New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use *ring* for header protection (fixes #196) #200
Conversation
As usual, ring doesn't offer access to private key bytes. Should we create a separate stage in our API to to enable tests for their correctness? I think we have sufficient coverage through full header encryption/decryption. |
Codecov Report
@@ Coverage Diff @@
## master #200 +/- ##
==========================================
+ Coverage 74.2% 74.24% +0.03%
==========================================
Files 24 24
Lines 5905 5870 -35
==========================================
- Hits 4382 4358 -24
+ Misses 1523 1512 -11
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## master #200 +/- ##
==========================================
+ Coverage 74.2% 74.23% +0.02%
==========================================
Files 24 24
Lines 5905 5873 -32
==========================================
- Hits 4382 4360 -22
+ Misses 1523 1513 -10
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could factor out the hkdf_expand
call into its own trivial method, but I agree that the full-packet test vectors constitute adequate coverage already. Maybe just nuke the commented-out asserts?
Nuked the commented-out stuff. Re-approve? |
Check out https://github.com/briansmith/ring/blob/master/tests/quic_tests.rs, which shows how to test these kinds of things. In this case, your old test was like this: assert_eq!(
client_header_key, client_header_key,
HeaderKey::AesEcb128(hex!("0edd982a6ac527f2eddcbb7348dea5d7")) HeaderKey::AesEcb128(hex!("0edd982a6ac527f2eddcbb7348dea5d7")) Instead of testing that the key is equal to some value, test that the result of using the key on a particular input has a particular output. |
We already have tests like that. 👍 |
No description provided.