forked from quic-go/quic-go
change Signer interface to return errors
This commit is contained in:
Lucas Clemente
@@ -60,7 +60,7 @@ func (kd *rsaSigner) SignServerProof(sni string, chlo []byte, serverConfigData [
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetCertCompressed gets the certificate in the format described by the QUIC crypto doc
|
// GetCertCompressed gets the certificate in the format described by the QUIC crypto doc
|
||||||
func (kd *rsaSigner) GetCertCompressed(sni string) []byte {
|
func (kd *rsaSigner) GetCertCompressed(sni string) ([]byte, error) {
|
||||||
b := &bytes.Buffer{}
|
b := &bytes.Buffer{}
|
||||||
b.WriteByte(1) // Entry type compressed
|
b.WriteByte(1) // Entry type compressed
|
||||||
b.WriteByte(0) // Entry type end_of_list
|
b.WriteByte(0) // Entry type end_of_list
|
||||||
@@ -78,12 +78,12 @@ func (kd *rsaSigner) GetCertCompressed(sni string) []byte {
|
|||||||
})
|
})
|
||||||
gz.Write(kd.cert.Raw)
|
gz.Write(kd.cert.Raw)
|
||||||
gz.Close()
|
gz.Close()
|
||||||
return b.Bytes()
|
return b.Bytes(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCertUncompressed gets the certificate in DER
|
// GetCertUncompressed gets the certificate in DER
|
||||||
func (kd *rsaSigner) GetCertUncompressed(sni string) []byte {
|
func (kd *rsaSigner) GetCertUncompressed(sni string) ([]byte, error) {
|
||||||
return kd.cert.Raw
|
return kd.cert.Raw, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (kd *rsaSigner) getCertForSNI(sni string) (*tls.Certificate, error) {
|
func (kd *rsaSigner) getCertForSNI(sni string) (*tls.Certificate, error) {
|
||||||
|
|||||||
@@ -25,7 +25,9 @@ var _ = Describe("ProofRsa", func() {
|
|||||||
z.Write(cert)
|
z.Write(cert)
|
||||||
z.Close()
|
z.Close()
|
||||||
kd := &rsaSigner{cert: &x509.Certificate{Raw: cert}}
|
kd := &rsaSigner{cert: &x509.Certificate{Raw: cert}}
|
||||||
Expect(kd.GetCertCompressed("")).To(Equal(append([]byte{
|
certCompressed, err := kd.GetCertCompressed("")
|
||||||
|
Expect(err).ToNot(HaveOccurred())
|
||||||
|
Expect(certCompressed).To(Equal(append([]byte{
|
||||||
0x01, 0x00,
|
0x01, 0x00,
|
||||||
0x08, 0x00, 0x00, 0x00,
|
0x08, 0x00, 0x00, 0x00,
|
||||||
}, certZlib.Bytes()...)))
|
}, certZlib.Bytes()...)))
|
||||||
|
|||||||
@@ -3,6 +3,6 @@ package crypto
|
|||||||
// A Signer holds a certificate and a private key
|
// A Signer holds a certificate and a private key
|
||||||
type Signer interface {
|
type Signer interface {
|
||||||
SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
|
SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
|
||||||
GetCertCompressed(sni string) []byte
|
GetCertCompressed(sni string) ([]byte, error)
|
||||||
GetCertUncompressed(sni string) []byte
|
GetCertUncompressed(sni string) ([]byte, error)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -161,10 +161,15 @@ func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
certCompressed, err := h.scfg.GetCertCompressed("")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
var serverReply bytes.Buffer
|
var serverReply bytes.Buffer
|
||||||
WriteHandshakeMessage(&serverReply, TagREJ, map[Tag][]byte{
|
WriteHandshakeMessage(&serverReply, TagREJ, map[Tag][]byte{
|
||||||
TagSCFG: h.scfg.Get(),
|
TagSCFG: h.scfg.Get(),
|
||||||
TagCERT: h.scfg.GetCertCompressed(""),
|
TagCERT: certCompressed,
|
||||||
TagSNO: h.nonce,
|
TagSNO: h.nonce,
|
||||||
TagPROF: proof,
|
TagPROF: proof,
|
||||||
})
|
})
|
||||||
@@ -184,7 +189,12 @@ func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte
|
|||||||
h.mutex.Lock()
|
h.mutex.Lock()
|
||||||
defer h.mutex.Unlock()
|
defer h.mutex.Unlock()
|
||||||
|
|
||||||
h.secureAEAD, err = h.keyDerivation(false, sharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed(""))
|
certUncompressed, err := h.scfg.signer.GetCertUncompressed("")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
h.secureAEAD, err = h.keyDerivation(false, sharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), certUncompressed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -195,7 +205,7 @@ func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
h.forwardSecureAEAD, err = h.keyDerivation(true, ephermalSharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed(""))
|
h.forwardSecureAEAD, err = h.keyDerivation(true, ephermalSharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), certUncompressed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -39,11 +39,11 @@ func (s *mockSigner) SignServerProof(sni string, chlo []byte, serverConfigData [
|
|||||||
}
|
}
|
||||||
return []byte("proof"), nil
|
return []byte("proof"), nil
|
||||||
}
|
}
|
||||||
func (*mockSigner) GetCertCompressed(sni string) []byte {
|
func (*mockSigner) GetCertCompressed(sni string) ([]byte, error) {
|
||||||
return []byte("certcompressed")
|
return []byte("certcompressed"), nil
|
||||||
}
|
}
|
||||||
func (*mockSigner) GetCertUncompressed(sni string) []byte {
|
func (*mockSigner) GetCertUncompressed(sni string) ([]byte, error) {
|
||||||
return []byte("certuncompressed")
|
return []byte("certuncompressed"), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type mockAEAD struct {
|
type mockAEAD struct {
|
||||||
|
|||||||
@@ -50,6 +50,6 @@ func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetCertCompressed returns the certificate data
|
// GetCertCompressed returns the certificate data
|
||||||
func (s *ServerConfig) GetCertCompressed(sni string) []byte {
|
func (s *ServerConfig) GetCertCompressed(sni string) ([]byte, error) {
|
||||||
return s.signer.GetCertCompressed(sni)
|
return s.signer.GetCertCompressed(sni)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user