forked from quic-go/quic-go
send versions in ClientHello and EncryptedExtensions TLS parameters
It only sends the right values now, but doesn't yet perform any validation.
This commit is contained in:
Marten Seemann
@@ -40,6 +40,7 @@ func NewCryptoSetupTLSServer(
|
||||
tlsConfig *tls.Config,
|
||||
transportParams *TransportParameters,
|
||||
aeadChanged chan<- protocol.EncryptionLevel,
|
||||
supportedVersions []protocol.VersionNumber,
|
||||
version protocol.VersionNumber,
|
||||
) (CryptoSetup, ParamsNegotiator, error) {
|
||||
mintConf, err := tlsToMintConfig(tlsConfig, protocol.PerspectiveServer)
|
||||
@@ -54,7 +55,7 @@ func NewCryptoSetupTLSServer(
|
||||
nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveServer, version),
|
||||
keyDerivation: crypto.DeriveAESKeys,
|
||||
aeadChanged: aeadChanged,
|
||||
extensionHandler: newExtensionHandlerServer(params),
|
||||
extensionHandler: newExtensionHandlerServer(params, supportedVersions),
|
||||
}, params, nil
|
||||
}
|
||||
|
||||
@@ -64,6 +65,7 @@ func NewCryptoSetupTLSClient(
|
||||
tlsConfig *tls.Config,
|
||||
transportParams *TransportParameters,
|
||||
aeadChanged chan<- protocol.EncryptionLevel,
|
||||
initialVersion protocol.VersionNumber,
|
||||
version protocol.VersionNumber,
|
||||
) (CryptoSetup, ParamsNegotiator, error) {
|
||||
mintConf, err := tlsToMintConfig(tlsConfig, protocol.PerspectiveClient)
|
||||
@@ -79,7 +81,7 @@ func NewCryptoSetupTLSClient(
|
||||
nullAEAD: crypto.NewNullAEAD(protocol.PerspectiveClient, version),
|
||||
keyDerivation: crypto.DeriveAESKeys,
|
||||
aeadChanged: aeadChanged,
|
||||
extensionHandler: newExtensionHandlerClient(params),
|
||||
extensionHandler: newExtensionHandlerClient(params, initialVersion, version),
|
||||
}, params, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -44,6 +44,7 @@ var _ = Describe("TLS Crypto Setup", func() {
|
||||
testdata.GetTLSConfig(),
|
||||
&TransportParameters{},
|
||||
aeadChanged,
|
||||
nil,
|
||||
protocol.VersionTLS,
|
||||
)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
|
||||
@@ -12,12 +12,17 @@ import (
|
||||
|
||||
type extensionHandlerServer struct {
|
||||
params *paramsNegotiator
|
||||
|
||||
supportedVersions []protocol.VersionNumber
|
||||
}
|
||||
|
||||
var _ mint.AppExtensionHandler = &extensionHandlerServer{}
|
||||
|
||||
func newExtensionHandlerServer(params *paramsNegotiator) *extensionHandlerServer {
|
||||
return &extensionHandlerServer{params: params}
|
||||
func newExtensionHandlerServer(params *paramsNegotiator, supportedVersions []protocol.VersionNumber) *extensionHandlerServer {
|
||||
return &extensionHandlerServer{
|
||||
params: params,
|
||||
supportedVersions: supportedVersions,
|
||||
}
|
||||
}
|
||||
|
||||
func (h *extensionHandlerServer) Send(hType mint.HandshakeType, el *mint.ExtensionList) error {
|
||||
@@ -29,8 +34,12 @@ func (h *extensionHandlerServer) Send(hType mint.HandshakeType, el *mint.Extensi
|
||||
h.params.GetTransportParameters(),
|
||||
transportParameter{statelessResetTokenParameterID, bytes.Repeat([]byte{42}, 16)},
|
||||
)
|
||||
supportedVersions := make([]uint32, len(h.supportedVersions))
|
||||
for i, v := range h.supportedVersions {
|
||||
supportedVersions[i] = uint32(v)
|
||||
}
|
||||
data, err := syntax.Marshal(encryptedExtensionsTransportParameters{
|
||||
SupportedVersions: []uint32{uint32(protocol.VersionTLS)},
|
||||
SupportedVersions: supportedVersions,
|
||||
Parameters: transportParams,
|
||||
})
|
||||
if err != nil {
|
||||
|
||||
@@ -11,12 +11,19 @@ import (
|
||||
|
||||
type extensionHandlerClient struct {
|
||||
params *paramsNegotiator
|
||||
|
||||
initialVersion protocol.VersionNumber
|
||||
version protocol.VersionNumber
|
||||
}
|
||||
|
||||
var _ mint.AppExtensionHandler = &extensionHandlerClient{}
|
||||
|
