From 10797cfc7912eb502a64e17013f43a5c49c3e519 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 10 Sep 2020 18:14:04 +0700 Subject: [PATCH 1/2] add the KEY_UPDATE_ERROR error code --- internal/qerr/error_codes.go | 3 +++ qlog/types.go | 2 ++ 2 files changed, 5 insertions(+) diff --git a/internal/qerr/error_codes.go b/internal/qerr/error_codes.go index 188219f7..4bfb7220 100644 --- a/internal/qerr/error_codes.go +++ b/internal/qerr/error_codes.go @@ -25,6 +25,7 @@ const ( InvalidToken ErrorCode = 0xb ApplicationError ErrorCode = 0xc CryptoBufferExceeded ErrorCode = 0xd + KeyUpdateError ErrorCode = 0xe ) func (e ErrorCode) isCryptoError() bool { @@ -77,6 +78,8 @@ func (e ErrorCode) String() string { return "APPLICATION_ERROR" case CryptoBufferExceeded: return "CRYPTO_BUFFER_EXCEEDED" + case KeyUpdateError: + return "KEY_UPDATE_ERROR" default: if e.isCryptoError() { return "CRYPTO_ERROR" diff --git a/qlog/types.go b/qlog/types.go index 3ff09c55..1dca4d5b 100644 --- a/qlog/types.go +++ b/qlog/types.go @@ -209,6 +209,8 @@ func (e transportError) String() string { return "application_error" case qerr.CryptoBufferExceeded: return "crypto_buffer_exceeded" + case qerr.KeyUpdateError: + return "key_update_error" default: return "" } From 8cb0570cb115a051be72abdf68af061d99289a65 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 10 Sep 2020 18:14:27 +0700 Subject: [PATCH 2/2] use the KEY_UPDATE_ERROR code when the peer updates keys too frequently --- internal/handshake/updatable_aead.go | 4 ++-- internal/handshake/updatable_aead_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/handshake/updatable_aead.go b/internal/handshake/updatable_aead.go index 36caf398..719ad20b 100644 --- a/internal/handshake/updatable_aead.go +++ b/internal/handshake/updatable_aead.go @@ -182,13 +182,13 @@ func (a *updatableAEAD) Open(dst, src []byte, rcvTime time.Time, pn protocol.Pac // try opening the packet with the next key phase dec, err := a.nextRcvAEAD.Open(dst, a.nonceBuf, src, ad) if err == nil && receivedWrongInitialKeyPhase { - return nil, qerr.NewError(qerr.ProtocolViolation, "wrong initial key phase") + return nil, qerr.NewError(qerr.KeyUpdateError, "wrong initial key phase") } else if err != nil { return nil, ErrDecryptionFailed } // Opening succeeded. Check if the peer was allowed to update. if a.firstSentWithCurrentKey == protocol.InvalidPacketNumber { - return nil, qerr.NewError(qerr.ProtocolViolation, "keys updated too quickly") + return nil, qerr.NewError(qerr.KeyUpdateError, "keys updated too quickly") } a.rollKeys() // The peer initiated this key update. It's safe to drop the keys for the previous generation now. diff --git a/internal/handshake/updatable_aead_test.go b/internal/handshake/updatable_aead_test.go index 9cfbd505..2a18d481 100644 --- a/internal/handshake/updatable_aead_test.go +++ b/internal/handshake/updatable_aead_test.go @@ -208,7 +208,7 @@ var _ = Describe("Updatable AEAD", func() { client.rollKeys() encrypted := client.Seal(nil, msg, 0x1337, ad) _, err := server.Open(nil, encrypted, time.Now(), 0x1337, protocol.KeyPhaseOne, ad) - Expect(err).To(MatchError("PROTOCOL_VIOLATION: wrong initial key phase")) + Expect(err).To(MatchError("KEY_UPDATE_ERROR: wrong initial key phase")) }) It("only errors when the peer starts with key phase 1 if decrypting the packet succeeds", func() { @@ -228,7 +228,7 @@ var _ = Describe("Updatable AEAD", func() { client.rollKeys() encrypted1 := client.Seal(nil, msg, 0x42, ad) _, err = server.Open(nil, encrypted1, time.Now(), 0x42, protocol.KeyPhaseOne, ad) - Expect(err).To(MatchError("PROTOCOL_VIOLATION: keys updated too quickly")) + Expect(err).To(MatchError("KEY_UPDATE_ERROR: keys updated too quickly")) }) })