gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

switch to forward-secure encryption after sending the SHLO

Browse Source
This commit is contained in:
Marten Seemann
2017-01-11 17:44:32 +07:00
parent 936a29ff35
commit b5c8c11c0c
3 changed files with 24 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
handshake/crypto_setup_server_test.go
View File

@@ -194,8 +194,8 @@ var _ = Describe("Crypto setup", func() {
Expect(cs.DiversificationNonce()).To(HaveLen(32))
})
It("does not return nonce for FS packets", func() {
cs.receivedForwardSecurePacket = true
It("does not return nonce after sending the SHLO", func() {
cs.sentSHLO = true
Expect(cs.DiversificationNonce()).To(BeEmpty())
})
@@ -633,15 +633,6 @@ var _ = Describe("Crypto setup", func() {
Expect(d).To(Equal([]byte("decrypted")))
})
It("is not used after receiving forward secure packet", func() {
doCHLO()
_, _, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
Expect(err).ToNot(HaveOccurred())
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar forward sec")))
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
})
It("is not accepted after receiving forward secure packet", func() {
doCHLO()
_, _, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
@@ -653,15 +644,25 @@ var _ = Describe("Crypto setup", func() {
})
Context("forward secure encryption", func() {
It("is used after receiving forward secure packet", func() {
It("is used after sending out one packet with initial encryption", func() {
doCHLO()
_, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
Expect(err).ToNot(HaveOccurred())
_, enc := cs.Seal(nil, []byte("SHLO"), 0, []byte{})
Expect(enc).To(Equal(protocol.EncryptionSecure))
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar forward sec")))
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
})
It("regards the handshake as complete once it receives a forward encrypted packet", func() {
doCHLO()
_, enc := cs.Seal(nil, []byte("SHLO"), 0, []byte{})
Expect(enc).To(Equal(protocol.EncryptionSecure))
_, enc = cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
Expect(cs.HandshakeComplete()).To(BeFalse())
cs.receivedForwardSecurePacket = true
Expect(cs.HandshakeComplete()).To(BeTrue())
})
})
Context("forcing encryption levels", func() {