move server proof verification to crypto package

crypto/server_proof.go

@@ -2,10 +2,13 @@ package crypto
 
 import (
 	"crypto"
+	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/tls"
+	"crypto/x509"
+	"encoding/asn1"
 	"errors"
 	"math/big"
 )
@@ -36,3 +39,28 @@ func signServerProof(cert *tls.Certificate, chlo []byte, serverConfigData []byte
 
 	return key.Sign(rand.Reader, hash.Sum(nil), opts)
 }
+
+// verifyServerProof verifies the server proof signature
+func verifyServerProof(proof []byte, cert *x509.Certificate, chlo []byte, serverConfigData []byte) bool {
+	hash := sha256.New()
+	hash.Write([]byte("QUIC CHLO and server config signature\x00"))
+	chloHash := sha256.Sum256(chlo)
+	hash.Write([]byte{32, 0, 0, 0})
+	hash.Write(chloHash[:])
+	hash.Write(serverConfigData)
+
+	// RSA
+	if cert.PublicKeyAlgorithm == x509.RSA {
+		opts := &rsa.PSSOptions{SaltLength: 32, Hash: crypto.SHA256}
+		err := rsa.VerifyPSS(cert.PublicKey.(*rsa.PublicKey), crypto.SHA256, hash.Sum(nil), proof, opts)
+		return err == nil
+	}
+
+	// ECDSA
+	signature := &ecdsaSignature{}
+	rest, err := asn1.Unmarshal(proof, signature)
+	if err != nil || len(rest) != 0 {
+		return false
+	}
+	return ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), signature.R, signature.S)
+}