starainrt
98ef9e7fcc
- 新增 managed/external/nested 三种传输保护模式 - 新增 peer attach 显式认证、抗重放、channel binding 和可选前向保密协商 - 明确单连接注入与可重拨连接源的语义边界 - 禁止 ConnectByConn 场景下 dedicated bulk 走 sidecar,auto 模式自动回退 shared - 修正 dedicated attach 在 bootstrap/steady profile 切换下的处理逻辑 - 优化 shared bulk super-batch 与批量 framed write 路径 - 降低 stream/bulk fast path 的复制和分发损耗 - 补齐 benchmark、回归测试、运行时快照和 README 文档
49 lines
1.2 KiB
Go
49 lines
1.2 KiB
Go
package notify
|
|
|
|
import (
|
|
"b612.me/starcrypto"
|
|
"errors"
|
|
"fmt"
|
|
"math/rand"
|
|
"time"
|
|
)
|
|
|
|
// Deprecated: ExchangeKey drives the legacy RSA-based key exchange flow.
|
|
// Prefer UseModernPSKClient.
|
|
func (c *ClientCommon) ExchangeKey(newKey []byte) error {
|
|
pubKey, err := starcrypto.DecodeRsaPublicKey(c.handshakeRsaPubKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
newSendKey, err := starcrypto.RSAEncrypt(pubKey, newKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
data, err := c.sendWait(TransferMsg{
|
|
ID: 19961127,
|
|
Key: "sirius",
|
|
Value: newSendKey,
|
|
Type: MSG_KEY_CHANGE,
|
|
}, time.Second*10)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if string(data.Value) != "success" {
|
|
return errors.New("cannot exchange new aes-key")
|
|
}
|
|
profile := c.clientTransportProtectionSnapshot()
|
|
profile.mode = ProtectionManaged
|
|
profile.secretKey = cloneTransportProtectionKey(newKey)
|
|
profile.runtime = nil
|
|
c.setClientTransportProtectionProfile(profile)
|
|
time.Sleep(time.Millisecond * 100)
|
|
return nil
|
|
}
|
|
|
|
// Deprecated: aesRsaHello is the legacy RSA-based key exchange bootstrap.
|
|
func aesRsaHello(c Client) error {
|
|
newAesKey := []byte(fmt.Sprintf("%d%d%d%s", time.Now().UnixNano(), rand.Int63(), rand.Int63(), "b612.me"))
|
|
newAesKey = []byte(starcrypto.Md5Str(newAesKey))
|
|
return c.ExchangeKey(newAesKey)
|
|
}
|