mirror of
https://github.com/refraction-networking/uquic.git
synced 2025-04-05 21:27:35 +03:00
return the encryption level used for Sealing
This commit is contained in:
Marten Seemann
parent
a97faf0bea
commit
0c20f5e9b3
8 changed files with 33 additions and 23 deletions
|
|
@ -302,14 +302,14 @@ func (h *cryptoSetupClient) Open(dst, src []byte, packetNumber protocol.PacketNu
|
|||
return res, protocol.EncryptionUnencrypted, nil
|
||||
}
|
||||
|
||||
func (h *cryptoSetupClient) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
|
||||
func (h *cryptoSetupClient) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
|
||||
if h.forwardSecureAEAD != nil {
|
||||
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData)
|
||||
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionForwardSecure
|
||||
}
|
||||
if h.secureAEAD != nil {
|
||||
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData)
|
||||
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionSecure
|
||||
}
|
||||
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData)
|
||||
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnencrypted
|
||||
}
|
||||
|
||||
func (h *cryptoSetupClient) DiversificationNonce() []byte {
|
||||
|
|
|
|||
|
|
@ -676,7 +676,9 @@ var _ = Describe("Crypto setup", func() {
|
|||
|
||||
Context("null encryption", func() {
|
||||
It("is used initially", func() {
|
||||
Expect(cs.Seal(nil, []byte("foobar"), 0, []byte{})).To(Equal(foobarFNVSigned))
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal(foobarFNVSigned))
|
||||
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
|
||||
})
|
||||
|
||||
It("is accepted initially", func() {
|
||||
|
|
@ -709,8 +711,9 @@ var _ = Describe("Crypto setup", func() {
|
|||
It("is used immediately when available", func() {
|
||||
doCompleteREJ()
|
||||
cs.receivedSecurePacket = false
|
||||
d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar normal sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionSecure))
|
||||
})
|
||||
|
||||
It("is accepted", func() {
|
||||
|
|
@ -736,8 +739,9 @@ var _ = Describe("Crypto setup", func() {
|
|||
_, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar forward sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import "github.com/lucas-clemente/quic-go/protocol"
|
|||
type CryptoSetup interface {
|
||||
HandleCryptoStream() error
|
||||
Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error)
|
||||
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
|
||||
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel)
|
||||
LockForSealing()
|
||||
UnlockForSealing()
|
||||
HandshakeComplete() bool
|
||||
|
|
|
|||
|
|
@ -185,13 +185,13 @@ func (h *cryptoSetupServer) Open(dst, src []byte, packetNumber protocol.PacketNu
|
|||
}
|
||||
|
||||
// Seal a message, call LockForSealing() before!
|
||||
func (h *cryptoSetupServer) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
|
||||
func (h *cryptoSetupServer) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
|
||||
if h.receivedForwardSecurePacket {
|
||||
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData)
|
||||
return h.forwardSecureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionForwardSecure
|
||||
} else if h.secureAEAD != nil {
|
||||
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData)
|
||||
return h.secureAEAD.Seal(dst, src, packetNumber, associatedData), protocol.EncryptionSecure
|
||||
} else {
|
||||
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData)
|
||||
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnencrypted
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -573,7 +573,9 @@ var _ = Describe("Crypto setup", func() {
|
|||
|
||||
Context("null encryption", func() {
|
||||
It("is used initially", func() {
|
||||
Expect(cs.Seal(nil, []byte("foobar"), 0, []byte{})).To(Equal(foobarFNVSigned))
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal(foobarFNVSigned))
|
||||
Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
|
||||
})
|
||||
|
||||
It("is accepted initially", func() {
|
||||
|
|
@ -605,16 +607,18 @@ var _ = Describe("Crypto setup", func() {
|
|||
|
||||
It("is not used after CHLO", func() {
|
||||
doCHLO()
|
||||
d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).ToNot(Equal(foobarFNVSigned))
|
||||
Expect(enc).ToNot(Equal(protocol.EncryptionUnencrypted))
|
||||
})
|
||||
})
|
||||
|
||||
Context("initial encryption", func() {
|
||||
It("is used after CHLO", func() {
|
||||
doCHLO()
|
||||
d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar normal sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionSecure))
|
||||
})
|
||||
|
||||
It("is accepted after CHLO", func() {
|
||||
|
|
@ -629,8 +633,9 @@ var _ = Describe("Crypto setup", func() {
|
|||
doCHLO()
|
||||
_, _, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar forward sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
})
|
||||
|
||||
It("is not accepted after receiving forward secure packet", func() {
|
||||
|
|
@ -649,8 +654,9 @@ var _ = Describe("Crypto setup", func() {
|
|||
_, enc, err := cs.Open(nil, []byte("forward secure encrypted"), 0, []byte{})
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
d := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
d, enc := cs.Seal(nil, []byte("foobar"), 0, []byte{})
|
||||
Expect(d).To(Equal([]byte("foobar forward sec")))
|
||||
Expect(enc).To(Equal(protocol.EncryptionForwardSecure))
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ func (m *mockCryptoSetup) HandleCryptoStream() error { return nil }
|
|||
func (m *mockCryptoSetup) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error) {
|
||||
return nil, protocol.EncryptionUnspecified, nil
|
||||
}
|
||||
func (m *mockCryptoSetup) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
|
||||
return append(src, bytes.Repeat([]byte{0}, 12)...)
|
||||
func (m *mockCryptoSetup) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
|
||||
return append(src, bytes.Repeat([]byte{0}, 12)...), protocol.EncryptionUnspecified
|
||||
}
|
||||
func (m *mockCryptoSetup) LockForSealing() {}
|
||||
func (m *mockCryptoSetup) UnlockForSealing() {}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import (
|
|||
|
||||
type quicAEAD interface {
|
||||
Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel, error)
|
||||
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
|
||||
Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel)
|
||||
}
|
||||
|
||||
type packetUnpacker struct {
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ func (m *mockAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, ass
|
|||
res, err := (&crypto.NullAEAD{}).Open(dst, src, packetNumber, associatedData)
|
||||
return res, m.encLevelOpen, err
|
||||
}
|
||||
func (m *mockAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte {
|
||||
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData)
|
||||
func (m *mockAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, protocol.EncryptionLevel) {
|
||||
return (&crypto.NullAEAD{}).Seal(dst, src, packetNumber, associatedData), protocol.EncryptionUnspecified
|
||||
}
|
||||
|
||||
var _ quicAEAD = &mockAEAD{}
|
||||
|
|
@ -47,7 +47,7 @@ var _ = Describe("Packet unpacker", func() {
|
|||
})
|
||||
|
||||
setData := func(p []byte) {
|
||||
data = unpacker.aead.Seal(nil, p, 0, hdrBin)
|
||||
data, _ = unpacker.aead.Seal(nil, p, 0, hdrBin)
|
||||
}
|
||||
|
||||
It("does not read read a private flag for QUIC Version >= 34", func() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue