github.com/ader1990/go@v0.0.0-20140630135419-8c24447fa791/src/pkg/crypto/tls/handshake_messages.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import "bytes" 8 9 type clientHelloMsg struct { 10 raw []byte 11 vers uint16 12 random []byte 13 sessionId []byte 14 cipherSuites []uint16 15 compressionMethods []uint8 16 nextProtoNeg bool 17 serverName string 18 ocspStapling bool 19 supportedCurves []CurveID 20 supportedPoints []uint8 21 ticketSupported bool 22 sessionTicket []uint8 23 signatureAndHashes []signatureAndHash 24 secureRenegotiation bool 25 } 26 27 func (m *clientHelloMsg) equal(i interface{}) bool { 28 m1, ok := i.(*clientHelloMsg) 29 if !ok { 30 return false 31 } 32 33 return bytes.Equal(m.raw, m1.raw) && 34 m.vers == m1.vers && 35 bytes.Equal(m.random, m1.random) && 36 bytes.Equal(m.sessionId, m1.sessionId) && 37 eqUint16s(m.cipherSuites, m1.cipherSuites) && 38 bytes.Equal(m.compressionMethods, m1.compressionMethods) && 39 m.nextProtoNeg == m1.nextProtoNeg && 40 m.serverName == m1.serverName && 41 m.ocspStapling == m1.ocspStapling && 42 eqCurveIDs(m.supportedCurves, m1.supportedCurves) && 43 bytes.Equal(m.supportedPoints, m1.supportedPoints) && 44 m.ticketSupported == m1.ticketSupported && 45 bytes.Equal(m.sessionTicket, m1.sessionTicket) && 46 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) && 47 m.secureRenegotiation == m1.secureRenegotiation 48 } 49 50 func (m *clientHelloMsg) marshal() []byte { 51 if m.raw != nil { 52 return m.raw 53 } 54 55 length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods) 56 numExtensions := 0 57 extensionsLength := 0 58 if m.nextProtoNeg { 59 numExtensions++ 60 } 61 if m.ocspStapling { 62 extensionsLength += 1 + 2 + 2 63 numExtensions++ 64 } 65 if len(m.serverName) > 0 { 66 extensionsLength += 5 + len(m.serverName) 67 numExtensions++ 68 } 69 if len(m.supportedCurves) > 0 { 70 extensionsLength += 2 + 2*len(m.supportedCurves) 71 numExtensions++ 72 } 73 if len(m.supportedPoints) > 0 { 74 extensionsLength += 1 + len(m.supportedPoints) 75 numExtensions++ 76 } 77 if m.ticketSupported { 78 extensionsLength += len(m.sessionTicket) 79 numExtensions++ 80 } 81 if len(m.signatureAndHashes) > 0 { 82 extensionsLength += 2 + 2*len(m.signatureAndHashes) 83 numExtensions++ 84 } 85 if m.secureRenegotiation { 86 extensionsLength += 1 87 numExtensions++ 88 } 89 if numExtensions > 0 { 90 extensionsLength += 4 * numExtensions 91 length += 2 + extensionsLength 92 } 93 94 x := make([]byte, 4+length) 95 x[0] = typeClientHello 96 x[1] = uint8(length >> 16) 97 x[2] = uint8(length >> 8) 98 x[3] = uint8(length) 99 x[4] = uint8(m.vers >> 8) 100 x[5] = uint8(m.vers) 101 copy(x[6:38], m.random) 102 x[38] = uint8(len(m.sessionId)) 103 copy(x[39:39+len(m.sessionId)], m.sessionId) 104 y := x[39+len(m.sessionId):] 105 y[0] = uint8(len(m.cipherSuites) >> 7) 106 y[1] = uint8(len(m.cipherSuites) << 1) 107 for i, suite := range m.cipherSuites { 108 y[2+i*2] = uint8(suite >> 8) 109 y[3+i*2] = uint8(suite) 110 } 111 z := y[2+len(m.cipherSuites)*2:] 112 z[0] = uint8(len(m.compressionMethods)) 113 copy(z[1:], m.compressionMethods) 114 115 z = z[1+len(m.compressionMethods):] 116 if numExtensions > 0 { 117 z[0] = byte(extensionsLength >> 8) 118 z[1] = byte(extensionsLength) 119 z = z[2:] 120 } 121 if m.nextProtoNeg { 122 z[0] = byte(extensionNextProtoNeg >> 8) 123 z[1] = byte(extensionNextProtoNeg & 0xff) 124 // The length is always 0 125 z = z[4:] 126 } 127 if len(m.serverName) > 0 { 128 z[0] = byte(extensionServerName >> 8) 129 z[1] = byte(extensionServerName & 0xff) 130 l := len(m.serverName) + 5 131 z[2] = byte(l >> 8) 132 z[3] = byte(l) 133 z = z[4:] 134 135 // RFC 3546, section 3.1 136 // 137 // struct { 138 // NameType name_type; 139 // select (name_type) { 140 // case host_name: HostName; 141 // } name; 142 // } ServerName; 143 // 144 // enum { 145 // host_name(0), (255) 146 // } NameType; 147 // 148 // opaque HostName<1..2^16-1>; 149 // 150 // struct { 151 // ServerName server_name_list<1..2^16-1> 152 // } ServerNameList; 153 154 z[0] = byte((len(m.serverName) + 3) >> 8) 155 z[1] = byte(len(m.serverName) + 3) 156 z[3] = byte(len(m.serverName) >> 8) 157 z[4] = byte(len(m.serverName)) 158 copy(z[5:], []byte(m.serverName)) 159 z = z[l:] 160 } 161 if m.ocspStapling { 162 // RFC 4366, section 3.6 163 z[0] = byte(extensionStatusRequest >> 8) 164 z[1] = byte(extensionStatusRequest) 165 z[2] = 0 166 z[3] = 5 167 z[4] = 1 // OCSP type 168 // Two zero valued uint16s for the two lengths. 