use separate sealer interfaces for long and short header packets

apernet · Jun 22, 2019 · b2d3ef6 · b2d3ef6
1 parent c503769
commit b2d3ef6
Show file tree

Hide file tree

Showing 12 changed files with 232 additions and 171 deletions.
diff --git a/internal/handshake/aead.go b/internal/handshake/aead.go
@@ -19,9 +19,10 @@ type sealer struct {
 	is1RTT bool
 }
 
-var _ Sealer = &sealer{}
+var _ LongHeaderSealer = &sealer{}
+var _ ShortHeaderSealer = &sealer{}
 
-func newSealer(aead cipher.AEAD, hpEncrypter cipher.Block, is1RTT bool) Sealer {
+func newSealer(aead cipher.AEAD, hpEncrypter cipher.Block, is1RTT bool) ShortHeaderSealer {
 	return &sealer{
 		aead:        aead,
 		nonceBuf:    make([]byte, aead.NonceSize()),
@@ -57,6 +58,10 @@ func (s *sealer) Overhead() int {
 	return s.aead.Overhead()
 }
 
+func (s *sealer) KeyPhase() protocol.KeyPhase {
+	return protocol.KeyPhaseZero
+}
+
 type opener struct {
 	aead        cipher.AEAD
 	pnDecrypter cipher.Block

diff --git a/internal/handshake/aead_test.go b/internal/handshake/aead_test.go
@@ -10,7 +10,7 @@ import (
 )
 
 var _ = Describe("AEAD", func() {
-	getSealerAndOpener := func(is1RTT bool) (Sealer, Opener) {
+	getSealerAndOpener := func(is1RTT bool) (ShortHeaderSealer, Opener) {
 		key := make([]byte, 16)
 		hpKey := make([]byte, 16)
 		rand.Read(key)
@@ -29,7 +29,7 @@ var _ = Describe("AEAD", func() {
 
 	Context("message encryption", func() {
 		var (
-			sealer Sealer
+			sealer ShortHeaderSealer
 			opener Opener
 		)
 

diff --git a/internal/handshake/crypto_setup.go b/internal/handshake/crypto_setup.go
@@ -106,15 +106,15 @@ type cryptoSetup struct {
 
 	initialStream io.Writer
 	initialOpener Opener
-	initialSealer Sealer
+	initialSealer LongHeaderSealer
 
 	handshakeStream io.Writer
 	handshakeOpener Opener
-	handshakeSealer Sealer
+	handshakeSealer LongHeaderSealer
 
 	oneRTTStream io.Writer
 	opener       Opener
-	sealer       Sealer
+	sealer       ShortHeaderSealer
 }
 
 var _ qtls.RecordLayer = &cryptoSetup{}
@@ -564,14 +564,14 @@ func (h *cryptoSetup) SendAlert(alert uint8) {
 	h.alertChan <- alert
 }
 
-func (h *cryptoSetup) GetInitialSealer() (Sealer, error) {
+func (h *cryptoSetup) GetInitialSealer() (LongHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 
 	return h.initialSealer, nil
 }
 
-func (h *cryptoSetup) GetHandshakeSealer() (Sealer, error) {
+func (h *cryptoSetup) GetHandshakeSealer() (LongHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 
@@ -581,7 +581,7 @@ func (h *cryptoSetup) GetHandshakeSealer() (Sealer, error) {
 	return h.handshakeSealer, nil
 }
 
-func (h *cryptoSetup) Get1RTTSealer() (Sealer, error) {
+func (h *cryptoSetup) Get1RTTSealer() (ShortHeaderSealer, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 

diff --git a/internal/handshake/initial_aead.go b/internal/handshake/initial_aead.go
@@ -11,7 +11,7 @@ import (
 var quicVersion1Salt = []byte{0xef, 0x4f, 0xb0, 0xab, 0xb4, 0x74, 0x70, 0xc4, 0x1b, 0xef, 0xcf, 0x80, 0x31, 0x33, 0x4f, 0xae, 0x48, 0x5e, 0x09, 0xa0}
 
 // NewInitialAEAD creates a new AEAD for Initial encryption / decryption.
-func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (Sealer, Opener, error) {
+func NewInitialAEAD(connID protocol.ConnectionID, pers protocol.Perspective) (LongHeaderSealer, Opener, error) {
 	clientSecret, serverSecret := computeSecrets(connID)
 	var mySecret, otherSecret []byte
 	if pers == protocol.PerspectiveClient {

diff --git a/internal/handshake/interface.go b/internal/handshake/interface.go
@@ -14,13 +14,19 @@ type Opener interface {
 	DecryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
 }
 
-// Sealer seals a packet
-type Sealer interface {
+// LongHeaderSealer seals a long header packet
+type LongHeaderSealer interface {
 	Seal(dst, src []byte, packetNumber protocol.PacketNumber, associatedData []byte) []byte
 	EncryptHeader(sample []byte, firstByte *byte, pnBytes []byte)
 	Overhead() int
 }
 
+// ShortHeaderSealer seals a short header packet
+type ShortHeaderSealer interface {
+	LongHeaderSealer
+	KeyPhase() protocol.KeyPhase
+}
+
 // A tlsExtensionHandler sends and received the QUIC TLS extension.
 type tlsExtensionHandler interface {
 	GetExtensions(msgType uint8) []qtls.Extension
@@ -49,7 +55,7 @@ type CryptoSetup interface {
 	GetHandshakeOpener() (Opener, error)
 	Get1RTTOpener() (Opener, error)
 
-	GetInitialSealer() (Sealer, error)
-	GetHandshakeSealer() (Sealer, error)
-	Get1RTTSealer() (Sealer, error)
+	GetInitialSealer() (LongHeaderSealer, error)
+	GetHandshakeSealer() (LongHeaderSealer, error)
+	Get1RTTSealer() (ShortHeaderSealer, error)
 }
diff --git a/internal/mocks/crypto_setup.go b/internal/mocks/crypto_setup.go
diff --git a/internal/mocks/mockgen.go b/internal/mocks/mockgen.go
@@ -2,7 +2,7 @@ package mocks
 
 //go:generate sh -c "mockgen -package mockquic -destination quic/stream.go github.com/lucas-clemente/quic-go Stream && goimports -w quic/stream.go"
 //go:generate sh -c "mockgen -package mockquic -destination quic/session.go github.com/lucas-clemente/quic-go Session && goimports -w quic/session.go"
-//go:generate sh -c "../mockgen_internal.sh mocks sealer.go github.com/lucas-clemente/quic-go/internal/handshake Sealer"
+//go:generate sh -c "../mockgen_internal.sh mocks short_header_sealer.go github.com/lucas-clemente/quic-go/internal/handshake ShortHeaderSealer"
 //go:generate sh -c "../mockgen_internal.sh mocks opener.go github.com/lucas-clemente/quic-go/internal/handshake Opener"
 //go:generate sh -c "../mockgen_internal.sh mocks crypto_setup.go github.com/lucas-clemente/quic-go/internal/handshake CryptoSetup"
 //go:generate sh -c "../mockgen_internal.sh mocks stream_flow_controller.go github.com/lucas-clemente/quic-go/internal/flowcontrol StreamFlowController"

diff --git a/internal/mocks/sealer.go b/internal/mocks/sealer.go
diff --git a/internal/mocks/short_header_sealer.go b/internal/mocks/short_header_sealer.go
diff --git a/mock_sealing_manager_test.go b/mock_sealing_manager_test.go