forked from quic-go/quic-go
check if the received server config is expired
This commit is contained in:
Marten Seemann
@@ -119,6 +119,10 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if h.serverConfig.IsExpired() {
|
||||||
|
return qerr.CryptoServerConfigExpired
|
||||||
|
}
|
||||||
|
|
||||||
// now that we have a server config, we can use its OBIT value to generate a client nonce
|
// now that we have a server config, we can use its OBIT value to generate a client nonce
|
||||||
if len(h.nonc) == 0 {
|
if len(h.nonc) == 0 {
|
||||||
err = h.generateClientNonce()
|
err = h.generateClientNonce()
|
||||||
|
|||||||
@@ -100,6 +100,21 @@ var _ = Describe("Crypto setup", func() {
|
|||||||
Expect(cs.serverConfig.ID).To(Equal(scfg[TagSCID]))
|
Expect(cs.serverConfig.ID).To(Equal(scfg[TagSCID]))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("rejects expired server configs", func() {
|
||||||
|
b := &bytes.Buffer{}
|
||||||
|
scfg := getDefaultServerConfigClient()
|
||||||
|
scfg[TagEXPY] = []byte{0x80, 0x54, 0x72, 0x4F, 0, 0, 0, 0} // 2012-03-28
|
||||||
|
WriteHandshakeMessage(b, TagSCFG, scfg)
|
||||||
|
tagMap[TagSCFG] = b.Bytes()
|
||||||
|
// make sure we actually set TagEXPY correct
|
||||||
|
serverConfig, err := parseServerConfig(b.Bytes())
|
||||||
|
Expect(err).ToNot(HaveOccurred())
|
||||||
|
Expect(serverConfig.expiry.Year()).To(Equal(2012))
|
||||||
|
// now try to read this server config in the crypto setup
|
||||||
|
err = cs.handleREJMessage(tagMap)
|
||||||
|
Expect(err).To(MatchError(qerr.CryptoServerConfigExpired))
|
||||||
|
})
|
||||||
|
|
||||||
It("generates a client nonce after reading a server config", func() {
|
It("generates a client nonce after reading a server config", func() {
|
||||||
b := &bytes.Buffer{}
|
b := &bytes.Buffer{}
|
||||||
WriteHandshakeMessage(b, TagSCFG, getDefaultServerConfigClient())
|
WriteHandshakeMessage(b, TagSCFG, getDefaultServerConfigClient())
|
||||||
|
|||||||
@@ -134,6 +134,10 @@ func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *serverConfigClient) IsExpired() bool {
|
||||||
|
return s.expiry.Before(time.Now())
|
||||||
|
}
|
||||||
|
|
||||||
func (s *serverConfigClient) Get() []byte {
|
func (s *serverConfigClient) Get() []byte {
|
||||||
return s.raw
|
return s.raw
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ func getDefaultServerConfigClient() map[Tag][]byte {
|
|||||||
TagAEAD: []byte("AESG"),
|
TagAEAD: []byte("AESG"),
|
||||||
TagPUBS: bytes.Repeat([]byte{0}, 35),
|
TagPUBS: bytes.Repeat([]byte{0}, 35),
|
||||||
TagOBIT: bytes.Repeat([]byte{0}, 8),
|
TagOBIT: bytes.Repeat([]byte{0}, 8),
|
||||||
TagEXPY: bytes.Repeat([]byte{0}, 8),
|
TagEXPY: []byte{0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -45,6 +45,14 @@ var _ = Describe("Server Config", func() {
|
|||||||
Expect(scfg.raw).To(Equal(b.Bytes()))
|
Expect(scfg.raw).To(Equal(b.Bytes()))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("tells if a server config is expired", func() {
|
||||||
|
scfg := &serverConfigClient{}
|
||||||
|
scfg.expiry = time.Now().Add(-time.Second)
|
||||||
|
Expect(scfg.IsExpired()).To(BeTrue())
|
||||||
|
scfg.expiry = time.Now().Add(time.Second)
|
||||||
|
Expect(scfg.IsExpired()).To(BeFalse())
|
||||||
|
})
|
||||||
|
|
||||||
Context("parsing the server config", func() {
|
Context("parsing the server config", func() {
|
||||||
It("rejects a handshake message with the wrong message tag", func() {
|
It("rejects a handshake message with the wrong message tag", func() {
|
||||||
var serverConfig bytes.Buffer
|
var serverConfig bytes.Buffer
|
||||||
|
|||||||
Reference in New Issue
Block a user