From 2e9bc93b0c92c961293432ca8528db98102dbd53 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sat, 9 Sep 2017 16:41:36 +0300 Subject: [PATCH 1/2] use the mockAEAD as nullAEAD in the crypto setup tests --- .../handshake/crypto_setup_client_test.go | 35 +++++------ .../handshake/crypto_setup_server_test.go | 60 +++++++++---------- internal/handshake/crypto_setup_tls_test.go | 2 +- 3 files changed, 48 insertions(+), 49 deletions(-) diff --git a/internal/handshake/crypto_setup_client_test.go b/internal/handshake/crypto_setup_client_test.go index 7fbf0d465..9e3a2e317 100644 --- a/internal/handshake/crypto_setup_client_test.go +++ b/internal/handshake/crypto_setup_client_test.go @@ -98,7 +98,11 @@ var _ = Describe("Client Crypto Setup", func() { divNonce: divNonce, pers: pers, } - return &mockAEAD{forwardSecure: forwardSecure, sharedSecret: sharedSecret}, nil + encLevel := protocol.EncryptionSecure + if forwardSecure { + encLevel = protocol.EncryptionForwardSecure + } + return &mockAEAD{encLevel: encLevel, sharedSecret: sharedSecret}, nil } stream = newMockStream() @@ -126,6 +130,7 @@ var _ = Describe("Client Crypto Setup", func() { cs.certManager = certManager cs.keyDerivation = keyDerivation cs.keyExchange = func() crypto.KeyExchange { return &mockKEX{ephermal: true} } + cs.nullAEAD = &mockAEAD{encLevel: protocol.EncryptionUnencrypted} }) AfterEach(func() { @@ -578,8 +583,6 @@ var _ = Describe("Client Crypto Setup", func() { }) Context("escalating crypto", func() { - var foobarFNVSigned []byte - doCompleteREJ := func() { cs.serverVerified = true err := cs.maybeUpgradeCrypto() @@ -595,7 +598,6 @@ var _ = Describe("Client Crypto Setup", func() { // sets all values necessary for escalating to secureAEAD BeforeEach(func() { - foobarFNVSigned = []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72} kex, err := crypto.NewCurve25519KEX() Expect(err).ToNot(HaveOccurred()) cs.serverConfig = &serverConfigClient{ @@ -688,20 +690,20 @@ var _ = Describe("Client Crypto Setup", func() { enc, sealer := cs.GetSealer() Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) It("is used for the crypto stream", func() { enc, sealer := cs.GetSealerForCryptoStream() Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) It("is accepted initially", func() { - d, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{}) + d, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{}) Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("foobar"))) + Expect(d).To(Equal([]byte("decrypted"))) Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) }) @@ -709,24 +711,23 @@ var _ = Describe("Client Crypto Setup", func() { doCompleteREJ() cs.receivedSecurePacket = false Expect(cs.secureAEAD).ToNot(BeNil()) - d, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{}) + d, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{}) Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("foobar"))) + Expect(d).To(Equal([]byte("decrypted"))) Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) }) It("is not accepted after the server sent an encrypted packet", func() { doCompleteREJ() cs.receivedSecurePacket = true - _, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{}) + _, enc, err := cs.Open(nil, []byte("unecnrypted"), 0, []byte{}) Expect(err).To(MatchError("authentication failed")) Expect(enc).To(Equal(protocol.EncryptionUnspecified)) }) It("errors if the has the wrong hash", func() { - foobarFNVSigned[0]++ - _, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{}) - Expect(err).To(MatchError("NullAEAD: failed to authenticate received data")) + _, enc, err := cs.Open(nil, []byte("not unecnrypted"), 0, []byte{}) + Expect(err).To(MatchError("authentication