From edecc88ebf825f177fbd83161db2a200a7b6f0a6 Mon Sep 17 00:00:00 2001 From: Niklas Gustavsson Date: Tue, 8 Jan 2019 22:29:07 -0500 Subject: [PATCH] Set is1RTT correctly for sealer/opener Ensure that the rigth mask is picked for header protection. --- internal/handshake/crypto_setup.go | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/internal/handshake/crypto_setup.go b/internal/handshake/crypto_setup.go index 0ea25c20..42a0c4e9 100644 --- a/internal/handshake/crypto_setup.go +++ b/internal/handshake/crypto_setup.go @@ -417,20 +417,15 @@ func (h *cryptoSetup) SetReadKey(suite *qtls.CipherSuite, trafficSecret []byte) if err != nil { panic(fmt.Sprintf("error creating new AES cipher: %s", err)) } - opener := newOpener( - suite.AEAD(key, iv), - hpDecrypter, - h.readEncLevel == protocol.Encryption1RTT, - ) switch h.readEncLevel { case protocol.EncryptionInitial: h.readEncLevel = protocol.EncryptionHandshake - h.handshakeOpener = opener + h.handshakeOpener = newOpener(suite.AEAD(key, iv), hpDecrypter, false) h.logger.Debugf("Installed Handshake Read keys") case protocol.EncryptionHandshake: h.readEncLevel = protocol.Encryption1RTT - h.opener = opener + h.opener = newOpener(suite.AEAD(key, iv), hpDecrypter, true) h.logger.Debugf("Installed 1-RTT Read keys") default: panic("unexpected read encryption level") @@ -446,20 +441,15 @@ func (h *cryptoSetup) SetWriteKey(suite *qtls.CipherSuite, trafficSecret []byte) if err != nil { panic(fmt.Sprintf("error creating new AES cipher: %s", err)) } - sealer := newSealer( - suite.AEAD(key, iv), - hpEncrypter, - h.writeEncLevel == protocol.Encryption1RTT, - ) switch h.writeEncLevel { case protocol.EncryptionInitial: h.writeEncLevel = protocol.EncryptionHandshake - h.handshakeSealer = sealer + h.handshakeSealer = newSealer(suite.AEAD(key, iv), hpEncrypter, false) h.logger.Debugf("Installed Handshake Write keys") case protocol.EncryptionHandshake: h.writeEncLevel = protocol.Encryption1RTT - h.sealer = sealer + h.sealer = newSealer(suite.AEAD(key, iv), hpEncrypter, true) h.logger.Debugf("Installed 1-RTT Write keys") default: panic("unexpected write encryption level")