Add negotiated group to ConnectionState
Dieser Commit ist enthalten in:
Ursprung
54bbc0bf29
Commit
70a7cea10b
4
13.go
4
13.go
@ -351,6 +351,7 @@ CurvePreferenceLoop:
|
|||||||
c.phase = waitingClientFinished
|
c.phase = waitingClientFinished
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hs.c.Group = hs.hello.keyShare.group
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -459,6 +460,7 @@ func (hs *serverHandshakeState) readClientFinished13(hasConfirmLock bool) error
|
|||||||
c.in.traceErr, c.out.traceErr = nil, nil
|
c.in.traceErr, c.out.traceErr = nil, nil
|
||||||
c.phase = handshakeConfirmed
|
c.phase = handshakeConfirmed
|
||||||
atomic.StoreInt32(&c.handshakeConfirmed, 1)
|
atomic.StoreInt32(&c.handshakeConfirmed, 1)
|
||||||
|
hs.c.Group = hs.hello.keyShare.group
|
||||||
|
|
||||||
// Any read operation after handshakeRunning and before handshakeConfirmed
|
// Any read operation after handshakeRunning and before handshakeConfirmed
|
||||||
// will be holding this lock, which we release as soon as the confirmation
|
// will be holding this lock, which we release as soon as the confirmation
|
||||||
@ -470,7 +472,6 @@ func (hs *serverHandshakeState) readClientFinished13(hasConfirmLock bool) error
|
|||||||
if hasConfirmLock {
|
if hasConfirmLock {
|
||||||
c.confirmMutex.Unlock()
|
c.confirmMutex.Unlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
return hs.sendSessionTicket13() // TODO: do in a goroutine
|
return hs.sendSessionTicket13() // TODO: do in a goroutine
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -532,7 +533,6 @@ func (hs *serverHandshakeState) sendCertificate13() error {
|
|||||||
if _, err := c.writeRecord(recordTypeHandshake, verifyMsg.marshal()); err != nil {
|
if _, err := c.writeRecord(recordTypeHandshake, verifyMsg.marshal()); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,6 +35,9 @@ type keyAgreement interface {
|
|||||||
// ServerKeyExchange message.
|
// ServerKeyExchange message.
|
||||||
processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, crypto.PublicKey, *serverKeyExchangeMsg) error
|
processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, crypto.PublicKey, *serverKeyExchangeMsg) error
|
||||||
generateClientKeyExchange(*Config, *clientHelloMsg, crypto.PublicKey) ([]byte, *clientKeyExchangeMsg, error)
|
generateClientKeyExchange(*Config, *clientHelloMsg, crypto.PublicKey) ([]byte, *clientKeyExchangeMsg, error)
|
||||||
|
|
||||||
|
// Returns ID of negotiated group
|
||||||
|
NegotiatedGroup() CurveID
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -242,6 +242,7 @@ type ConnectionState struct {
|
|||||||
Unique0RTTToken []byte
|
Unique0RTTToken []byte
|
||||||
|
|
||||||
ClientHello []byte // ClientHello packet
|
ClientHello []byte // ClientHello packet
|
||||||
|
Group CurveID // ECDH group used
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClientAuthType declares the policy the server will follow for
|
// ClientAuthType declares the policy the server will follow for
|
||||||
|
3
conn.go
3
conn.go
@ -130,6 +130,8 @@ type Conn struct {
|
|||||||
// accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken.
|
// accept the 0-RTT data. Exposed as ConnectionState.Unique0RTTToken.
|
||||||
binder []byte
|
binder []byte
|
||||||
|
|
||||||
|
Group CurveID // ECDH group used
|
||||||
|
|
||||||
tmp [16]byte
|
tmp [16]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1698,6 +1700,7 @@ func (c *Conn) ConnectionState() ConnectionState {
|
|||||||
state.TLSUnique = c.serverFinished[:]
|
state.TLSUnique = c.serverFinished[:]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
state.Group = c.Group
|
||||||
}
|
}
|
||||||
|
|
||||||
return state
|
return state
|
||||||
|
@ -638,7 +638,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
c.Group = keyAgreement.NegotiatedGroup()
|
||||||
hs.finishedHash.discardHandshakeBuffer()
|
hs.finishedHash.discardHandshakeBuffer()
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -647,7 +647,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
|
|||||||
|
|
||||||
hs.finishedHash.Write(certVerify.marshal())
|
hs.finishedHash.Write(certVerify.marshal())
|
||||||
}
|
}
|
||||||
|
c.Group = keyAgreement.NegotiatedGroup()
|
||||||
hs.finishedHash.discardHandshakeBuffer()
|
hs.finishedHash.discardHandshakeBuffer()
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -24,6 +24,10 @@ var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message")
|
|||||||
// encrypts the pre-master secret to the server's public key.
|
// encrypts the pre-master secret to the server's public key.
|
||||||
type rsaKeyAgreement struct{}
|
type rsaKeyAgreement struct{}
|
||||||
|
|
||||||
|
func (ka rsaKeyAgreement) NegotiatedGroup() CurveID {
|
||||||
|
return CurveID(0)
|
||||||
|
}
|
||||||
|
|
||||||
func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
|
func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
@ -155,6 +159,10 @@ type ecdheKeyAgreement struct {
|
|||||||
x, y *big.Int
|
x, y *big.Int
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (ka *ecdheKeyAgreement) NegotiatedGroup() CurveID {
|
||||||
|
return ka.curveid
|
||||||
|
}
|
||||||
|
|
||||||
func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
|
func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, sk crypto.PrivateKey, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
|
||||||
preferredCurves := config.curvePreferences()
|
preferredCurves := config.curvePreferences()
|
||||||
|
|
||||||
|
Laden…
In neuem Issue referenzieren
Einen Benutzer sperren