failed")) Expect(enc).To(Equal(protocol.EncryptionUnspecified)) }) }) @@ -762,7 +763,7 @@ var _ = Describe("Client Crypto Setup", func() { enc, sealer := cs.GetSealerForCryptoStream() Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) }) @@ -783,7 +784,7 @@ var _ = Describe("Client Crypto Setup", func() { enc, sealer := cs.GetSealerForCryptoStream() Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) }) @@ -792,7 +793,7 @@ var _ = Describe("Client Crypto Setup", func() { sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted) Expect(err).ToNot(HaveOccurred()) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) It("forces initial encryption", func() { diff --git a/internal/handshake/crypto_setup_server_test.go b/internal/handshake/crypto_setup_server_test.go index 04aef38e5..c4f6a91bf 100644 --- a/internal/handshake/crypto_setup_server_test.go +++ b/internal/handshake/crypto_setup_server_test.go @@ -55,8 +55,8 @@ func (*mockSigner) GetLeafCert(sni string) ([]byte, error) { } type mockAEAD struct { - forwardSecure bool - sharedSecret []byte + encLevel protocol.EncryptionLevel + sharedSecret []byte } var _ crypto.AEAD = &mockAEAD{} @@ -67,18 +67,23 @@ func (m *mockAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, ass } dst = dst[:len(src)+12] copy(dst, src) - if !m.forwardSecure { + switch m.encLevel { + case protocol.EncryptionUnencrypted: + copy(dst[len(src):], []byte(" unencrypted")) + case protocol.EncryptionSecure: copy(dst[len(src):], []byte(" normal sec")) - } else { + case protocol.EncryptionForwardSecure: copy(dst[len(src):], []byte(" forward sec")) + default: + Fail("invalid encryption level") } return dst } func (m *mockAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) { - if m.forwardSecure && string(src) == "forward secure encrypted" { - return []byte("decrypted"), nil - } else if !m.forwardSecure && string(src) == "encrypted" { + if m.encLevel == protocol.EncryptionUnencrypted && string(src) == "unencrypted" || + m.encLevel == protocol.EncryptionForwardSecure && string(src) == "forward secure encrypted" || + m.encLevel == protocol.EncryptionSecure && string(src) == "encrypted" { return []byte("decrypted"), nil } return nil, errors.New("authentication failed") @@ -92,12 +97,15 @@ var expectedInitialNonceLen int var expectedFSNonceLen int func mockQuicCryptoKeyDerivation(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) { + var encLevel protocol.EncryptionLevel if forwardSecure { + encLevel = protocol.EncryptionForwardSecure Expect(nonces).To(HaveLen(expectedFSNonceLen)) } else { + encLevel = protocol.EncryptionSecure Expect(nonces).To(HaveLen(expectedInitialNonceLen)) } - return &mockAEAD{forwardSecure: forwardSecure, sharedSecret: sharedSecret}, nil + return &mockAEAD{encLevel: encLevel, sharedSecret: sharedSecret}, nil } type mockStream struct { @@ -216,6 +224,7 @@ var _ = Describe("Server Crypto Setup", func() { cs.acceptSTKCallback = func(_ net.Addr, _ *Cookie) bool { return sourceAddrValid } cs.keyDerivation = mockQuicCryptoKeyDerivation cs.keyExchange = func() crypto.KeyExchange { return &mockKEX{ephermal: true} } + cs.nullAEAD = &mockAEAD{encLevel: protocol.EncryptionUnencrypted} }) AfterEach(func() { @@ -334,11 +343,11 @@ var _ = Describe("Server Crypto Setup", func() { Expect(response).To(ContainSubstring(string(b.Bytes()))) } Expect(cs.secureAEAD).ToNot(BeNil()) - Expect(cs.secureAEAD.(*mockAEAD).forwardSecure).To(BeFalse()) + Expect(cs.secureAEAD.(*mockAEAD).encLevel).To(Equal(protocol.EncryptionSecure)) Expect(cs.secureAEAD.(*mockAEAD).sharedSecret).To(Equal([]byte("shared key"))) Expect(cs.forwardSecureAEAD).ToNot(BeNil()) Expect(cs.forwardSecureAEAD.