1
0

Add negotiated group to ConnectionState

Dieser Commit ist enthalten in:
Henry Case 2019-05-12 20:22:21 +01:00
Ursprung 54bbc0bf29
Commit 70a7cea10b
7 geänderte Dateien mit 20 neuen und 5 gelöschten Zeilen

4
13.go
Datei anzeigen

@ -351,6 +351,7 @@ CurvePreferenceLoop:
c.phase = waitingClientFinished c.phase = waitingClientFinished
} }
hs.c.Group = hs.hello.keyShare.group
return nil return nil
} }
@ -459,6 +460,7 @@ func (hs *serverHandshakeState) readClientFinished13(hasConfirmLock bool) error
c.in.traceErr, c.out.traceErr = nil, nil c.in.traceErr, c.out.traceErr = nil, nil
c.phase = handshakeConfirmed c.phase = handshakeConfirmed
atomic.StoreInt32(&c.handshakeConfirmed, 1) atomic.StoreInt32(&c.handshakeConfirmed, 1)
hs.c.Group = hs.hello.keyShare.group
// Any read operation after handshakeRunning and before handshakeConfirmed // Any read operation after handshakeRunning and before handshakeConfirmed
// will be holding this lock, which we release as soon as the confirmation // will be holding this lock, which we release as soon as the confirmation
@ -470,7 +472,6 @@ func (hs *serverHandshakeState) readClientFinished13(hasConfirmLock bool) error
if hasConfirmLock { if hasConfirmLock {
c.confirmMutex.Unlock() c.confirmMutex.Unlock()
} }
return hs.sendSessionTicket13() // TODO: do in a goroutine return hs.sendSessionTicket13() // TODO: do in a goroutine
} }
@ -532,7 +533,6 @@ func (hs *serverHandshakeState) sendCertificate13() error {
if _, err := c.writeRecord(recordTypeHandshake, verifyMsg.marshal()); err != nil { if _, err := c.writeRecord(recordTypeHandshake, verifyMsg.marshal()); err != nil {
return err return err
} }
return nil return nil
} }

Datei anzeigen

@ -35,6 +35,9 @@ type keyAgreement interface {
// ServerKeyExchange message. // ServerKeyExchange message.
processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, crypto.PublicKey, *serverKeyExchangeMsg) error processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, crypto.PublicKey, *serverKeyExchangeMsg) error
generateClientKeyExchange(*Config, *clientHelloMsg, crypto.PublicKey) ([]byte, *clientKeyExchangeMsg, error) generateClientKeyExchange(*Config, *clientHelloMsg, crypto.PublicKey) ([]byte, *clientKeyExchangeMsg, error)
// Returns ID of negotiated group
NegotiatedGroup() CurveID
} }
const ( const (

Datei anzeigen

@ -242,6 +242,7 @@ type ConnectionState struct {
Unique0RTTToken []byte Unique0RTTToken []byte
ClientHello []byte // ClientHello packet ClientHello []byte // ClientHello packet
Group CurveID // ECDH group used
} }
// ClientAuthType declares the policy the server will follow for // ClientAuthType declares the policy the server will follow for

Datei anzeigen

@ -130,6 +130,8 @@ type Conn struct {
// accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken. // accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken.
binder []byte binder []byte
Group CurveID // ECDH group used
tmp [16]byte tmp [16]byte
} }
@ -1698,6 +1700,7 @@ func (c *Conn) ConnectionState() ConnectionState {
state.TLSUnique = c.serverFinished[:] state.TLSUnique = c.serverFinished[:]
} }
} }
state.Group = c.Group
} }
return state return state

Datei anzeigen

@ -638,7 +638,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
return err return err
} }
} }
c.Group = keyAgreement.NegotiatedGroup()
hs.finishedHash.discardHandshakeBuffer() hs.finishedHash.discardHandshakeBuffer()
return nil return nil

Datei anzeigen

@ -647,7 +647,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
hs.finishedHash.Write(certVerify.marshal()) hs.finishedHash.Write(certVerify.marshal())
} }
c.Group = keyAgreement.NegotiatedGroup()
hs.finishedHash.discardHandshakeBuffer() hs.finishedHash.discardHandshakeBuffer()
return nil return nil

Datei anzeigen

@ -24,6 +24,10 @@ var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message")
// encrypts the pre-master secret to the server's public key. // encrypts the pre-master secret to the server's public key.
type rsaKeyAgreement struct{} type rsaKeyAgreement struct{}
func (ka rsaKeyAgreement) NegotiatedGroup() CurveID {
return CurveID(0)
}
func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
return nil, nil return nil, nil
} }
@ -155,6 +159,10 @@ type ecdheKeyAgreement struct {
x, y *big.Int x, y *big.Int
} }
func (ka *ecdheKeyAgreement) NegotiatedGroup() CurveID {
return ka.curveid
}
func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
preferredCurves := config.curvePreferences() preferredCurves := config.curvePreferences()