crypto/tls: add ConnectionState.Unique0RTTToken

This commit is contained in:
Filippo Valsorda 2017-02-09 20:50:39 +00:00 提交者 Peter Wu
父節點 563bf91c28
當前提交 4f7b5988a3
共有 3 個檔案被更改,包括 13 行新增0 行删除

1
13.go
查看文件

@ -513,6 +513,7 @@ func (hs *serverHandshakeState) checkPSK() (earlySecret []byte, alert alert) {
return nil, alertIllegalParameter
}
if hs.c.config.Accept0RTTData {
hs.c.binder = expectedBinder
hs.c.ticketMaxEarlyData = int64(s.maxEarlyDataLen)
hs.hello13Enc.earlyData = true
}

查看文件

@ -218,6 +218,11 @@ type ConnectionState struct {
// (past and future) is guaranteed not to be replayed.
HandshakeConfirmed bool
// Unique0RTTToken is a value that never repeats, and can be used
// to detect replay attacks against 0-RTT connections.
// Unique0RTTToken is only present if HandshakeConfirmed is false.
Unique0RTTToken []byte
ClientHello []byte // ClientHello packet
}

查看文件

@ -116,6 +116,10 @@ type Conn struct {
// to ever buffer it. in.Mutex.
earlyDataBytes int64
// binder is the value of the PSK binder that was validated to
// accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken.
binder []byte
tmp [16]byte
}
@ -1591,6 +1595,9 @@ func (c *Conn) ConnectionState() ConnectionState {
state.SignedCertificateTimestamps = c.scts
state.OCSPResponse = c.ocspResponse
state.HandshakeConfirmed = atomic.LoadInt32(&c.handshakeConfirmed) == 1
if !state.HandshakeConfirmed {
state.Unique0RTTToken = c.binder
}
if !c.didResume {
if c.clientFinishedIsFirst {
state.TLSUnique = c.clientFinished[:]