169 z = z[9:] 170 } 171 if len(m.supportedCurves) > 0 { 172 // http://tools.ietf.org/html/rfc4492#section-5.5.1 173 z[0] = byte(extensionSupportedCurves >> 8) 174 z[1] = byte(extensionSupportedCurves) 175 l := 2 + 2*len(m.supportedCurves) 176 z[2] = byte(l >> 8) 177 z[3] = byte(l) 178 l -= 2 179 z[4] = byte(l >> 8) 180 z[5] = byte(l) 181 z = z[6:] 182 for _, curve := range m.supportedCurves { 183 z[0] = byte(curve >> 8) 184 z[1] = byte(curve) 185 z = z[2:] 186 } 187 } 188 if len(m.supportedPoints) > 0 { 189 // http://tools.ietf.org/html/rfc4492#section-5.5.2 190 z[0] = byte(extensionSupportedPoints >> 8) 191 z[1] = byte(extensionSupportedPoints) 192 l := 1 + len(m.supportedPoints) 193 z[2] = byte(l >> 8) 194 z[3] = byte(l) 195 l-- 196 z[4] = byte(l) 197 z = z[5:] 198 for _, pointFormat := range m.supportedPoints { 199 z[0] = byte(pointFormat) 200 z = z[1:] 201 } 202 } 203 if m.ticketSupported { 204 // http://tools.ietf.org/html/rfc5077#section-3.2 205 z[0] = byte(extensionSessionTicket >> 8) 206 z[1] = byte(extensionSessionTicket) 207 l := len(m.sessionTicket) 208 z[2] = byte(l >> 8) 209 z[3] = byte(l) 210 z = z[4:] 211 copy(z, m.sessionTicket) 212 z = z[len(m.sessionTicket):] 213 } 214 if len(m.signatureAndHashes) > 0 { 215 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 216 z[0] = byte(extensionSignatureAlgorithms >> 8) 217 z[1] = byte(extensionSignatureAlgorithms) 218 l := 2 + 2*len(m.signatureAndHashes) 219 z[2] = byte(l >> 8) 220 z[3] = byte(l) 221 z = z[4:] 222 223 l -= 2 224 z[0] = byte(l >> 8) 225 z[1] = byte(l) 226 z = z[2:] 227 for _, sigAndHash := range m.signatureAndHashes { 228 z[0] = sigAndHash.hash 229 z[1] = sigAndHash.signature 230 z = z[2:] 231 } 232 } 233 if m.secureRenegotiation { 234 z[0] = byte(extensionRenegotiationInfo >> 8) 235 z[1] = byte(extensionRenegotiationInfo & 0xff) 236 z[2] = 0 237 z[3] = 1 238 z = z[5:] 239 } 240 241 m.raw = x 242 243 return x 244 } 245 246 func (m *clientHelloMsg) unmarshal(data []byte) bool { 247 if len(data) < 42 { 248 return false 249 } 250 m.raw = data 251 m.vers = uint16(data[4])<<8 | uint16(data[5]) 252 m.random = data[6:38] 253 sessionIdLen := int(data[38]) 254 if sessionIdLen > 32 || len(data) < 39+sessionIdLen { 255 return false 256 } 257 m.sessionId = data[39 : 39+sessionIdLen] 258 data = data[39+sessionIdLen:] 259 if len(data) < 2 { 260 return false 261 } 262 // cipherSuiteLen is the number of bytes of cipher suite numbers. Since 263 // they are uint16s, the number must be even. 264 cipherSuiteLen := int(data[0])<<8 | int(data[1]) 265 if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen { 266 return false 267 } 268 numCipherSuites := cipherSuiteLen / 2 269 m.cipherSuites = make([]uint16, numCipherSuites) 270 for i := 0; i < numCipherSuites; i++ { 271 m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i]) 272 if m.cipherSuites[i] == scsvRenegotiation { 273 m.secureRenegotiation = true 274 } 275 } 276 data = data[2+cipherSuiteLen:] 277 if len(data) < 1 { 278 return false 279 } 280 compressionMethodsLen := int(data[0]) 281 if len(data) < 1+compressionMethodsLen { 282 return false 283 } 284 m.compressionMethods = data[1 : 1+compressionMethodsLen] 285 286 data = data[1+compressionMethodsLen:] 287 288 m.nextProtoNeg = false 289 m.serverName = "" 290 m.ocspStapling = false 291 m.ticketSupported = false 292 m.sessionTicket = nil 293 m.signatureAndHashes = nil 294 295 if len(data) == 0 { 296 // ClientHello is optionally followed by extension data 297 return true 298 } 299 if len(data) < 2 { 300 return false 301 } 302 303 extensionsLength := int(data[0])<<8 | int(data[1]) 304 data = data[2:] 305 if extensionsLength != len(data) { 306 return false 307 } 308 309 for len(data) != 0 { 310 if len(data) < 4 { 311 return false 312 } 313 extension := uint16(data[0])<<8 | uint16(data[1]) 314 length := int(data[2])<<8 | int(data[3]) 315 data = data[4:] 316 if len(data) < length { 317 return false 318 } 319 320 switch extension { 321 case extensionServerName: 322 if length < 2 { 323 return false 324 } 325 numNames := int(data[0])<<8 | int(data[1]) 326 d := data[2:] 327 for i := 0; i < numNames; i++ { 328 if len(d) < 3 { 329 return false 330 } 331 nameType := d[0] 332 nameLen := int(d[1])<<8 | int(d[2]) 333 d = d[3:] 334 if len(d) < nameLen { 335 return false 336 } 337 if nameType == 0 { 338 m.serverName = string(d[0:nameLen]) 339 break 340 } 341 d = d[nameLen:] 342 } 343 case extensionNextProtoNeg: 344 if length > 0 { 345 return false 346 } 347 m.nextProtoNeg = true 348 case extensionStatusRequest: 349 m.ocspStapling = length > 0 && data[0] == statusTypeOCSP 350 case extensionSupportedCurves: 351 // http://tools.ietf.org/html/rfc4492#section-5.5.1 352 if length < 2 { 353 return false 354 } 355 l := int(data[0])<<8 | int(data[1]) 356 if l%2 == 1 || length != l+2 { 357 return false 358 } 359 numCurves := l / 2 360 m.supportedCurves = make([]CurveID, numCurves) 361 d := data[2:] 362 for i := 0; i < numCurves; i++ { 363 m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1]) 364 d = d[2:] 365 } 366 case extensionSupportedPoints: 367 // http://tools.ietf.org/html/rfc4492#section-5.5.2 368 if length < 1 { 369 return false 370 } 371 l := int(data[0]) 372 if length != l+1 { 373 return false 374 } 375 m.supportedPoints = make([]uint8, l) 376 copy(m.supportedPoints, data[1:]) 377 case extensionSessionTicket: 378 // http://tools.ietf.org/html/rfc5077#section-3.2 379 m.ticketSupported = true 380 m.sessionTicket = data[:length] 381 case extensionSignatureAlgorithms: 382 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 383 if length < 2 || length&1 != 0 { 384 return false 385 } 386 l := int(data[0])<<8 | int(data[1]) 387 if l != length-2 { 388 return false 389 } 390 n := l / 2 391 d := data[2:] 392 m.signatureAndHashes = make([]signatureAndHash, n) 393 for i := range m.signatureAndHashes { 394 m.signatureAndHashes[i].hash = d[0] 395 m.signatureAndHashes[i].signature = d[1] 396 d = d[2:] 397 } 398 case extensionRenegotiationInfo + 1: 399 if length != 1 || data[0] != 0 { 400 return false 401 } 402 m.secureRenegotiation = true 403 } 404 data = data[length:] 405 } 406 407 return true 408 } 409 410 type serverHelloMsg struct { 411 raw []byte 412 vers uint16 413 random []byte 414 sessionId []byte 415 cipherSuite uint16 416 compressionMethod uint8 417 nextProtoNeg bool 418 nextProtos []string 419 ocspStapling bool 420 ticketSupported bool 421 secureRenegotiation bool 422 } 423 424 func (m *serverHelloMsg) equal(i interface{}) bool { 425 m1, ok := i.(*serverHelloMsg) 426 if !ok { 427 return false 428 } 429 430 return bytes.Equal(m.raw, m1.raw) && 431 m.vers == m1.vers && 432 bytes.Equal(m.random, m1.random) && 433 bytes.Equal(m.sessionId, m1.sessionId) && 434 m.cipherSuite == m1.cipherSuite && 435 m.compressionMethod == m1.compressionMethod && 436 m.nextProtoNeg == m1.nextProtoNeg && 437 eqStrings(m.nextProtos, m1.nextProtos) && 438 m.ocspStapling == m1.ocspStapling && 439 m.ticketSupported == m1.ticketSupported && 440 m.secureRenegotiation == m1.secureRenegotiation 441 } 442 443 func (m *serverHelloMsg) marshal() []byte { 444 if m.raw != nil { 445 return m.raw 446 } 447 448 length := 38 + len(m.sessionId) 449 numExtensions := 0 450 extensionsLength := 0 451 452 nextProtoLen := 0 453 if m.nextProtoNeg { 454 numExtensions++ 455 for _, v := range m.nextProtos { 456 nextProtoLen += len(v) 457 } 458 nextProtoLen += len(m.nextProtos) 459 extensionsLength += nextProtoLen 460 } 461 if m.ocspStapling { 462 numExtensions++ 463 } 464 if m.ticketSupported { 465 numExtensions++ 466 } 467 if m.secureRenegotiation { 468 extensionsLength += 1 469 numExtensions++ 470 } 471 if numExtensions > 0 { 472 extensionsLength += 4 * numExtensions 473 length += 2 + extensionsLength 474 } 475 476 x := make([]byte, 4+length) 477 x[0] = typeServerHello 478 x[1] = uint8(length >> 16) 479 x[2] = uint8(length >> 8) 480 x[3] = uint8(length) 481 x[4] = uint8(m.vers >> 8) 482 x[5] = uint8(m.vers) 483 copy(x[6:38], m.random) 484 x[38] = uint8(len(m.sessionId)) 485 copy(x[39:39+len(m.sessionId)], m.sessionId) 486 z := x[39+len(m.sessionId):] 487 z[0] = uint8(m.cipherSuite >> 8) 488 z[1] = uint8(m.cipherSuite) 489 z[2] = uint8(m.compressionMethod) 490 491 z = z[3:] 492 if numExtensions > 0 { 493 z[0] = byte(extensionsLength >> 8) 494 z[1] = byte(extensionsLength) 495 z = z[2:] 496 } 497 if m.nextProtoNeg { 498 z[0] = byte(extensionNextProtoNeg >> 8) 499 z[1] = byte(extensionNextProtoNeg & 0xff) 500 z[2] = byte(nextProtoLen >> 8) 501 z[3] = byte(nextProtoLen) 502 z = z[4:] 503 504 for _, v := range m.nextProtos { 505 l := len(v) 506 if l > 255 { 507 l = 255 508 } 509 z[0] = byte(l) 510 copy(z[1:], []byte(v[0:l])) 511 z = z[1+l:] 512 } 513 } 514 if m.ocspStapling { 515 z[0] = byte(extensionStatusRequest >> 8) 516 z[1] = byte(extensionStatusRequest) 517 z = z[4:] 518 } 519 if m.ticketSupported { 520 z[0] = byte(extensionSessionTicket >> 8) 521 z[1] = byte(extensionSessionTicket) 522 z = z[4:] 523 } 524 if m.secureRenegotiation { 525 z[0] = byte(extensionRenegotiationInfo >> 8) 526 z[1] = byte(extensionRenegotiationInfo & 0xff) 527 z[2] = 0 528 z[3] = 1 529 z = z[5:] 530 } 531 532 m.raw = x 533 534 return x 535 } 536 537 func (m *serverHelloMsg) unmarshal(data []byte) bool { 538 if len(data) < 42 { 539 return false 540 } 541 m.raw = data 542 m.vers = uint16(data[4])<<8 | uint16(data[5]) 543 m.random = data[6:38] 544 sessionIdLen := int(data[38]) 545 if sessionIdLen > 32 || len(data) < 39+sessionIdLen { 546 return false 547 } 548 m.sessionId = data[39 : 39+sessionIdLen] 549 data = data[39+sessionIdLen:] 550 if len(data) < 3 { 551 return false 552 } 553 m.cipherSuite = uint16(data[0])<<8 | uint16(data[1]) 554 m.compressionMethod = data[2] 555 data = data[3:] 556 557 m.nextProtoNeg = false 558 m.nextProtos = nil 559 m.ocspStapling = false 560 m.ticketSupported = false 561 562 if len(data) == 0 { 563 // ServerHello is optionally followed by extension data 564 return true 565 } 566 if len(data) < 2 { 567 return false 568 } 569 570 extensionsLength := int(data[0])<<8 | int(data[1]) 571 data = data[2:] 572 if len(data) != extensionsLength { 573 return false 574 } 575 576 for len(data) != 0 { 577 if len(data) < 4 { 578 return false 579 } 580 extension := uint16(data[0])<<8 | uint16(data[1]) 581 length := int(data[2])<<8 | int(data[3]) 582 data = data[4:] 583 if len(data) < length { 584 return false 585 } 586 587 switch extension { 588 case extensionNextProtoNeg: 589 m.nextProtoNeg = true 590 d := data[:length] 591 for len(d) > 0 { 592 l := int(d[0]) 593 d = d[1:] 594 if l == 0 || l > len(d) { 595 return false 596 } 597 m.nextProtos = append(m.nextProtos, string(d[:l])) 598 d = d[l:] 599 } 600 case extensionStatusRequest: 601 if length > 0 { 602 return false 603 } 604 m.ocspStapling = true 605 case extensionSessionTicket: 606 if length > 0 { 607 return false 608 } 609 m.ticketSupported = true 610 case extensionRenegotiationInfo: 611 if length != 1 || data[0] != 0 { 612 return false 613 } 614 m.secureRenegotiation = true 615 } 616 data = data[length:] 617 } 618 619 return true 620 } 621 622 type certificateMsg struct { 623 raw []byte 624 certificates [][]byte 625 } 626 627 func (m *certificateMsg) equal(i interface{}) bool { 628 m1, ok := i.