mirror of
https://github.com/refraction-networking/uquic.git
synced 2025-04-03 20:27:35 +03:00
use a synchronous API for the crypto setup (#3939)
This commit is contained in:
Marten Seemann
GitHub
parent
2c0e7e02b0
commit
469a6153b6
18 changed files with 696 additions and 1032 deletions
|
|
@ -27,46 +27,9 @@ const (
|
|||
typeNewSessionTicket = 4
|
||||
)
|
||||
|
||||
type chunk struct {
|
||||
data []byte
|
||||
encLevel protocol.EncryptionLevel
|
||||
}
|
||||
|
||||
type stream struct {
|
||||
encLevel protocol.EncryptionLevel
|
||||
chunkChan chan<- chunk
|
||||
}
|
||||
|
||||
func newStream(chunkChan chan<- chunk, encLevel protocol.EncryptionLevel) *stream {
|
||||
return &stream{
|
||||
chunkChan: chunkChan,
|
||||
encLevel: encLevel,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *stream) Write(b []byte) (int, error) {
|
||||
data := make([]byte, len(b))
|
||||
copy(data, b)
|
||||
select {
|
||||
case s.chunkChan <- chunk{data: data, encLevel: s.encLevel}:
|
||||
default:
|
||||
panic("chunkChan too small")
|
||||
}
|
||||
return len(b), nil
|
||||
}
|
||||
|
||||
var _ = Describe("Crypto Setup TLS", func() {
|
||||
var clientConf, serverConf *tls.Config
|
||||
|
||||
// unparam incorrectly complains that the first argument is never used.
|
||||
//nolint:unparam
|
||||
initStreams := func() (chan chunk, *stream /* initial */, *stream /* handshake */) {
|
||||
chunkChan := make(chan chunk, 100)
|
||||
initialStream := newStream(chunkChan, protocol.EncryptionInitial)
|
||||
handshakeStream := newStream(chunkChan, protocol.EncryptionHandshake)
|
||||
return chunkChan, initialStream, handshakeStream
|
||||
}
|
||||
|
||||
BeforeEach(func() {
|
||||
serverConf = testdata.GetTLSConfig()
|
||||
serverConf.NextProtos = []string{"crypto-setup"}
|
||||
|
|
@ -78,17 +41,12 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
})
|
||||
|
||||
It("handles qtls errors occurring before during ClientHello generation", func() {
|
||||
_, sInitialStream, sHandshakeStream := initStreams()
|
||||
tlsConf := testdata.GetTLSConfig()
|
||||
tlsConf.InsecureSkipVerify = true
|
||||
tlsConf.NextProtos = []string{""}
|
||||
cl, _ := NewCryptoSetupClient(
|
||||
sInitialStream,
|
||||
sHandshakeStream,
|
||||
nil,
|
||||
cl := NewCryptoSetupClient(
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{},
|
||||
NewMockHandshakeRunner(mockCtrl),
|
||||
tlsConf,
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
|
|
@ -104,16 +62,10 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
})
|
||||
|
||||
It("errors when a message is received at the wrong encryption level", func() {
|
||||
_, sInitialStream, sHandshakeStream := initStreams()
|
||||
runner := NewMockHandshakeRunner(mockCtrl)
|
||||
var token protocol.StatelessResetToken
|
||||
server := NewCryptoSetupServer(
|
||||
sInitialStream,
|
||||
sHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{StatelessResetToken: &token},
|
||||
runner,
|
||||
testdata.GetTLSConfig(),
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
|
|
@ -158,32 +110,73 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
return rttStats
|
||||
}
|
||||
|
||||
handshake := func(client CryptoSetup, cChunkChan <-chan chunk, server CryptoSetup, sChunkChan <-chan chunk) {
|
||||
// The clientEvents and serverEvents contain all events that were not processed by the function,
|
||||
// i.e. not EventWriteInitialData, EventWriteHandshakeData, EventHandshakeComplete.
