gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

improve crypto tests

Browse Source
This commit is contained in:
Lucas Clemente
2016-05-15 15:23:46 +02:00
parent d4de18c472
commit 283cab4e0d
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/proof_rsa.go
View File

@@ -33,12 +33,12 @@ func (kd *rsaSigner) SignServerProof(sni string, chlo []byte, serverConfigData [
hash := sha256.New()
if len(chlo) > 0 {
// Version >= 31
hash.Write([]byte("QUIC CHLO and server config signature\x00"))
chloHash := sha256.Sum256(chlo)
hash.Write([]byte{32, 0, 0, 0})
hash.Write(chloHash[:])
} else {
// TODO: Remove when we drop support for version 30
hash.Write([]byte("QUIC server config signature\x00"))
}
hash.Write(serverConfigData)

25
crypto/proof_rsa_test.go
View File

@@ -51,6 +51,19 @@ var _ = Describe("ProofRsa", func() {
Expect(err).ToNot(HaveOccurred())
})
It("gives valid signatures for version 30", func() {
key := testdata.GetTLSConfig().Certificates[0].PrivateKey.(*rsa.PrivateKey).Public().(*rsa.PublicKey)
kd, err := NewRSASigner(testdata.GetTLSConfig())
Expect(err).ToNot(HaveOccurred())
signature, err := kd.SignServerProof("", nil, []byte{'S', 'C', 'F', 'G'})
Expect(err).ToNot(HaveOccurred())
// Generated with:
// ruby -e 'require "digest"; p Digest::SHA256.digest("QUIC server config signature\x00" + "SCFG")'
data := []byte("\x1D\xBB\v\xE9\x14\xD5Q\v\x83\xDB\xA7\x91\xB7\xDAO\xC2\xD3\xE6\xCC\xB2\xE8\xC3QW\x86\t\xB4\b6\x9C\x91C")
err = rsa.VerifyPSS(key, crypto.SHA256, data, signature, &rsa.PSSOptions{SaltLength: 32})
Expect(err).ToNot(HaveOccurred())
})
Context("retrieving certificate", func() {
var (
signer *rsaSigner
@@ -64,6 +77,11 @@ var _ = Describe("ProofRsa", func() {
signer = &rsaSigner{config: config}
})
It("errors without certificates", func() {
_, err := signer.getCertForSNI("")
Expect(err).To(MatchError("no matching certificate found"))
})
It("uses first certificate in config.Certificates", func() {
config.Certificates = []tls.Certificate{cert}
cert, err := signer.getCertForSNI("")
@@ -102,5 +120,12 @@ var _ = Describe("ProofRsa", func() {
Expect(cert.PrivateKey).ToNot(BeNil())
Expect(cert.Certificate[0]).ToNot(BeNil())
})
It("gets leaf certificates", func() {
config.Certificates = []tls.Certificate{cert}
cert2, err := signer.GetLeafCert("")
Expect(err).ToNot(HaveOccurred())
Expect(cert2).To(Equal(cert.Certificate[0]))
})
})
})