forked from quic-go/quic-go
add sni to crypto.Signer interface
This commit is contained in:
Lucas Clemente
@@ -156,7 +156,7 @@ func (h *CryptoSetup) isInchoateCHLO(cryptoData map[Tag][]byte) bool {
|
||||
}
|
||||
|
||||
func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
|
||||
proof, err := h.scfg.Sign(data)
|
||||
proof, err := h.scfg.Sign("", data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -164,7 +164,7 @@ func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
|
||||
var serverReply bytes.Buffer
|
||||
WriteHandshakeMessage(&serverReply, TagREJ, map[Tag][]byte{
|
||||
TagSCFG: h.scfg.Get(),
|
||||
TagCERT: h.scfg.GetCertCompressed(),
|
||||
TagCERT: h.scfg.GetCertCompressed(""),
|
||||
TagSNO: h.nonce,
|
||||
TagPROF: proof,
|
||||
})
|
||||
@@ -184,7 +184,7 @@ func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte
|
||||
h.mutex.Lock()
|
||||
defer h.mutex.Unlock()
|
||||
|
||||
h.secureAEAD, err = h.keyDerivation(false, sharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed())
|
||||
h.secureAEAD, err = h.keyDerivation(false, sharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed(""))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -195,7 +195,7 @@ func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
h.forwardSecureAEAD, err = h.keyDerivation(true, ephermalSharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed())
|
||||
h.forwardSecureAEAD, err = h.keyDerivation(true, ephermalSharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed(""))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -33,16 +33,16 @@ type mockSigner struct {
|
||||
gotCHLO bool
|
||||
}
|
||||
|
||||
func (s *mockSigner) SignServerProof(chlo []byte, serverConfigData []byte) ([]byte, error) {
|
||||
func (s *mockSigner) SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error) {
|
||||
if len(chlo) > 0 {
|
||||
s.gotCHLO = true
|
||||
}
|
||||
return []byte("proof"), nil
|
||||
}
|
||||
func (*mockSigner) GetCertCompressed() []byte {
|
||||
func (*mockSigner) GetCertCompressed(sni string) []byte {
|
||||
return []byte("certcompressed")
|
||||
}
|
||||
func (*mockSigner) GetCertUncompressed() []byte {
|
||||
func (*mockSigner) GetCertUncompressed(sni string) []byte {
|
||||
return []byte("certuncompressed")
|
||||
}
|
||||
|
||||
|
||||
@@ -45,11 +45,11 @@ func (s *ServerConfig) Get() []byte {
|
||||
}
|
||||
|
||||
// Sign the server config and CHLO with the server's keyData
|
||||
func (s *ServerConfig) Sign(chlo []byte) ([]byte, error) {
|
||||
return s.signer.SignServerProof(chlo, s.Get())
|
||||
func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error) {
|
||||
return s.signer.SignServerProof(sni, chlo, s.Get())
|
||||
}
|
||||
|
||||
// GetCertCompressed returns the certificate data
|
||||
func (s *ServerConfig) GetCertCompressed() []byte {
|
||||
return s.signer.GetCertCompressed()
|
||||
func (s *ServerConfig) GetCertCompressed(sni string) []byte {
|
||||
return s.signer.GetCertCompressed(sni)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user