th5/common.go

// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package tls

import (
	"crypto/rsa";
	"io";
	"os";
)

const (
	// maxTLSCiphertext is the maximum length of a plaintext payload.
	maxTLSPlaintext	= 16384;
	// maxTLSCiphertext is the maximum length payload after compression and encryption.
	maxTLSCiphertext	= 16384 + 2048;
	// maxHandshakeMsg is the largest single handshake message that we'll buffer.
	maxHandshakeMsg	= 65536;
	// defaultMajor and defaultMinor are the maximum TLS version that we support.
	defaultMajor	= 3;
	defaultMinor	= 2;
)


// TLS record types.
type recordType uint8

const (
	recordTypeChangeCipherSpec	recordType	= 20;
	recordTypeAlert			recordType	= 21;
	recordTypeHandshake		recordType	= 22;
	recordTypeApplicationData	recordType	= 23;
)

// TLS handshake message types.
const (
	typeClientHello		uint8	= 1;
	typeServerHello		uint8	= 2;
	typeCertificate		uint8	= 11;
	typeServerHelloDone	uint8	= 14;
	typeClientKeyExchange	uint8	= 16;
	typeFinished		uint8	= 20;
)

// TLS cipher suites.
var (
	TLS_RSA_WITH_RC4_128_SHA uint16 = 5;
)

// TLS compression types.
var (
	compressionNone uint8 = 0;
)

type ConnectionState struct {
	HandshakeComplete	bool;
	CipherSuite		string;
	Error			alertType;
}

// A Config structure is used to configure a TLS client or server. After one
// has been passed to a TLS function it must not be modified.
type Config struct {
	// Rand provides the source of entropy for nonces and RSA blinding.
	Rand	io.Reader;
	// Time returns the current time as the number of seconds since the epoch.
	Time		func() int64;
	Certificates	[]Certificate;
	RootCAs		*CASet;
}

type Certificate struct {
	Certificate	[][]byte;
	PrivateKey	*rsa.PrivateKey;
}

// A TLS record.
type record struct {
	contentType	recordType;
	major, minor	uint8;
	payload		[]byte;
}

type handshakeMessage interface {
	marshal() []byte;
}

type encryptor interface {
	// XORKeyStream xors the contents of the slice with bytes from the key stream.
	XORKeyStream(buf []byte);
}

// mutualVersion returns the protocol version to use given the advertised
// version of the peer.
func mutualVersion(theirMajor, theirMinor uint8) (major, minor uint8, ok bool) {
	// We don't deal with peers < TLS 1.0 (aka version 3.1).
	if theirMajor < 3 || theirMajor == 3 && theirMinor < 1 {
		return 0, 0, false
	}
	major = 3;
	minor = 2;
	if theirMinor < minor {
		minor = theirMinor
	}
	ok = true;
	return;
}

// A nop implements the NULL encryption and MAC algorithms.
type nop struct{}

func (nop) XORKeyStream(buf []byte)	{}

func (nop) Write(buf []byte) (int, os.Error)	{ return len(buf), nil }

func (nop) Sum() []byte	{ return nil }

func (nop) Reset()	{}

func (nop) Size() int	{ return 0 }
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00			`// Copyright 2009 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`package tls`

			`import (`
			`"crypto/rsa";`
			`"io";`
			`"os";`
			`)`

			`const (`
			`// maxTLSCiphertext is the maximum length of a plaintext payload.`
			`maxTLSPlaintext = 16384;`
			`// maxTLSCiphertext is the maximum length payload after compression and encryption.`
- replaced gofmt expression formatting algorithm with rsc's algorithm - applied gofmt -w misc src - partial CL (remaining files in other CLs) R=rsc, r http://go/go-review/1026036 2009-11-10 05:13:17 +00:00			`maxTLSCiphertext = 16384 + 2048;`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00			`// maxHandshakeMsg is the largest single handshake message that we'll buffer.`
			`maxHandshakeMsg = 65536;`
crypto/tls: add initial client implementation. R=rsc, agl CC=golang-dev https://golang.org/cl/157076 2009-11-21 23:53:03 +00:00			`// defaultMajor and defaultMinor are the maximum TLS version that we support.`
			`defaultMajor = 3;`
			`defaultMinor = 2;`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00			`)`


			`// TLS record types.`
			`type recordType uint8`

			`const (`
			`recordTypeChangeCipherSpec recordType = 20;`
			`recordTypeAlert recordType = 21;`
			`recordTypeHandshake recordType = 22;`
			`recordTypeApplicationData recordType = 23;`
			`)`

