crypto/tls: prepare for TLS 1.3 client handshake.

This change splits handshake processing for TLS 1.3, reindenting the TLS
1.2 code path and splitting initializationg of the handshake hash. No
equivalent is added for processServerHello because session resumption is
not supported yet.

13.go

@@ -735,3 +735,10 @@ func (hs *serverHandshakeState) traceErr(err error) {
 		}
 	}
 }
+
+func (hs *clientHandshakeState) doTLS13Handshake() error {
+	// TODO key exchange phase
+	// TODO server params phase
+	// TODO auth phase
+	return nil
+}

handshake_client.go

@@ -25,9 +25,14 @@ type clientHandshakeState struct {
 	serverHello  *serverHelloMsg
 	hello        *clientHelloMsg
 	suite        *cipherSuite
-	finishedHash finishedHash
 	masterSecret []byte
 	session      *ClientSessionState
+
+	// TLS 1.0-1.2 fields
+	finishedHash finishedHash
+
+	// TLS 1.3 fields
+	keySchedule *keySchedule13
 }
 
 func makeClientHello(config *Config) (*clientHelloMsg, error) {
@@ -214,7 +219,13 @@ func (hs *clientHandshakeState) handshake() error {
 		return err
 	}
 
-	isResume, err := hs.processServerHello()
+	var isResume bool
+	if c.vers >= VersionTLS13 {
+		hs.keySchedule = newKeySchedule13(hs.suite, c.config, hs.hello.random)
+		hs.keySchedule.write(hs.hello.marshal())
+		hs.keySchedule.write(hs.serverHello.marshal())
+	} else {
+		isResume, err = hs.processServerHello()
 		if err != nil {
 			return err
 		}
@@ -231,9 +242,17 @@ func (hs *clientHandshakeState) handshake() error {
 
 		hs.finishedHash.Write(hs.hello.marshal())
 		hs.finishedHash.Write(hs.serverHello.marshal())
+	}
 
 	c.buffering = true
-	if isResume {
+	if c.vers >= VersionTLS13 {
+		if err := hs.doTLS13Handshake(); err != nil {
+			return err
+		}
+		if _, err := c.flush(); err != nil {
+			return err
+		}
+	} else if isResume {
 		if err := hs.establishKeys(); err != nil {
 			return err
 		}