crypto/tls: split clientHandshake into multiple methods
Change-Id: I23bfaa7e03a21aad4e85baa3bf52bb00c09b75d0 Reviewed-on: https://go-review.googlesource.com/44354 Reviewed-by: Adam Langley <agl@golang.org>
这个提交包含在:
父节点
b0bcb44715
当前提交
95bebf2e8e
@ -29,51 +29,38 @@ type clientHandshakeState struct {
|
|||||||
session *ClientSessionState
|
session *ClientSessionState
|
||||||
}
|
}
|
||||||
|
|
||||||
// c.out.Mutex <= L; c.handshakeMutex <= L.
|
func makeClientHello(config *Config) (*clientHelloMsg, error) {
|
||||||
func (c *Conn) clientHandshake() error {
|
if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
|
||||||
if c.config == nil {
|
return nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
|
||||||
c.config = defaultConfig()
|
|
||||||
}
|
|
||||||
|
|
||||||
// This may be a renegotiation handshake, in which case some fields
|
|
||||||
// need to be reset.
|
|
||||||
c.didResume = false
|
|
||||||
|
|
||||||
if len(c.config.ServerName) == 0 && !c.config.InsecureSkipVerify {
|
|
||||||
return errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
nextProtosLength := 0
|
nextProtosLength := 0
|
||||||
for _, proto := range c.config.NextProtos {
|
for _, proto := range config.NextProtos {
|
||||||
if l := len(proto); l == 0 || l > 255 {
|
if l := len(proto); l == 0 || l > 255 {
|
||||||
return errors.New("tls: invalid NextProtos value")
|
return nil, errors.New("tls: invalid NextProtos value")
|
||||||
} else {
|
} else {
|
||||||
nextProtosLength += 1 + l
|
nextProtosLength += 1 + l
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if nextProtosLength > 0xffff {
|
if nextProtosLength > 0xffff {
|
||||||
return errors.New("tls: NextProtos values too large")
|
return nil, errors.New("tls: NextProtos values too large")
|
||||||
}
|
}
|
||||||
|
|
||||||
hello := &clientHelloMsg{
|
hello := &clientHelloMsg{
|
||||||
vers: c.config.maxVersion(),
|
vers: config.maxVersion(),
|
||||||
compressionMethods: []uint8{compressionNone},
|
compressionMethods: []uint8{compressionNone},
|
||||||
random: make([]byte, 32),
|
random: make([]byte, 32),
|
||||||
ocspStapling: true,
|
ocspStapling: true,
|
||||||
scts: true,
|
scts: true,
|
||||||
serverName: hostnameInSNI(c.config.ServerName),
|
serverName: hostnameInSNI(config.ServerName),
|
||||||
supportedCurves: c.config.curvePreferences(),
|
supportedCurves: config.curvePreferences(),
|
||||||
supportedPoints: []uint8{pointFormatUncompressed},
|
supportedPoints: []uint8{pointFormatUncompressed},
|
||||||
nextProtoNeg: len(c.config.NextProtos) > 0,
|
nextProtoNeg: len(config.NextProtos) > 0,
|
||||||
secureRenegotiationSupported: true,
|
secureRenegotiationSupported: true,
|
||||||
alpnProtocols: c.config.NextProtos,
|
alpnProtocols: config.NextProtos,
|
||||||
}
|
}
|
||||||
|
possibleCipherSuites := config.cipherSuites()
|
||||||
if c.handshakes > 0 {
|
|
||||||
hello.secureRenegotiation = c.clientFinished[:]
|
|
||||||
}
|
|
||||||
|
|
||||||
possibleCipherSuites := c.config.cipherSuites()
|
|
||||||
hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
|
hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites))
|
||||||
|
|
||||||
NextCipherSuite:
|
NextCipherSuite:
|
||||||
@ -92,16 +79,37 @@ NextCipherSuite:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := io.ReadFull(c.config.rand(), hello.random)
|
_, err := io.ReadFull(config.rand(), hello.random)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.sendAlert(alertInternalError)
|
return nil, errors.New("tls: short read from Rand: " + err.Error())
|
||||||
return errors.New("tls: short read from Rand: " + err.Error())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if hello.vers >= VersionTLS12 {
|
if hello.vers >= VersionTLS12 {
|
||||||
hello.signatureAndHashes = supportedSignatureAlgorithms
|
hello.signatureAndHashes = supportedSignatureAlgorithms
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return hello, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// c.out.Mutex <= L; c.handshakeMutex <= L.
|
||||||
|
func (c *Conn) clientHandshake() error {
|
||||||
|
if c.config == nil {
|
||||||
|
c.config = defaultConfig()
|
||||||
|
}
|
||||||
|
|
||||||
|
// This may be a renegotiation handshake, in which case some fields
|
||||||
|
// need to be reset.
|
||||||
|
c.didResume = false
|
||||||
|
|
||||||
|
hello, err := makeClientHello(c.config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.handshakes > 0 {
|
||||||
|
hello.secureRenegotiation = c.clientFinished[:]
|
||||||
|
}
|
||||||
|
|
||||||
var session *ClientSessionState
|
var session *ClientSessionState
|
||||||
var cacheKey string
|
var cacheKey string
|
||||||
sessionCache := c.config.ClientSessionCache
|
sessionCache := c.config.ClientSessionCache
|
||||||
@ -147,12 +155,36 @@ NextCipherSuite:
|
|||||||
// (see RFC 5077).
