Browse Source

crypto/tls: add ConnectionState.Unique0RTTToken

v1.2.3
Filippo Valsorda 7 years ago
committed by Peter Wu
parent
commit
4f7b5988a3
3 changed files with 13 additions and 0 deletions
  1. +1
    -0
      13.go
  2. +5
    -0
      common.go
  3. +7
    -0
      conn.go

+ 1
- 0
13.go View File

@@ -513,6 +513,7 @@ func (hs *serverHandshakeState) checkPSK() (earlySecret []byte, alert alert) {
return nil, alertIllegalParameter
}
if hs.c.config.Accept0RTTData {
hs.c.binder = expectedBinder
hs.c.ticketMaxEarlyData = int64(s.maxEarlyDataLen)
hs.hello13Enc.earlyData = true
}


+ 5
- 0
common.go View File

@@ -218,6 +218,11 @@ type ConnectionState struct {
// (past and future) is guaranteed not to be replayed.
HandshakeConfirmed bool

// Unique0RTTToken is a value that never repeats, and can be used
// to detect replay attacks against 0-RTT connections.
// Unique0RTTToken is only present if HandshakeConfirmed is false.
Unique0RTTToken []byte

ClientHello []byte // ClientHello packet
}



+ 7
- 0
conn.go View File

@@ -116,6 +116,10 @@ type Conn struct {
// to ever buffer it. in.Mutex.
earlyDataBytes int64

// binder is the value of the PSK binder that was validated to
// accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken.
binder []byte

tmp [16]byte
}

@@ -1591,6 +1595,9 @@ func (c *Conn) ConnectionState() ConnectionState {
state.SignedCertificateTimestamps = c.scts
state.OCSPResponse = c.ocspResponse
state.HandshakeConfirmed = atomic.LoadInt32(&c.handshakeConfirmed) == 1
if !state.HandshakeConfirmed {
state.Unique0RTTToken = c.binder
}
if !c.didResume {
if c.clientFinishedIsFirst {
state.TLSUnique = c.clientFinished[:]


Loading…
Cancel
Save