return the encryption level of a packet when decrypting it

2017-02-24 13:01:17 +07:00
parent 811bd20939
commit a972c7a21e
12 changed files with 85 additions and 47 deletions
--- a/handshake/crypto_setup_client_test.go
+++ b/handshake/crypto_setup_client_test.go
@@ -680,25 +680,28 @@ var _ = Describe("Crypto setup", func() {
 			})

 			It("is accepted initially", func() {
-				d, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
+				d, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
 				Expect(d).To(Equal([]byte("foobar")))
+				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 			})

 			It("is accepted before the server sent an encrypted packet", func() {
 				doCompleteREJ()
 				cs.receivedSecurePacket = false
 				Expect(cs.secureAEAD).ToNot(BeNil())
-				d, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
+				d, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
 				Expect(d).To(Equal([]byte("foobar")))
+				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 			})

 			It("is not accepted after the server sent an encrypted packet", func() {
 				doCompleteREJ()
 				cs.receivedSecurePacket = true
-				_, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
+				_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
 				Expect(err).To(MatchError("authentication failed"))
+				Expect(enc).To(Equal(protocol.EncryptionUnspecified))
 			})
 		})

@@ -712,24 +715,27 @@ var _ = Describe("Crypto setup", func() {

 			It("is accepted", func() {
 				doCompleteREJ()
-				d, err := cs.Open(nil, []byte("encrypted"), 0, []byte{})
+				d, enc, err := cs.Open(nil, []byte("encrypted"), 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
 				Expect(d).To(Equal([]byte("decrypted")))
+				Expect(enc).To(Equal(protocol.EncryptionSecure))
 				Expect(cs.receivedSecurePacket).To(BeTrue())
 			})

 			It("is not used after receiving the SHLO", func() {
 				doSHLO()
-				_, err := cs.Open(nil, []byte("encrypted"), 0, []byte{})
+				_, enc, err := cs.Open(nil, []byte("encrypted"), 0, []byte{})
 				Expect(err).To(MatchError("authentication failed"))
+				Expect(enc).To(Equal(protocol.EncryptionUnspecified))
 			})
 		})

 		Context("forward-secure encryption", func() {
 			It("is used after receiving the SHLO", func() {
 				doSHLO()
-				_, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
+				_, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
+				Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
 				d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
 				Expect(d).To(Equal([]byte("foobar forward sec")))
 			})