(*mockAEAD).sharedSecret).To(Equal([]byte("shared ephermal"))) - Expect(cs.forwardSecureAEAD.(*mockAEAD).forwardSecure).To(BeTrue()) + Expect(cs.forwardSecureAEAD.(*mockAEAD).encLevel).To(Equal(protocol.EncryptionForwardSecure)) }) It("handles long handshake", func() { @@ -544,16 +553,6 @@ var _ = Describe("Server Crypto Setup", func() { }) Context("escalating crypto", func() { - var foobarServerFNVSigned []byte // a "foobar" sent by the server, FNV signed - var foobarClientFNVSigned []byte // a "foobar" sent by the client, FNV signed - - BeforeEach(func() { - nullAEADServer := crypto.NewNullAEAD(protocol.PerspectiveServer, version) - foobarServerFNVSigned = nullAEADServer.Seal(nil, []byte("foobar"), 0, []byte{}) - nullAEADClient := crypto.NewNullAEAD(protocol.PerspectiveClient, version) - foobarClientFNVSigned = nullAEADClient.Seal(nil, []byte("foobar"), 0, []byte{}) - }) - doCHLO := func() { _, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{ TagPUBS: []byte("pubs-c"), @@ -571,34 +570,33 @@ var _ = Describe("Server Crypto Setup", func() { enc, sealer := cs.GetSealer() Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarServerFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) It("is used for crypto stream", func() { enc, sealer := cs.GetSealerForCryptoStream() Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarServerFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) It("is accepted initially", func() { - d, enc, err := cs.Open(nil, foobarClientFNVSigned, 0, []byte{}) + d, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{}) Expect(err).ToNot(HaveOccurred()) - Expect(d).To(Equal([]byte("foobar"))) + Expect(d).To(Equal([]byte("decrypted"))) Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) }) It("errors if the has the wrong hash", func() { - foobarClientFNVSigned[0]++ - _, enc, err := cs.Open(nil, foobarClientFNVSigned, 0, []byte{}) - Expect(err).To(MatchError("NullAEAD: failed to authenticate received data")) + _, enc, err := cs.Open(nil, []byte("not unencrypted"), 0, []byte{}) + Expect(err).To(MatchError("authentication failed")) Expect(enc).To(Equal(protocol.EncryptionUnspecified)) }) It("is still accepted after CHLO", func() { doCHLO() Expect(cs.secureAEAD).ToNot(BeNil()) - _, enc, err := cs.Open(nil, foobarClientFNVSigned, 0, []byte{}) + _, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{}) Expect(err).ToNot(HaveOccurred()) Expect(enc).To(Equal(protocol.EncryptionUnencrypted)) }) @@ -610,7 +608,7 @@ var _ = Describe("Server Crypto Setup", func() { Expect(enc).To(Equal(protocol.EncryptionSecure)) Expect(err).ToNot(HaveOccurred()) Expect(d).To(Equal([]byte("decrypted"))) - _, enc, err = cs.Open(nil, foobarClientFNVSigned, 0, []byte{}) + _, enc, err = cs.Open(nil, []byte("foobar unencrypted"), 0, []byte{}) Expect(err).To(MatchError("authentication failed")) Expect(enc).To(Equal(protocol.EncryptionUnspecified)) }) @@ -620,7 +618,7 @@ var _ = Describe("Server Crypto Setup", func() { enc, sealer := cs.GetSealer() Expect(enc).ToNot(Equal(protocol.EncryptionUnencrypted)) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).ToNot(Equal(foobarServerFNVSigned)) + Expect(d).ToNot(Equal([]byte("foobar unencrypted"))) }) }) @@ -673,7 +671,7 @@ var _ = Describe("Server Crypto Setup", func() { sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted) Expect(err).ToNot(HaveOccurred()) d := sealer.Seal(nil, []byte("foobar"), 0, []byte{}) - Expect(d).To(Equal(foobarServerFNVSigned)) + Expect(d).To(Equal([]byte("foobar unencrypted"))) }) It("forces initial encryption", func() { diff --git a/internal/handshake/crypto_setup_tls_test.go b/internal/handshake/crypto_setup_tls_test.go