validate server config signature, for ECDSA certificates

handshake/crypto_setup_client.go

@@ -3,13 +3,16 @@ package handshake
 import (
 	"bytes"
 	gocrypto "crypto"
+	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
+	"encoding/asn1"
 	"encoding/binary"
 	"errors"
 	"io"
+	"math/big"
 	"time"
 
 	"github.com/lucas-clemente/quic-go/crypto"
@@ -18,6 +21,10 @@ import (
 	"github.com/lucas-clemente/quic-go/utils"
 )
 
+type ecdsaSignature struct {
+	R, S *big.Int
+}
+
 type cryptoSetupClient struct {
 	connID  protocol.ConnectionID
 	version protocol.VersionNumber
@@ -180,7 +187,14 @@ func (h *cryptoSetupClient) verifyServerConfigSignature() error {
 			return qerr.ProofInvalid
 		}
 	} else {
-		panic("Not a RSA.")
+		signature := &ecdsaSignature{}
+		rest, err := asn1.Unmarshal(h.proof, signature)
+		if err != nil || len(rest) != 0 {
+			return qerr.ProofInvalid
+		}
+		if !ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), signature.R, signature.S) {
+			return qerr.ProofInvalid
+		}
 	}
 
 	// TODO: verify certificate chain