|
||||
handshake := func(client, server CryptoSetup) (clientEvents []Event, clientErr error, serverEvents []Event, serverErr error) {
|
||||
Expect(client.StartHandshake()).To(Succeed())
|
||||
Expect(server.StartHandshake()).To(Succeed())
|
||||
|
||||
for {
|
||||
select {
|
||||
case c := <-cChunkChan:
|
||||
Expect(server.HandleMessage(c.data, c.encLevel)).To(Succeed())
|
||||
continue
|
||||
default:
|
||||
}
|
||||
select {
|
||||
case c := <-sChunkChan:
|
||||
Expect(client.HandleMessage(c.data, c.encLevel)).To(Succeed())
|
||||
continue
|
||||
default:
|
||||
}
|
||||
// no more messages to send from client and server. Handshake complete?
|
||||
break
|
||||
}
|
||||
var clientHandshakeComplete, serverHandshakeComplete bool
|
||||
|
||||
ticket, err := server.GetSessionTicket()
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
if ticket != nil {
|
||||
Expect(client.HandleMessage(ticket, protocol.Encryption1RTT)).To(Succeed())
|
||||
for {
|
||||
clientLoop:
|
||||
for {
|
||||
ev := client.NextEvent()
|
||||
//nolint:exhaustive // only need to process a few events
|
||||
switch ev.Kind {
|
||||
case EventNoEvent:
|
||||
break clientLoop
|
||||
case EventWriteInitialData:
|
||||
if err := server.HandleMessage(ev.Data, protocol.EncryptionInitial); err != nil {
|
||||
serverErr = err
|
||||
return
|
||||
}
|
||||
case EventWriteHandshakeData:
|
||||
if err := server.HandleMessage(ev.Data, protocol.EncryptionHandshake); err != nil {
|
||||
serverErr = err
|
||||
return
|
||||
}
|
||||
case EventHandshakeComplete:
|
||||
clientHandshakeComplete = true
|
||||
default:
|
||||
clientEvents = append(clientEvents, ev)
|
||||
}
|
||||
}
|
||||
|
||||
serverLoop:
|
||||
for {
|
||||
ev := server.NextEvent()
|
||||
//nolint:exhaustive // only need to process a few events
|
||||
switch ev.Kind {
|
||||
case EventNoEvent:
|
||||
break serverLoop
|
||||
case EventWriteInitialData:
|
||||
if err := client.HandleMessage(ev.Data, protocol.EncryptionInitial); err != nil {
|
||||
clientErr = err
|
||||
return
|
||||
}
|
||||
case EventWriteHandshakeData:
|
||||
if err := client.HandleMessage(ev.Data, protocol.EncryptionHandshake); err != nil {
|
||||
clientErr = err
|
||||
return
|
||||
}
|
||||
case EventHandshakeComplete:
|
||||
serverHandshakeComplete = true
|
||||
ticket, err := server.GetSessionTicket()
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
if ticket != nil {
|
||||
Expect(client.HandleMessage(ticket, protocol.Encryption1RTT)).To(Succeed())
|
||||
}
|
||||
default:
|
||||
serverEvents = append(serverEvents, ev)
|
||||
}
|
||||
}
|
||||
|
||||
if clientHandshakeComplete && serverHandshakeComplete {
|
||||
break
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
handshakeWithTLSConf := func(
|
||||
|
|
@ -191,22 +184,12 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
clientRTTStats, serverRTTStats *utils.RTTStats,
|
||||
clientTransportParameters, serverTransportParameters *wire.TransportParameters,
|
||||
enable0RTT bool,
|
||||
) (<-chan *wire.TransportParameters /* clientHelloWrittenChan */, CryptoSetup /* client */, error /* client error */, CryptoSetup /* server */, error /* server error */) {
|
||||
var cHandshakeComplete bool
|
||||
cChunkChan, cInitialStream, cHandshakeStream := initStreams()
|
||||
cErrChan := make(chan error, 1)
|
||||
cRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
cRunner.EXPECT().OnReceivedParams(gomock.Any())
|
||||
cRunner.EXPECT().OnReceivedReadKeys().MinTimes(2).MaxTimes(3) // 3 if using 0-RTT, 2 otherwise
|
||||
cRunner.EXPECT().OnHandshakeComplete().Do(func() { cHandshakeComplete = true }).MaxTimes(1)
|
||||
cRunner.EXPECT().DropKeys(gomock.Any()).MaxTimes(1)
|
||||
client, clientHelloWrittenChan := NewCryptoSetupClient(
|
||||
cInitialStream,
|
||||
cHandshakeStream,
|
||||
nil,
|
||||
