forked from quic-go/quic-go
add sni to crypto.Signer interface
This commit is contained in:
Lucas Clemente
@@ -42,7 +42,7 @@ func NewRSASigner(tlsConfig *tls.Config) (Signer, error) {
|
||||
}
|
||||
|
||||
// SignServerProof signs CHLO and server config for use in the server proof
|
||||
func (kd *rsaSigner) SignServerProof(chlo []byte, serverConfigData []byte) ([]byte, error) {
|
||||
func (kd *rsaSigner) SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error) {
|
||||
hash := sha256.New()
|
||||
if len(chlo) > 0 {
|
||||
// Version >= 31
|
||||
@@ -58,7 +58,7 @@ func (kd *rsaSigner) SignServerProof(chlo []byte, serverConfigData []byte) ([]by
|
||||
}
|
||||
|
||||
// GetCertCompressed gets the certificate in the format described by the QUIC crypto doc
|
||||
func (kd *rsaSigner) GetCertCompressed() []byte {
|
||||
func (kd *rsaSigner) GetCertCompressed(sni string) []byte {
|
||||
b := &bytes.Buffer{}
|
||||
b.WriteByte(1) // Entry type compressed
|
||||
b.WriteByte(0) // Entry type end_of_list
|
||||
@@ -80,6 +80,6 @@ func (kd *rsaSigner) GetCertCompressed() []byte {
|
||||
}
|
||||
|
||||
// GetCertUncompressed gets the certificate in DER
|
||||
func (kd *rsaSigner) GetCertUncompressed() []byte {
|
||||
func (kd *rsaSigner) GetCertUncompressed(sni string) []byte {
|
||||
return kd.cert.Raw
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ var _ = Describe("ProofRsa", func() {
|
||||
z.Write(cert)
|
||||
z.Close()
|
||||
kd := &rsaSigner{cert: &x509.Certificate{Raw: cert}}
|
||||
Expect(kd.GetCertCompressed()).To(Equal(append([]byte{
|
||||
Expect(kd.GetCertCompressed("")).To(Equal(append([]byte{
|
||||
0x01, 0x00,
|
||||
0x08, 0x00, 0x00, 0x00,
|
||||
}, certZlib.Bytes()...)))
|
||||
@@ -33,7 +33,7 @@ var _ = Describe("ProofRsa", func() {
|
||||
It("gives valid signatures", func() {
|
||||
kd, err := NewRSASigner(testdata.GetTLSConfig())
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
signature, err := kd.SignServerProof([]byte{'C', 'H', 'L', 'O'}, []byte{'S', 'C', 'F', 'G'})
|
||||
signature, err := kd.SignServerProof("", []byte{'C', 'H', 'L', 'O'}, []byte{'S', 'C', 'F', 'G'})
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
// Generated with:
|
||||
// ruby -e 'require "digest"; p Digest::SHA256.digest("QUIC CHLO and server config signature\x00" + "\x20\x00\x00\x00" + Digest::SHA256.digest("CHLO") + "SCFG")'
|
||||
|
||||
@@ -2,7 +2,7 @@ package crypto
|
||||
|
||||
// A Signer holds a certificate and a private key
|
||||
type Signer interface {
|
||||
SignServerProof(chlo []byte, serverConfigData []byte) ([]byte, error)
|
||||
GetCertCompressed() []byte
|
||||
GetCertUncompressed() []byte
|
||||
SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
|
||||
GetCertCompressed(sni string) []byte
|
||||
GetCertUncompressed(sni string) []byte
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user