Ver a proveniência

tris: convert end_of_early_data to a handshake message

Draft 21 changed end_of_early_data from an alert into a handshake
message to allow it to integrate better with the handshake. This change
does that, rather than handling EOD at the record layer, it moves
processing up to the actual readers of (early) application data.
tls13
Peter Wu há 6 anos
ascendente
cometimento
e89292ccbe
5 ficheiros alterados com 41 adições e 14 eliminações
  1. +13
    -7
      13.go
  2. +0
    -1
      alert.go
  3. +1
    -1
      common.go
  4. +13
    -5
      conn.go
  5. +14
    -0
      handshake_messages.go

+ 13
- 7
13.go Ver ficheiro

@@ -371,17 +371,23 @@ func (hs *serverHandshakeState) sendCertificate13() error {
return nil
}

func (c *Conn) handleEndOfEarlyData() {
func (c *Conn) handleEndOfEarlyData() error {
if c.phase != readingEarlyData || c.vers < VersionTLS13 {
c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
return
return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
c.phase = waitingClientFinished
if c.hand.Len() > 0 {
c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
return
msg, err := c.readHandshake()
if err != nil {
return err
}
endOfEarlyData, ok := msg.(*endOfEarlyDataMsg)
// No handshake messages are allowed after EOD.
if !ok || c.hand.Len() > 0 {
return c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage))
}
c.hs.keySchedule.write(endOfEarlyData.marshal())
c.phase = waitingClientFinished
c.in.setCipher(c.vers, c.hs.hsClientCipher)
return nil
}

// selectTLS13SignatureScheme chooses the SignatureScheme for the CertificateVerify


+ 0
- 1
alert.go Ver ficheiro

@@ -16,7 +16,6 @@ const (

const (
alertCloseNotify alert = 0
alertEndOfEarlyData alert = 1
alertUnexpectedMessage alert = 10
alertBadRecordMAC alert = 20
alertDecryptionFailed alert = 21


+ 1
- 1
common.go Ver ficheiro

@@ -58,6 +58,7 @@ const (
typeClientHello uint8 = 1
typeServerHello uint8 = 2
typeNewSessionTicket uint8 = 4
typeEndOfEarlyData uint8 = 5
typeEncryptedExtensions uint8 = 8
typeCertificate uint8 = 11
typeServerKeyExchange uint8 = 12
@@ -90,7 +91,6 @@ const (
extensionEarlyData uint16 = 42
extensionSupportedVersions uint16 = 43
extensionPSKKeyExchangeModes uint16 = 45
extensionTicketEarlyDataInfo uint16 = 46
extensionNextProtoNeg uint16 = 13172 // not IANA assigned
extensionRenegotiationInfo uint16 = 0xff01
)


+ 13
- 5
conn.go Ver ficheiro

@@ -779,10 +779,6 @@ Again:
c.in.setErrorLocked(io.EOF)
break
}
if alert(data[1]) == alertEndOfEarlyData {
c.handleEndOfEarlyData()
break
}
switch data[0] {
case alertLevelWarning:
// drop on the floor
@@ -1136,6 +1132,8 @@ func (c *Conn) readHandshake() (interface{}, error) {
} else {
m = new(newSessionTicketMsg)
}
case typeEndOfEarlyData:
m = new(endOfEarlyDataMsg)
case typeCertificate:
if c.vers >= VersionTLS13 {
m = new(certificateMsg13)
@@ -1393,6 +1391,11 @@ func (r earlyDataReader) Read(b []byte) (n int, err error) {
if err := c.readRecord(recordTypeApplicationData); err != nil {
return 0, err
}
if c.hand.Len() > 0 {
if err := c.handleEndOfEarlyData(); err != nil {
return 0, err
}
}
}
if err := c.in.err; err != nil {
return 0, err
@@ -1452,7 +1455,12 @@ func (c *Conn) Read(b []byte) (n int, err error) {
return 0, err
}
if c.hand.Len() > 0 {
if c.phase == waitingClientFinished {
if c.phase == readingEarlyData || c.phase == waitingClientFinished {
if c.phase == readingEarlyData {
if err := c.handleEndOfEarlyData(); err != nil {
return 0, err
}
}
// Server has received all early data, confirm
// by reading the Client Finished message.
if err := c.hs.readClientFinished13(true); err != nil {


+ 14
- 0
handshake_messages.go Ver ficheiro

@@ -2282,6 +2282,20 @@ func (m *newSessionTicketMsg13) unmarshal(data []byte) alert {
return alertSuccess
}

type endOfEarlyDataMsg struct {
}

func (*endOfEarlyDataMsg) marshal() []byte {
return []byte{typeEndOfEarlyData, 0, 0, 0}
}

func (*endOfEarlyDataMsg) unmarshal(data []byte) alert {
if len(data) != 4 {
return alertDecodeError
}
return alertSuccess
}

type helloRequestMsg struct {
}



Carregando…
Cancelar
Guardar