) (CryptoSetup /* client */, []Event /* more client events */, error, /* client error */
|
||||
CryptoSetup /* server */, []Event /* more server events */, error, /* server error */
|
||||
) {
|
||||
client := NewCryptoSetupClient(
|
||||
protocol.ConnectionID{},
|
||||
clientTransportParameters,
|
||||
cRunner,
|
||||
clientConf,
|
||||
enable0RTT,
|
||||
clientRTTStats,
|
||||
|
|
@ -215,24 +198,13 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
protocol.Version1,
|
||||
)
|
||||
|
||||
var sHandshakeComplete bool
|
||||
sChunkChan, sInitialStream, sHandshakeStream := initStreams()
|
||||
sErrChan := make(chan error, 1)
|
||||
sRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
sRunner.EXPECT().OnReceivedParams(gomock.Any())
|
||||
sRunner.EXPECT().OnReceivedReadKeys().MinTimes(2).MaxTimes(3) // 3 if using 0-RTT, 2 otherwise
|
||||
sRunner.EXPECT().OnHandshakeComplete().Do(func() { sHandshakeComplete = true }).MaxTimes(1)
|
||||
if serverTransportParameters.StatelessResetToken == nil {
|
||||
var token protocol.StatelessResetToken
|
||||
serverTransportParameters.StatelessResetToken = &token
|
||||
}
|
||||
server := NewCryptoSetupServer(
|
||||
sInitialStream,
|
||||
sHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
serverTransportParameters,
|
||||
sRunner,
|
||||
serverConf,
|
||||
enable0RTT,
|
||||
serverRTTStats,
|
||||
|
|
@ -240,24 +212,12 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
utils.DefaultLogger.WithPrefix("server"),
|
||||
protocol.Version1,
|
||||
)
|
||||
|
||||
handshake(client, cChunkChan, server, sChunkChan)
|
||||
var cErr, sErr error
|
||||
select {
|
||||
case sErr = <-sErrChan:
|
||||
default:
|
||||
Expect(sHandshakeComplete).To(BeTrue())
|
||||
}
|
||||
select {
|
||||
case cErr = <-cErrChan:
|
||||
default:
|
||||
Expect(cHandshakeComplete).To(BeTrue())
|
||||
}
|
||||
return clientHelloWrittenChan, client, cErr, server, sErr
|
||||
cEvents, cErr, sEvents, sErr := handshake(client, server)
|
||||
return client, cEvents, cErr, server, sEvents, sErr
|
||||
}
|
||||
|
||||
It("handshakes", func() {
|
||||
_, _, clientErr, _, serverErr := handshakeWithTLSConf(
|
||||
_, _, clientErr, _, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -269,7 +229,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
|
||||
It("performs a HelloRetryRequst", func() {
|
||||
serverConf.CurvePreferences = []tls.CurveID{tls.CurveP384}
|
||||
_, _, clientErr, _, serverErr := handshakeWithTLSConf(
|
||||
_, _, clientErr, _, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -282,7 +242,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
It("handshakes with client auth", func() {
|
||||
clientConf.Certificates = []tls.Certificate{generateCert()}
|
||||
serverConf.ClientAuth = tls.RequireAnyClientCert
|
||||
_, _, clientErr, _, serverErr := handshakeWithTLSConf(
|
||||
_, _, clientErr, _, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -292,50 +252,11 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Expect(serverErr).ToNot(HaveOccurred())
|
||||
})
|
||||
|
||||
It("signals when it has written the ClientHello", func() {
|
||||
runner := NewMockHandshakeRunner(mockCtrl)
|
||||
cChunkChan, cInitialStream, cHandshakeStream := initStreams()
|
||||
client, chChan := NewCryptoSetupClient(
|
||||
cInitialStream,
|
||||
cHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{},
|
||||
runner,
|
||||
&tls.Config{InsecureSkipVerify: true},
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
nil,
|
||||
utils.DefaultLogger.WithPrefix("client"),
|
||||
protocol.Version1,
|
||||
)
|
||||
|
||||
Expect(client.StartHandshake()).To(Succeed())
|
||||
var ch chunk
|
||||
Eventually(cChunkChan).Should(Receive(&ch))
|
||||
Eventually(chChan).Should(Receive(BeNil()))
|
||||
// make sure the whole ClientHello was written
|
||||