index 1d90954e5..35a93f53d 100644 --- a/internal/handshake/crypto_setup_tls_test.go +++ b/internal/handshake/crypto_setup_tls_test.go @@ -27,7 +27,7 @@ func (h *fakeMintController) ComputeExporter(label string, context []byte, keyLe } func mockKeyDerivation(crypto.MintController, protocol.Perspective) (crypto.AEAD, error) { - return &mockAEAD{forwardSecure: true}, nil + return &mockAEAD{encLevel: protocol.EncryptionForwardSecure}, nil } var _ = Describe("TLS Crypto Setup", func() { From e729701a949746e1ae6c844eeeb1635a997be890 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sat, 9 Sep 2017 17:00:39 +0300 Subject: [PATCH 2/2] drop support for version 36 --- Changelog.md | 2 +- client_test.go | 2 +- internal/crypto/null_aead.go | 5 +- internal/crypto/null_aead_fnv128a.go | 21 +++---- internal/crypto/null_aead_fnv128a_test.go | 62 +++++++------------ internal/crypto/null_aead_test.go | 1 - .../connection_parameters_manager_test.go | 4 +- .../handshake/crypto_setup_client_test.go | 14 +++-- internal/protocol/version.go | 4 +- internal/protocol/version_test.go | 1 - internal/utils/byteorder_test.go | 2 +- internal/wire/public_header_test.go | 6 +- packet_unpacker_test.go | 2 +- 13 files changed, 48 insertions(+), 78 deletions(-) diff --git a/Changelog.md b/Changelog.md index 941a6d6d7..7a5a8e5d6 100644 --- a/Changelog.md +++ b/Changelog.md @@ -2,7 +2,7 @@ ## v0.6.0 (unreleased) -- Add support for QUIC 38 and 39, drop support for QUIC 35 +- Add support for QUIC 38 and 39, drop support for QUIC 35 and 36 - Added `quic.Config` options for maximal flow control windows - Add a `quic.Config` option for QUIC versions - Add a `quic.Config` option to request truncation of the connection ID from a server diff --git a/client_test.go b/client_test.go index 3b5dd13fa..78043b7fe 100644 --- a/client_test.go +++ b/client_test.go @@ -508,7 +508,7 @@ var _ = Describe("Client", func() { ConnectionID: 0x1337, } b := &bytes.Buffer{} - err := ph.Write(b, protocol.Version36, protocol.PerspectiveServer) + err := ph.Write(b, cl.version, protocol.PerspectiveServer) Expect(err).ToNot(HaveOccurred()) packetConn.dataToRead = b.Bytes() diff --git a/internal/crypto/null_aead.go b/internal/crypto/null_aead.go index e1cc61355..fa1ccb7bf 100644 --- a/internal/crypto/null_aead.go +++ b/internal/crypto/null_aead.go @@ -7,8 +7,5 @@ func NewNullAEAD(p protocol.Perspective, v protocol.VersionNumber) AEAD { if v.UsesTLS() { return &nullAEADFNV64a{} } - return &nullAEADFNV128a{ - perspective: p, - version: v, - } + return &nullAEADFNV128a{perspective: p} } diff --git a/internal/crypto/null_aead_fnv128a.go b/internal/crypto/null_aead_fnv128a.go index 5e49aa980..ecc4010bd 100644 --- a/internal/crypto/null_aead_fnv128a.go +++ b/internal/crypto/null_aead_fnv128a.go @@ -11,7 +11,6 @@ import ( // nullAEAD handles not-yet encrypted packets type nullAEADFNV128a struct { perspective protocol.Perspective - version protocol.VersionNumber } var _ AEAD = &nullAEADFNV128a{} @@ -25,12 +24,10 @@ func (n *nullAEADFNV128a) Open(dst, src []byte, packetNumber protocol.PacketNumb hash := fnv128a.New() hash.Write(associatedData) hash.Write(src[12:]) - if n.version >= protocol.Version37 { - if n.perspective == protocol.PerspectiveServer { - hash.Write([]byte("Client")) - } else { - hash.Write([]byte("Server")) - } + if n.perspective == protocol.PerspectiveServer { + hash.Write([]byte("Client")) + } else { + hash.Write([]byte("Server")) } testHigh, testLow := hash.Sum128() @@ -55,12 +52,10 @@ func (n *nullAEADFNV128a) Seal(dst, src []byte, packetNumber protocol.PacketNumb hash.Write(associatedData) hash.Write(src) - if n.version >= protocol.Version37 { - if