mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-05 13:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

return the encryption level used for Sealing

Browse source
This commit is contained in:
Marten Seemann 2017-02-24 13:59:27 +07:00
parent a97faf0bea
commit 0c20f5e9b3
No known key found for this signature in database
GPG key ID: 3603F40B121FCDEA
8 changed files with 33 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

8
handshake/crypto_setup_client.go
View file

@ -302,14 +302,14 @@ func (h *cryptoSetupClient) Open(dst, src []byte, packetNumber protocol.PacketNu
return res, protocol.EncryptionUnencrypted, nil return res, protocol.EncryptionUnencrypted, nil
} }
func (h *cryptoSetupClient) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { func (h *cryptoSetupClient) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
if h.forwardSecureAEAD != nil { if h.forwardSecureAEAD != nil {
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData) return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionForwardSecure
} }
if h.secureAEAD != nil { if h.secureAEAD != nil {
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData) return h.secureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionSecure
} }
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData) return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnencrypted
} }
func (h *cryptoSetupClient) DiversificationNonce() []byte { func (h *cryptoSetupClient) DiversificationNonce() []byte {

10
handshake/crypto_setup_client_test.go
View file

@ -676,7 +676,9 @@ var _ = Describe("Crypto setup", func() {
Context("null encryption", func() { Context("null encryption", func() {
It("is used initially", func() { It("is used initially", func() {
Expect(cs.Seal(nil, []byte("foobar"), 0, []byte{})).To(Equal(foobarFNVSigned)) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal(foobarFNVSigned))
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
}) })
It("is accepted initially", func() { It("is accepted initially", func() {
@ -709,8 +711,9 @@ var _ = Describe("Crypto setup", func() {
It("is used immediately when available", func() { It("is used immediately when available", func() {
doCompleteREJ() doCompleteREJ()
cs.receivedSecurePacket = false cs.receivedSecurePacket = false
d := cs.Seal(nil, []byte("foobar"), 0, []byte{}) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar normal sec"))) Expect(d).To(Equal([]byte("foobar normal sec")))
Expect(enc).To(Equal(protocol.EncryptionSecure))
}) })
It("is accepted", func() { It("is accepted", func() {
@ -736,8 +739,9 @@ var _ = Describe("Crypto setup", func() {
_, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{}) _, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(enc).To(Equal(protocol.EncryptionForwardSecure)) Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
d := cs.Seal(nil, []byte("foobar"), 0, []byte{}) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar forward sec"))) Expect(d).To(Equal([]byte("foobar forward sec")))
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
}) })
}) })
}) })

2
handshake/crypto_setup_interface.go
View file

@ -6,7 +6,7 @@ import "github.com/lucas-clemente/quic-go/protocol"
type CryptoSetup interface { type CryptoSetup interface {
HandleCryptoStream() error HandleCryptoStream() error
Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error)
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel)
LockForSealing() LockForSealing()
UnlockForSealing() UnlockForSealing()
HandshakeComplete() bool HandshakeComplete() bool

8
handshake/crypto_setup_server.go
View file

@ -185,13 +185,13 @@ func (h *cryptoSetupServer) Open(dst, src []byte, packetNumber protocol.PacketNu
} }
// Seal a message, call LockForSealing() before! // Seal a message, call LockForSealing() before!
func (h *cryptoSetupServer) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { func (h *cryptoSetupServer) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
if h.receivedForwardSecurePacket { if h.receivedForwardSecurePacket {
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData) return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionForwardSecure
} else if h.secureAEAD != nil { } else if h.secureAEAD != nil {
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData) return h.secureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionSecure
} else { } else {
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData) return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnencrypted
} }
} }

