From 2e9bc93b0c92c961293432ca8528db98102dbd53 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Sat, 9 Sep 2017 16:41:36 +0300
Subject: [PATCH] use the mockAEAD as nullAEAD in the crypto setup tests

---
 .../handshake/crypto_setup_client_test.go     | 35 +++++------
 .../handshake/crypto_setup_server_test.go     | 60 +++++++++----------
 internal/handshake/crypto_setup_tls_test.go   |  2 +-
 3 files changed, 48 insertions(+), 49 deletions(-)

diff --git a/internal/handshake/crypto_setup_client_test.go b/internal/handshake/crypto_setup_client_test.go
index 7fbf0d46..9e3a2e31 100644
--- a/internal/handshake/crypto_setup_client_test.go
+++ b/internal/handshake/crypto_setup_client_test.go
@@ -98,7 +98,11 @@ var _ = Describe("Client Crypto Setup", func() {
 				divNonce:      divNonce,
 				pers:          pers,
 			}
-			return &mockAEAD{forwardSecure: forwardSecure, sharedSecret: sharedSecret}, nil
+			encLevel := protocol.EncryptionSecure
+			if forwardSecure {
+				encLevel = protocol.EncryptionForwardSecure
+			}
+			return &mockAEAD{encLevel: encLevel, sharedSecret: sharedSecret}, nil
 		}
 
 		stream = newMockStream()
@@ -126,6 +130,7 @@ var _ = Describe("Client Crypto Setup", func() {
 		cs.certManager = certManager
 		cs.keyDerivation = keyDerivation
 		cs.keyExchange = func() crypto.KeyExchange { return &mockKEX{ephermal: true} }
+		cs.nullAEAD = &mockAEAD{encLevel: protocol.EncryptionUnencrypted}
 	})
 
 	AfterEach(func() {
@@ -578,8 +583,6 @@ var _ = Describe("Client Crypto Setup", func() {
 	})
 
 	Context("escalating crypto", func() {
-		var foobarFNVSigned []byte
-
 		doCompleteREJ := func() {
 			cs.serverVerified = true
 			err := cs.maybeUpgradeCrypto()
@@ -595,7 +598,6 @@ var _ = Describe("Client Crypto Setup", func() {
 
 		// sets all values necessary for escalating to secureAEAD
 		BeforeEach(func() {
-			foobarFNVSigned = []byte{0x18, 0x6f, 0x44, 0xba, 0x97, 0x35, 0xd, 0x6f, 0xbf, 0x64, 0x3c, 0x79, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72}
 			kex, err := crypto.NewCurve25519KEX()
 			Expect(err).ToNot(HaveOccurred())
 			cs.serverConfig = &serverConfigClient{
@@ -688,20 +690,20 @@ var _ = Describe("Client Crypto Setup", func() {
 				enc, sealer := cs.GetSealer()
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 
 			It("is used for the crypto stream", func() {
 				enc, sealer := cs.GetSealerForCryptoStream()
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 
 			It("is accepted initially", func() {
-				d, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
+				d, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
-				Expect(d).To(Equal([]byte("foobar")))
+				Expect(d).To(Equal([]byte("decrypted")))
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 			})
 
@@ -709,24 +711,23 @@ var _ = Describe("Client Crypto Setup", func() {
 				doCompleteREJ()
 				cs.receivedSecurePacket = false
 				Expect(cs.secureAEAD).ToNot(BeNil())
-				d, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
+				d, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
-				Expect(d).To(Equal([]byte("foobar")))
+				Expect(d).To(Equal([]byte("decrypted")))
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 			})
 
 			It("is not accepted after the server sent an encrypted packet", func() {
 				doCompleteREJ()
 				cs.receivedSecurePacket = true
-				_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
+				_, enc, err := cs.Open(nil, []byte("unecnrypted"), 0, []byte{})
 				Expect(err).To(MatchError("authentication failed"))
 				Expect(enc).To(Equal(protocol.EncryptionUnspecified))
 			})
 
 			It("errors if the has the wrong hash", func() {
-				foobarFNVSigned[0]++
-				_, enc, err := cs.Open(nil, foobarFNVSigned, 0, []byte{})
-				Expect(err).To(MatchError("NullAEAD: failed to authenticate received data"))
+				_, enc, err := cs.Open(nil, []byte("not unecnrypted"), 0, []byte{})
+				Expect(err).To(MatchError("authentication failed"))
 				Expect(enc).To(Equal(protocol.EncryptionUnspecified))
 			})
 		})
@@ -762,7 +763,7 @@ var _ = Describe("Client Crypto Setup", func() {
 				enc, sealer := cs.GetSealerForCryptoStream()
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 		})
 
@@ -783,7 +784,7 @@ var _ = Describe("Client Crypto Setup", func() {
 				enc, sealer := cs.GetSealerForCryptoStream()
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 		})
 