			`// TLS handshake message types.`
			`const (`
			`typeClientHello uint8 = 1;`
			`typeServerHello uint8 = 2;`
			`typeCertificate uint8 = 11;`
			`typeServerHelloDone uint8 = 14;`
			`typeClientKeyExchange uint8 = 16;`
			`typeFinished uint8 = 20;`
			`)`

			`// TLS cipher suites.`
			`var (`
			`TLS_RSA_WITH_RC4_128_SHA uint16 = 5;`
			`)`

			`// TLS compression types.`
			`var (`
			`compressionNone uint8 = 0;`
			`)`

			`type ConnectionState struct {`
			`HandshakeComplete bool;`
			`CipherSuite string;`
			`Error alertType;`
			`}`

			`// A Config structure is used to configure a TLS client or server. After one`
			`// has been passed to a TLS function it must not be modified.`
			`type Config struct {`
			`// Rand provides the source of entropy for nonces and RSA blinding.`
			`Rand io.Reader;`
			`// Time returns the current time as the number of seconds since the epoch.`
			`Time func() int64;`
			`Certificates []Certificate;`
crypto/tls: add initial client implementation. R=rsc, agl CC=golang-dev https://golang.org/cl/157076 2009-11-21 23:53:03 +00:00			`RootCAs *CASet;`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00			`}`

			`type Certificate struct {`
			`Certificate [][]byte;`
			`PrivateKey *rsa.PrivateKey;`
			`}`

			`// A TLS record.`
			`type record struct {`
			`contentType recordType;`
			`major, minor uint8;`
			`payload []byte;`
			`}`

			`type handshakeMessage interface {`
			`marshal() []byte;`
			`}`

			`type encryptor interface {`
			`// XORKeyStream xors the contents of the slice with bytes from the key stream.`
			`XORKeyStream(buf []byte);`
			`}`

			`// mutualVersion returns the protocol version to use given the advertised`
			`// version of the peer.`
			`func mutualVersion(theirMajor, theirMinor uint8) (major, minor uint8, ok bool) {`
			`// We don't deal with peers < TLS 1.0 (aka version 3.1).`
			`if theirMajor < 3 \|\| theirMajor == 3 && theirMinor < 1 {`
remove semis after statements in one-statement statement lists R=rsc, r http://go/go-review/1025029 2009-11-09 20:07:39 +00:00			`return 0, 0, false`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00			`}`
			`major = 3;`
			`minor = 2;`
			`if theirMinor < minor {`
remove semis after statements in one-statement statement lists R=rsc, r http://go/go-review/1025029 2009-11-09 20:07:39 +00:00			`minor = theirMinor`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00			`}`
			`ok = true;`
			`return;`
			`}`

			`// A nop implements the NULL encryption and MAC algorithms.`
			`type nop struct{}`

- fine-tuning of one-line func heuristic (nodes.go) - enabled for function declarations (not just function literals) - applied gofmt -w $GOROOT/src (look for instance at src/pkg/debug/elf/elf.go) R=r, rsc CC=go-dev http://go/go-review/1026006 2009-11-06 22:24:38 +00:00			`func (nop) XORKeyStream(buf []byte) {}`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00
- fine-tuning of one-line func heuristic (nodes.go) - enabled for function declarations (not just function literals) - applied gofmt -w $GOROOT/src (look for instance at src/pkg/debug/elf/elf.go) R=r, rsc CC=go-dev http://go/go-review/1026006 2009-11-06 22:24:38 +00:00			`func (nop) Write(buf []byte) (int, os.Error) { return len(buf), nil }`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00
- fine-tuning of one-line func heuristic (nodes.go) - enabled for function declarations (not just function literals) - applied gofmt -w $GOROOT/src (look for instance at src/pkg/debug/elf/elf.go) R=r, rsc CC=go-dev http://go/go-review/1026006 2009-11-06 22:24:38 +00:00			`func (nop) Sum() []byte { return nil }`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00
- fine-tuning of one-line func heuristic (nodes.go) - enabled for function declarations (not just function literals) - applied gofmt -w $GOROOT/src (look for instance at src/pkg/debug/elf/elf.go) R=r, rsc CC=go-dev http://go/go-review/1026006 2009-11-06 22:24:38 +00:00			`func (nop) Reset() {}`
crypto/tls (part 1) Rather than drop everything into a single, huge review, I've included some simple bits of code here. R=rsc CC=go-dev http://go/go-review/1016029 2009-11-03 02:25:20 +00:00
- fine-tuning of one-line func heuristic (nodes.go) - enabled for function declarations (not just function literals) - applied gofmt -w $GOROOT/src (look for instance at src/pkg/debug/elf/elf.go) R=r, rsc CC=go-dev http://go/go-review/1026006 2009-11-06 22:24:38 +00:00			`func (nop) Size() int { return 0 }`