Expect(len(ch.data)).To(BeNumerically(">=", 4))
|
||||
Expect(ch.data[0]).To(BeEquivalentTo(typeClientHello))
|
||||
length := int(ch.data[1])<<16 | int(ch.data[2])<<8 | int(ch.data[3])
|
||||
Expect(len(ch.data) - 4).To(Equal(length))
|
||||
})
|
||||
|
||||
It("receives transport parameters", func() {
|
||||
var cTransportParametersRcvd, sTransportParametersRcvd *wire.TransportParameters
|
||||
cChunkChan, cInitialStream, cHandshakeStream := initStreams()
|
||||
cTransportParameters := &wire.TransportParameters{ActiveConnectionIDLimit: 2, MaxIdleTimeout: 0x42 * time.Second}
|
||||
cRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
cRunner.EXPECT().OnReceivedReadKeys().Times(2)
|
||||
cRunner.EXPECT().OnReceivedParams(gomock.Any()).Do(func(tp *wire.TransportParameters) { sTransportParametersRcvd = tp })
|
||||
cRunner.EXPECT().OnHandshakeComplete()
|
||||
client, _ := NewCryptoSetupClient(
|
||||
cInitialStream,
|
||||
cHandshakeStream,
|
||||
nil,
|
||||
cTransportParameters := &wire.TransportParameters{ActiveConnectionIDLimit: 2, MaxIdleTimeout: 42 * time.Second}
|
||||
client := NewCryptoSetupClient(
|
||||
protocol.ConnectionID{},
|
||||
cTransportParameters,
|
||||
cRunner,
|
||||
clientConf,
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
|
|
@ -344,24 +265,15 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
protocol.Version1,
|
||||
)
|
||||
|
||||
sChunkChan, sInitialStream, sHandshakeStream := initStreams()
|
||||
var token protocol.StatelessResetToken
|
||||
sRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
sRunner.EXPECT().OnReceivedReadKeys().Times(2)
|
||||
sRunner.EXPECT().OnReceivedParams(gomock.Any()).Do(func(tp *wire.TransportParameters) { cTransportParametersRcvd = tp })
|
||||
sRunner.EXPECT().OnHandshakeComplete()
|
||||
sTransportParameters := &wire.TransportParameters{
|
||||
MaxIdleTimeout: 0x1337 * time.Second,
|
||||
MaxIdleTimeout: 1337 * time.Second,
|
||||
StatelessResetToken: &token,
|
||||
ActiveConnectionIDLimit: 2,
|
||||
}
|
||||
server := NewCryptoSetupServer(
|
||||
sInitialStream,
|
||||
sHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
sTransportParameters,
|
||||
sRunner,
|
||||
serverConf,
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
|
|
@ -370,68 +282,38 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
protocol.Version1,
|
||||
)
|
||||
|
||||
done := make(chan struct{})
|
||||
go func() {
|
||||
defer GinkgoRecover()
|
||||
handshake(client, cChunkChan, server, sChunkChan)
|
||||
close(done)
|
||||
}()
|
||||
Eventually(done).Should(BeClosed())
|
||||
Expect(cTransportParametersRcvd.MaxIdleTimeout).To(Equal(cTransportParameters.MaxIdleTimeout))
|
||||
Expect(sTransportParametersRcvd).ToNot(BeNil())
|
||||
Expect(sTransportParametersRcvd.MaxIdleTimeout).To(Equal(sTransportParameters.MaxIdleTimeout))
|
||||
clientEvents, cErr, serverEvents, sErr := handshake(client, server)
|
||||
Expect(cErr).ToNot(HaveOccurred())
|
||||
Expect(sErr).ToNot(HaveOccurred())
|
||||
var clientReceivedTransportParameters *wire.TransportParameters
|
||||
for _, ev := range clientEvents {
|
||||
if ev.Kind == EventReceivedTransportParameters {
|
||||
clientReceivedTransportParameters = ev.TransportParameters
|
||||
}
|
||||
}
|
||||
Expect(clientReceivedTransportParameters).ToNot(BeNil())
|
||||
Expect(clientReceivedTransportParameters.MaxIdleTimeout).To(Equal(1337 * time.Second))
|
||||
|
||||
var serverReceivedTransportParameters *wire.TransportParameters
|
||||
for _, ev := range serverEvents {
|
||||
if ev.Kind == EventReceivedTransportParameters {
|
||||
serverReceivedTransportParameters = ev.TransportParameters
|
||||
}
|
||||
}
|
||||
Expect(serverReceivedTransportParameters).ToNot(BeNil())
|
||||
Expect(serverReceivedTransportParameters.MaxIdleTimeout).To(Equal(42 * time.Second))
|
