personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-02-14 08:44:24 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Combine ca, cert, and key handling (#952)

Browse Source
This commit is contained in:
Nate Brown
2023-08-14 21:32:40 -05:00
committed by GitHub
parent 223cc6e660
commit 5a131b2975
17 changed files with 381 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
connection_state.go
View File

@@ -30,15 +30,15 @@ type ConnectionState struct {
func (f *Interface) newConnectionState(l *logrus.Logger, initiator bool, pattern noise.HandshakePattern, psk []byte, pskStage int) *ConnectionState {
var dhFunc noise.DHFunc
curCertState := f.certState.Load()
curCertState := f.pki.GetCertState()
switch curCertState.certificate.Details.Curve {
switch curCertState.Certificate.Details.Curve {
case cert.Curve_CURVE25519:
dhFunc = noise.DH25519
case cert.Curve_P256:
dhFunc = noiseutil.DHP256
default:
l.Errorf("invalid curve: %s", curCertState.certificate.Details.Curve)
l.Errorf("invalid curve: %s", curCertState.Certificate.Details.Curve)
return nil
}
cs := noise.NewCipherSuite(dhFunc, noiseutil.CipherAESGCM, noise.HashSHA256)
@@ -46,7 +46,7 @@ func (f *Interface) newConnectionState(l *logrus.Logger, initiator bool, pattern
cs = noise.NewCipherSuite(dhFunc, noise.CipherChaChaPoly, noise.HashSHA256)
}
static := noise.DHKey{Private: curCertState.privateKey, Public: curCertState.publicKey}
static := noise.DHKey{Private: curCertState.PrivateKey, Public: curCertState.PublicKey}
b := NewBits(ReplayWindow)
// Clear out bit 0, we never transmit it and we don't want it showing as packet loss