(*certificateMsg) 629 if !ok { 630 return false 631 } 632 633 return bytes.Equal(m.raw, m1.raw) && 634 eqByteSlices(m.certificates, m1.certificates) 635 } 636 637 func (m *certificateMsg) marshal() (x []byte) { 638 if m.raw != nil { 639 return m.raw 640 } 641 642 var i int 643 for _, slice := range m.certificates { 644 i += len(slice) 645 } 646 647 length := 3 + 3*len(m.certificates) + i 648 x = make([]byte, 4+length) 649 x[0] = typeCertificate 650 x[1] = uint8(length >> 16) 651 x[2] = uint8(length >> 8) 652 x[3] = uint8(length) 653 654 certificateOctets := length - 3 655 x[4] = uint8(certificateOctets >> 16) 656 x[5] = uint8(certificateOctets >> 8) 657 x[6] = uint8(certificateOctets) 658 659 y := x[7:] 660 for _, slice := range m.certificates { 661 y[0] = uint8(len(slice) >> 16) 662 y[1] = uint8(len(slice) >> 8) 663 y[2] = uint8(len(slice)) 664 copy(y[3:], slice) 665 y = y[3+len(slice):] 666 } 667 668 m.raw = x 669 return 670 } 671 672 func (m *certificateMsg) unmarshal(data []byte) bool { 673 if len(data) < 7 { 674 return false 675 } 676 677 m.raw = data 678 certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6]) 679 if uint32(len(data)) != certsLen+7 { 680 return false 681 } 682 683 numCerts := 0 684 d := data[7:] 685 for certsLen > 0 { 686 if len(d) < 4 { 687 return false 688 } 689 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2]) 690 if uint32(len(d)) < 3+certLen { 691 return false 692 } 693 d = d[3+certLen:] 694 certsLen -= 3 + certLen 695 numCerts++ 696 } 697 698 m.certificates = make([][]byte, numCerts) 699 d = data[7:] 700 for i := 0; i < numCerts; i++ { 701 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2]) 702 m.certificates[i] = d[3 : 3+certLen] 703 d = d[3+certLen:] 704 } 705 706 return true 707 } 708 709 type serverKeyExchangeMsg struct { 710 raw []byte 711 key []byte 712 } 713 714 func (m *serverKeyExchangeMsg) equal(i interface{}) bool { 715 m1, ok := i.(*serverKeyExchangeMsg) 716 if !ok { 717 return false 718 } 719 720 return bytes.Equal(m.raw, m1.raw) && 721 bytes.Equal(m.key, m1.key) 722 } 723 724 func (m *serverKeyExchangeMsg) marshal() []byte { 725 if m.raw != nil { 726 return m.raw 727 } 728 length := len(m.key) 729 x := make([]byte, length+4) 730 x[0] = typeServerKeyExchange 731 x[1] = uint8(length >> 16) 732 x[2] = uint8(length >> 8) 733 x[3] = uint8(length) 734 copy(x[4:], m.key) 735 736 m.raw = x 737 return x 738 } 739 740 func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool { 741 m.raw = data 742 if len(data) < 4 { 743 return false 744 } 745 m.key = data[4:] 746 return true 747 } 748 749 type certificateStatusMsg struct { 750 raw []byte 751 statusType uint8 752 response []byte 753 } 754 755 func (m *certificateStatusMsg) equal(i interface{}) bool { 756 m1, ok := i.(*certificateStatusMsg) 757 if !ok { 758 return false 759 } 760 761 return bytes.Equal(m.raw, m1.raw) && 762 m.statusType == m1.statusType && 763 bytes.Equal(m.response, m1.response) 764 } 765 766 func (m *certificateStatusMsg) marshal() []byte { 767 if m.raw != nil { 768 return m.raw 769 } 770 771 var x []byte 772 if m.statusType == statusTypeOCSP { 773 x = make([]byte, 4+4+len(m.response)) 774 x[0] = typeCertificateStatus 775 l := len(m.response) + 4 776 x[1] = byte(l >> 16) 777 x[2] = byte(l >> 8) 778 x[3] = byte(l) 779 x[4] = statusTypeOCSP 780 781 l -= 4 782 x[5] = byte(l >> 16) 783 x[6] = byte(l >> 8) 784 x[7] = byte(l) 785 copy(x[8:], m.response) 786 } else { 787 x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType} 788 } 789 790 m.raw = x 791 return x 792 } 793 794 func (m *certificateStatusMsg) unmarshal(data []byte) bool { 795 m.raw = data 796 if len(data) < 5 { 797 return false 798 } 799 m.statusType = data[4] 800 801 m.response = nil 802 if m.statusType == statusTypeOCSP { 803 if len(data) < 8 { 804 return false 805 } 806 respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7]) 807 if uint32(len(data)) != 4+4+respLen { 808 return false 809 } 810 m.response = data[8:] 811 } 812 return true 813 } 814 815 type serverHelloDoneMsg struct{} 816 817 func (m *serverHelloDoneMsg) equal(i interface{}) bool { 818 _, ok := i.