drop Handshake keys as soon as the handshake completes (as a server)

2025-04-04 20:57:36 +03:00 · 2019-11-22 10:58:16 +08:00 · 2019-11-22 10:58:16 +08:00 · f7fd5d2848
commit f7fd5d2848
parent 08ec2f69fc
5 changed files with 27 additions and 0 deletions
--- a/internal/handshake/crypto_setup.go
+++ b/internal/handshake/crypto_setup.go
@ -563,6 +563,15 @@ func (h *cryptoSetup) dropInitialKeys() {
 	h.logger.Debugf("Dropping Initial keys.")
 }
 func (h *cryptoSetup) DropHandshakeKeys() {
 	h.mutex.Lock()
 	h.handshakeOpener = nil
 	h.handshakeSealer = nil
 	h.mutex.Unlock()
 	h.runner.DropKeys(protocol.EncryptionHandshake)
 	h.logger.Debugf("Dropping Handshake keys.")
 }
 func (h *cryptoSetup) GetInitialSealer() (LongHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
--- a/internal/handshake/interface.go
+++ b/internal/handshake/interface.go
@ -73,6 +73,7 @@ type CryptoSetup interface {
 	HandleMessage([]byte, protocol.EncryptionLevel) bool
 	SetLargest1RTTAcked(protocol.PacketNumber)
 	DropHandshakeKeys()
 	ConnectionState() tls.ConnectionState
 	GetInitialOpener() (LongHeaderOpener, error)
--- a/internal/mocks/crypto_setup.go
+++ b/internal/mocks/crypto_setup.go
@ -76,6 +76,18 @@ func (mr *MockCryptoSetupMockRecorder) ConnectionState() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ConnectionState", reflect.TypeOf((*MockCryptoSetup)(nil).ConnectionState))
 }
 // DropHandshakeKeys mocks base method
 func (m *MockCryptoSetup) DropHandshakeKeys() {
 	m.ctrl.T.Helper()
 	m.ctrl.Call(m, "DropHandshakeKeys")
 }
 // DropHandshakeKeys indicates an expected call of DropHandshakeKeys
 func (mr *MockCryptoSetupMockRecorder) DropHandshakeKeys() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DropHandshakeKeys", reflect.TypeOf((*MockCryptoSetup)(nil).DropHandshakeKeys))
 }
 // Get1RTTOpener mocks base method
 func (m *MockCryptoSetup) Get1RTTOpener() (handshake.ShortHeaderOpener, error) {
 	m.ctrl.T.Helper()
--- a/session.go
+++ b/session.go
@ -51,6 +51,7 @@ type cryptoStreamHandler interface {
 	RunHandshake()
 	ChangeConnectionID(protocol.ConnectionID)
 	SetLargest1RTTAcked(protocol.PacketNumber)
 	DropHandshakeKeys()
 	io.Closer
 	ConnectionState() tls.ConnectionState
 }
@ -610,6 +611,7 @@ func (s *session) handleHandshakeComplete() {
 			s.closeLocal(err)
 		}
 		s.queueControlFrame(&wire.NewTokenFrame{Token: token})
 		s.cryptoStreamHandler.DropHandshakeKeys()
 		s.queueControlFrame(&wire.HandshakeDoneFrame{})
 	}
 }
--- a/session_test.go
+++ b/session_test.go
@ -1204,6 +1204,7 @@ var _ = Describe("Session", func() {
 			defer GinkgoRecover()
 			<-finishHandshake
 			cryptoSetup.EXPECT().RunHandshake()
 			cryptoSetup.EXPECT().DropHandshakeKeys()
 			close(sess.handshakeCompleteChan)
 			sess.run()
 		}()
@ -1256,6 +1257,7 @@ var _ = Describe("Session", func() {
 		go func() {
 			defer GinkgoRecover()
 			cryptoSetup.EXPECT().RunHandshake()
 			cryptoSetup.EXPECT().DropHandshakeKeys()
 			close(sess.handshakeCompleteChan)
 			sess.run()
 		}()
@ -1506,6 +1508,7 @@ var _ = Describe("Session", func() {
 			go func() {
 				defer GinkgoRecover()
 				cryptoSetup.EXPECT().RunHandshake().MaxTimes(1)
 				cryptoSetup.EXPECT().DropHandshakeKeys().MaxTimes(1)
 				close(sess.handshakeCompleteChan)
 				err := sess.run()
 				nerr, ok := err.(net.Error)