n.perspective == protocol.PerspectiveServer { - hash.Write([]byte("Server")) - } else { - hash.Write([]byte("Client")) - } + if n.perspective == protocol.PerspectiveServer { + hash.Write([]byte("Server")) + } else { + hash.Write([]byte("Client")) } high, low := hash.Sum128() diff --git a/internal/crypto/null_aead_fnv128a_test.go b/internal/crypto/null_aead_fnv128a_test.go index e632986cf..9fbc2a77b 100644 --- a/internal/crypto/null_aead_fnv128a_test.go +++ b/internal/crypto/null_aead_fnv128a_test.go @@ -11,32 +11,37 @@ var _ = Describe("NullAEAD using FNV128a", func() { plainText := []byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood.") hash36 := []byte{0x98, 0x9b, 0x33, 0x3f, 0xe8, 0xde, 0x32, 0x5c, 0xa6, 0x7f, 0x9c, 0xf7} - It("opens", func() { - cipherText := append(hash36, plainText...) - aead := NewNullAEAD(protocol.PerspectiveServer, protocol.Version36) - res, err := aead.Open(nil, cipherText, 0, aad) - Expect(err).ToNot(HaveOccurred()) - Expect(res).To(Equal(plainText)) + var aeadServer AEAD + var aeadClient AEAD + + BeforeEach(func() { + aeadServer = NewNullAEAD(protocol.PerspectiveServer, protocol.Version37) + aeadClient = NewNullAEAD(protocol.PerspectiveClient, protocol.Version37) }) - It("seals", func() { - aead := NewNullAEAD(protocol.PerspectiveServer, protocol.Version36) - sealed := aead.Seal(nil, plainText, 0, aad) - Expect(sealed).To(Equal(append(hash36, plainText...))) - Expect(sealed).To(HaveLen(len(plainText) + aead.Overhead())) + It("seals and opens, client => server", func() { + cipherText := aeadClient.Seal(nil, plainText, 0, aad) + res, err := aeadServer.Open(nil, cipherText, 0, aad) + Expect(err).ToNot(HaveOccurred()) + Expect(res).To(Equal([]byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood."))) + }) + + It("seals and opens, server => client", func() { + cipherText := aeadServer.Seal(nil, plainText, 0, aad) + res, err := aeadClient.Open(nil, cipherText, 0, aad) + Expect(err).ToNot(HaveOccurred()) + Expect(res).To(Equal([]byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood."))) }) It("rejects short ciphertexts", func() { - aead := NewNullAEAD(protocol.PerspectiveServer, protocol.Version36) - _, err := aead.Open(nil, nil, 0, nil) + _, err := aeadServer.Open(nil, nil, 0, nil) Expect(err).To(MatchError("NullAEAD: ciphertext cannot be less than 12 bytes long")) }) It("seals in-place", func() { - aead := NewNullAEAD(protocol.PerspectiveServer, protocol.Version36) buf := make([]byte, 6, 12+6) copy(buf, []byte("foobar")) - res := aead.Seal(buf[0:0], buf, 0, nil) + res := aeadServer.Seal(buf[0:0], buf, 0, nil) buf = buf[:12+6] Expect(buf[12:]).To(Equal([]byte("foobar"))) Expect(res[12:]).To(Equal([]byte("foobar"))) @@ -44,32 +49,7 @@ var _ = Describe("NullAEAD using FNV128a", func() { It("fails", func() { cipherText := append(append(hash36, plainText...), byte(0x42)) - aead := NewNullAEAD(protocol.PerspectiveServer, protocol.Version36) - _, err := aead.Open(nil, cipherText, 0, aad) + _, err := aeadClient.Open(nil, cipherText, 0, aad) Expect(err).To(HaveOccurred()) }) - - Context("including the perspective, for QUIC >= 37", func() { - var aeadServer AEAD - var aeadClient AEAD - - BeforeEach(func() { - aeadServer = NewNullAEAD(protocol.PerspectiveServer, protocol.Version37) - aeadClient = NewNullAEAD(protocol.PerspectiveClient, protocol.Version37) - }) - - It("opens, for QUIC version >= 37, as a server", func() { - cipherText := aeadClient.Seal(nil, plainText, 0, aad) - res, err := aeadServer.Open(nil, cipherText, 0, aad) - Expect(err).ToNot(HaveOccurred()) - Expect(res).To(Equal([]byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood."))) - }) - - It("opens, for