From 4da08c9710451be1b9294c590c5ee5a77a6bd427 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Mon, 11 Sep 2017 18:38:24 +0200 Subject: [PATCH] use a type alias for the STK --- handshake/stk_generator.go | 10 ++++++++-- interface.go | 18 +++++------------- server.go | 4 ++-- server_test.go | 20 ++++++++++---------- session.go | 6 +----- session_test.go | 4 ++-- 6 files changed, 28 insertions(+), 34 deletions(-) diff --git a/handshake/stk_generator.go b/handshake/stk_generator.go index c3caea3d2..3a463a11d 100644 --- a/handshake/stk_generator.go +++ b/handshake/stk_generator.go @@ -14,10 +14,16 @@ const ( stkPrefixString ) -// An STK is a source address token +// An STK is a Source Address token. +// It is issued by the server and sent to the client. For the client, it is an opaque blob. +// The client can send the STK in subsequent handshakes to prove ownership of its IP address. type STK struct { + // The remote address this token was issued for. + // If the server is run on a net.UDPConn, this is the string representation of the IP address (net.IP.String()) + // Otherwise, this is the string representation of the net.Addr (net.Addr.String()) RemoteAddr string - SentTime time.Time + // The time that the STK was issued (resolution 1 second) + SentTime time.Time } // token is the struct that is used for ASN1 serialization and deserialization diff --git a/interface.go b/interface.go index 6b3897411..a09429d34 100644 --- a/interface.go +++ b/interface.go @@ -5,7 +5,8 @@ import ( "io" "net" "time" - + + "github.com/lucas-clemente/quic-go/handshake" "github.com/lucas-clemente/quic-go/internal/protocol" ) @@ -15,6 +16,9 @@ type StreamID = protocol.StreamID // A VersionNumber is a QUIC version number. type VersionNumber = protocol.VersionNumber +// An STK can be used to verify the ownership of the client address. +type STK = handshake.STK + // Stream is the interface implemented by QUIC streams type Stream interface { // Read reads data from the stream. @@ -79,18 +83,6 @@ type NonFWSession interface { WaitUntilHandshakeComplete() error } -// An STK is a Source Address token. -// It is issued by the server and sent to the client. For the client, it is an opaque blob. -// The client can send the STK in subsequent handshakes to prove ownership of its IP address. -type STK struct { - // The remote address this token was issued for. - // If the server is run on a net.UDPConn, this is the string representation of the IP address (net.IP.String()) - // Otherwise, this is the string representation of the net.Addr (net.Addr.String()) - remoteAddr string - // The time that the STK was issued (resolution 1 second) - sentTime time.Time -} - // Config contains all configuration data needed for a QUIC server or client. type Config struct { // The QUIC versions that can be negotiated. diff --git a/server.go b/server.go index 8ff54792c..6b8aeff1f 100644 --- a/server.go +++ b/server.go @@ -98,7 +98,7 @@ var defaultAcceptSTK = func(clientAddr net.Addr, stk *STK) bool { if stk == nil { return false } - if time.Now().After(stk.sentTime.Add(protocol.STKExpiryTime)) { + if time.Now().After(stk.SentTime.Add(protocol.STKExpiryTime)) { return false } var sourceAddr string @@ -107,7 +107,7 @@ var defaultAcceptSTK = func(clientAddr net.Addr, stk *STK) bool { } else { sourceAddr = clientAddr.String() } - return sourceAddr == stk.remoteAddr + return sourceAddr == stk.RemoteAddr } // populateServerConfig populates fields in the quic.Config with their default values, if none are set diff --git a/server_test.go b/server_test.go index 679b2bec4..94d5c3e41 100644 --- a/server_test.go +++ b/server_test.go @@ -448,8 +448,8 @@ var _ = Describe("default source address verification", func() { It("accepts a token", func() { remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)} stk := &STK{ - remoteAddr: "192.168.0.1", - sentTime: time.Now().Add(-protocol.STKExpiryTime).Add(time.Second), // will expire in 1 second + RemoteAddr: "192.168.0.1", + SentTime: time.Now().Add(-protocol.STKExpiryTime).Add(time.Second), // will expire in 1 second } Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeTrue()) }) @@ -462,8 +462,8 @@ var _ = Describe("default source address verification", func() { It("rejects a token if the address doesn't match", func() { remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)} stk := &STK{ - remoteAddr: "127.0.0.1", - sentTime: time.Now(), + RemoteAddr: "127.0.0.1", + SentTime: time.Now(), } Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeFalse()) }) @@ -471,8 +471,8 @@ var _ = Describe("default source address verification", func() { It("accepts a token for a remote address is not a UDP address", func() { remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337} stk := &STK{ - remoteAddr: "192.168.0.1:1337", - sentTime: time.Now(), + RemoteAddr: "192.168.0.1:1337", + SentTime: time.Now(), } Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeTrue()) }) @@ -480,8 +480,8 @@ var _ = Describe("default source address verification", func() { It("rejects an invalid token for a remote address is not a UDP address", func() { remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337} stk := &STK{ - remoteAddr: "192.168.0.1:7331", // mismatching port - sentTime: time.Now(), + RemoteAddr: "192.168.0.1:7331", // mismatching port + SentTime: time.Now(), } Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeFalse()) }) @@ -489,8 +489,8 @@ var _ = Describe("default source address verification", func() { It("rejects an expired token", func() { remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)} stk := &STK{ - remoteAddr: "192.168.0.1", - sentTime: time.Now().Add(-protocol.STKExpiryTime).Add(-time.Second), // expired 1 second ago + RemoteAddr: "192.168.0.1", + SentTime: time.Now().Add(-protocol.STKExpiryTime).Add(-time.Second), // expired 1 second ago } Expect(defaultAcceptSTK(remoteAddr, stk)).To(BeFalse()) }) diff --git a/session.go b/session.go index fb376106a..4dfa0c952 100644 --- a/session.go +++ b/session.go @@ -197,11 +197,7 @@ func (s *session) setup( if s.perspective == protocol.PerspectiveServer { cryptoStream, _ := s.GetOrOpenStream(1) _, _ = s.AcceptStream() // don't expose the crypto stream - verifySourceAddr := func(clientAddr net.Addr, hstk *handshake.STK) bool { - var stk *STK - if hstk != nil { - stk = &STK{remoteAddr: hstk.RemoteAddr, sentTime: hstk.SentTime} - } + verifySourceAddr := func(clientAddr net.Addr, stk *STK) bool { return s.config.AcceptSTK(clientAddr, stk) } if s.version == protocol.VersionTLS { diff --git a/session_test.go b/session_test.go index 8805a275f..447a77a42 100644 --- a/session_test.go +++ b/session_test.go @@ -256,8 +256,8 @@ var _ = Describe("Session", func() { stkVerify(remoteAddr, &handshake.STK{SentTime: sentTime, RemoteAddr: stkAddr.String()}) Expect(paramClientAddr).To(Equal(remoteAddr)) Expect(paramSTK).ToNot(BeNil()) - Expect(paramSTK.remoteAddr).To(Equal(stkAddr.String())) - Expect(paramSTK.sentTime).To(Equal(sentTime)) + Expect(paramSTK.RemoteAddr).To(Equal(stkAddr.String())) + Expect(paramSTK.SentTime).To(Equal(sentTime)) }) })