kris
/
th5
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Quellcode durchsuchen

crypto/tls: prepare for TLS 1.3 client handshake. 

This change splits handshake processing for TLS 1.3, reindenting the TLS
1.2 code path and splitting initializationg of the handshake hash. No
equivalent is added for processServerHello because session resumption is
not supported yet.
v1.2.3
Peter Wu vor 7 Jahren
Ursprung
9eb1d7faf7
Commit
634f9a5858
2 geänderte Dateien mit 42 neuen und 16 gelöschten Zeilen
Geteilte Ansicht
Diff-Optionen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen
  1. +7
    -0
      13.go
  2. +35
    -16
      handshake_client.go

+ 7
- 0
13.go Datei anzeigen

@@ -735,3 +735,10 @@ func (hs *serverHandshakeState) traceErr(err error) {
}
}
}

func (hs *clientHandshakeState) doTLS13Handshake() error {
// TODO key exchange phase
// TODO server params phase
// TODO auth phase
return nil
}

+ 35
- 16
handshake_client.go Datei anzeigen

@@ -25,9 +25,14 @@ type clientHandshakeState struct {
serverHello *serverHelloMsg
hello *clientHelloMsg
suite *cipherSuite
finishedHash finishedHash
masterSecret []byte
session *ClientSessionState

// TLS 1.0-1.2 fields
finishedHash finishedHash

// TLS 1.3 fields
keySchedule *keySchedule13
}

func makeClientHello(config *Config) (*clientHelloMsg, error) {
@@ -214,26 +219,40 @@ func (hs *clientHandshakeState) handshake() error {
return err
}

isResume, err := hs.processServerHello()
if err != nil {
return err
}
var isResume bool
if c.vers >= VersionTLS13 {
hs.keySchedule = newKeySchedule13(hs.suite, c.config, hs.hello.random)
hs.keySchedule.write(hs.hello.marshal())
hs.keySchedule.write(hs.serverHello.marshal())
} else {
isResume, err = hs.processServerHello()
if err != nil {
return err
}

hs.finishedHash = newFinishedHash(c.vers, hs.suite)
hs.finishedHash = newFinishedHash(c.vers, hs.suite)

// No signatures of the handshake are needed in a resumption.
// Otherwise, in a full handshake, if we don't have any certificates
// configured then we will never send a CertificateVerify message and
// thus no signatures are needed in that case either.
if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) {
hs.finishedHash.discardHandshakeBuffer()
}
// No signatures of the handshake are needed in a resumption.
// Otherwise, in a full handshake, if we don't have any certificates
// configured then we will never send a CertificateVerify message and
// thus no signatures are needed in that case either.
if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) {
hs.finishedHash.discardHandshakeBuffer()
}

hs.finishedHash.Write(hs.hello.marshal())
hs.finishedHash.Write(hs.serverHello.marshal())
hs.finishedHash.Write(hs.hello.marshal())
hs.finishedHash.Write(hs.serverHello.marshal())
}

c.buffering = true
if isResume {
if c.vers >= VersionTLS13 {
if err := hs.doTLS13Handshake(); err != nil {
return err
}
if _, err := c.flush(); err != nil {
return err
}
} else if isResume {
if err := hs.establishKeys(); err != nil {
return err
}


Verfassen Vorschau
Laden…
Abbrechen
Speichern