mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Expose DecryptTicketWith function (#61)

Browse source 
Expose DecryptTicketWith function
This commit is contained in:
maxb 2020-11-12 11:38:19 -08:00 committed by GitHub
parent 33a29038e7
commit 5801f3fc5a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 65 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
ticket.go
View file

@ -171,7 +171,20 @@ func (c *Conn) encryptTicket(state []byte) ([]byte, error) {
return encrypted, nil
}
// [uTLS] changed to use exported DecryptTicketWith func below
func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey bool) {
tks := ticketKeys(c.config.ticketKeys()).ToPublic()
return DecryptTicketWith(encrypted, tks)
}
// DecryptTicketWith decrypts an encrypted session ticket
// using a TicketKeys (ie []TicketKey) struct
//
// usedOldKey will be true if the key used for decryption is
// not the first in the []TicketKey slice
//
// [uTLS] changed to be made public and take a TicketKeys instead of use a Conn receiver
func DecryptTicketWith(encrypted []byte, tks TicketKeys) (plaintext []byte, usedOldKey bool) {
if len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
return nil, false
}
@ -181,7 +194,9 @@ func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey boo
macBytes := encrypted[len(encrypted)-sha256.Size:]
ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size]
keys := c.config.ticketKeys()
// keys := c.config.ticketKeys() // [uTLS] keys are received as a function argument
keys := tks.ToPrivate()
keyIndex := -1
for i, candidateKey := range keys {
if bytes.Equal(keyName, candidateKey.keyName[:]) {