kris
/
th5
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Alternative TLS implementation in Go
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
52 Коміти
3 Гілки
2.6 MiB
 
 
Дерево: 954c3ec034
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '954c3ec034'
${ noResults }
th5/prf.go

154 рядки
4.5 KiB
Неформатований Звинувачення Історія 

  1. // Copyright 2009 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package tls

  6. 

  7. import (

  8. 	"crypto/hmac"

  9. 	"crypto/md5"

  10. 	"crypto/sha1"

  11. 	"hash"

  12. 	"os"

  13. )

  14. 

  15. // Split a premaster secret in two as specified in RFC 4346, section 5.

  16. func splitPreMasterSecret(secret []byte) (s1, s2 []byte) {

  17. 	s1 = secret[0 : (len(secret)+1)/2]

  18. 	s2 = secret[len(secret)/2:]

  19. 	return

  20. }

  21. 

  22. // pHash implements the P_hash function, as defined in RFC 4346, section 5.

  23. func pHash(result, secret, seed []byte, hash func() hash.Hash) {

  24. 	h := hmac.New(hash, secret)

  25. 	h.Write(seed)

  26. 	a := h.Sum()

  27. 

  28. 	j := 0

  29. 	for j < len(result) {

  30. 		h.Reset()

  31. 		h.Write(a)

  32. 		h.Write(seed)

  33. 		b := h.Sum()

  34. 		todo := len(b)

  35. 		if j+todo > len(result) {

  36. 			todo = len(result) - j

  37. 		}

  38. 		copy(result[j:j+todo], b)

  39. 		j += todo

  40. 

  41. 		h.Reset()

  42. 		h.Write(a)

  43. 		a = h.Sum()

  44. 	}

  45. }

  46. 

  47. // pRF10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5.

  48. func pRF10(result, secret, label, seed []byte) {

  49. 	hashSHA1 := sha1.New

  50. 	hashMD5 := md5.New

  51. 

  52. 	labelAndSeed := make([]byte, len(label)+len(seed))

  53. 	copy(labelAndSeed, label)

  54. 	copy(labelAndSeed[len(label):], seed)

  55. 

  56. 	s1, s2 := splitPreMasterSecret(secret)

  57. 	pHash(result, s1, labelAndSeed, hashMD5)

  58. 	result2 := make([]byte, len(result))

  59. 	pHash(result2, s2, labelAndSeed, hashSHA1)

  60. 

  61. 	for i, b := range result2 {

  62. 		result[i] ^= b

  63. 	}

  64. }

  65. 

  66. const (

  67. 	tlsRandomLength      = 32 // Length of a random nonce in TLS 1.1.

  68. 	masterSecretLength   = 48 // Length of a master secret in TLS 1.1.

  69. 	finishedVerifyLength = 12 // Length of verify_data in a Finished message.

  70. )

  71. 

  72. var masterSecretLabel = []byte("master secret")

  73. var keyExpansionLabel = []byte("key expansion")

  74. var clientFinishedLabel = []byte("client finished")

  75. var serverFinishedLabel = []byte("server finished")

  76. 

  77. // keysFromPreMasterSecret generates the connection keys from the pre master

  78. // secret, given the lengths of the MAC key, cipher key and IV, as defined in

  79. // RFC 2246, section 6.3.

  80. func keysFromPreMasterSecret10(preMasterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (masterSecret, clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) {

  81. 	var seed [tlsRandomLength * 2]byte

  82. 	copy(seed[0:len(clientRandom)], clientRandom)

  83. 	copy(seed[len(clientRandom):], serverRandom)

  84. 	masterSecret = make([]byte, masterSecretLength)

  85. 	pRF10(masterSecret, preMasterSecret, masterSecretLabel, seed[0:])

  86. 

  87. 	copy(seed[0:len(clientRandom)], serverRandom)

  88. 	copy(seed[len(serverRandom):], clientRandom)

  89. 

  90. 	n := 2*macLen + 2*keyLen + 2*ivLen

  91. 	keyMaterial := make([]byte, n)

  92. 	pRF10(keyMaterial, masterSecret, keyExpansionLabel, seed[0:])

  93. 	clientMAC = keyMaterial[:macLen]

  94. 	keyMaterial = keyMaterial[macLen:]

  95. 	serverMAC = keyMaterial[:macLen]

  96. 	keyMaterial = keyMaterial[macLen:]

  97. 	clientKey = keyMaterial[:keyLen]

  98. 	keyMaterial = keyMaterial[keyLen:]

  99. 	serverKey = keyMaterial[:keyLen]

  100. 	keyMaterial = keyMaterial[keyLen:]

  101. 	clientIV = keyMaterial[:ivLen]

  102. 	keyMaterial = keyMaterial[ivLen:]

  103. 	serverIV = keyMaterial[:ivLen]

  104. 	return

  105. }

  106. 

  107. // A finishedHash calculates the hash of a set of handshake messages suitable

  108. // for including in a Finished message.

  109. type finishedHash struct {

  110. 	clientMD5  hash.Hash

  111. 	clientSHA1 hash.Hash

  112. 	serverMD5  hash.Hash

  113. 	serverSHA1 hash.Hash

  114. }

  115. 

  116. func newFinishedHash() finishedHash {

  117. 	return finishedHash{md5.New(), sha1.New(), md5.New(), sha1.New()}

  118. }

  119. 

  120. func (h finishedHash) Write(msg []byte) (n int, err os.Error) {

  121. 	h.clientMD5.Write(msg)

  122. 	h.clientSHA1.Write(msg)

  123. 	h.serverMD5.Write(msg)

  124. 	h.serverSHA1.Write(msg)

  125. 	return len(msg), nil

  126. }

  127. 

  128. // finishedSum calculates the contents of the verify_data member of a Finished

  129. // message given the MD5 and SHA1 hashes of a set of handshake messages.

  130. func finishedSum(md5, sha1, label, masterSecret []byte) []byte {

  131. 	seed := make([]byte, len(md5)+len(sha1))

  132. 	copy(seed, md5)

  133. 	copy(seed[len(md5):], sha1)

  134. 	out := make([]byte, finishedVerifyLength)

  135. 	pRF10(out, masterSecret, label, seed)

  136. 	return out

  137. }

  138. 

  139. // clientSum returns the contents of the verify_data member of a client's

  140. // Finished message.

  141. func (h finishedHash) clientSum(masterSecret []byte) []byte {

  142. 	md5 := h.clientMD5.Sum()

  143. 	sha1 := h.clientSHA1.Sum()

  144. 	return finishedSum(md5, sha1, clientFinishedLabel, masterSecret)

  145. }

  146. 

  147. // serverSum returns the contents of the verify_data member of a server's

  148. // Finished message.

  149. func (h finishedHash) serverSum(masterSecret []byte) []byte {

  150. 	md5 := h.serverMD5.Sum()

  151. 	sha1 := h.serverSHA1.Sum()

  152. 	return finishedSum(md5, sha1, serverFinishedLabel, masterSecret)

  153. }