QUIC version >= 37, as a client", func() { - cipherText := aeadServer.Seal(nil, plainText, 0, aad) - res, err := aeadClient.Open(nil, cipherText, 0, aad) - Expect(err).ToNot(HaveOccurred()) - Expect(res).To(Equal([]byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood."))) - }) - }) }) diff --git a/internal/crypto/null_aead_test.go b/internal/crypto/null_aead_test.go index a456f541c..092dd9b92 100644 --- a/internal/crypto/null_aead_test.go +++ b/internal/crypto/null_aead_test.go @@ -10,7 +10,6 @@ var _ = Describe("NullAEAD", func() { It("selects the right FVN variant", func() { Expect(NewNullAEAD(protocol.PerspectiveClient, protocol.Version39)).To(Equal(&nullAEADFNV128a{ perspective: protocol.PerspectiveClient, - version: protocol.Version39, })) Expect(NewNullAEAD(protocol.PerspectiveClient, protocol.VersionTLS)).To(Equal(&nullAEADFNV64a{})) }) diff --git a/internal/handshake/connection_parameters_manager_test.go b/internal/handshake/connection_parameters_manager_test.go index b1ff4d1d6..e5d029720 100644 --- a/internal/handshake/connection_parameters_manager_test.go +++ b/internal/handshake/connection_parameters_manager_test.go @@ -22,14 +22,14 @@ var _ = Describe("ConnectionsParameterManager", func() { BeforeEach(func() { cpm = NewConnectionParamatersManager( protocol.PerspectiveServer, - protocol.Version36, + protocol.VersionWhatever, maxReceiveStreamFlowControlWindowServer, maxReceiveConnectionFlowControlWindowServer, idleTimeout, ).(*connectionParametersManager) cpmClient = NewConnectionParamatersManager( protocol.PerspectiveClient, - protocol.Version36, + protocol.VersionWhatever, maxReceiveStreamFlowControlWindowClient, maxReceiveConnectionFlowControlWindowClient, idleTimeout, diff --git a/internal/handshake/crypto_setup_client_test.go b/internal/handshake/crypto_setup_client_test.go index 9e3a2e317..181427bc3 100644 --- a/internal/handshake/crypto_setup_client_test.go +++ b/internal/handshake/crypto_setup_client_test.go @@ -107,7 +107,7 @@ var _ = Describe("Client Crypto Setup", func() { stream = newMockStream() certManager = &mockCertManager{} - version := protocol.Version36 + version := protocol.Version37 aeadChanged = make(chan protocol.EncryptionLevel, 2) csInt, err := NewCryptoSetupClient( "hostname", @@ -216,10 +216,11 @@ var _ = Describe("Client Crypto Setup", func() { }) It("doesn't care about unsupported versions", func() { - cs.negotiatedVersions = []protocol.VersionNumber{protocol.VersionUnsupported, protocol.Version36, protocol.VersionUnsupported} + ver := protocol.SupportedVersions[0] + cs.negotiatedVersions = []protocol.VersionNumber{protocol.VersionUnsupported, ver, protocol.VersionUnsupported} b := &bytes.Buffer{} b.Write([]byte{0, 0, 0, 0}) - utils.LittleEndian.WriteUint32(b, protocol.VersionNumberToTag(protocol.Version36)) + utils.LittleEndian.WriteUint32(b, protocol.VersionNumberToTag(ver)) b.Write([]byte{0x13, 0x37, 0x13, 0x37}) Expect(cs.validateVersionList(b.Bytes())).To(BeTrue()) }) @@ -411,10 +412,11 @@ var _ = Describe("Client Crypto Setup", func() { }) It("accepts a SHLO after a version negotiation", func() { - cs.negotiatedVersions = []protocol.VersionNumber{protocol.Version36} + ver := protocol.SupportedVersions[0] + cs.negotiatedVersions = []protocol.VersionNumber{ver} cs.receivedSecurePacket = true b := &bytes.Buffer{} - utils.LittleEndian.WriteUint32(b, protocol.VersionNumberToTag(protocol.Version36)) + utils.LittleEndian.WriteUint32(b, protocol.VersionNumberToTag(ver)) shloMap[TagVER] = b.Bytes() err := cs.handleSHLOMessage(shloMap) Expect(err).ToNot(HaveOccurred()) @@ -486,7 +488,7 @@ var _ = Describe("Client Crypto