gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

fix proof signature algorithm

Browse Source
This commit is contained in:
Lucas Clemente
2016-04-12 12:16:46 +02:00
parent f634d2a577
commit 97187c5a31
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/proof_rsa.go
View File

@@ -1,12 +1,16 @@
package crypto
import (
"bytes"
"compress/zlib"
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"io/ioutil"
"github.com/lucas-clemente/quic-go/utils"
)
// KeyData stores a key and a certificate for the server proof
@@ -40,9 +44,10 @@ func LoadKeyData(certFileName string, keyFileName string) (*KeyData, error) {
// SignServerProof signs CHLO and server config for use in the server proof
func (kd *KeyData) SignServerProof(chlo []byte, serverConfigData []byte) ([]byte, error) {
hash := sha256.New()
hash.Write([]byte("QUIC server config signature\x00"))
hash.Write([]byte("QUIC CHLO and server config signature\x00"))
chloHash := sha256.Sum256(chlo)
hash.Write([]byte{32, 0, 0, 0})
hash.Write(chloHash[:])
hash.Write(serverConfigData)
return rsa.SignPSS(rand.Reader, kd.key, crypto.SHA256, hash.Sum(nil), nil)
return rsa.SignPSS(rand.Reader, kd.key, crypto.SHA256, hash.Sum(nil), &rsa.PSSOptions{SaltLength: 32})
}