From 61bc4c1a09df02e809751e01dc0ebeb2271b6b0e Mon Sep 17 00:00:00 2001
From: Kris Kwiatkowski <kris@amongbytes.com>
Date: Sun, 7 Oct 2018 15:55:34 +0100
Subject: [PATCH] moves methods from Config to Conn receives

generateKeyShare has nothing to do with Config receiver. It doesn't
configure anything. It has everything with connection so moved to Conn.
Making deriveECDHESecret also a method of Conn will make it possible to
access 'isClient' field.
---
 13.go               | 14 +++++++-------
 handshake_client.go |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/13.go b/13.go
index 46e878f..03d3823 100644
--- a/13.go
+++ b/13.go
@@ -152,7 +152,7 @@ CurvePreferenceLoop:
 		return errors.New("tls: HelloRetryRequest not implemented") // TODO(filippo)
 	}
 
-	privateKey, serverKS, err := config.generateKeyShare(ks.group)
+	privateKey, serverKS, err := c.generateKeyShare(ks.group)
 	if err != nil {
 		c.sendAlert(alertInternalError)
 		return err
@@ -180,7 +180,7 @@ CurvePreferenceLoop:
 
 	earlyClientCipher, _ := hs.keySchedule.prepareCipher(secretEarlyClient)
 
-	ecdheSecret := deriveECDHESecret(ks, privateKey)
+	ecdheSecret := c.deriveECDHESecret(ks, privateKey)
 	if ecdheSecret == nil {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: bad ECDHE client share")
@@ -545,10 +545,10 @@ func prepareDigitallySigned(hash crypto.Hash, context string, data []byte) []byt
 	return h.Sum(nil)
 }
 
-func (c *Config) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
+func (c *Conn) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
 	if curveID == X25519 {
 		var scalar, public [32]byte
-		if _, err := io.ReadFull(c.rand(), scalar[:]); err != nil {
+		if _, err := io.ReadFull(c.config.rand(), scalar[:]); err != nil {
 			return nil, keyShare{}, err
 		}
 
@@ -561,7 +561,7 @@ func (c *Config) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
 		return nil, keyShare{}, errors.New("tls: preferredCurves includes unsupported curve")
 	}
 
-	privateKey, x, y, err := elliptic.GenerateKey(curve, c.rand())
+	privateKey, x, y, err := elliptic.GenerateKey(curve, c.config.rand())
 	if err != nil {
 		return nil, keyShare{}, err
 	}
@@ -570,7 +570,7 @@ func (c *Config) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
 	return privateKey, keyShare{group: curveID, data: ecdhePublic}, nil
 }
 
-func deriveECDHESecret(ks keyShare, secretKey []byte) []byte {
+func (c *Conn) deriveECDHESecret(ks keyShare, secretKey []byte) []byte {
 	if ks.group == X25519 {
 		if len(ks.data) != 32 {
 			return nil
@@ -975,7 +975,7 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {
 
 	// 0-RTT is not supported yet, so use an empty PSK.
 	hs.keySchedule.setSecret(nil)
-	ecdheSecret := deriveECDHESecret(serverHello.keyShare, hs.privateKey)
+	ecdheSecret := c.deriveECDHESecret(serverHello.keyShare, hs.privateKey)
 	if ecdheSecret == nil {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: bad ECDHE server share")
diff --git a/handshake_client.go b/handshake_client.go
index d8781d9..fb07c4d 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -194,7 +194,7 @@ func (c *Conn) clientHandshake() error {
 		// Create one keyshare for the first default curve. If it is not
 		// appropriate, the server should raise a HRR.
 		defaultGroup := c.config.curvePreferences()[0]
-		hs.privateKey, clientKS, err = c.config.generateKeyShare(defaultGroup)
+		hs.privateKey, clientKS, err = c.generateKeyShare(defaultGroup)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err