extract SHLO into separate method and test it

2016-04-17 00:31:30 +02:00
parent cbbf29e3d5
commit b5c7bcda18
2 changed files with 48 additions and 33 deletions
--- a/handshake/crypto_setup.go
+++ b/handshake/crypto_setup.go
@@ -83,9 +83,38 @@ func (h *CryptoSetup) HandleCryptoMessage(data []byte) ([]byte, error) {
 	}
 	if scid, ok := cryptoData[TagSCID]; ok && bytes.Equal(h.scfg.ID, scid) {
 		// We have a CHLO with a proper server config ID, do a 0-RTT handshake
 		return h.handleCHLO(data, cryptoData)
 	}
 	// We have an inacholate or non-matching CHLO, we now send a rejection
 	return h.handleInchoateCHLO(data)
 }
 func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
 	var chloOrNil []byte
 	if h.version > protocol.VersionNumber(30) {
 		chloOrNil = data
 	}
 	proof, err := h.scfg.Sign(chloOrNil)
 	if err != nil {
 		return nil, err
 	}
 	var serverReply bytes.Buffer
 	WriteHandshakeMessage(&serverReply, TagREJ, map[Tag][]byte{
 		TagSCFG: h.scfg.Get(),
 		TagCERT: h.scfg.GetCertCompressed(),
 		TagSNO:  h.nonce,
 		TagPROF: proof,
 	})
 	return serverReply.Bytes(), nil
 }
 func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte, error) {
 	// We have a CHLO matching our server config, we can continue with the 0-RTT handshake
-		var sharedSecret []byte
+	sharedSecret, err := h.scfg.kex.CalculateSharedKey(cryptoData[TagPUBS])
 		sharedSecret, err = h.scfg.kex.CalculateSharedKey(cryptoData[TagPUBS])
 	if err != nil {
 		return nil, err
 	}
@@ -113,29 +142,3 @@ func (h *CryptoSetup) HandleCryptoMessage(data []byte) ([]byte, error) {
 	})
 	return reply.Bytes(), nil
 }
 	// We have an inacholate or non-matching CHLO, we now send a rejection
 	return h.handleInchoateCHLO(data)
 }
 func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
 	var chloOrNil []byte
 	if h.version > protocol.VersionNumber(30) {
 		chloOrNil = data
 	}
 	proof, err := h.scfg.Sign(chloOrNil)
 	if err != nil {
 		return nil, err
 	}
 	var serverReply bytes.Buffer
 	WriteHandshakeMessage(&serverReply, TagREJ, map[Tag][]byte{
 		TagSCFG: h.scfg.Get(),
 		TagCERT: h.scfg.GetCertCompressed(),
 		TagSNO:  h.nonce,
 		TagPROF: proof,
 	})
 	return serverReply.Bytes(), nil
 }
--- a/handshake/crypto_setup_test.go
+++ b/handshake/crypto_setup_test.go
@@ -10,7 +10,7 @@ import (
 type mockKEX struct{}
 func (*mockKEX) PublicKey() []byte {
-	return []byte("publickey")
+	return []byte("pubs-s")
 }
 func (*mockKEX) CalculateSharedKey(otherPublic []byte) ([]byte, error) {
 	return []byte("shared key"), nil
@@ -55,11 +55,11 @@ var _ = Describe("Crypto setup", func() {
 	})
 	It("generates REJ messages", func() {
-		response, err := cs.handleInchoateCHLO(sampleCHLO)
+		response, err := cs.handleInchoateCHLO([]byte("chlo"))
 		Expect(err).ToNot(HaveOccurred())
 		Expect(response).To(HavePrefix("REJ"))
 		Expect(response).To(ContainSubstring("certcompressed"))
-		Expect(response).To(ContainSubstring("publickey"))
+		Expect(response).To(ContainSubstring("pubs-s"))
 		Expect(signer.gotCHLO).To(BeTrue())
 	})
@@ -69,4 +69,16 @@ var _ = Describe("Crypto setup", func() {
 		Expect(err).ToNot(HaveOccurred())
 		Expect(signer.gotCHLO).To(BeFalse())
 	})
 	It("generates SHLO messages", func() {
 		response, err := cs.handleCHLO([]byte("chlo-data"), map[Tag][]byte{
 			TagPUBS: []byte("pubs-c"),
 		})
 		Expect(err).ToNot(HaveOccurred())
 		Expect(response).To(ContainSubstring("pubs-s")) // TODO: Should be new pubs
 		Expect(response).To(ContainSubstring(string(cs.nonce)))
 		Expect(response).To(ContainSubstring(string(protocol.SupportedVersionsAsTags)))
 		Expect(cs.secureAEAD).ToNot(BeNil())
 		Expect(cs.forwardSecureAEAD).ToNot(BeNil())
 	})
 })