||||
})
|
||||
|
||||
Context("with session tickets", func() {
|
||||
It("errors when the NewSessionTicket is sent at the wrong encryption level", func() {
|
||||
cChunkChan, cInitialStream, cHandshakeStream := initStreams()
|
||||
cRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
cRunner.EXPECT().OnReceivedParams(gomock.Any())
|
||||
cRunner.EXPECT().OnReceivedReadKeys().Times(2)
|
||||
cRunner.EXPECT().OnHandshakeComplete()
|
||||
client, _ := NewCryptoSetupClient(
|
||||
cInitialStream,
|
||||
cHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
cRunner,
|
||||
clientConf,
|
||||
client, _, clientErr, _, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
nil,
|
||||
utils.DefaultLogger.WithPrefix("client"),
|
||||
protocol.Version1,
|
||||
)
|
||||
|
||||
sChunkChan, sInitialStream, sHandshakeStream := initStreams()
|
||||
sRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
sRunner.EXPECT().OnReceivedParams(gomock.Any())
|
||||
sRunner.EXPECT().OnReceivedReadKeys().Times(2)
|
||||
sRunner.EXPECT().OnHandshakeComplete()
|
||||
var token protocol.StatelessResetToken
|
||||
server := NewCryptoSetupServer(
|
||||
sInitialStream,
|
||||
sHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2, StatelessResetToken: &token},
|
||||
sRunner,
|
||||
serverConf,
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
nil,
|
||||
utils.DefaultLogger.WithPrefix("server"),
|
||||
protocol.Version1,
|
||||
)
|
||||
|
||||
done := make(chan struct{})
|
||||
go func() {
|
||||
defer GinkgoRecover()
|
||||
handshake(client, cChunkChan, server, sChunkChan)
|
||||
close(done)
|
||||
}()
|
||||
Eventually(done).Should(BeClosed())
|
||||
Expect(clientErr).ToNot(HaveOccurred())
|
||||
Expect(serverErr).ToNot(HaveOccurred())
|
||||
|
||||
// inject an invalid session ticket
|
||||
b := append([]byte{uint8(typeNewSessionTicket), 0, 0, 6}, []byte("foobar")...)
|
||||
|
|
@ -441,54 +323,14 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
})
|
||||
|
||||
It("errors when handling the NewSessionTicket fails", func() {
|
||||
cChunkChan, cInitialStream, cHandshakeStream := initStreams()
|
||||
cRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
cRunner.EXPECT().OnReceivedParams(gomock.Any())
|
||||
cRunner.EXPECT().OnReceivedReadKeys().Times(2)
|
||||
cRunner.EXPECT().OnHandshakeComplete()
|
||||
client, _ := NewCryptoSetupClient(
|
||||
cInitialStream,
|
||||
cHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
cRunner,
|
||||
clientConf,
|
||||
client, _, clientErr, _, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
nil,
|
||||
utils.DefaultLogger.WithPrefix("client"),
|
||||
protocol.Version1,
|
||||
)
|
||||
|
||||
sChunkChan, sInitialStream, sHandshakeStream := initStreams()
|
||||
sRunner := NewMockHandshakeRunner(mockCtrl)
|
||||
sRunner.EXPECT().OnReceivedParams(gomock.Any())
|
||||
sRunner.EXPECT().OnReceivedReadKeys().Times(2)
|
||||
sRunner.EXPECT().OnHandshakeComplete()
|
||||
var token protocol.StatelessResetToken
|
||||
server := NewCryptoSetupServer(
|
||||
sInitialStream,
|
||||
sHandshakeStream,
|
||||
nil,
|
||||
protocol.ConnectionID{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2, StatelessResetToken: &token},
|
||||
sRunner,
|
||||
serverConf,
|
||||
false,
|
||||
&utils.RTTStats{},
|
||||
nil,
|
||||
utils.DefaultLogger.WithPrefix("server"),
|
||||
protocol.Version1,
|
||||
)
|
||||
|
||||
done := make(chan struct{})
|
||||
go func() {
|
||||
defer GinkgoRecover()
|
||||
handshake(client, cChunkChan, server, sChunkChan)
|
||||
close(done)
|
||||
}()
|
||||
Eventually(done).Should(BeClosed())
|
||||
Expect(clientErr).ToNot(HaveOccurred())
|
||||
Expect(serverErr).ToNot(HaveOccurred())
|
||||
|
||||
// inject an invalid session ticket
|
||||
b := append([]byte{uint8(typeNewSessionTicket), 0, 0, 6}, []byte("foobar")...)
