crypto/tls: split clientHandshake into multiple methods

Change-Id: I23bfaa7e03a21aad4e85baa3bf52bb00c09b75d0
Reviewed-on: https://go-review.googlesource.com/44354
Reviewed-by: Adam Langley <agl@golang.org>
这个提交包含在:
Sergey Frolov 2017-05-30 12:53:11 -04:00 提交者 Adam Langley
父节点 b0bcb44715
当前提交 95bebf2e8e

查看文件

@ -29,51 +29,38 @@ type clientHandshakeState struct {
session *ClientSessionState session *ClientSessionState
} }
// c.out.Mutex <= L; c.handshakeMutex <= L. func makeClientHello(config *Config) (*clientHelloMsg, error) {
func (c *Conn) clientHandshake() error { if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
if c.config == nil { return nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
c.config = defaultConfig()
}
// This may be a renegotiation handshake, in which case some fields
// need to be reset.
c.didResume = false
if len(c.config.ServerName) == 0 && !c.config.InsecureSkipVerify {
return errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
} }
nextProtosLength := 0 nextProtosLength := 0
for _, proto := range c.config.NextProtos { for _, proto := range config.NextProtos {
if l := len(proto); l == 0 || l > 255 { if l := len(proto); l == 0 || l > 255 {
return errors.New("tls: invalid NextProtos value") return nil, errors.New("tls: invalid NextProtos value")
} else { } else {
nextProtosLength += 1 + l nextProtosLength += 1 + l
} }
} }
if nextProtosLength > 0xffff { if nextProtosLength > 0xffff {
return errors.New("tls: NextProtos values too large") return nil, errors.New("tls: NextProtos values too large")
} }
hello := &clientHelloMsg{ hello := &clientHelloMsg{
vers: c.config.maxVersion(), vers: config.maxVersion(),
compressionMethods: []uint8{compressionNone}, compressionMethods: []uint8{compressionNone},
random: make([]byte, 32), random: make([]byte, 32),
ocspStapling: true, ocspStapling: true,
scts: true, scts: true,
serverName: hostnameInSNI(c.config.ServerName), serverName: hostnameInSNI(config.ServerName),
supportedCurves: c.config.curvePreferences(), supportedCurves: config.curvePreferences(),
supportedPoints: []uint8{pointFormatUncompressed}, supportedPoints: []uint8{pointFormatUncompressed},
nextProtoNeg: len(c.config.NextProtos) > 0, nextProtoNeg: len(config.NextProtos) > 0,
secureRenegotiationSupported: true, secureRenegotiationSupported: true,
alpnProtocols: c.config.NextProtos, alpnProtocols: config.NextProtos,
} }
possibleCipherSuites := config.cipherSuites()
if c.handshakes > 0 {
hello.secureRenegotiation = c.clientFinished[:]
}
possibleCipherSuites := c.config.cipherSuites()
hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites)) hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
NextCipherSuite: NextCipherSuite:
@ -92,16 +79,37 @@ NextCipherSuite:
} }
} }
_, err := io.ReadFull(c.config.rand(), hello.random) _, err := io.ReadFull(config.rand(), hello.random)
if err != nil { if err != nil {
c.sendAlert(alertInternalError) return nil, errors.New("tls: short read from Rand: " + err.Error())
return errors.New("tls: short read from Rand: " + err.Error())
} }
if hello.vers >= VersionTLS12 { if hello.vers >= VersionTLS12 {
hello.signatureAndHashes = supportedSignatureAlgorithms hello.signatureAndHashes = supportedSignatureAlgorithms
} }
return hello, nil
}
// c.out.Mutex <= L; c.handshakeMutex <= L.
func (c *Conn) clientHandshake() error {
if c.config == nil {
c.config = defaultConfig()
}
// This may be a renegotiation handshake, in which case some fields
// need to be reset.
c.didResume = false
hello, err := makeClientHello(c.config)
if err != nil {
return err
}
if c.handshakes > 0 {
hello.secureRenegotiation = c.clientFinished[:]
}
var session *ClientSessionState var session *ClientSessionState
var cacheKey string var cacheKey string
sessionCache := c.config.ClientSessionCache sessionCache := c.config.ClientSessionCache
