From f634d2a5776af488bc80145b94790884bfc56dd3 Mon Sep 17 00:00:00 2001 From: Lucas Clemente Date: Mon, 11 Apr 2016 20:35:34 +0200 Subject: [PATCH] add basic RSA server proof generation --- crypto/proof_rsa.go | 48 ++++++++++++++++++++++++++++++++++++++++++++ example/cert.der | Bin 0 -> 1031 bytes example/key.der | Bin 0 -> 1192 bytes 3 files changed, 48 insertions(+) create mode 100644 crypto/proof_rsa.go create mode 100644 example/cert.der create mode 100644 example/key.der diff --git a/crypto/proof_rsa.go b/crypto/proof_rsa.go new file mode 100644 index 00000000..b33e3eac --- /dev/null +++ b/crypto/proof_rsa.go @@ -0,0 +1,48 @@ +package crypto + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "io/ioutil" +) + +// KeyData stores a key and a certificate for the server proof +type KeyData struct { + key *rsa.PrivateKey + cert *x509.Certificate +} + +// LoadKeyData loads the key and cert from files +func LoadKeyData(certFileName string, keyFileName string) (*KeyData, error) { + keyDER, err := ioutil.ReadFile(keyFileName) + if err != nil { + return nil, err + } + key, err := x509.ParsePKCS1PrivateKey(keyDER) + if err != nil { + return nil, err + } + certDER, err := ioutil.ReadFile(certFileName) + if err != nil { + return nil, err + } + cert, err := x509.ParseCertificate(certDER) + if err != nil { + return nil, err + } + + return &KeyData{key: key, cert: cert}, nil +} + +// SignServerProof signs CHLO and server config for use in the server proof +func (kd *KeyData) SignServerProof(chlo []byte, serverConfigData []byte) ([]byte, error) { + hash := sha256.New() + hash.Write([]byte("QUIC server config signature\x00")) + chloHash := sha256.Sum256(chlo) + hash.Write(chloHash[:]) + hash.Write(serverConfigData) + return rsa.SignPSS(rand.Reader, kd.key, crypto.SHA256, hash.Sum(nil), nil) +} diff --git a/example/cert.der b/example/cert.der new file mode 100644 index 0000000000000000000000000000000000000000..03f8e143f956c63ce6c5d8affbc994bcaeabc16c GIT binary patch literal 1031 zcmXqLVqrFDVtT!RnTe5!iIZU_n}721U0FK}c-c6$+C196^D;8BvN9ON8FCwNvN4CU zun9A{xEk^U<$)XyVK%44%G9Dfm;k#ln{R1eW^#t1xPd501(z_NPib;uv4V3>YHn&? zNvffUfe=W7S(rPuA~ClhCsi-MDBVC#oY&CIz{JoHNE#SfMgh5&28ITvP%h2wZ(>wJ z_A(BO}AvryFm}JFO9ya6DG?^KkxSr4{SKUOfJ&|A?dgYqQMu zZHIeT`0I)X`b?`b<(6x%wg`@G;xQC`cvWh}uH{UPGj)RmQmeNejr^+eJ9GN^#!d$p z%SwYnk(C`2bRKEm2;U-NrZ7$a@?Yg#jYVzj9ENP3J4*w$&Z}eIRxdoUUyD_|i+SJP zhO!0uv#z~0F3l-gBX5-|qNX?PN#jZ0HLH7l*VRpkbJ+1MU~8u0=D2__sfANd9JNkm z<(z$0mFt!CU0NgG z3NoJ87d*7XuTx{9`5d=yEu)yo`1rLRQx%w*m>C%u7dIX@Xgpvb3yeQmJ{B<+k-W<( z7O(5i+IpWYOIehcBeUR&y17B)1dzNkOJj#YV`~FeH4BrLB+xoan~)MS56DHrEUX61 zjEw)0;~AK=f$_}9kasfq`nomctRafCH5kuo=?<4>t~q09+_xv`Sjf#?o7~QdU#(eiVKT$= z2URtpc`087cKM~5Gsns%D@VBQwsgE6lG#6LQB{`6d%H1JIe#2aI=w67 aO8ER_uY!%XP>tvI7d0n8#y6FJhyVbCN^7(L literal 0 HcmV?d00001 diff --git a/example/key.der b/example/key.der new file mode 100644 index 0000000000000000000000000000000000000000..2db9aadbf33c01315a77f09140ea8fe8d874d808 GIT binary patch literal 1192 zcmV;Z1Xueof&`=j0RRGm0RaHb<+0lzLaY}ULB@Rf!*AmvsIFG%dNm6kgL^nrU4jfT72(wysJf>Dftf8*5M_I|#aZ3^P_=0xvtCg2WpS0r#XDsM37gdv{NEbt z7>-+tX7|DXog9oT^<_V=CKk`gX87%or~$sH?J$_eEUB*|FGPh|?GXXbFA>7HPKhXy zH=IU`Dl%MIUtg_Al^_EG0|5X50)hbmf0kWu9$@cC!%}Po ztT>2sJ)E<4RL8|WLuC0Usln<3PELG&*N^JJW@ENKHKbo^As0RSx|ed6Aybv?SI)X& zQ>B%@dE`dr^a+e0ND7$oiB$?58!j5$(zsiDQVk~yT3jP0SWj3tr)gE-_oaUftpvA!3(qMKWiM?!k#E2tY3LR=3fDl}wIk1yEwplO0w*k$ZQcDATeljth#0 ziJm^%rN-d9OGAbu|A^4yE(e;i?%$&(Ed!yU4ZMXl>Qjz^IuZCT7?3b388YZ%Elu(y z+=yBXe~9+=g+f*91i*hSG*m)S0)c@5@syjm3ZApI(8|_l-%@aILZm0*Y&pI0BYD|U-G!cBCoPGA(q|S~DzW#U+Fd9x%pEs|+@0{yd~5ZhS!*yeJIslcNRprBOC! z3u1J%CwQkHE}bQ?^-kD$e}STJc$S<}EfM`JXKv4NL8^4xs7wO1Zu7?D>Q0)c@5+E6;&`LpYxo%;X*MBEGJUkCR;2zq`- zws?sUfDZrG+z&``ZLRVi4Qjk`nnb)NE{iCkud67nTl0s9{s&NGP1(P}90ridk62Tg z=l7nzF`YpOy`fH9|5CMQ!rw(56;M`iwKKaE?!X$JRS~V#xwl$Up%{kSj{gz#AQ#7SlB%NI3ucq};N_tM5Wy&&f~-`MBEz7_Ov|t9Rh0# z$c!iE