@@ -792,7 +793,7 @@ var _ = Describe("Client Crypto Setup", func() {
 				sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted)
 				Expect(err).ToNot(HaveOccurred())
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 
 			It("forces initial encryption", func() {
diff --git a/internal/handshake/crypto_setup_server_test.go b/internal/handshake/crypto_setup_server_test.go
index 04aef38e..c4f6a91b 100644
--- a/internal/handshake/crypto_setup_server_test.go
+++ b/internal/handshake/crypto_setup_server_test.go
@@ -55,8 +55,8 @@ func (*mockSigner) GetLeafCert(sni string) ([]byte, error) {
 }
 
 type mockAEAD struct {
-	forwardSecure bool
-	sharedSecret  []byte
+	encLevel     protocol.EncryptionLevel
+	sharedSecret []byte
 }
 
 var _ crypto.AEAD = &mockAEAD{}
@@ -67,18 +67,23 @@ func (m *mockAEAD) Seal(dst, src []byte, packetNumber protocol.PacketNumber, ass
 	}
 	dst = dst[:len(src)+12]
 	copy(dst, src)
-	if !m.forwardSecure {
+	switch m.encLevel {
+	case protocol.EncryptionUnencrypted:
+		copy(dst[len(src):], []byte(" unencrypted"))
+	case protocol.EncryptionSecure:
 		copy(dst[len(src):], []byte("  normal sec"))
-	} else {
+	case protocol.EncryptionForwardSecure:
 		copy(dst[len(src):], []byte(" forward sec"))
+	default:
+		Fail("invalid encryption level")
 	}
 	return dst
 }
 
 func (m *mockAEAD) Open(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) ([]byte, error) {
-	if m.forwardSecure && string(src) == "forward secure encrypted" {
-		return []byte("decrypted"), nil
-	} else if !m.forwardSecure && string(src) == "encrypted" {
+	if m.encLevel == protocol.EncryptionUnencrypted && string(src) == "unencrypted" ||
+		m.encLevel == protocol.EncryptionForwardSecure && string(src) == "forward secure encrypted" ||
+		m.encLevel == protocol.EncryptionSecure && string(src) == "encrypted" {
 		return []byte("decrypted"), nil
 	}
 	return nil, errors.New("authentication failed")
@@ -92,12 +97,15 @@ var expectedInitialNonceLen int
 var expectedFSNonceLen int
 
 func mockQuicCryptoKeyDerivation(forwardSecure bool, sharedSecret, nonces []byte, connID protocol.ConnectionID, chlo []byte, scfg []byte, cert []byte, divNonce []byte, pers protocol.Perspective) (crypto.AEAD, error) {
+	var encLevel protocol.EncryptionLevel
 	if forwardSecure {
+		encLevel = protocol.EncryptionForwardSecure
 		Expect(nonces).To(HaveLen(expectedFSNonceLen))
 	} else {
+		encLevel = protocol.EncryptionSecure
 		Expect(nonces).To(HaveLen(expectedInitialNonceLen))
 	}
-	return &mockAEAD{forwardSecure: forwardSecure, sharedSecret: sharedSecret}, nil
+	return &mockAEAD{encLevel: encLevel, sharedSecret: sharedSecret}, nil
 }
 
 type mockStream struct {
@@ -216,6 +224,7 @@ var _ = Describe("Server Crypto Setup", func() {
 		cs.acceptSTKCallback = func(_ net.Addr, _ *Cookie) bool { return sourceAddrValid }
 		cs.keyDerivation = mockQuicCryptoKeyDerivation
 		cs.keyExchange = func() crypto.KeyExchange { return &mockKEX{ephermal: true} }
+		cs.nullAEAD = &mockAEAD{encLevel: protocol.EncryptionUnencrypted}
 	})
 
 	AfterEach(func() {
@@ -334,11 +343,11 @@ var _ = Describe("Server Crypto Setup", func() {
 				Expect(response).To(ContainSubstring(string(b.Bytes())))
 			}
 			Expect(cs.secureAEAD).ToNot(BeNil())
-			Expect(cs.secureAEAD.(*mockAEAD).forwardSecure).To(BeFalse())
+			Expect(cs.secureAEAD.(*mockAEAD).encLevel).To(Equal(protocol.EncryptionSecure))
 			Expect(cs.secureAEAD.(*mockAEAD).sharedSecret).To(Equal([]byte("shared key")))
 			Expect(cs.forwardSecureAEAD).ToNot(BeNil())
 			Expect(cs.forwardSecureAEAD.(*mockAEAD).sharedSecret).To(Equal([]byte("shared ephermal")))
-			Expect(cs.forwardSecureAEAD.(*mockAEAD).forwardSecure).To(BeTrue())
+			Expect(cs.forwardSecureAEAD.(*mockAEAD).encLevel).To(Equal(protocol.EncryptionForwardSecure))
 		})
 