(*serverHelloDoneMsg) 819 return ok 820 } 821 822 func (m *serverHelloDoneMsg) marshal() []byte { 823 x := make([]byte, 4) 824 x[0] = typeServerHelloDone 825 return x 826 } 827 828 func (m *serverHelloDoneMsg) unmarshal(data []byte) bool { 829 return len(data) == 4 830 } 831 832 type clientKeyExchangeMsg struct { 833 raw []byte 834 ciphertext []byte 835 } 836 837 func (m *clientKeyExchangeMsg) equal(i interface{}) bool { 838 m1, ok := i.(*clientKeyExchangeMsg) 839 if !ok { 840 return false 841 } 842 843 return bytes.Equal(m.raw, m1.raw) && 844 bytes.Equal(m.ciphertext, m1.ciphertext) 845 } 846 847 func (m *clientKeyExchangeMsg) marshal() []byte { 848 if m.raw != nil { 849 return m.raw 850 } 851 length := len(m.ciphertext) 852 x := make([]byte, length+4) 853 x[0] = typeClientKeyExchange 854 x[1] = uint8(length >> 16) 855 x[2] = uint8(length >> 8) 856 x[3] = uint8(length) 857 copy(x[4:], m.ciphertext) 858 859 m.raw = x 860 return x 861 } 862 863 func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool { 864 m.raw = data 865 if len(data) < 4 { 866 return false 867 } 868 l := int(data[1])<<16 | int(data[2])<<8 | int(data[3]) 869 if l != len(data)-4 { 870 return false 871 } 872 m.ciphertext = data[4:] 873 return true 874 } 875 876 type finishedMsg struct { 877 raw []byte 878 verifyData []byte 879 } 880 881 func (m *finishedMsg) equal(i interface{}) bool { 882 m1, ok := i.(*finishedMsg) 883 if !ok { 884 return false 885 } 886 887 return bytes.Equal(m.raw, m1.raw) && 888 bytes.Equal(m.verifyData, m1.verifyData) 889 } 890 891 func (m *finishedMsg) marshal() (x []byte) { 892 if m.raw != nil { 893 return m.raw 894 } 895 896 x = make([]byte, 4+len(m.verifyData)) 897 x[0] = typeFinished 898 x[3] = byte(len(m.verifyData)) 899 copy(x[4:], m.verifyData) 900 m.raw = x 901 return 902 } 903 904 func (m *finishedMsg) unmarshal(data []byte) bool { 905 m.raw = data 906 if len(data) < 4 { 907 return false 908 } 909 m.verifyData = data[4:] 910 return true 911 } 912 913 type nextProtoMsg struct { 914 raw []byte 915 proto string 916 } 917 918 func (m *nextProtoMsg) equal(i interface{}) bool { 919 m1, ok := i.(*nextProtoMsg) 920 if !ok { 921 return false 922 } 923 924 return bytes.Equal(m.raw, m1.raw) && 925 m.proto == m1.proto 926 } 927 928 func (m *nextProtoMsg) marshal() []byte { 929 if m.raw != nil { 930 return m.raw 931 } 932 l := len(m.proto) 933 if l > 255 { 934 l = 255 935 } 936 937 padding := 32 - (l+2)%32 938 length := l + padding + 2 939 x := make([]byte, length+4) 940 x[0] = typeNextProtocol 941 x[1] = uint8(length >> 16) 942 x[2] = uint8(length >> 8) 943 x[3] = uint8(length) 944 945 y := x[4:] 946 y[0] = byte(l) 947 copy(y[1:], []byte(m.proto[0:l])) 948 y = y[1+l:] 949 y[0] = byte(padding) 950 951 m.raw = x 952 953 return x 954 } 955 956 func (m *nextProtoMsg) unmarshal(data []byte) bool { 957 m.raw = data 958 959 if len(data) < 5 { 960 return false 961 } 962 data = data[4:] 963 protoLen := int(data[0]) 964 data = data[1:] 965 if len(data) < protoLen { 966 return false 967 } 968 m.proto = string(data[0:protoLen]) 969 data = data[protoLen:] 970 971 if len(data) < 1 { 972 return false 973 } 974 paddingLen := int(data[0]) 975 data = data[1:] 976 if len(data) != paddingLen { 977 return false 978 } 979 980 return true 981 } 982 983 type certificateRequestMsg struct { 984 raw []byte 985 // hasSignatureAndHash indicates whether this message includes a list 986 // of signature and hash functions. This change was introduced with TLS 987 // 1.2. 988 hasSignatureAndHash bool 989 990 certificateTypes []byte 991 signatureAndHashes []signatureAndHash 992 certificateAuthorities [][]byte 993 } 994 995 func (m *certificateRequestMsg) equal(i interface{}) bool { 996 m1, ok := i.