# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1692624407 -14400
# Node ID 9bafe7cddd3c409a8cdf87c9f8745a6619d9e164
# Parent  b68471aee5ad138c28fdd8ddfd513b00225acb50
Tests: improved QUIC key update tests with old keys.

On unsuccessful protection removal, it is now retried with old keys.
Otherwise, old keys are removed to ensure they're no longer in use.

diff -r b68471aee5ad -r 9bafe7cddd3c lib/Test/Nginx/HTTP3.pm
--- a/lib/Test/Nginx/HTTP3.pm	Mon Aug 21 17:10:57 2023 +0400
+++ b/lib/Test/Nginx/HTTP3.pm	Mon Aug 21 17:26:47 2023 +0400
@@ -1721,6 +1721,18 @@
 	my ($f, @args) = decrypt_aead_f($level, $self->{cipher});
 	my $plaintext = $f->(@args,
 		$self->{keys}[$level]{r}{key}, $nonce, $ad, $ciphertext, $tag);
+	if ($level == 3 && $self->{keys}[4]) {
+		if (!defined $plaintext) {
+			# in-flight packets might be protected with old keys
+			$nonce = substr(pack("x12") . pack("N", $pn), -12)
+				^ $self->{keys}[4]{r}{iv};
+			$plaintext = $f->(@args, $self->{keys}[4]{r}{key},
+				$nonce, $ad, $ciphertext, $tag);
+		} else {
+			# remove old keys after unprotected with new keys
+			splice @{$self->{keys}}, 4, 1;
+		}
+	}
 	return if !defined $plaintext;
 	Test::Nginx::log_core('||',
 		"pn = $pn, level = $level, length = " . length($plaintext));
@@ -1884,6 +1896,10 @@
 		$prk = hkdf_expand_label("tls13 quic ku", $hash, $hlen, $prk);
 		$key = hkdf_expand_label("tls13 quic key", $hash, $klen, $prk);
 		$iv = hkdf_expand_label("tls13 quic iv", $hash, 12, $prk);
+		$self->{keys}[4]{$direction}{key} =
+			$self->{keys}[3]{$direction}{key};
+		$self->{keys}[4]{$direction}{iv} =
+			$self->{keys}[3]{$direction}{iv};
 		$self->{keys}[3]{$direction}{prk} = $prk;
 		$self->{keys}[3]{$direction}{key} = $key;
 		$self->{keys}[3]{$direction}{iv} = $iv;