forked from quic-go/quic-go
check if the received server config is expired
This commit is contained in:
Marten Seemann
@@ -119,6 +119,10 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if h.serverConfig.IsExpired() {
|
||||
return qerr.CryptoServerConfigExpired
|
||||
}
|
||||
|
||||
// now that we have a server config, we can use its OBIT value to generate a client nonce
|
||||
if len(h.nonc) == 0 {
|
||||
err = h.generateClientNonce()
|
||||
|
||||
@@ -100,6 +100,21 @@ var _ = Describe("Crypto setup", func() {
|
||||
Expect(cs.serverConfig.ID).To(Equal(scfg[TagSCID]))
|
||||
})
|
||||
|
||||
It("rejects expired server configs", func() {
|
||||
b := &bytes.Buffer{}
|
||||
scfg := getDefaultServerConfigClient()
|
||||
scfg[TagEXPY] = []byte{0x80, 0x54, 0x72, 0x4F, 0, 0, 0, 0} // 2012-03-28
|
||||
WriteHandshakeMessage(b, TagSCFG, scfg)
|
||||
tagMap[TagSCFG] = b.Bytes()
|
||||
// make sure we actually set TagEXPY correct
|
||||
serverConfig, err := parseServerConfig(b.Bytes())
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(serverConfig.expiry.Year()).To(Equal(2012))
|
||||
// now try to read this server config in the crypto setup
|
||||
err = cs.handleREJMessage(tagMap)
|
||||
Expect(err).To(MatchError(qerr.CryptoServerConfigExpired))
|
||||
})
|
||||
|
||||
It("generates a client nonce after reading a server config", func() {
|
||||
b := &bytes.Buffer{}
|
||||
WriteHandshakeMessage(b, TagSCFG, getDefaultServerConfigClient())
|
||||
|
||||
@@ -134,6 +134,10 @@ func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *serverConfigClient) IsExpired() bool {
|
||||
return s.expiry.Before(time.Now())
|
||||
}
|
||||
|
||||
func (s *serverConfigClient) Get() []byte {
|
||||
return s.raw
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@ func getDefaultServerConfigClient() map[Tag][]byte {
|
||||
TagAEAD: []byte("AESG"),
|
||||
TagPUBS: bytes.Repeat([]byte{0}, 35),
|
||||
TagOBIT: bytes.Repeat([]byte{0}, 8),
|
||||
TagEXPY: bytes.Repeat([]byte{0}, 8),
|
||||
TagEXPY: []byte{0x0, 0x6c, 0x57, 0x78, 0, 0, 0, 0}, // 2033-12-24
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,6 +45,14 @@ var _ = Describe("Server Config", func() {
|
||||
Expect(scfg.raw).To(Equal(b.Bytes()))
|
||||
})
|
||||
|
||||
It("tells if a server config is expired", func() {
|
||||
scfg := &serverConfigClient{}
|
||||
scfg.expiry = time.Now().Add(-time.Second)
|
||||
Expect(scfg.IsExpired()).To(BeTrue())
|
||||
scfg.expiry = time.Now().Add(time.Second)
|
||||
Expect(scfg.IsExpired()).To(BeFalse())
|
||||
})
|
||||
|
||||
Context("parsing the server config", func() {
|
||||
It("rejects a handshake message with the wrong message tag", func() {
|
||||
var serverConfig bytes.Buffer
|
||||
|
||||
Reference in New Issue
Block a user