Bladeren bron

Add negotiated group to ConnectionState

master
Henry Case 5 jaren geleden
bovenliggende
commit
70a7cea10b
7 gewijzigde bestanden met toevoegingen van 20 en 5 verwijderingen
  1. +2
    -2
      13.go
  2. +3
    -0
      cipher_suites.go
  3. +2
    -1
      common.go
  4. +3
    -0
      conn.go
  5. +1
    -1
      handshake_client.go
  6. +1
    -1
      handshake_server.go
  7. +8
    -0
      key_agreement.go

+ 2
- 2
13.go Bestand weergeven

@@ -351,6 +351,7 @@ CurvePreferenceLoop:
c.phase = waitingClientFinished
}

hs.c.Group = hs.hello.keyShare.group
return nil
}

@@ -459,6 +460,7 @@ func (hs *serverHandshakeState) readClientFinished13(hasConfirmLock bool) error
c.in.traceErr, c.out.traceErr = nil, nil
c.phase = handshakeConfirmed
atomic.StoreInt32(&c.handshakeConfirmed, 1)
hs.c.Group = hs.hello.keyShare.group

// Any read operation after handshakeRunning and before handshakeConfirmed
// will be holding this lock, which we release as soon as the confirmation
@@ -470,7 +472,6 @@ func (hs *serverHandshakeState) readClientFinished13(hasConfirmLock bool) error
if hasConfirmLock {
c.confirmMutex.Unlock()
}

return hs.sendSessionTicket13() // TODO: do in a goroutine
}

@@ -532,7 +533,6 @@ func (hs *serverHandshakeState) sendCertificate13() error {
if _, err := c.writeRecord(recordTypeHandshake, verifyMsg.marshal()); err != nil {
return err
}

return nil
}



+ 3
- 0
cipher_suites.go Bestand weergeven

@@ -35,6 +35,9 @@ type keyAgreement interface {
// ServerKeyExchange message.
processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, crypto.PublicKey, *serverKeyExchangeMsg) error
generateClientKeyExchange(*Config, *clientHelloMsg, crypto.PublicKey) ([]byte, *clientKeyExchangeMsg, error)

// Returns ID of negotiated group
NegotiatedGroup() CurveID
}

const (


+ 2
- 1
common.go Bestand weergeven

@@ -241,7 +241,8 @@ type ConnectionState struct {
// Unique0RTTToken is only present if HandshakeConfirmed is false.
Unique0RTTToken []byte

ClientHello []byte // ClientHello packet
ClientHello []byte // ClientHello packet
Group CurveID // ECDH group used
}

// ClientAuthType declares the policy the server will follow for


+ 3
- 0
conn.go Bestand weergeven

@@ -130,6 +130,8 @@ type Conn struct {
// accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken.
binder []byte

Group CurveID // ECDH group used

tmp [16]byte
}

@@ -1698,6 +1700,7 @@ func (c *Conn) ConnectionState() ConnectionState {
state.TLSUnique = c.serverFinished[:]
}
}
state.Group = c.Group
}

return state


+ 1
- 1
handshake_client.go Bestand weergeven

@@ -638,7 +638,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
return err
}
}
c.Group = keyAgreement.NegotiatedGroup()
hs.finishedHash.discardHandshakeBuffer()

return nil


+ 1
- 1
handshake_server.go Bestand weergeven

@@ -647,7 +647,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {

hs.finishedHash.Write(certVerify.marshal())
}
c.Group = keyAgreement.NegotiatedGroup()
hs.finishedHash.discardHandshakeBuffer()

return nil


+ 8
- 0
key_agreement.go Bestand weergeven

@@ -24,6 +24,10 @@ var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message")
// encrypts the pre-master secret to the server's public key.
type rsaKeyAgreement struct{}

func (ka rsaKeyAgreement) NegotiatedGroup() CurveID {
return CurveID(0)
}

func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
return nil, nil
}
@@ -155,6 +159,10 @@ type ecdheKeyAgreement struct {
x, y *big.Int
}

func (ka *ecdheKeyAgreement) NegotiatedGroup() CurveID {
return ka.curveid
}

func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
preferredCurves := config.curvePreferences()



Laden…
Annuleren
Opslaan