github.com/apernet/quic-go@v0.43.1-0.20240515053213-5e9e635fd9f0/internal/qtls/cipher_suite.go (about)

     1  package qtls
     2  
     3  import (
     4  	"crypto/tls"
     5  	"fmt"
     6  	"unsafe"
     7  )
     8  
     9  //go:linkname cipherSuitesTLS13 crypto/tls.cipherSuitesTLS13
    10  var cipherSuitesTLS13 []unsafe.Pointer
    11  
    12  //go:linkname defaultCipherSuitesTLS13 crypto/tls.defaultCipherSuitesTLS13
    13  var defaultCipherSuitesTLS13 []uint16
    14  
    15  //go:linkname defaultCipherSuitesTLS13NoAES crypto/tls.defaultCipherSuitesTLS13NoAES
    16  var defaultCipherSuitesTLS13NoAES []uint16
    17  
    18  var cipherSuitesModified bool
    19  
    20  // SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls
    21  // such that it only contains the cipher suite with the chosen id.
    22  // The reset function returned resets them back to the original value.
    23  func SetCipherSuite(id uint16) (reset func()) {
    24  	if cipherSuitesModified {
    25  		panic("cipher suites modified multiple times without resetting")
    26  	}
    27  	cipherSuitesModified = true
    28  
    29  	origCipherSuitesTLS13 := append([]unsafe.Pointer{}, cipherSuitesTLS13...)
    30  	origDefaultCipherSuitesTLS13 := append([]uint16{}, defaultCipherSuitesTLS13...)
    31  	origDefaultCipherSuitesTLS13NoAES := append([]uint16{}, defaultCipherSuitesTLS13NoAES...)
    32  	// The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls.
    33  	switch id {
    34  	case tls.TLS_AES_128_GCM_SHA256:
    35  		cipherSuitesTLS13 = cipherSuitesTLS13[:1]
    36  	case tls.TLS_CHACHA20_POLY1305_SHA256:
    37  		cipherSuitesTLS13 = cipherSuitesTLS13[1:2]
    38  	case tls.TLS_AES_256_GCM_SHA384:
    39  		cipherSuitesTLS13 = cipherSuitesTLS13[2:]
    40  	default:
    41  		panic(fmt.Sprintf("unexpected cipher suite: %d", id))
    42  	}
    43  	defaultCipherSuitesTLS13 = []uint16{id}
    44  	defaultCipherSuitesTLS13NoAES = []uint16{id}
    45  
    46  	return func() {
    47  		cipherSuitesTLS13 = origCipherSuitesTLS13
    48  		defaultCipherSuitesTLS13 = origDefaultCipherSuitesTLS13
    49  		defaultCipherSuitesTLS13NoAES = origDefaultCipherSuitesTLS13NoAES
    50  		cipherSuitesModified = false
    51  	}
    52  }