mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-22 02:15:45 +03:00
6fde3632ef
The vendor/ folder was created with the help of @FiloSottile's gvt and vendorcheck. Any dependencies of Caddy plugins outside this repo are not vendored. We do not remove any unused, vendored packages because vendorcheck -u only checks using the current build configuration; i.e. packages that may be imported by files toggled by build tags of other systems. CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is released, a few of the go commands should be revised to again use ./... as it will ignore the vendor folder by default.
50 lines
1.3 KiB
Go
50 lines
1.3 KiB
Go
package handshake
|
|
|
|
import (
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/lucas-clemente/quic-go/crypto"
|
|
"github.com/lucas-clemente/quic-go/protocol"
|
|
"github.com/lucas-clemente/quic-go/utils"
|
|
)
|
|
|
|
var (
|
|
kexLifetime = protocol.EphermalKeyLifetime
|
|
kexCurrent crypto.KeyExchange
|
|
kexCurrentTime time.Time
|
|
kexMutex sync.RWMutex
|
|
)
|
|
|
|
// getEphermalKEX returns the currently active KEX, which changes every protocol.EphermalKeyLifetime
|
|
// See the explanation from the QUIC crypto doc:
|
|
//
|
|
// A single connection is the usual scope for forward security, but the security
|
|
// difference between an ephemeral key used for a single connection, and one
|
|
// used for all connections for 60 seconds is negligible. Thus we can amortise
|
|
// the Diffie-Hellman key generation at the server over all the connections in a
|
|
// small time span.
|
|
func getEphermalKEX() (res crypto.KeyExchange) {
|
|
kexMutex.RLock()
|
|
res = kexCurrent
|
|
t := kexCurrentTime
|
|
kexMutex.RUnlock()
|
|
if res != nil && time.Since(t) < kexLifetime {
|
|
return res
|
|
}
|
|
|
|
kexMutex.Lock()
|
|
defer kexMutex.Unlock()
|
|
// Check if still unfulfilled
|
|
if kexCurrent == nil || time.Since(kexCurrentTime) > kexLifetime {
|
|
kex, err := crypto.NewCurve25519KEX()
|
|
if err != nil {
|
|
utils.Errorf("could not set KEX: %s", err.Error())
|
|
return kexCurrent
|
|
}
|
|
kexCurrent = kex
|
|
kexCurrentTime = time.Now()
|
|
return kexCurrent
|
|
}
|
|
return kexCurrent
|
|
}
|