16
handshake/crypto_setup_server_test.go
View file

@ -573,7 +573,9 @@ var _ = Describe("Crypto setup", func() {
Context("null encryption", func() { Context("null encryption", func() {
It("is used initially", func() { It("is used initially", func() {
Expect(cs.Seal(nil, []byte("foobar"), 0, []byte{})).To(Equal(foobarFNVSigned)) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal(foobarFNVSigned))
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
}) })
It("is accepted initially", func() { It("is accepted initially", func() {
@ -605,16 +607,18 @@ var _ = Describe("Crypto setup", func() {
It("is not used after CHLO", func() { It("is not used after CHLO", func() {
doCHLO() doCHLO()
d := cs.Seal(nil, []byte("foobar"), 0, []byte{}) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).ToNot(Equal(foobarFNVSigned)) Expect(d).ToNot(Equal(foobarFNVSigned))
Expect(enc).ToNot(Equal(protocol.EncryptionUnencrypted))
}) })
}) })
Context("initial encryption", func() { Context("initial encryption", func() {
It("is used after CHLO", func() { It("is used after CHLO", func() {
doCHLO() doCHLO()
d := cs.Seal(nil, []byte("foobar"), 0, []byte{}) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar normal sec"))) Expect(d).To(Equal([]byte("foobar normal sec")))
Expect(enc).To(Equal(protocol.EncryptionSecure))
}) })
It("is accepted after CHLO", func() { It("is accepted after CHLO", func() {
@ -629,8 +633,9 @@ var _ = Describe("Crypto setup", func() {
doCHLO() doCHLO()
_, _, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{}) _, _, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
d := cs.Seal(nil, []byte("foobar"), 0, []byte{}) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar forward sec"))) Expect(d).To(Equal([]byte("foobar forward sec")))
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
}) })
It("is not accepted after receiving forward secure packet", func() { It("is not accepted after receiving forward secure packet", func() {
@ -649,8 +654,9 @@ var _ = Describe("Crypto setup", func() {
_, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{}) _, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
Expect(enc).To(Equal(protocol.EncryptionForwardSecure)) Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
d := cs.Seal(nil, []byte("foobar"), 0, []byte{}) d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
Expect(d).To(Equal([]byte("foobar forward sec"))) Expect(d).To(Equal([]byte("foobar forward sec")))
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
}) })
}) })
}) })

4
packet_packer_test.go
View file

@ -19,8 +19,8 @@ func (m *mockCryptoSetup) HandleCryptoStream() error { return nil }
func (m *mockCryptoSetup) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) { func (m *mockCryptoSetup) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) {
return nil, protocol.EncryptionUnspecified, nil return nil, protocol.EncryptionUnspecified, nil
} }
func (m *mockCryptoSetup) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { func (m *mockCryptoSetup) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
return append(src, bytes.Repeat([]byte{0}, 12)...) return append(src, bytes.Repeat([]byte{0}, 12)...), protocol.EncryptionUnspecified
} }
func (m *mockCryptoSetup) LockForSealing() {} func (m *mockCryptoSetup) LockForSealing() {}
func (m *mockCryptoSetup) UnlockForSealing() {} func (m *mockCryptoSetup) UnlockForSealing() {}

2
packet_unpacker.go
View file

@ -12,7 +12,7 @@ import (
type quicAEAD interface { type quicAEAD interface {
Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error)
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel)
} }
type packetUnpacker struct { type packetUnpacker struct {

6
packet_unpacker_test.go
View file

@ -20,8 +20,8 @@ func (m *mockAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, ass
res, err := (&crypto.NullAEAD{}).Open(dst, src, packetNumber, associatedData) res, err := (&crypto.NullAEAD{}).Open(dst, src, packetNumber, associatedData)
return res, m.encLevelOpen, err return res, m.encLevelOpen, err
} }
func (m *mockAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte { func (m *mockAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData) return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnspecified
} }
var _ quicAEAD = &mockAEAD{} var _ quicAEAD = &mockAEAD{}
@ -47,7 +47,7 @@ var _ = Describe("Packet unpacker", func() {
}) })
setData := func(p []byte) { setData := func(p []byte) {
data = unpacker.aead.Seal(nil, p, 0, hdrBin) data, _ = unpacker.aead.Seal(nil, p, 0, hdrBin)
} }
It("does not read read a private flag for QUIC Version >= 34", func() { It("does not read read a private flag for QUIC Version >= 34", func() {