Setup", func() { Expect(err).ToNot(HaveOccurred()) Expect(string(tags[TagSNI])).To(Equal(cs.hostname)) Expect(tags[TagPDMD]).To(Equal([]byte("X509"))) - Expect(tags[TagVER]).To(Equal([]byte("Q036"))) + Expect(tags[TagVER]).To(Equal([]byte("Q037"))) Expect(tags[TagCCS]).To(Equal(certManager.commonCertificateHashes)) Expect(tags).ToNot(HaveKey(TagTCID)) }) diff --git a/internal/protocol/version.go b/internal/protocol/version.go index 12cf91d81..5f2698085 100644 --- a/internal/protocol/version.go +++ b/internal/protocol/version.go @@ -5,8 +5,7 @@ type VersionNumber int // The version numbers, making grepping easier const ( - Version36 VersionNumber = 36 + iota - Version37 + Version37 VersionNumber = 37 + iota Version38 Version39 VersionTLS VersionNumber = 101 @@ -21,7 +20,6 @@ var SupportedVersions = []VersionNumber{ Version39, Version38, Version37, - Version36, } // UsesTLS says if this QUIC version uses TLS 1.3 for the handshake diff --git a/internal/protocol/version_test.go b/internal/protocol/version_test.go index fbaa24102..4f7436c78 100644 --- a/internal/protocol/version_test.go +++ b/internal/protocol/version_test.go @@ -7,7 +7,6 @@ import ( var _ = Describe("Version", func() { It("says if a version supports TLS", func() { - Expect(Version36.UsesTLS()).To(BeFalse()) Expect(Version37.UsesTLS()).To(BeFalse()) Expect(Version38.UsesTLS()).To(BeFalse()) Expect(Version39.UsesTLS()).To(BeFalse()) diff --git a/internal/utils/byteorder_test.go b/internal/utils/byteorder_test.go index 16ba55c29..7547bafe5 100644 --- a/internal/utils/byteorder_test.go +++ b/internal/utils/byteorder_test.go @@ -8,8 +8,8 @@ import ( var _ = Describe("Byte Order", func() { It("says little Little Endian before QUIC 39", func() { - Expect(GetByteOrder(protocol.Version36)).To(Equal(LittleEndian)) Expect(GetByteOrder(protocol.Version37)).To(Equal(LittleEndian)) + Expect(GetByteOrder(protocol.Version38)).To(Equal(LittleEndian)) }) It("says little Little Endian for QUIC 39", func() { diff --git a/internal/wire/public_header_test.go b/internal/wire/public_header_test.go index 5c42f33dc..4ff9d6cfb 100644 --- a/internal/wire/public_header_test.go +++ b/internal/wire/public_header_test.go @@ -365,7 +365,7 @@ var _ = Describe("Public Header", func() { b := &bytes.Buffer{} hdr := PublicHeader{ VersionFlag: true, - VersionNumber: protocol.Version36, + VersionNumber: protocol.Version38, ConnectionID: 0x4cfa9f9b668619f6, PacketNumber: 0x1337, PacketNumberLen: protocol.PacketNumberLen6, @@ -377,7 +377,7 @@ var _ = Describe("Public Header", func() { firstByte, _ := b.ReadByte() Expect(firstByte & 0x01).To(Equal(uint8(1))) Expect(firstByte & 0x30).To(Equal(uint8(0x30))) - Expect(string(b.Bytes()[8:12])).To(Equal("Q036")) + Expect(string(b.Bytes()[8:12])).To(Equal("Q038")) Expect(b.Bytes()[12:18]).To(Equal([]byte{0x37, 0x13, 0, 0, 0, 0})) }) }) @@ -455,7 +455,7 @@ var _ = Describe("Public Header", func() { PacketNumber: 0xDECAFBAD, PacketNumberLen: protocol.PacketNumberLen6, VersionFlag: true, - VersionNumber: protocol.Version36, + VersionNumber: versionLittleEndian, } length, err := hdr.GetLength(protocol.PerspectiveClient) Expect(err).ToNot(HaveOccurred()) diff --git a/packet_unpacker_test.go b/packet_unpacker_test.go index f51bae2c6..238e0a3f4 100644 --- a/packet_unpacker_test.go +++ b/packet_unpacker_test.go @@ -17,7 +17,7 @@ type mockAEAD struct { } func (m *mockAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) { - nullAEAD := crypto.NewNullAEAD(protocol.PerspectiveServer, protocol.VersionWhatever) + nullAEAD := crypto.NewNullAEAD(protocol.PerspectiveClient, protocol.VersionWhatever) res, err := nullAEAD.Open(dst, src, packetNumber, associatedData) return res, m.encLevelOpen, err }