Browse Source

moves methods from Config to Conn receives

generateKeyShare has nothing to do with Config receiver. It doesn't
configure anything. It has everything with connection so moved to Conn.
Making deriveECDHESecret also a method of Conn will make it possible to
access 'isClient' field.
v1.2.3
Kris Kwiatkowski 6 years ago
committed by Kris Kwiatkowski
parent
commit
61bc4c1a09
2 changed files with 8 additions and 8 deletions
  1. +7
    -7
      13.go
  2. +1
    -1
      handshake_client.go

+ 7
- 7
13.go View File

@@ -152,7 +152,7 @@ CurvePreferenceLoop:
return errors.New("tls: HelloRetryRequest not implemented") // TODO(filippo) return errors.New("tls: HelloRetryRequest not implemented") // TODO(filippo)
} }


privateKey, serverKS, err := config.generateKeyShare(ks.group)
privateKey, serverKS, err := c.generateKeyShare(ks.group)
if err != nil { if err != nil {
c.sendAlert(alertInternalError) c.sendAlert(alertInternalError)
return err return err
@@ -180,7 +180,7 @@ CurvePreferenceLoop:


earlyClientCipher, _ := hs.keySchedule.prepareCipher(secretEarlyClient) earlyClientCipher, _ := hs.keySchedule.prepareCipher(secretEarlyClient)


ecdheSecret := deriveECDHESecret(ks, privateKey)
ecdheSecret := c.deriveECDHESecret(ks, privateKey)
if ecdheSecret == nil { if ecdheSecret == nil {
c.sendAlert(alertIllegalParameter) c.sendAlert(alertIllegalParameter)
return errors.New("tls: bad ECDHE client share") return errors.New("tls: bad ECDHE client share")
@@ -545,10 +545,10 @@ func prepareDigitallySigned(hash crypto.Hash, context string, data []byte) []byt
return h.Sum(nil) return h.Sum(nil)
} }


func (c *Config) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
func (c *Conn) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
if curveID == X25519 { if curveID == X25519 {
var scalar, public [32]byte var scalar, public [32]byte
if _, err := io.ReadFull(c.rand(), scalar[:]); err != nil {
if _, err := io.ReadFull(c.config.rand(), scalar[:]); err != nil {
return nil, keyShare{}, err return nil, keyShare{}, err
} }


@@ -561,7 +561,7 @@ func (c *Config) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
return nil, keyShare{}, errors.New("tls: preferredCurves includes unsupported curve") return nil, keyShare{}, errors.New("tls: preferredCurves includes unsupported curve")
} }


privateKey, x, y, err := elliptic.GenerateKey(curve, c.rand())
privateKey, x, y, err := elliptic.GenerateKey(curve, c.config.rand())
if err != nil { if err != nil {
return nil, keyShare{}, err return nil, keyShare{}, err
} }
@@ -570,7 +570,7 @@ func (c *Config) generateKeyShare(curveID CurveID) ([]byte, keyShare, error) {
return privateKey, keyShare{group: curveID, data: ecdhePublic}, nil return privateKey, keyShare{group: curveID, data: ecdhePublic}, nil
} }


func deriveECDHESecret(ks keyShare, secretKey []byte) []byte {
func (c *Conn) deriveECDHESecret(ks keyShare, secretKey []byte) []byte {
if ks.group == X25519 { if ks.group == X25519 {
if len(ks.data) != 32 { if len(ks.data) != 32 {
return nil return nil
@@ -975,7 +975,7 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {


// 0-RTT is not supported yet, so use an empty PSK. // 0-RTT is not supported yet, so use an empty PSK.
hs.keySchedule.setSecret(nil) hs.keySchedule.setSecret(nil)
ecdheSecret := deriveECDHESecret(serverHello.keyShare, hs.privateKey)
ecdheSecret := c.deriveECDHESecret(serverHello.keyShare, hs.privateKey)
if ecdheSecret == nil { if ecdheSecret == nil {
c.sendAlert(alertIllegalParameter) c.sendAlert(alertIllegalParameter)
return errors.New("tls: bad ECDHE server share") return errors.New("tls: bad ECDHE server share")


+ 1
- 1
handshake_client.go View File

@@ -194,7 +194,7 @@ func (c *Conn) clientHandshake() error {
// Create one keyshare for the first default curve. If it is not // Create one keyshare for the first default curve. If it is not
// appropriate, the server should raise a HRR. // appropriate, the server should raise a HRR.
defaultGroup := c.config.curvePreferences()[0] defaultGroup := c.config.curvePreferences()[0]
hs.privateKey, clientKS, err = c.config.generateKeyShare(defaultGroup)
hs.privateKey, clientKS, err = c.generateKeyShare(defaultGroup)
if err != nil { if err != nil {
c.sendAlert(alertInternalError) c.sendAlert(alertInternalError)
return err return err


Loading…
Cancel
Save