 		It("handles long handshake", func() {
@@ -544,16 +553,6 @@ var _ = Describe("Server Crypto Setup", func() {
 	})
 
 	Context("escalating crypto", func() {
-		var foobarServerFNVSigned []byte // a "foobar" sent by the server, FNV signed
-		var foobarClientFNVSigned []byte // a "foobar" sent by the client, FNV signed
-
-		BeforeEach(func() {
-			nullAEADServer := crypto.NewNullAEAD(protocol.PerspectiveServer, version)
-			foobarServerFNVSigned = nullAEADServer.Seal(nil, []byte("foobar"), 0, []byte{})
-			nullAEADClient := crypto.NewNullAEAD(protocol.PerspectiveClient, version)
-			foobarClientFNVSigned = nullAEADClient.Seal(nil, []byte("foobar"), 0, []byte{})
-		})
-
 		doCHLO := func() {
 			_, err := cs.handleCHLO("", []byte("chlo-data"), map[Tag][]byte{
 				TagPUBS: []byte("pubs-c"),
@@ -571,34 +570,33 @@ var _ = Describe("Server Crypto Setup", func() {
 				enc, sealer := cs.GetSealer()
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarServerFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 
 			It("is used for crypto stream", func() {
 				enc, sealer := cs.GetSealerForCryptoStream()
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarServerFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 
 			It("is accepted initially", func() {
-				d, enc, err := cs.Open(nil, foobarClientFNVSigned, 0, []byte{})
+				d, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
-				Expect(d).To(Equal([]byte("foobar")))
+				Expect(d).To(Equal([]byte("decrypted")))
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 			})
 
 			It("errors if the has the wrong hash", func() {
-				foobarClientFNVSigned[0]++
-				_, enc, err := cs.Open(nil, foobarClientFNVSigned, 0, []byte{})
-				Expect(err).To(MatchError("NullAEAD: failed to authenticate received data"))
+				_, enc, err := cs.Open(nil, []byte("not unencrypted"), 0, []byte{})
+				Expect(err).To(MatchError("authentication failed"))
 				Expect(enc).To(Equal(protocol.EncryptionUnspecified))
 			})
 
 			It("is still accepted after CHLO", func() {
 				doCHLO()
 				Expect(cs.secureAEAD).ToNot(BeNil())
-				_, enc, err := cs.Open(nil, foobarClientFNVSigned, 0, []byte{})
+				_, enc, err := cs.Open(nil, []byte("unencrypted"), 0, []byte{})
 				Expect(err).ToNot(HaveOccurred())
 				Expect(enc).To(Equal(protocol.EncryptionUnencrypted))
 			})
@@ -610,7 +608,7 @@ var _ = Describe("Server Crypto Setup", func() {
 				Expect(enc).To(Equal(protocol.EncryptionSecure))
 				Expect(err).ToNot(HaveOccurred())
 				Expect(d).To(Equal([]byte("decrypted")))
-				_, enc, err = cs.Open(nil, foobarClientFNVSigned, 0, []byte{})
+				_, enc, err = cs.Open(nil, []byte("foobar unencrypted"), 0, []byte{})
 				Expect(err).To(MatchError("authentication failed"))
 				Expect(enc).To(Equal(protocol.EncryptionUnspecified))
 			})
@@ -620,7 +618,7 @@ var _ = Describe("Server Crypto Setup", func() {
 				enc, sealer := cs.GetSealer()
 				Expect(enc).ToNot(Equal(protocol.EncryptionUnencrypted))
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).ToNot(Equal(foobarServerFNVSigned))
+				Expect(d).ToNot(Equal([]byte("foobar unencrypted")))
 			})
 		})
 
@@ -673,7 +671,7 @@ var _ = Describe("Server Crypto Setup", func() {
 				sealer, err := cs.GetSealerWithEncryptionLevel(protocol.EncryptionUnencrypted)
 				Expect(err).ToNot(HaveOccurred())
 				d := sealer.Seal(nil, []byte("foobar"), 0, []byte{})
-				Expect(d).To(Equal(foobarServerFNVSigned))
+				Expect(d).To(Equal([]byte("foobar unencrypted")))
 			})
 
 			It("forces initial encryption", func() {
diff --git a/internal/handshake/crypto_setup_tls_test.go b/internal/handshake/crypto_setup_tls_test.go
index 1d90954e..35a93f53 100644
--- a/internal/handshake/crypto_setup_tls_test.go
+++ b/internal/handshake/crypto_setup_tls_test.go
@@ -27,7 +27,7 @@ func (h *fakeMintController) ComputeExporter(label string, context []byte, keyLe
 }
 
 func mockKeyDerivation(crypto.MintController, protocol.Perspective) (crypto.AEAD, error) {
-	return &mockAEAD{forwardSecure: true}, nil
+	return &mockAEAD{encLevel: protocol.EncryptionForwardSecure}, nil
 }
 
 var _ = Describe("TLS Crypto Setup", func() {