implement rules for frame types in 0-RTT packets

2019-07-01 09:44:29 +07:00
parent b1fc984306
commit b0c08b1bd0
2 changed files with 24 additions and 1 deletions
--- a/internal/wire/frame_parser.go
+++ b/internal/wire/frame_parser.go
@@ -106,11 +106,21 @@ func (p *frameParser) isAllowedAtEncLevel(f Frame, encLevel protocol.EncryptionL
 		switch f.(type) {
 		case *CryptoFrame, *AckFrame, *ConnectionCloseFrame, *PingFrame:
 			return true
+		default:
+			return false
+		}
+	case protocol.Encryption0RTT:
+		switch f.(type) {
+		case *CryptoFrame, *AckFrame, *ConnectionCloseFrame, *NewTokenFrame, *PathResponseFrame, *RetireConnectionIDFrame:
+			return false
+		default:
+			return true
 		}
 	case protocol.Encryption1RTT:
 		return true
+	default:
+		panic("unknown encryption level")
 	}
-	return false
 }

 func (p *frameParser) SetAckDelayExponent(exp uint8) {
--- a/internal/wire/frame_parser_test.go
+++ b/internal/wire/frame_parser_test.go
@@ -357,6 +357,19 @@ var _ = Describe("Frame parsing", func() {
 			}
 		})

+		It("rejects all frames but ACK, CRYPTO, CONNECTION_CLOSE, NEW_TOKEN, PATH_RESPONSE and RETIRE_CONNECTION_ID in 0-RTT packets", func() {
+			for i, b := range framesSerialized {
+				_, err := parser.ParseNext(bytes.NewReader(b), protocol.Encryption0RTT)
+				switch frames[i].(type) {
+				case *AckFrame, *ConnectionCloseFrame, *CryptoFrame, *NewTokenFrame, *PathResponseFrame, *RetireConnectionIDFrame:
+					Expect(err).To(HaveOccurred())
+					Expect(err.Error()).To(ContainSubstring("not allowed at encryption level 0-RTT"))
+				default:
+					Expect(err).ToNot(HaveOccurred())
+				}
+			}
+		})
+
 		It("accepts all frame types in 1-RTT packets", func() {
 			for _, b := range framesSerialized {
 				_, err := parser.ParseNext(bytes.NewReader(b), protocol.Encryption1RTT)