From 074f5a202e7b4346fe4beb565ed288f8b8c0c6ea Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Wed, 9 Sep 2020 16:34:38 +0700 Subject: [PATCH] log when old 1-RTT keys are dropped --- internal/handshake/updatable_aead.go | 3 +++ internal/handshake/updatable_aead_test.go | 1 + 2 files changed, 4 insertions(+) diff --git a/internal/handshake/updatable_aead.go b/internal/handshake/updatable_aead.go index 7e777eb9..78c096a8 100644 --- a/internal/handshake/updatable_aead.go +++ b/internal/handshake/updatable_aead.go @@ -150,6 +150,9 @@ func (a *updatableAEAD) Open(dst, src []byte, rcvTime time.Time, pn protocol.Pac if a.prevRcvAEAD != nil && rcvTime.After(a.prevRcvAEADExpiry) { a.prevRcvAEAD = nil a.prevRcvAEADExpiry = time.Time{} + if a.tracer != nil { + a.tracer.DroppedKey(a.keyPhase - 1) + } } binary.BigEndian.PutUint64(a.nonceBuf[len(a.nonceBuf)-8:], uint64(pn)) if kp != a.keyPhase.Bit() { diff --git a/internal/handshake/updatable_aead_test.go b/internal/handshake/updatable_aead_test.go index 3ed89caf..d0a98bf2 100644 --- a/internal/handshake/updatable_aead_test.go +++ b/internal/handshake/updatable_aead_test.go @@ -195,6 +195,7 @@ var _ = Describe("Updatable AEAD", func() { encrypted1 := client.Seal(nil, msg, 0x44, ad) Expect(server.KeyPhase()).To(Equal(protocol.KeyPhaseZero)) serverTracer.EXPECT().UpdatedKey(protocol.KeyPhase(1), true) + serverTracer.EXPECT().DroppedKey(protocol.KeyPhase(0)) _, err = server.Open(nil, encrypted1, now, 0x44, protocol.KeyPhaseOne, ad) Expect(err).ToNot(HaveOccurred()) Expect(server.KeyPhase()).To(Equal(protocol.KeyPhaseOne))