(*certificateRequestMsg) 997 if !ok { 998 return false 999 } 1000 1001 return bytes.Equal(m.raw, m1.raw) && 1002 bytes.Equal(m.certificateTypes, m1.certificateTypes) && 1003 eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) && 1004 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) 1005 } 1006 1007 func (m *certificateRequestMsg) marshal() (x []byte) { 1008 if m.raw != nil { 1009 return m.raw 1010 } 1011 1012 // See http://tools.ietf.org/html/rfc4346#section-7.4.4 1013 length := 1 + len(m.certificateTypes) + 2 1014 casLength := 0 1015 for _, ca := range m.certificateAuthorities { 1016 casLength += 2 + len(ca) 1017 } 1018 length += casLength 1019 1020 if m.hasSignatureAndHash { 1021 length += 2 + 2*len(m.signatureAndHashes) 1022 } 1023 1024 x = make([]byte, 4+length) 1025 x[0] = typeCertificateRequest 1026 x[1] = uint8(length >> 16) 1027 x[2] = uint8(length >> 8) 1028 x[3] = uint8(length) 1029 1030 x[4] = uint8(len(m.certificateTypes)) 1031 1032 copy(x[5:], m.certificateTypes) 1033 y := x[5+len(m.certificateTypes):] 1034 1035 if m.hasSignatureAndHash { 1036 n := len(m.signatureAndHashes) * 2 1037 y[0] = uint8(n >> 8) 1038 y[1] = uint8(n) 1039 y = y[2:] 1040 for _, sigAndHash := range m.signatureAndHashes { 1041 y[0] = sigAndHash.hash 1042 y[1] = sigAndHash.signature 1043 y = y[2:] 1044 } 1045 } 1046 1047 y[0] = uint8(casLength >> 8) 1048 y[1] = uint8(casLength) 1049 y = y[2:] 1050 for _, ca := range m.certificateAuthorities { 1051 y[0] = uint8(len(ca) >> 8) 1052 y[1] = uint8(len(ca)) 1053 y = y[2:] 1054 copy(y, ca) 1055 y = y[len(ca):] 1056 } 1057 1058 m.raw = x 1059 return 1060 } 1061 1062 func (m *certificateRequestMsg) unmarshal(data []byte) bool { 1063 m.raw = data 1064 1065 if len(data) < 5 { 1066 return false 1067 } 1068 1069 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) 1070 if uint32(len(data))-4 != length { 1071 return false 1072 } 1073 1074 numCertTypes := int(data[4]) 1075 data = data[5:] 1076 if numCertTypes == 0 || len(data) <= numCertTypes { 1077 return false 1078 } 1079 1080 m.certificateTypes = make([]byte, numCertTypes) 1081 if copy(m.certificateTypes, data) != numCertTypes { 1082 return false 1083 } 1084 1085 data = data[numCertTypes:] 1086 1087 if m.hasSignatureAndHash { 1088 if len(data) < 2 { 1089 return false 1090 } 1091 sigAndHashLen := uint16(data[0])<<8 | uint16(data[1]) 1092 data = data[2:] 1093 if sigAndHashLen&1 != 0 { 1094 return false 1095 } 1096 if len(data) < int(sigAndHashLen) { 1097 return false 1098 } 1099 numSigAndHash := sigAndHashLen / 2 1100 m.signatureAndHashes = make([]signatureAndHash, numSigAndHash) 1101 for i := range m.signatureAndHashes { 1102 m.signatureAndHashes[i].hash = data[0] 1103 m.signatureAndHashes[i].signature = data[1] 1104 data = data[2:] 1105 } 1106 } 1107 1108 if len(data) < 2 { 1109 return false 1110 } 1111 casLength := uint16(data[0])<<8 | uint16(data[1]) 1112 data = data[2:] 1113 if len(data) < int(casLength) { 1114 return false 1115 } 1116 cas := make([]byte, casLength) 1117 copy(cas, data) 1118 data = data[casLength:] 1119 1120 m.certificateAuthorities = nil 1121 for len(cas) > 0 { 1122 if len(cas) < 2 { 1123 return false 1124 } 1125 caLen := uint16(cas[0])<<8 | uint16(cas[1]) 1126 cas = cas[2:] 1127 1128 if len(cas) < int(caLen) { 1129 return false 1130 } 1131 1132 m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen]) 1133 cas = cas[caLen:] 1134 } 1135 if len(data) > 0 { 1136 return false 1137 } 1138 1139 return true 1140 } 1141 1142 type certificateVerifyMsg struct { 1143 raw []byte 1144 hasSignatureAndHash bool 1145 signatureAndHash signatureAndHash 1146 signature []byte 1147 } 1148 1149 func (m *certificateVerifyMsg) equal(i interface{}) bool { 1150 m1, ok := i.