# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1692624407 -14400
# Node ID 9bafe7cddd3c409a8cdf87c9f8745a6619d9e164
# Parent  b68471aee5ad138c28fdd8ddfd513b00225acb50
Tests: improved QUIC key update tests with old keys.

On unsuccessful protection removal, it is now retried with old keys.
Otherwise, old keys are removed to ensure they're no longer in use.

diff --git a/lib/Test/Nginx/HTTP3.pm b/lib/Test/Nginx/HTTP3.pm
--- a/lib/Test/Nginx/HTTP3.pm
+++ b/lib/Test/Nginx/HTTP3.pm
@@ -1721,6 +1721,18 @@ sub decrypt_aead {
 	my ($f, @args) = decrypt_aead_f($level, $self->{cipher});
 	my $plaintext = $f->(@args,
 		$self->{keys}[$level]{r}{key}, $nonce, $ad, $ciphertext, $tag);
+	if ($level == 3 && $self->{keys}[4]) {
+		if (!defined $plaintext) {
+			# in-flight packets might be protected with old keys
+			$nonce = substr(pack("x12") . pack("N", $pn), -12)
+				^ $self->{keys}[4]{r}{iv};
+			$plaintext = $f->(@args, $self->{keys}[4]{r}{key},
+				$nonce, $ad, $ciphertext, $tag);
+		} else {
+			# remove old keys after unprotected with new keys
+			splice @{$self->{keys}}, 4, 1;
+		}
+	}
 	return if !defined $plaintext;
 	Test::Nginx::log_core('||',
 		"pn = $pn, level = $level, length = " . length($plaintext));
@@ -1884,6 +1896,10 @@ sub key_update {
 		$prk = hkdf_expand_label("tls13 quic ku", $hash, $hlen, $prk);
 		$key = hkdf_expand_label("tls13 quic key", $hash, $klen, $prk);
 		$iv = hkdf_expand_label("tls13 quic iv", $hash, 12, $prk);
+		$self->{keys}[4]{$direction}{key} =
+			$self->{keys}[3]{$direction}{key};
+		$self->{keys}[4]{$direction}{iv} =
+			$self->{keys}[3]{$direction}{iv};
 		$self->{keys}[3]{$direction}{prk} = $prk;
 		$self->{keys}[3]{$direction}{key} = $key;
 		$self->{keys}[3]{$direction}{iv} = $iv;