConnectionParametersManager,
|
||||||
|
aeadChanged chan struct{},
|
||||||
) (CryptoSetup, error) {
|
) (CryptoSetup, error) {
|
||||||
return &cryptoSetupClient{
|
return &cryptoSetupClient{
|
||||||
hostname: hostname,
|
hostname: hostname,
|
||||||
@@ -69,6 +71,7 @@ func NewCryptoSetupClient(
|
|||||||
certManager: crypto.NewCertManager(),
|
certManager: crypto.NewCertManager(),
|
||||||
connectionParameters: connectionParameters,
|
connectionParameters: connectionParameters,
|
||||||
keyDerivation: crypto.DeriveKeysAESGCM,
|
keyDerivation: crypto.DeriveKeysAESGCM,
|
||||||
|
aeadChanged: aeadChanged,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -223,6 +226,8 @@ func (h *cryptoSetupClient) handleSHLOMessage(cryptoData map[Tag][]byte) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
h.aeadChanged <- struct{}{}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -399,6 +404,8 @@ func (h *cryptoSetupClient) maybeUpgradeCrypto() error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
h.aeadChanged <- struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
stream = &mockStream{}
|
stream = &mockStream{}
|
||||||
certManager = &mockCertManager{}
|
certManager = &mockCertManager{}
|
||||||
version := protocol.Version36
|
version := protocol.Version36
|
||||||
csInt, err := NewCryptoSetupClient("hostname", 0, version, stream, NewConnectionParamatersManager(protocol.PerspectiveClient, version))
|
csInt, err := NewCryptoSetupClient("hostname", 0, version, stream, NewConnectionParamatersManager(protocol.PerspectiveClient, version), make(chan struct{}, 1))
|
||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
cs = csInt.(*cryptoSetupClient)
|
cs = csInt.(*cryptoSetupClient)
|
||||||
cs.certManager = certManager
|
cs.certManager = certManager
|
||||||
@@ -353,6 +353,7 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
err := cs.handleSHLOMessage(tagMap)
|
err := cs.handleSHLOMessage(tagMap)
|
||||||
Expect(err).To(MatchError(qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message")))
|
Expect(err).To(MatchError(qerr.Error(qerr.CryptoEncryptionLevelIncorrect, "unencrypted SHLO message")))
|
||||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||||
|
Expect(cs.aeadChanged).ToNot(Receive())
|
||||||
})
|
})
|
||||||
|
|
||||||
It("rejects SHLOs without a PUBS", func() {
|
It("rejects SHLOs without a PUBS", func() {
|
||||||
@@ -382,6 +383,7 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
Expect(cs.forwardSecureAEAD).ToNot(BeNil())
|
Expect(cs.forwardSecureAEAD).ToNot(BeNil())
|
||||||
Expect(cs.HandshakeComplete()).To(BeTrue())
|
Expect(cs.HandshakeComplete()).To(BeTrue())
|
||||||
|
Expect(cs.aeadChanged).To(Receive())
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -541,6 +543,7 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(keyDerivationCalledWith.divNonce).To(Equal(cs.diversificationNonce))
|
Expect(keyDerivationCalledWith.divNonce).To(Equal(cs.diversificationNonce))
|
||||||
Expect(keyDerivationCalledWith.pers).To(Equal(protocol.PerspectiveClient))
|
Expect(keyDerivationCalledWith.pers).To(Equal(protocol.PerspectiveClient))
|
||||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||||
|
Expect(cs.aeadChanged).To(Receive())
|
||||||
})
|
})
|
||||||
|
|
||||||
It("uses the server nonce, if the server sent one", func() {
|
It("uses the server nonce, if the server sent one", func() {
|
||||||
@@ -551,18 +554,21 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||||
Expect(keyDerivationCalledWith.nonces).To(Equal(append(cs.nonc, cs.sno...)))
|
Expect(keyDerivationCalledWith.nonces).To(Equal(append(cs.nonc, cs.sno...)))
|
||||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||||
|
Expect(cs.aeadChanged).To(Receive())
|
||||||
})
|
})
|
||||||
|
|
||||||
It("doesn't create a secureAEAD if the certificate is not yet verified, even if it has all necessary values", func() {
|
It("doesn't create a secureAEAD if the certificate is not yet verified, even if it has all necessary values", func() {
|
||||||
err := cs.maybeUpgradeCrypto()
|
err := cs.maybeUpgradeCrypto()
|
||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
Expect(cs.secureAEAD).To(BeNil())
|
Expect(cs.secureAEAD).To(BeNil())
|
||||||
|
Expect(cs.aeadChanged).ToNot(Receive())
|
||||||
cs.serverVerified = true
|
cs.serverVerified = true
|
||||||
// make sure we really had all necessary values before, and only serverVerified was missing
|
// make sure we really had all necessary values before, and only serverVerified was missing
|
||||||
err = cs.maybeUpgradeCrypto()
|
err = cs.maybeUpgradeCrypto()
|
||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||||
|
Expect(cs.aeadChanged).To(Receive())
|
||||||
})
|
})
|
||||||
|
|
||||||
It("tries to escalate before reading a handshake message", func() {
|
It("tries to escalate before reading a handshake message", func() {
|
||||||
@@ -583,6 +589,7 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
err := cs.SetDiversificationNonce([]byte("div"))
|
err := cs.SetDiversificationNonce([]byte("div"))
|
||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
Expect(cs.secureAEAD).ToNot(BeNil())
|
Expect(cs.secureAEAD).ToNot(BeNil())
|
||||||
|
Expect(cs.aeadChanged).To(Receive())
|
||||||
Expect(cs.HandshakeComplete()).To(BeFalse())
|
Expect(cs.HandshakeComplete()).To(BeFalse())
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -138,7 +138,7 @@ func newClientSession(conn *net.UDPConn, addr *net.UDPAddr, hostname string, v p
|
|||||||
|
|
||||||
cryptoStream, _ := session.GetOrOpenStream(1)
|
cryptoStream, _ := session.GetOrOpenStream(1)
|
||||||
var err error
|
var err error
|
||||||
session.cryptoSetup, err = handshake.NewCryptoSetupClient(hostname, connectionID, v, cryptoStream, session.connectionParameters)
|
session.cryptoSetup, err = handshake.NewCryptoSetupClient(hostname, connectionID, v, cryptoStream, session.connectionParameters, session.aeadChanged)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user