1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
// Package testutils contains utilities for simulating packet injection and man-in-the-middle (MITM) attacker tests.
// It is not supposed to be used for non-testing purposes.
// The API is not guaranteed to be stable.
package testutils
import (
"fmt"
"github.com/quic-go/quic-go/internal/handshake"
"github.com/quic-go/quic-go/internal/protocol"
"github.com/quic-go/quic-go/internal/wire"
)
// writePacket returns a new raw packet with the specified header and payload
func writePacket(hdr *wire.ExtendedHeader, data []byte) []byte {
b, err := hdr.Append(nil, hdr.Version)
if err != nil {
panic(fmt.Sprintf("failed to write header: %s", err))
}
return append(b, data...)
}
// packRawPayload returns a new raw payload containing given frames
func packRawPayload(version protocol.Version, frames []wire.Frame) []byte {
var b []byte
for _, cf := range frames {
var err error
b, err = cf.Append(b, version)
if err != nil {
panic(err)
}
}
return b
}
// ComposeInitialPacket returns an Initial packet encrypted under key (the original destination connection ID)
// containing specified frames.
func ComposeInitialPacket(
srcConnID, destConnID, key protocol.ConnectionID,
token []byte,
frames []wire.Frame,
sentBy protocol.Perspective,
version protocol.Version,
) []byte {
sealer, _ := handshake.NewInitialAEAD(key, sentBy, version)
// compose payload
var payload []byte
if len(frames) == 0 {
payload = make([]byte, protocol.MinInitialPacketSize)
} else {
payload = packRawPayload(version, frames)
}
// compose Initial header
payloadSize := len(payload)
const pnLength = protocol.PacketNumberLen4
length := payloadSize + int(pnLength) + sealer.Overhead()
hdr := &wire.ExtendedHeader{
Header: wire.Header{
Type: protocol.PacketTypeInitial,
Token: token,
SrcConnectionID: srcConnID,
DestConnectionID: destConnID,
Length: protocol.ByteCount(length),
Version: version,
},
PacketNumberLen: pnLength,
PacketNumber: 0x0,
}
raw := writePacket(hdr, payload)
// encrypt payload and header
payloadOffset := len(raw) - payloadSize
var encrypted []byte
encrypted = sealer.Seal(encrypted, payload, hdr.PacketNumber, raw[:payloadOffset])
hdrBytes := raw[0:payloadOffset]
encrypted = append(hdrBytes, encrypted...)
pnOffset := payloadOffset - int(pnLength) // packet number offset
sealer.EncryptHeader(
encrypted[payloadOffset:payloadOffset+16], // first 16 bytes of payload (sample)
&encrypted[0], // first byte of header
encrypted[pnOffset:payloadOffset], // packet number bytes
)
return encrypted
}
// ComposeRetryPacket returns a new raw Retry Packet
func ComposeRetryPacket(
srcConnID protocol.ConnectionID,
destConnID protocol.ConnectionID,
origDestConnID protocol.ConnectionID,
token []byte,
version protocol.Version,
) []byte {
hdr := &wire.ExtendedHeader{
Header: wire.Header{
Type: protocol.PacketTypeRetry,
SrcConnectionID: srcConnID,
DestConnectionID: destConnID,
Token: token,
Version: version,
},
}
data := writePacket(hdr, nil)
return append(data, handshake.GetRetryIntegrityTag(data, origDestConnID, version)[:]...)
}
|
