mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
6fde3632ef
The vendor/ folder was created with the help of @FiloSottile's gvt and vendorcheck. Any dependencies of Caddy plugins outside this repo are not vendored. We do not remove any unused, vendored packages because vendorcheck -u only checks using the current build configuration; i.e. packages that may be imported by files toggled by build tags of other systems. CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is released, a few of the go commands should be revised to again use ./... as it will ignore the vendor folder by default.
65 lines
1.6 KiB
Go
65 lines
1.6 KiB
Go
package handshake
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/rand"
|
|
|
|
"github.com/lucas-clemente/quic-go/crypto"
|
|
)
|
|
|
|
// ServerConfig is a server config
|
|
type ServerConfig struct {
|
|
kex crypto.KeyExchange
|
|
certChain crypto.CertChain
|
|
ID []byte
|
|
obit []byte
|
|
}
|
|
|
|
// NewServerConfig creates a new server config
|
|
func NewServerConfig(kex crypto.KeyExchange, certChain crypto.CertChain) (*ServerConfig, error) {
|
|
id := make([]byte, 16)
|
|
_, err := rand.Read(id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
obit := make([]byte, 8)
|
|
if _, err = rand.Read(obit); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &ServerConfig{
|
|
kex: kex,
|
|
certChain: certChain,
|
|
ID: id,
|
|
obit: obit,
|
|
}, nil
|
|
}
|
|
|
|
// Get the server config binary representation
|
|
func (s *ServerConfig) Get() []byte {
|
|
var serverConfig bytes.Buffer
|
|
msg := HandshakeMessage{
|
|
Tag: TagSCFG,
|
|
Data: map[Tag][]byte{
|
|
TagSCID: s.ID,
|
|
TagKEXS: []byte("C255"),
|
|
TagAEAD: []byte("AESG"),
|
|
TagPUBS: append([]byte{0x20, 0x00, 0x00}, s.kex.PublicKey()...),
|
|
TagOBIT: s.obit,
|
|
TagEXPY: {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
|
|
},
|
|
}
|
|
msg.Write(&serverConfig)
|
|
return serverConfig.Bytes()
|
|
}
|
|
|
|
// Sign the server config and CHLO with the server's keyData
|
|
func (s *ServerConfig) Sign(sni string, chlo []byte) ([]byte, error) {
|
|
return s.certChain.SignServerProof(sni, chlo, s.Get())
|
|
}
|
|
|
|
// GetCertsCompressed returns the certificate data
|
|
func (s *ServerConfig) GetCertsCompressed(sni string, commonSetHashes, compressedHashes []byte) ([]byte, error) {
|
|
return s.certChain.GetCertsCompressed(sni, commonSetHashes, compressedHashes)
|
|
}
|