forked from quic-go/quic-go
change Signer interface to return errors
This commit is contained in:
Lucas Clemente
@@ -60,7 +60,7 @@ func (kd *rsaSigner) SignServerProof(sni string, chlo []byte, serverConfigData [
|
||||
}
|
||||
|
||||
// GetCertCompressed gets the certificate in the format described by the QUIC crypto doc
|
||||
func (kd *rsaSigner) GetCertCompressed(sni string) []byte {
|
||||
func (kd *rsaSigner) GetCertCompressed(sni string) ([]byte, error) {
|
||||
b := &bytes.Buffer{}
|
||||
b.WriteByte(1) // Entry type compressed
|
||||
b.WriteByte(0) // Entry type end_of_list
|
||||
@@ -78,12 +78,12 @@ func (kd *rsaSigner) GetCertCompressed(sni string) []byte {
|
||||
})
|
||||
gz.Write(kd.cert.Raw)
|
||||
gz.Close()
|
||||
return b.Bytes()
|
||||
return b.Bytes(), nil
|
||||
}
|
||||
|
||||
// GetCertUncompressed gets the certificate in DER
|
||||
func (kd *rsaSigner) GetCertUncompressed(sni string) []byte {
|
||||
return kd.cert.Raw
|
||||
func (kd *rsaSigner) GetCertUncompressed(sni string) ([]byte, error) {
|
||||
return kd.cert.Raw, nil
|
||||
}
|
||||
|
||||
func (kd *rsaSigner) getCertForSNI(sni string) (*tls.Certificate, error) {
|
||||
|
||||
@@ -25,7 +25,9 @@ var _ = Describe("ProofRsa", func() {
|
||||
z.Write(cert)
|
||||
z.Close()
|
||||
kd := &rsaSigner{cert: &x509.Certificate{Raw: cert}}
|
||||
Expect(kd.GetCertCompressed("")).To(Equal(append([]byte{
|
||||
certCompressed, err := kd.GetCertCompressed("")
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(certCompressed).To(Equal(append([]byte{
|
||||
0x01, 0x00,
|
||||
0x08, 0x00, 0x00, 0x00,
|
||||
}, certZlib.Bytes()...)))
|
||||
|
||||
@@ -3,6 +3,6 @@ package crypto
|
||||
// A Signer holds a certificate and a private key
|
||||
type Signer interface {
|
||||
SignServerProof(sni string, chlo []byte, serverConfigData []byte) ([]byte, error)
|
||||
GetCertCompressed(sni string) []byte
|
||||
GetCertUncompressed(sni string) []byte
|
||||
GetCertCompressed(sni string) ([]byte, error)
|
||||
GetCertUncompressed(sni string) ([]byte, error)
|
||||
}
|
||||
|
||||
@@ -161,10 +161,15 @@ func (h *CryptoSetup) handleInchoateCHLO(data []byte) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
certCompressed, err := h.scfg.GetCertCompressed("")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var serverReply bytes.Buffer
|
||||
WriteHandshakeMessage(&serverReply, TagREJ, map[Tag][]byte{
|
||||
TagSCFG: h.scfg.Get(),
|
||||
TagCERT: h.scfg.GetCertCompressed(""),
|
||||
TagCERT: certCompressed,
|
||||
TagSNO: h.nonce,
|
||||
TagPROF: proof,
|
||||
})
|
||||
@@ -184,7 +189,12 @@ func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte
|
||||
h.mutex.Lock()
|
||||
defer h.mutex.Unlock()
|
||||
|
||||
h.secureAEAD, err = h.keyDerivation(false, sharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed(""))
|
||||
certUncompressed, err := h.scfg.signer.GetCertUncompressed("")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
h.secureAEAD, err = h.keyDerivation(false, sharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), certUncompressed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -195,7 +205,7 @@ func (h *CryptoSetup) handleCHLO(data []byte, cryptoData map[Tag][]byte) ([]byte
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
h.forwardSecureAEAD, err = h.keyDerivation(true, ephermalSharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), h.scfg.signer.GetCertUncompressed(""))
|
||||
h.forwardSecureAEAD, err = h.keyDerivation(true, ephermalSharedSecret, nonce.Bytes(), h.connID, data, h.scfg.Get(), certUncompressed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -39,11 +39,11 @@ func (s *mockSigner) SignServerProof(sni string, chlo []byte, serverConfigData [
|
||||
}
|
||||
return []byte("proof"), nil
|
||||
}
|
||||
func (*mockSigner) GetCertCompressed(sni string) []byte {
|
||||
return []byte("certcompressed")
|
||||
func (*mockSigner) GetCertCompressed(sni string) ([]byte, error) {
|
||||
return []byte("certcompressed"), nil
|
||||
}
|
||||
func (*mockSigner) GetCertUncompressed(sni string) []byte {
|
||||
return []byte("certuncompressed")
|
||||
func (*mockSigner) GetCertUncompressed(sni string) ([]byte, error) {
|
||||
return []byte("certuncompressed"), nil
|
||||
}
|
||||
|
||||
type mockAEAD struct {
|
||||
|
||||
@@ -50,6 +50,6 @@ func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error) {
|
||||
}
|
||||
|
||||
// GetCertCompressed returns the certificate data
|
||||
func (s *ServerConfig) GetCertCompressed(sni string) []byte {
|
||||
func (s *ServerConfig) GetCertCompressed(sni string) ([]byte, error) {
|
||||
return s.signer.GetCertCompressed(sni)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user