kris
/
th5
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Alternative TLS implementation in Go
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
24 Revīzijas
3 Atzari
2.6 MiB
 
 
Koks: 06f6131702
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '06f6131702'
${ noResults }
th5/prf.go

147 rindas
4.2 KiB
Neapstrādāts Vainot Vēsture 

  1. // Copyright 2009 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package tls

  6. 

  7. import (

  8. 	"crypto/hmac"

  9. 	"crypto/md5"

  10. 	"crypto/sha1"

  11. 	"hash"

  12. 	"os"

  13. )

  14. 

  15. // Split a premaster secret in two as specified in RFC 4346, section 5.

  16. func splitPreMasterSecret(secret []byte) (s1, s2 []byte) {

  17. 	s1 = secret[0 : (len(secret)+1)/2]

  18. 	s2 = secret[len(secret)/2:]

  19. 	return

  20. }

  21. 

  22. // pHash implements the P_hash function, as defined in RFC 4346, section 5.

  23. func pHash(result, secret, seed []byte, hash hash.Hash) {

  24. 	h := hmac.New(hash, secret)

  25. 	h.Write(seed)

  26. 	a := h.Sum()

  27. 

  28. 	j := 0

  29. 	for j < len(result) {

  30. 		h.Reset()

  31. 		h.Write(a)

  32. 		h.Write(seed)

  33. 		b := h.Sum()

  34. 		todo := len(b)

  35. 		if j+todo > len(result) {

  36. 			todo = len(result) - j

  37. 		}

  38. 		copy(result[j:j+todo], b)

  39. 		j += todo

  40. 

  41. 		h.Reset()

  42. 		h.Write(a)

  43. 		a = h.Sum()

  44. 	}

  45. }

  46. 

  47. // pRF11 implements the TLS 1.1 pseudo-random function, as defined in RFC 4346, section 5.

  48. func pRF11(result, secret, label, seed []byte) {

  49. 	hashSHA1 := sha1.New()

  50. 	hashMD5 := md5.New()

  51. 

  52. 	labelAndSeed := make([]byte, len(label)+len(seed))

  53. 	copy(labelAndSeed, label)

  54. 	copy(labelAndSeed[len(label):], seed)

  55. 

  56. 	s1, s2 := splitPreMasterSecret(secret)

  57. 	pHash(result, s1, labelAndSeed, hashMD5)

  58. 	result2 := make([]byte, len(result))

  59. 	pHash(result2, s2, labelAndSeed, hashSHA1)

  60. 

  61. 	for i, b := range result2 {

  62. 		result[i] ^= b

  63. 	}

  64. }

  65. 

  66. const (

  67. 	tlsRandomLength      = 32 // Length of a random nonce in TLS 1.1.

  68. 	masterSecretLength   = 48 // Length of a master secret in TLS 1.1.

  69. 	finishedVerifyLength = 12 // Length of verify_data in a Finished message.

  70. )

  71. 

  72. var masterSecretLabel = []byte("master secret")

  73. var keyExpansionLabel = []byte("key expansion")

  74. var clientFinishedLabel = []byte("client finished")

  75. var serverFinishedLabel = []byte("server finished")

  76. 

  77. // keysFromPreMasterSecret generates the connection keys from the pre master

  78. // secret, given the lengths of the MAC and cipher keys, as defined in RFC

  79. // 4346, section 6.3.

  80. func keysFromPreMasterSecret11(preMasterSecret, clientRandom, serverRandom []byte, macLen, keyLen int) (masterSecret, clientMAC, serverMAC, clientKey, serverKey []byte) {

  81. 	var seed [tlsRandomLength * 2]byte

  82. 	copy(seed[0:len(clientRandom)], clientRandom)

  83. 	copy(seed[len(clientRandom):], serverRandom)

  84. 	masterSecret = make([]byte, masterSecretLength)

  85. 	pRF11(masterSecret, preMasterSecret, masterSecretLabel, seed[0:])

  86. 

  87. 	copy(seed[0:len(clientRandom)], serverRandom)

  88. 	copy(seed[len(serverRandom):], clientRandom)

  89. 

  90. 	n := 2*macLen + 2*keyLen

  91. 	keyMaterial := make([]byte, n)

  92. 	pRF11(keyMaterial, masterSecret, keyExpansionLabel, seed[0:])

  93. 	clientMAC = keyMaterial[0:macLen]

  94. 	serverMAC = keyMaterial[macLen : macLen*2]

  95. 	clientKey = keyMaterial[macLen*2 : macLen*2+keyLen]

  96. 	serverKey = keyMaterial[macLen*2+keyLen:]

  97. 	return

  98. }

  99. 

  100. // A finishedHash calculates the hash of a set of handshake messages suitable

  101. // for including in a Finished message.

  102. type finishedHash struct {

  103. 	clientMD5  hash.Hash

  104. 	clientSHA1 hash.Hash

  105. 	serverMD5  hash.Hash

  106. 	serverSHA1 hash.Hash

  107. }

  108. 

  109. func newFinishedHash() finishedHash {

  110. 	return finishedHash{md5.New(), sha1.New(), md5.New(), sha1.New()}

  111. }

  112. 

  113. func (h finishedHash) Write(msg []byte) (n int, err os.Error) {

  114. 	h.clientMD5.Write(msg)

  115. 	h.clientSHA1.Write(msg)

  116. 	h.serverMD5.Write(msg)

  117. 	h.serverSHA1.Write(msg)

  118. 	return len(msg), nil

  119. }

  120. 

  121. // finishedSum calculates the contents of the verify_data member of a Finished

  122. // message given the MD5 and SHA1 hashes of a set of handshake messages.

  123. func finishedSum(md5, sha1, label, masterSecret []byte) []byte {

  124. 	seed := make([]byte, len(md5)+len(sha1))

  125. 	copy(seed, md5)

  126. 	copy(seed[len(md5):], sha1)

  127. 	out := make([]byte, finishedVerifyLength)

  128. 	pRF11(out, masterSecret, label, seed)

  129. 	return out

  130. }

  131. 

  132. // clientSum returns the contents of the verify_data member of a client's

  133. // Finished message.

  134. func (h finishedHash) clientSum(masterSecret []byte) []byte {

  135. 	md5 := h.clientMD5.Sum()

  136. 	sha1 := h.clientSHA1.Sum()

  137. 	return finishedSum(md5, sha1, clientFinishedLabel, masterSecret)

  138. }

  139. 

  140. // serverSum returns the contents of the verify_data member of a server's

  141. // Finished message.

  142. func (h finishedHash) serverSum(masterSecret []byte) []byte {

  143. 	md5 := h.serverMD5.Sum()

  144. 	sha1 := h.serverSHA1.Sum()

  145. 	return finishedSum(md5, sha1, serverFinishedLabel, masterSecret)

  146. }