mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 12:37:35 +03:00
Expose DecryptTicketWith function (#61)
Expose DecryptTicketWith function
This commit is contained in:
maxb
GitHub
parent
33a29038e7
commit
5801f3fc5a
2 changed files with 65 additions and 1 deletions
17
ticket.go
17
ticket.go
|
|
@ -171,7 +171,20 @@ func (c *Conn) encryptTicket(state []byte) ([]byte, error) {
|
|||
return encrypted, nil
|
||||
}
|
||||
|
||||
// [uTLS] changed to use exported DecryptTicketWith func below
|
||||
func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey bool) {
|
||||
tks := ticketKeys(c.config.ticketKeys()).ToPublic()
|
||||
return DecryptTicketWith(encrypted, tks)
|
||||
}
|
||||
|
||||
// DecryptTicketWith decrypts an encrypted session ticket
|
||||
// using a TicketKeys (ie []TicketKey) struct
|
||||
//
|
||||
// usedOldKey will be true if the key used for decryption is
|
||||
// not the first in the []TicketKey slice
|
||||
//
|
||||
// [uTLS] changed to be made public and take a TicketKeys instead of use a Conn receiver
|
||||
func DecryptTicketWith(encrypted []byte, tks TicketKeys) (plaintext []byte, usedOldKey bool) {
|
||||
if len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
|
||||
return nil, false
|
||||
}
|
||||
|
|
@ -181,7 +194,9 @@ func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey boo
|
|||
macBytes := encrypted[len(encrypted)-sha256.Size:]
|
||||
ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size]
|
||||
|
||||
keys := c.config.ticketKeys()
|
||||
// keys := c.config.ticketKeys() // [uTLS] keys are received as a function argument
|
||||
|
||||
keys := tks.ToPrivate()
|
||||
keyIndex := -1
|
||||
for i, candidateKey := range keys {
|
||||
if bytes.Equal(keyName, candidateKey.keyName[:]) {
|
||||
|
|
|
|||
49
u_public.go
49
u_public.go
|
|
@ -622,3 +622,52 @@ func (css *ClientSessionState) SetServerCertificates(ServerCertificates []*x509.
|
|||
func (css *ClientSessionState) SetVerifiedChains(VerifiedChains [][]*x509.Certificate) {
|
||||
css.verifiedChains = VerifiedChains
|
||||
}
|
||||
|
||||
// TicketKey is the internal representation of a session ticket key.
|
||||
type TicketKey struct {
|
||||
// KeyName is an opaque byte string that serves to identify the session
|
||||
// ticket key. It's exposed as plaintext in every session ticket.
|
||||
KeyName [ticketKeyNameLen]byte
|
||||
AesKey [16]byte
|
||||
HmacKey [16]byte
|
||||
}
|
||||
|
||||
type TicketKeys []TicketKey
|
||||
type ticketKeys []ticketKey
|
||||
|
||||
func TicketKeyFromBytes(b [32]byte) TicketKey {
|
||||
tk := ticketKeyFromBytes(b)
|
||||
return tk.ToPublic()
|
||||
}
|
||||
|
||||
func (tk ticketKey) ToPublic() TicketKey {
|
||||
return TicketKey{
|
||||
KeyName: tk.keyName,
|
||||
AesKey: tk.aesKey,
|
||||
HmacKey: tk.hmacKey,
|
||||
}
|
||||
}
|
||||
|
||||
func (TK TicketKey) ToPrivate() ticketKey {
|
||||
return ticketKey{
|
||||
keyName: TK.KeyName,
|
||||
aesKey: TK.AesKey,
|
||||
hmacKey: TK.HmacKey,
|
||||
}
|
||||
}
|
||||
|
||||
func (tks ticketKeys) ToPublic() []TicketKey {
|
||||
var TKS []TicketKey
|
||||
for _, ks := range tks {
|
||||
TKS = append(TKS, ks.ToPublic())
|
||||
}
|
||||
return TKS
|
||||
}
|
||||
|
||||
func (TKS TicketKeys) ToPrivate() []ticketKey {
|
||||
var tks []ticketKey
|
||||
for _, TK := range TKS {
|
||||
tks = append(tks, TK.ToPrivate())
|
||||
}
|
||||
return tks
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue