From 6239d804920c4ddb78d64aefb0c66addbacfcdbd Mon Sep 17 00:00:00 2001 From: Lucas Clemente Date: Thu, 18 Aug 2016 10:31:28 +0200 Subject: [PATCH] remove leftover code from v30 --- crypto/proof_source.go | 13 ++++--------- crypto/proof_source_test.go | 28 ---------------------------- 2 files changed, 4 insertions(+), 37 deletions(-) diff --git a/crypto/proof_source.go b/crypto/proof_source.go index 600088b9..6af8072f 100644 --- a/crypto/proof_source.go +++ b/crypto/proof_source.go @@ -28,15 +28,10 @@ func (ps *proofSource) SignServerProof(sni string, chlo []byte, serverConfigData } hash := sha256.New() - if len(chlo) > 0 { - hash.Write([]byte("QUIC CHLO and server config signature\x00")) - chloHash := sha256.Sum256(chlo) - hash.Write([]byte{32, 0, 0, 0}) - hash.Write(chloHash[:]) - } else { - // TODO: Remove when we drop support for version 30 - hash.Write([]byte("QUIC server config signature\x00")) - } + hash.Write([]byte("QUIC CHLO and server config signature\x00")) + chloHash := sha256.Sum256(chlo) + hash.Write([]byte{32, 0, 0, 0}) + hash.Write(chloHash[:]) hash.Write(serverConfigData) key, ok := cert.PrivateKey.(crypto.Signer) diff --git a/crypto/proof_source_test.go b/crypto/proof_source_test.go index dab0609f..b2db7797 100644 --- a/crypto/proof_source_test.go +++ b/crypto/proof_source_test.go @@ -60,19 +60,6 @@ var _ = Describe("ProofRsa", func() { err = rsa.VerifyPSS(key, crypto.SHA256, data, signature, &rsa.PSSOptions{SaltLength: 32}) Expect(err).ToNot(HaveOccurred()) }) - - It("gives valid signatures for version 30", func() { - key := testdata.GetTLSConfig().Certificates[0].PrivateKey.(*rsa.PrivateKey).Public().(*rsa.PublicKey) - kd, err := NewProofSource(testdata.GetTLSConfig()) - Expect(err).ToNot(HaveOccurred()) - signature, err := kd.SignServerProof("", nil, []byte{'S', 'C', 'F', 'G'}) - Expect(err).ToNot(HaveOccurred()) - // Generated with: - // ruby -e 'require "digest"; p Digest::SHA256.digest("QUIC server config signature\x00" + "SCFG")' - data := []byte("\x1D\xBB\v\xE9\x14\xD5Q\v\x83\xDB\xA7\x91\xB7\xDAO\xC2\xD3\xE6\xCC\xB2\xE8\xC3QW\x86\t\xB4\b6\x9C\x91C") - err = rsa.VerifyPSS(key, crypto.SHA256, data, signature, &rsa.PSSOptions{SaltLength: 32}) - Expect(err).ToNot(HaveOccurred()) - }) }) Context("when using ECDSA", func() { @@ -106,21 +93,6 @@ var _ = Describe("ProofRsa", func() { b := ecdsa.Verify(key.Public().(*ecdsa.PublicKey), data, s.R, s.S) Expect(b).To(BeTrue()) }) - - It("gives valid signatures for version 30", func() { - kd, err := NewProofSource(config) - Expect(err).ToNot(HaveOccurred()) - signature, err := kd.SignServerProof("", nil, []byte{'S', 'C', 'F', 'G'}) - Expect(err).ToNot(HaveOccurred()) - // Generated with: - // ruby -e 'require "digest"; p Digest::SHA256.digest("QUIC server config signature\x00" + "SCFG")' - data := []byte("\x1D\xBB\v\xE9\x14\xD5Q\v\x83\xDB\xA7\x91\xB7\xDAO\xC2\xD3\xE6\xCC\xB2\xE8\xC3QW\x86\t\xB4\b6\x9C\x91C") - s := &ecdsaSignature{} - _, err = asn1.Unmarshal(signature, s) - Expect(err).NotTo(HaveOccurred()) - b := ecdsa.Verify(key.Public().(*ecdsa.PublicKey), data, s.R, s.S) - Expect(b).To(BeTrue()) - }) }) Context("retrieving certificate", func() {