@ -147,12 +155,36 @@ NextCipherSuite:
// (see RFC 5077). // (see RFC 5077).
hello.sessionId = make([]byte, 16) hello.sessionId = make([]byte, 16)
if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil { if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil {
c.sendAlert(alertInternalError)
return errors.New("tls: short read from Rand: " + err.Error()) return errors.New("tls: short read from Rand: " + err.Error())
} }
} }
if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil { hs := &clientHandshakeState{
c: c,
hello: hello,
session: session,
}
if err = hs.handshake(); err != nil {
return err
}
// If we had a successful handshake and hs.session is different from
// the one already cached - cache a new one
if sessionCache != nil && hs.session != nil && session != hs.session {
sessionCache.Put(cacheKey, hs.session)
}
return nil
}
// Does the handshake, either a full one or resumes old session.
// Requires hs.c, hs.hello, and, optionally, hs.session to be set.
func (hs *clientHandshakeState) handshake() error {
c := hs.c
// send ClientHello
if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
return err return err
} }
@ -160,34 +192,19 @@ NextCipherSuite:
if err != nil { if err != nil {
return err return err
} }
serverHello, ok := msg.(*serverHelloMsg)
if !ok { var ok bool
if hs.serverHello, ok = msg.(*serverHelloMsg); !ok {
c.sendAlert(alertUnexpectedMessage) c.sendAlert(alertUnexpectedMessage)
return unexpectedMessageError(serverHello, msg) return unexpectedMessageError(hs.serverHello, msg)
} }
vers, ok := c.config.mutualVersion(serverHello.vers) if err = hs.pickTLSVersion(); err != nil {
if !ok || vers < VersionTLS10 { return err
// TLS 1.0 is the minimum version supported as a client.
c.sendAlert(alertProtocolVersion)
return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.vers)
}
c.vers = vers
c.haveVers = true
suite := mutualCipherSuite(hello.cipherSuites, serverHello.cipherSuite)
if suite == nil {
c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server chose an unconfigured cipher suite")
} }
hs := &clientHandshakeState{ if err = hs.pickCipherSuite(); err != nil {
c: c, return err
serverHello: serverHello,
hello: hello,
suite: suite,
finishedHash: newFinishedHash(c.vers, suite),
session: session,
} }
isResume, err := hs.processServerHello() isResume, err := hs.processServerHello()
@ -195,6 +212,8 @@ NextCipherSuite:
return err return err
} }
hs.finishedHash = newFinishedHash(c.vers, hs.suite)
// No signatures of the handshake are needed in a resumption. // No signatures of the handshake are needed in a resumption.
// Otherwise, in a full handshake, if we don't have any certificates // Otherwise, in a full handshake, if we don't have any certificates
// configured then we will never send a CertificateVerify message and // configured then we will never send a CertificateVerify message and
@ -246,13 +265,33 @@ NextCipherSuite:
} }
} }
if sessionCache != nil && hs.session != nil && session != hs.session {
sessionCache.Put(cacheKey, hs.session)
}
c.didResume = isResume c.didResume = isResume
c.handshakeComplete = true c.handshakeComplete = true
c.cipherSuite = suite.id
return nil
}
func (hs *clientHandshakeState) pickTLSVersion() error {
vers, ok := hs.c.config.mutualVersion(hs.serverHello.vers)
if !ok || vers < VersionTLS10 {
// TLS 1.0 is the minimum version supported as a client.
hs.c.sendAlert(alertProtocolVersion)
return fmt.Errorf("tls: server selected unsupported protocol version %x", hs.serverHello.vers)
}
hs.c.vers = vers
hs.c.haveVers = true
return nil
}
func (hs *clientHandshakeState) pickCipherSuite() error {
if hs.suite = mutualCipherSuite(hs.hello.cipherSuites, hs.serverHello.cipherSuite); hs.suite == nil {
hs.c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server chose an unconfigured cipher suite")
}
hs.c.cipherSuite = hs.suite.id
return nil return nil
} }