Merge pull request #2770 from lucas-clemente/key-update-error

use the KEY_UPDATE_ERROR
2025-04-04 12:47:36 +03:00 · 2020-09-14 14:01:43 +07:00 · 2020-09-14 14:01:43 +07:00 · ba9f98d83a
commit ba9f98d83a
parent 891c129024 8cb0570cb1
4 changed files with 9 additions and 4 deletions
--- a/internal/handshake/updatable_aead.go
+++ b/internal/handshake/updatable_aead.go
@ -185,13 +185,13 @@ func (a *updatableAEAD) Open(dst, src []byte, rcvTime time.Time, pn protocol.Pac
 		// try opening the packet with the next key phase
 		dec, err := a.nextRcvAEAD.Open(dst, a.nonceBuf, src, ad)
 		if err == nil && receivedWrongInitialKeyPhase {
-			return nil, qerr.NewError(qerr.ProtocolViolation, "wrong initial key phase")
+			return nil, qerr.NewError(qerr.KeyUpdateError, "wrong initial key phase")
 		} else if err != nil {
 			return nil, ErrDecryptionFailed
 		}
 		// Opening succeeded. Check if the peer was allowed to update.
 		if a.firstSentWithCurrentKey == protocol.InvalidPacketNumber {
-			return nil, qerr.NewError(qerr.ProtocolViolation, "keys updated too quickly")
+			return nil, qerr.NewError(qerr.KeyUpdateError, "keys updated too quickly")
 		}
 		a.rollKeys()
 		a.logger.Debugf("Peer updated keys to %d", a.keyPhase)
--- a/internal/handshake/updatable_aead_test.go
+++ b/internal/handshake/updatable_aead_test.go
@ -208,7 +208,7 @@ var _ = Describe("Updatable AEAD", func() {
 							client.rollKeys()
 							encrypted := client.Seal(nil, msg, 0x1337, ad)
 							_, err := server.Open(nil, encrypted, time.Now(), 0x1337, protocol.KeyPhaseOne, ad)
-							Expect(err).To(MatchError("PROTOCOL_VIOLATION: wrong initial key phase"))
+							Expect(err).To(MatchError("KEY_UPDATE_ERROR: wrong initial key phase"))
 						})
 						It("only errors when the peer starts with key phase 1 if decrypting the packet succeeds", func() {
@ -228,7 +228,7 @@ var _ = Describe("Updatable AEAD", func() {
 							client.rollKeys()
 							encrypted1 := client.Seal(nil, msg, 0x42, ad)
 							_, err = server.Open(nil, encrypted1, time.Now(), 0x42, protocol.KeyPhaseOne, ad)
-							Expect(err).To(MatchError("PROTOCOL_VIOLATION: keys updated too quickly"))
+							Expect(err).To(MatchError("KEY_UPDATE_ERROR: keys updated too quickly"))
 						})
 					})
--- a/internal/qerr/error_codes.go
+++ b/internal/qerr/error_codes.go
@ -25,6 +25,7 @@ const (
 	InvalidToken            ErrorCode = 0xb
 	ApplicationError        ErrorCode = 0xc
 	CryptoBufferExceeded    ErrorCode = 0xd
 	KeyUpdateError          ErrorCode = 0xe
 )
 func (e ErrorCode) isCryptoError() bool {
@ -77,6 +78,8 @@ func (e ErrorCode) String() string {
 		return "APPLICATION_ERROR"
 	case CryptoBufferExceeded:
 		return "CRYPTO_BUFFER_EXCEEDED"
 	case KeyUpdateError:
 		return "KEY_UPDATE_ERROR"
 	default:
 		if e.isCryptoError() {
 			return "CRYPTO_ERROR"
--- a/qlog/types.go
+++ b/qlog/types.go
@ -209,6 +209,8 @@ func (e transportError) String() string {
 		return "application_error"
 	case qerr.CryptoBufferExceeded:
 		return "crypto_buffer_exceeded"
 	case qerr.KeyUpdateError:
 		return "key_update_error"
 	default:
 		return ""
 	}