use separate sealer interfaces for long and short header packets

2019-06-10 16:21:45 +08:00
parent c503769bcd
commit b2d3ef691e
12 changed files with 233 additions and 172 deletions
--- a/internal/handshake/aead.go
+++ b/internal/handshake/aead.go
@@ -19,9 +19,10 @@ type sealer struct {
 	is1RTT bool
 }

-var _ Sealer = &sealer{}
+var _ LongHeaderSealer = &sealer{}
+var _ ShortHeaderSealer = &sealer{}

-func newSealer(aead cipher.AEAD, hpEncrypter cipher.Block, is1RTT bool) Sealer {
+func newSealer(aead cipher.AEAD, hpEncrypter cipher.Block, is1RTT bool) ShortHeaderSealer {
 	return &sealer{
 		aead:        aead,
 		nonceBuf:    make([]byte, aead.NonceSize()),
@@ -57,6 +58,10 @@ func (s *sealer) Overhead() int {
 	return s.aead.Overhead()
 }

+func (s *sealer) KeyPhase() protocol.KeyPhase {
+	return protocol.KeyPhaseZero
+}
+
 type opener struct {
 	aead        cipher.AEAD
 	pnDecrypter cipher.Block
--- a/internal/handshake/aead_test.go
+++ b/internal/handshake/aead_test.go
@@ -10,7 +10,7 @@ import (
 )

 var _ = Describe("AEAD", func() {
-	getSealerAndOpener := func(is1RTT bool) (Sealer, Opener) {
+	getSealerAndOpener := func(is1RTT bool) (ShortHeaderSealer, Opener) {
 		key := make([]byte, 16)
 		hpKey := make([]byte, 16)
 		rand.Read(key)
@@ -29,7 +29,7 @@ var _ = Describe("AEAD", func() {

 	Context("message encryption", func() {
 		var (
-			sealer Sealer
+			sealer ShortHeaderSealer
 			opener Opener
 		)

--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@@ -106,15 +106,15 @@ type cryptoSetup struct {

 	initialStream io.Writer
 	initialOpener Opener
-	initialSealer Sealer
+	initialSealer LongHeaderSealer

 	handshakeStream io.Writer
 	handshakeOpener Opener
-	handshakeSealer Sealer
+	handshakeSealer LongHeaderSealer

 	oneRTTStream io.Writer
 	opener       Opener
-	sealer       Sealer
+	sealer       ShortHeaderSealer
 }

 var _ qtls.RecordLayer = &cryptoSetup{}
@@ -564,14 +564,14 @@ func (h *cryptoSetup) SendAlert(alert uint8) {
 	h.alertChan <- alert
 }

-func (h *cryptoSetup) GetInitialSealer() (Sealer, error) {
+func (h *cryptoSetup) GetInitialSealer() (LongHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()

 	return h.initialSealer, nil
 }

-func (h *cryptoSetup) GetHandshakeSealer() (Sealer, error) {
+func (h *cryptoSetup) GetHandshakeSealer() (LongHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()

@@ -581,7 +581,7 @@ func (h *cryptoSetup) GetHandshakeSealer() (Sealer, error) {
 	return h.handshakeSealer, nil
 }

-func (h *cryptoSetup) Get1RTTSealer() (Sealer, error) {
+func (h *cryptoSetup) Get1RTTSealer() (ShortHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()

--- a/internal/handshake/initial_aead.go
+++ b/internal/handshake/initial_aead.go
@@ -11,7 +11,7 @@ import (
 var quicVersion1Salt = []byte{0xef, 0x4f, 0xb0, 0xab, 0xb4, 0x74, 0x70, 0xc4, 0x1b, 0xef, 0xcf, 0x80, 0x31, 0x33, 0x4f, 0xae, 0x48, 0x5e, 0x09, 0xa0}

 // NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
-func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Sealer, Opener, error) {
+func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, Opener, error) {
 	clientSecret, serverSecret := computeSecrets(connID)
 	var mySecret, otherSecret []byte
 	if pers == protocol.PerspectiveClient {
--- a/internal/handshake/interface.go
+++ b/internal/handshake/interface.go
@@ -14,13 +14,19 @@ type Opener interface {
 	DecryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
 }

-// Sealer seals a packet
-type Sealer interface {
+// LongHeaderSealer seals a long header packet
+type LongHeaderSealer interface {
 	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
 	EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
 	Overhead() int
 }

+// ShortHeaderSealer seals a short header packet
+type ShortHeaderSealer interface {
+	LongHeaderSealer
+	KeyPhase() protocol.KeyPhase
+}
+
 // A tlsExtensionHandler sends and received the QUIC TLS extension.
 type tlsExtensionHandler interface {
 	GetExtensions(msgType uint8) []qtls.Extension
@@ -49,7 +55,7 @@ type CryptoSetup interface {
 	GetHandshakeOpener() (Opener, error)
 	Get1RTTOpener() (Opener, error)

-	GetInitialSealer() (Sealer, error)
-	GetHandshakeSealer() (Sealer, error)
-	Get1RTTSealer() (Sealer, error)
+	GetInitialSealer() (LongHeaderSealer, error)
+	GetHandshakeSealer() (LongHeaderSealer, error)
+	Get1RTTSealer() (ShortHeaderSealer, error)
 }