||||
func newExtensionHandlerClient(params *paramsNegotiator) *extensionHandlerClient {
|
||||
return &extensionHandlerClient{params: params}
|
||||
func newExtensionHandlerClient(params *paramsNegotiator, initialVersion, version protocol.VersionNumber) *extensionHandlerClient {
|
||||
return &extensionHandlerClient{
|
||||
params: params,
|
||||
initialVersion: initialVersion,
|
||||
version: version,
|
||||
}
|
||||
}
|
||||
|
||||
func (h *extensionHandlerClient) Send(hType mint.HandshakeType, el *mint.ExtensionList) error {
|
||||
@@ -25,8 +32,8 @@ func (h *extensionHandlerClient) Send(hType mint.HandshakeType, el *mint.Extensi
|
||||
}
|
||||
|
||||
data, err := syntax.Marshal(clientHelloTransportParameters{
|
||||
NegotiatedVersion: uint32(protocol.VersionTLS),
|
||||
InitialVersion: uint32(protocol.VersionTLS),
|
||||
NegotiatedVersion: uint32(h.version),
|
||||
InitialVersion: uint32(h.initialVersion),
|
||||
Parameters: h.params.GetTransportParameters(),
|
||||
})
|
||||
if err != nil {
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
|
||||
"github.com/bifurcation/mint"
|
||||
"github.com/bifurcation/mint/syntax"
|
||||
"github.com/lucas-clemente/quic-go/internal/protocol"
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
)
|
||||
@@ -16,7 +17,7 @@ var _ = Describe("TLS Extension Handler, for the client", func() {
|
||||
|
||||
BeforeEach(func() {
|
||||
pn := ¶msNegotiator{}
|
||||
handler = newExtensionHandlerClient(pn)
|
||||
handler = newExtensionHandlerClient(pn, protocol.VersionWhatever, protocol.VersionWhatever)
|
||||
el = make(mint.ExtensionList, 0)
|
||||
})
|
||||
|
||||
@@ -32,6 +33,8 @@ var _ = Describe("TLS Extension Handler, for the client", func() {
|
||||
})
|
||||
|
||||
It("adds TransportParameters to the ClientHello", func() {
|
||||
handler.initialVersion = 13
|
||||
handler.version = 37
|
||||
err := handler.Send(mint.HandshakeTypeClientHello, &el)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(el).To(HaveLen(1))
|
||||
@@ -41,6 +44,8 @@ var _ = Describe("TLS Extension Handler, for the client", func() {
|
||||
chtp := &clientHelloTransportParameters{}
|
||||
_, err = syntax.Unmarshal(ext.data, chtp)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(chtp.InitialVersion).To(BeEquivalentTo(13))
|
||||
Expect(chtp.NegotiatedVersion).To(BeEquivalentTo(37))
|
||||
})
|
||||
})
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
|
||||
"github.com/bifurcation/mint"
|
||||
"github.com/bifurcation/mint/syntax"
|
||||
"github.com/lucas-clemente/quic-go/internal/protocol"
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
)
|
||||
@@ -15,7 +16,7 @@ var _ = Describe("TLS Extension Handler, for the server", func() {
|
||||
|
||||
BeforeEach(func() {
|
||||
pn := ¶msNegotiator{}
|
||||
handler = newExtensionHandlerServer(pn)
|
||||
handler = newExtensionHandlerServer(pn, nil)
|
||||
el = make(mint.ExtensionList, 0)
|
||||
})
|
||||
|
||||
@@ -31,15 +32,17 @@ var _ = Describe("TLS Extension Handler, for the server", func() {
|
||||
})
|
||||
|
||||
It("adds TransportParameters to the EncryptedExtensions message", func() {
|
||||
handler.supportedVersions = []protocol.VersionNumber{13, 37, 42}
|
||||
err := handler.Send(mint.HandshakeTypeEncryptedExtensions, &el)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(el).To(HaveLen(1))
|
||||
ext := &tlsExtensionBody{}
|
||||
found := el.Find(ext)
|
||||
Expect(found).To(BeTrue())
|
||||
chtp := &encryptedExtensionsTransportParameters{}
|
||||
_, err = syntax.Unmarshal(ext.data, chtp)
|
||||
eetp := &encryptedExtensionsTransportParameters{}
|
||||
_, err = syntax.Unmarshal(ext.data, eetp)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(eetp.SupportedVersions).To(Equal([]uint32{13, 37, 42}))
|
||||
})
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user