|
// (see RFC 5077).
|
||||||
hello.sessionId = make([]byte, 16)
|
hello.sessionId = make([]byte, 16)
|
||||||
if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil {
|
if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil {
|
||||||
c.sendAlert(alertInternalError)
|
|
||||||
return errors.New("tls: short read from Rand: " + err.Error())
|
return errors.New("tls: short read from Rand: " + err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil {
|
hs := &clientHandshakeState{
|
||||||
|
c: c,
|
||||||
|
hello: hello,
|
||||||
|
session: session,
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = hs.handshake(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// If we had a successful handshake and hs.session is different from
|
||||||
|
// the one already cached - cache a new one
|
||||||
|
if sessionCache != nil && hs.session != nil && session != hs.session {
|
||||||
|
sessionCache.Put(cacheKey, hs.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Does the handshake, either a full one or resumes old session.
|
||||||
|
// Requires hs.c, hs.hello, and, optionally, hs.session to be set.
|
||||||
|
func (hs *clientHandshakeState) handshake() error {
|
||||||
|
c := hs.c
|
||||||
|
|
||||||
|
// send ClientHello
|
||||||
|
if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -160,34 +192,19 @@ NextCipherSuite:
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
serverHello, ok := msg.(*serverHelloMsg)
|
|
||||||
if !ok {
|
var ok bool
|
||||||
|
if hs.serverHello, ok = msg.(*serverHelloMsg); !ok {
|
||||||
c.sendAlert(alertUnexpectedMessage)
|
c.sendAlert(alertUnexpectedMessage)
|
||||||
return unexpectedMessageError(serverHello, msg)
|
return unexpectedMessageError(hs.serverHello, msg)
|
||||||
}
|
}
|
||||||
|
|
||||||
vers, ok := c.config.mutualVersion(serverHello.vers)
|
if err = hs.pickTLSVersion(); err != nil {
|
||||||
if !ok || vers < VersionTLS10 {
|
return err
|
||||||
// TLS 1.0 is the minimum version supported as a client.
|
|
||||||
c.sendAlert(alertProtocolVersion)
|
|
||||||
return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.vers)
|
|
||||||
}
|
|
||||||
c.vers = vers
|
|
||||||
c.haveVers = true
|
|
||||||
|
|
||||||
suite := mutualCipherSuite(hello.cipherSuites, serverHello.cipherSuite)
|
|
||||||
if suite == nil {
|
|
||||||
c.sendAlert(alertHandshakeFailure)
|
|
||||||
return errors.New("tls: server chose an unconfigured cipher suite")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
hs := &clientHandshakeState{
|
if err = hs.pickCipherSuite(); err != nil {
|
||||||
c: c,
|
return err
|
||||||
serverHello: serverHello,
|
|
||||||
hello: hello,
|
|
||||||
suite: suite,
|
|
||||||
finishedHash: newFinishedHash(c.vers, suite),
|
|
||||||
session: session,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
isResume, err := hs.processServerHello()
|
isResume, err := hs.processServerHello()
|
||||||
@ -195,6 +212,8 @@ NextCipherSuite:
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hs.finishedHash = newFinishedHash(c.vers, hs.suite)
|
||||||
|
|
||||||
// No signatures of the handshake are needed in a resumption.
|
// No signatures of the handshake are needed in a resumption.
|
||||||
// Otherwise, in a full handshake, if we don't have any certificates
|
// Otherwise, in a full handshake, if we don't have any certificates
|
||||||
// configured then we will never send a CertificateVerify message and
|
// configured then we will never send a CertificateVerify message and
|
||||||
@ -246,13 +265,33 @@ NextCipherSuite:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if sessionCache != nil && hs.session != nil && session != hs.session {
|
|
||||||
sessionCache.Put(cacheKey, hs.session)
|
|
||||||
}
|
|
||||||
|
|
||||||
c.didResume = isResume
|
c.didResume = isResume
|
||||||
c.handshakeComplete = true
|
c.handshakeComplete = true
|
||||||
c.cipherSuite = suite.id
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (hs *clientHandshakeState) pickTLSVersion() error {
|
||||||
|
vers, ok := hs.c.config.mutualVersion(hs.serverHello.vers)
|
||||||
|
if !ok || vers < VersionTLS10 {
|
||||||
|
// TLS 1.0 is the minimum version supported as a client.
|
||||||
|
hs.c.sendAlert(alertProtocolVersion)
|
||||||
|
return fmt.Errorf("tls: server selected unsupported protocol version %x", hs.serverHello.vers)
|
||||||
|
}
|
||||||
|
|
||||||
|
hs.c.vers = vers
|
||||||
|
hs.c.haveVers = true
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (hs *clientHandshakeState) pickCipherSuite() error {
|
||||||
|
if hs.suite = mutualCipherSuite(hs.hello.cipherSuites, hs.serverHello.cipherSuite); hs.suite == nil {
|
||||||
|
hs.c.sendAlert(alertHandshakeFailure)
|
||||||
|
return errors.New("tls: server chose an unconfigured cipher suite")
|
||||||
|
}
|
||||||
|
|
||||||
|
hs.c.cipherSuite = hs.suite.id
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
正在加载...
在新工单中引用
屏蔽一个用户