(*certificateVerifyMsg) 1151 if !ok { 1152 return false 1153 } 1154 1155 return bytes.Equal(m.raw, m1.raw) && 1156 m.hasSignatureAndHash == m1.hasSignatureAndHash && 1157 m.signatureAndHash.hash == m1.signatureAndHash.hash && 1158 m.signatureAndHash.signature == m1.signatureAndHash.signature && 1159 bytes.Equal(m.signature, m1.signature) 1160 } 1161 1162 func (m *certificateVerifyMsg) marshal() (x []byte) { 1163 if m.raw != nil { 1164 return m.raw 1165 } 1166 1167 // See http://tools.ietf.org/html/rfc4346#section-7.4.8 1168 siglength := len(m.signature) 1169 length := 2 + siglength 1170 if m.hasSignatureAndHash { 1171 length += 2 1172 } 1173 x = make([]byte, 4+length) 1174 x[0] = typeCertificateVerify 1175 x[1] = uint8(length >> 16) 1176 x[2] = uint8(length >> 8) 1177 x[3] = uint8(length) 1178 y := x[4:] 1179 if m.hasSignatureAndHash { 1180 y[0] = m.signatureAndHash.hash 1181 y[1] = m.signatureAndHash.signature 1182 y = y[2:] 1183 } 1184 y[0] = uint8(siglength >> 8) 1185 y[1] = uint8(siglength) 1186 copy(y[2:], m.signature) 1187 1188 m.raw = x 1189 1190 return 1191 } 1192 1193 func (m *certificateVerifyMsg) unmarshal(data []byte) bool { 1194 m.raw = data 1195 1196 if len(data) < 6 { 1197 return false 1198 } 1199 1200 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) 1201 if uint32(len(data))-4 != length { 1202 return false 1203 } 1204 1205 data = data[4:] 1206 if m.hasSignatureAndHash { 1207 m.signatureAndHash.hash = data[0] 1208 m.signatureAndHash.signature = data[1] 1209 data = data[2:] 1210 } 1211 1212 if len(data) < 2 { 1213 return false 1214 } 1215 siglength := int(data[0])<<8 + int(data[1]) 1216 data = data[2:] 1217 if len(data) != siglength { 1218 return false 1219 } 1220 1221 m.signature = data 1222 1223 return true 1224 } 1225 1226 type newSessionTicketMsg struct { 1227 raw []byte 1228 ticket []byte 1229 } 1230 1231 func (m *newSessionTicketMsg) equal(i interface{}) bool { 1232 m1, ok := i.(*newSessionTicketMsg) 1233 if !ok { 1234 return false 1235 } 1236 1237 return bytes.Equal(m.raw, m1.raw) && 1238 bytes.Equal(m.ticket, m1.ticket) 1239 } 1240 1241 func (m *newSessionTicketMsg) marshal() (x []byte) { 1242 if m.raw != nil { 1243 return m.raw 1244 } 1245 1246 // See http://tools.ietf.org/html/rfc5077#section-3.3 1247 ticketLen := len(m.ticket) 1248 length := 2 + 4 + ticketLen 1249 x = make([]byte, 4+length) 1250 x[0] = typeNewSessionTicket 1251 x[1] = uint8(length >> 16) 1252 x[2] = uint8(length >> 8) 1253 x[3] = uint8(length) 1254 x[8] = uint8(ticketLen >> 8) 1255 x[9] = uint8(ticketLen) 1256 copy(x[10:], m.ticket) 1257 1258 m.raw = x 1259 1260 return 1261 } 1262 1263 func (m *newSessionTicketMsg) unmarshal(data []byte) bool { 1264 m.raw = data 1265 1266 if len(data) < 10 { 1267 return false 1268 } 1269 1270 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) 1271 if uint32(len(data))-4 != length { 1272 return false 1273 } 1274 1275 ticketLen := int(data[8])<<8 + int(data[9]) 1276 if len(data)-10 != ticketLen { 1277 return false 1278 } 1279 1280 m.ticket = data[10:] 1281 1282 return true 1283 } 1284 1285 func eqUint16s(x, y []uint16) bool { 1286 if len(x) != len(y) { 1287 return false 1288 } 1289 for i, v := range x { 1290 if y[i] != v { 1291 return false 1292 } 1293 } 1294 return true 1295 } 1296 1297 func eqCurveIDs(x, y []CurveID) bool { 1298 if len(x) != len(y) { 1299 return false 1300 } 1301 for i, v := range x { 1302 if y[i] != v { 1303 return false 1304 } 1305 } 1306 return true 1307 } 1308 1309 func eqStrings(x, y []string) bool { 1310 if len(x) != len(y) { 1311 return false 1312 } 1313 for i, v := range x { 1314 if y[i] != v { 1315 return false 1316 } 1317 } 1318 return true 1319 } 1320 1321 func eqByteSlices(x, y [][]byte) bool { 1322 if len(x) != len(y) { 1323 return false 1324 } 1325 for i, v := range x { 1326 if !bytes.Equal(v, y[i]) { 1327 return false 1328 } 1329 } 1330 return true 1331 } 1332 1333 func eqSignatureAndHashes(x, y []signatureAndHash) bool { 1334 if len(x) != len(y) { 1335 return false 1336 } 1337 for i, v := range x { 1338 v2 := y[i] 1339 if v.hash != v2.hash || v.signature != v2.signature { 1340 return false 1341 } 1342 } 1343 return true 1344 }