|
|
|
@ -34,8 +34,8 @@ func MakeRandomField(sta *State) []byte {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func MakeSessionTicket(sta *State) []byte {
|
|
|
|
|
// sessionTicket: [marshalled ephemeral pub key 32 bytes][encrypted UID+sessionID 36 bytes, proxy method 16 bytes, encryption method 1 byte][padding 107 bytes]
|
|
|
|
|
// The first 16 bytes of the marshalled ephemeral public key is used as the IV
|
|
|
|
|
// sessionTicket: [marshalled ephemeral pub key 32 bytes][encrypted UID+sessionID 36 bytes, proxy method 16 bytes, encryption method 1 byte][16 bytes authentication tag][padding 91 bytes]
|
|
|
|
|
// The first 12 bytes of the marshalled ephemeral public key is used as the nonce
|
|
|
|
|
// for encrypting the UID
|
|
|
|
|
tthInterval := sta.Now().Unix() / int64(sta.TicketTimeHint)
|
|
|
|
|
sta.keyPairsM.Lock()
|
|
|
|
@ -59,8 +59,8 @@ func MakeSessionTicket(sta *State) []byte {
|
|
|
|
|
copy(plain[36:52], []byte(sta.ProxyMethod))
|
|
|
|
|
plain[52] = sta.EncryptionMethod
|
|
|
|
|
|
|
|
|
|
cipher := util.AESEncrypt(ticket[0:16], key, plain)
|
|
|
|
|
copy(ticket[32:85], cipher)
|
|
|
|
|
cipher, _ := util.AESGCMEncrypt(ticket[0:12], key, plain)
|
|
|
|
|
copy(ticket[32:101], cipher)
|
|
|
|
|
// The purpose of adding sessionID is that, the generated padding of sessionTicket needs to be unpredictable.
|
|
|
|
|
// As shown in auth.go, the padding is generated by a psudo random generator. The seed
|
|
|
|
|
// needs to be the same for each TicketTimeHint interval. However the value of epoch/TicketTimeHint
|
|
|
|
@ -71,6 +71,6 @@ func MakeSessionTicket(sta *State) []byte {
|
|
|
|
|
// With the sessionID value generated at startup of ckclient and used as a part of the seed, the
|
|
|
|
|
// sessionTicket is still identical for each TicketTimeHint interval, but others won't be able to know
|
|
|
|
|
// how it was generated. It will also be different for each client.
|
|
|
|
|
copy(ticket[85:192], util.PsudoRandBytes(107, tthInterval+int64(sta.sessionID)))
|
|
|
|
|
copy(ticket[101:192], util.PsudoRandBytes(91, tthInterval+int64(sta.sessionID)))
|
|
|
|
|
return ticket
|
|
|
|
|
}
|
|
|
|
|