|
||||
|
|
@ -509,7 +351,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
clientConf.ClientSessionCache = csc
|
||||
const clientRTT = 30 * time.Millisecond // RTT as measured by the client. Should be restored.
|
||||
clientOrigRTTStats := newRTTStatsWithRTT(clientRTT)
|
||||
clientHelloWrittenChan, client, clientErr, server, serverErr := handshakeWithTLSConf(
|
||||
client, _, clientErr, server, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
clientOrigRTTStats, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -520,12 +362,11 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Eventually(receivedSessionTicket).Should(BeClosed())
|
||||
Expect(server.ConnectionState().DidResume).To(BeFalse())
|
||||
Expect(client.ConnectionState().DidResume).To(BeFalse())
|
||||
Expect(clientHelloWrittenChan).To(Receive(BeNil()))
|
||||
|
||||
csc.EXPECT().Get(gomock.Any()).Return(state, true)
|
||||
csc.EXPECT().Put(gomock.Any(), gomock.Any()).MaxTimes(1)
|
||||
clientRTTStats := &utils.RTTStats{}
|
||||
clientHelloWrittenChan, client, clientErr, server, serverErr = handshakeWithTLSConf(
|
||||
client, _, clientErr, server, _, serverErr = handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
clientRTTStats, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -537,7 +378,6 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Expect(server.ConnectionState().DidResume).To(BeTrue())
|
||||
Expect(client.ConnectionState().DidResume).To(BeTrue())
|
||||
Expect(clientRTTStats.SmoothedRTT()).To(Equal(clientRTT))
|
||||
Expect(clientHelloWrittenChan).To(Receive(BeNil()))
|
||||
})
|
||||
|
||||
It("doesn't use session resumption if the server disabled it", func() {
|
||||
|
|
@ -550,7 +390,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
close(receivedSessionTicket)
|
||||
})
|
||||
clientConf.ClientSessionCache = csc
|
||||
_, client, clientErr, server, serverErr := handshakeWithTLSConf(
|
||||
client, _, clientErr, server, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -564,7 +404,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
|
||||
serverConf.SessionTicketsDisabled = true
|
||||
csc.EXPECT().Get(gomock.Any()).Return(state, true)
|
||||
_, client, clientErr, server, serverErr = handshakeWithTLSConf(
|
||||
client, _, clientErr, server, _, serverErr = handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
&utils.RTTStats{}, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2}, &wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -592,7 +432,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
serverOrigRTTStats := newRTTStatsWithRTT(serverRTT)
|
||||
clientOrigRTTStats := newRTTStatsWithRTT(clientRTT)
|
||||
const initialMaxData protocol.ByteCount = 1337
|
||||
clientHelloWrittenChan, client, clientErr, server, serverErr := handshakeWithTLSConf(
|
||||
client, _, clientErr, server, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
clientOrigRTTStats, serverOrigRTTStats,
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -604,14 +444,13 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Eventually(receivedSessionTicket).Should(BeClosed())
|
||||
Expect(server.ConnectionState().DidResume).To(BeFalse())
|
||||
Expect(client.ConnectionState().DidResume).To(BeFalse())
|
||||
Expect(clientHelloWrittenChan).To(Receive(BeNil()))
|
||||
|
||||
csc.EXPECT().Get(gomock.Any()).Return(state, true)
|
||||
csc.EXPECT().Put(gomock.Any(), gomock.Any()).MaxTimes(1)
|
||||
|
||||
clientRTTStats := &utils.RTTStats{}
|
||||
serverRTTStats := &utils.RTTStats{}
|
||||
clientHelloWrittenChan, client, clientErr, server, serverErr = handshakeWithTLSConf(
|
||||
client, clientEvents, clientErr, server, serverEvents, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
clientRTTStats, serverRTTStats,
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -624,9 +463,30 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Expect(serverRTTStats.SmoothedRTT()).To(Equal(serverRTT))
|
||||
|
||||
var tp *wire.TransportParameters
|
||||
Expect(clientHelloWrittenChan).To(Receive(&tp))
|
||||
var clientReceived0RTTKeys bool
|
||||
for _, ev := range clientEvents {
|
||||
//nolint:exhaustive // only need to process a few events
|
||||
switch ev.Kind {
|
||||
case EventRestoredTransportParameters:
|
||||
tp = ev.TransportParameters
|
||||
case EventReceivedReadKeys:
|
||||
clientReceived0RTTKeys = true
|
||||
}
|
||||
}
|
||||
Expect(clientReceived0RTTKeys).To(BeTrue())
|
||||
Expect(tp).ToNot(BeNil())
|
||||
Expect(tp.InitialMaxData).To(Equal(initialMaxData))
|
||||
|
||||
var serverReceived0RTTKeys bool
|
||||
for _, ev := range serverEvents {
|
||||
//nolint:exhaustive // only need to process a few events
|
||||
switch ev.Kind {
|
||||
case EventReceivedReadKeys:
|
||||
serverReceived0RTTKeys = true
|
||||
}
|
||||
}
|
||||
Expect(serverReceived0RTTKeys).To(BeTrue())
|
||||
|
||||
Expect(server.ConnectionState().DidResume).To(BeTrue())
|
||||
Expect(client.ConnectionState().DidResume).To(BeTrue())
|
||||
Expect(server.ConnectionState().Used0RTT).To(BeTrue())
|
||||
|
|
@ -646,7 +506,7 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
const clientRTT = 30 * time.Millisecond // RTT as measured by the client. Should be restored.
|
||||
clientOrigRTTStats := newRTTStatsWithRTT(clientRTT)
|
||||
const initialMaxData protocol.ByteCount = 1337
|
||||
clientHelloWrittenChan, client, clientErr, server, serverErr := handshakeWithTLSConf(
|
||||
client, _, clientErr, server, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
clientOrigRTTStats, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -658,13 +518,12 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Eventually(receivedSessionTicket).Should(BeClosed())
|
||||
Expect(server.ConnectionState().DidResume).To(BeFalse())
|
||||
Expect(client.ConnectionState().DidResume).To(BeFalse())
|
||||
Expect(clientHelloWrittenChan).To(Receive(BeNil()))
|
||||
|
||||
csc.EXPECT().Get(gomock.Any()).Return(state, true)
|
||||
csc.EXPECT().Put(gomock.Any(), gomock.Any()).MaxTimes(1)
|
||||
|
||||
clientRTTStats := &utils.RTTStats{}
|
||||
clientHelloWrittenChan, client, clientErr, server, serverErr = handshakeWithTLSConf(
|
||||
client, clientEvents, clientErr, server, _, serverErr := handshakeWithTLSConf(
|
||||
clientConf, serverConf,
|
||||
clientRTTStats, &utils.RTTStats{},
|
||||
&wire.TransportParameters{ActiveConnectionIDLimit: 2},
|
||||
|
|
@ -676,7 +535,18 @@ var _ = Describe("Crypto Setup TLS", func() {
|
|||
Expect(clientRTTStats.SmoothedRTT()).To(Equal(clientRTT))
|
||||
|
||||
var tp *wire.TransportParameters
|
||||
Expect(clientHelloWrittenChan).To(Receive(&tp))
|
||||
var clientReceived0RTTKeys bool
|
||||
for _, ev := range clientEvents {
|
||||
//nolint:exhaustive // only need to process a few events
|
||||
switch ev.Kind {
|
||||
case EventRestoredTransportParameters:
|
||||
tp = ev.TransportParameters
|
||||
case EventReceivedReadKeys:
|
||||
clientReceived0RTTKeys = true
|
||||
}
|
||||
}
|
||||
Expect(clientReceived0RTTKeys).To(BeTrue())
|
||||
Expect(tp).ToNot(BeNil())
|
||||
Expect(tp.InitialMaxData).To(Equal(initialMaxData))
|
||||
|
||||
Expect(server.ConnectionState().DidResume).To(BeTrue())
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue