| 172 | } |
| 173 | |
| 174 | func (c *realityVerifier) VerifyConnection(state utls.ConnectionState) error { |
| 175 | log.Debugln("REALITY localAddr: %v is using X25519MLKEM768 for TLS' communication: %v", c.RemoteAddr(), c.HandshakeState.ServerHello.ServerShare.Group == utls.X25519MLKEM768) |
| 176 | certs := state.PeerCertificates |
| 177 | if pub, ok := certs[0].PublicKey.(ed25519.PublicKey); ok { |
| 178 | h := hmac.New(sha512.New, c.authKey) |
| 179 | h.Write(pub) |
| 180 | if bytes.Equal(h.Sum(nil), certs[0].Signature) { |
| 181 | c.verified = true |
| 182 | return nil |
| 183 | } |
| 184 | } |
| 185 | opts := x509.VerifyOptions{ |
| 186 | DNSName: c.serverName, |
| 187 | Intermediates: x509.NewCertPool(), |
| 188 | CurrentTime: ntp.Now(), |
| 189 | } |
| 190 | for _, cert := range certs[1:] { |
| 191 | opts.Intermediates.AddCert(cert) |
| 192 | } |
| 193 | if _, err := certs[0].Verify(opts); err != nil { |
| 194 | return err |
| 195 | } |
| 196 | return nil |
| 197 | } |