search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rebase.
[official-gcc.git] / libgo / go / crypto / tls / handshake_messages.go
blob7bcaa5eb9292977d2403a11f53102df64d161a24
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package tls
6
7 import "bytes"
8
9 type clientHelloMsg struct {
10 raw []byte
11 vers uint16
12 random []byte
13 sessionId []byte
14 cipherSuites []uint16
15 compressionMethods []uint8
16 nextProtoNeg bool
17 serverName string
18 ocspStapling bool
19 supportedCurves []CurveID
20 supportedPoints []uint8
21 ticketSupported bool
22 sessionTicket []uint8
23 signatureAndHashes []signatureAndHash
24 secureRenegotiation bool
25 }
26
27 func (m *clientHelloMsg) equal(i interface{}) bool {
28 m1, ok := i.(*clientHelloMsg)
29 if !ok {
30 return false
31 }
32
33 return bytes.Equal(m.raw, m1.raw) &&
34 m.vers == m1.vers &&
35 bytes.Equal(m.random, m1.random) &&
36 bytes.Equal(m.sessionId, m1.sessionId) &&
37 eqUint16s(m.cipherSuites, m1.cipherSuites) &&
38 bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
39 m.nextProtoNeg == m1.nextProtoNeg &&
40 m.serverName == m1.serverName &&
41 m.ocspStapling == m1.ocspStapling &&
42 eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
43 bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
44 m.ticketSupported == m1.ticketSupported &&
45 bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
46 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
47 m.secureRenegotiation == m1.secureRenegotiation
48 }
49
50 func (m *clientHelloMsg) marshal() []byte {
51 if m.raw != nil {
52 return m.raw
53 }
54
55 length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
56 numExtensions := 0
57 extensionsLength := 0
58 if m.nextProtoNeg {
59 numExtensions++
60 }
61 if m.ocspStapling {
62 extensionsLength += 1 + 2 + 2
63 numExtensions++
64 }
65 if len(m.serverName) > 0 {
66 extensionsLength += 5 + len(m.serverName)
67 numExtensions++
68 }
69 if len(m.supportedCurves) > 0 {
70 extensionsLength += 2 + 2*len(m.supportedCurves)
71 numExtensions++
72 }
73 if len(m.supportedPoints) > 0 {
74 extensionsLength += 1 + len(m.supportedPoints)
75 numExtensions++
76 }
77 if m.ticketSupported {
78 extensionsLength += len(m.sessionTicket)
79 numExtensions++
80 }
81 if len(m.signatureAndHashes) > 0 {
82 extensionsLength += 2 + 2*len(m.signatureAndHashes)
83 numExtensions++
84 }
85 if m.secureRenegotiation {
86 extensionsLength += 1
87 numExtensions++
88 }
89 if numExtensions > 0 {
90 extensionsLength += 4 * numExtensions
91 length += 2 + extensionsLength
92 }
93
94 x := make([]byte, 4+length)
95 x[0] = typeClientHello
96 x[1] = uint8(length >> 16)
97 x[2] = uint8(length >> 8)
98 x[3] = uint8(length)
99 x[4] = uint8(m.vers >> 8)
100 x[5] = uint8(m.vers)
101 copy(x[6:38], m.random)
102 x[38] = uint8(len(m.sessionId))
103 copy(x[39:39+len(m.sessionId)], m.sessionId)
104 y := x[39+len(m.sessionId):]
105 y[0] = uint8(len(m.cipherSuites) >> 7)
106 y[1] = uint8(len(m.cipherSuites) << 1)
107 for i, suite := range m.cipherSuites {
108 y[2+i*2] = uint8(suite >> 8)
109 y[3+i*2] = uint8(suite)
110 }
111 z := y[2+len(m.cipherSuites)*2:]
112 z[0] = uint8(len(m.compressionMethods))
113 copy(z[1:], m.compressionMethods)
114
115 z = z[1+len(m.compressionMethods):]
116 if numExtensions > 0 {
117 z[0] = byte(extensionsLength >> 8)
118 z[1] = byte(extensionsLength)
119 z = z[2:]
120 }
121 if m.nextProtoNeg {
122 z[0] = byte(extensionNextProtoNeg >> 8)
123 z[1] = byte(extensionNextProtoNeg & 0xff)
124 // The length is always 0
125 z = z[4:]
126 }
127 if len(m.serverName) > 0 {
128 z[0] = byte(extensionServerName >> 8)
129 z[1] = byte(extensionServerName & 0xff)
130 l := len(m.serverName) + 5
131 z[2] = byte(l >> 8)
132 z[3] = byte(l)
133 z = z[4:]
134
135 // RFC 3546, section 3.1
136 //
137 // struct {
138 // NameType name_type;
139 // select (name_type) {
140 // case host_name: HostName;
141 // } name;
142 // } ServerName;
143 //
144 // enum {
145 // host_name(0), (255)
146 // } NameType;
147 //
148 // opaque HostName<1..2^16-1>;
149 //
150 // struct {
151 // ServerName server_name_list<1..2^16-1>
152 // } ServerNameList;
153
154 z[0] = byte((len(m.serverName) + 3) >> 8)
155 z[1] = byte(len(m.serverName) + 3)
156 z[3] = byte(len(m.serverName) >> 8)
157 z[4] = byte(len(m.serverName))
158 copy(z[5:], []byte(m.serverName))
159 z = z[l:]
160 }
161 if m.ocspStapling {
162 // RFC 4366, section 3.6
163 z[0] = byte(extensionStatusRequest >> 8)
164 z[1] = byte(extensionStatusRequest)
165 z[2] = 0
166 z[3] = 5
167 z[4] = 1 // OCSP type
168 // Two zero valued uint16s for the two lengths.
169 z = z[9:]
170 }
171 if len(m.supportedCurves) > 0 {
172 // http://tools.ietf.org/html/rfc4492#section-5.5.1
173 z[0] = byte(extensionSupportedCurves >> 8)
174 z[1] = byte(extensionSupportedCurves)
175 l := 2 + 2*len(m.supportedCurves)
176 z[2] = byte(l >> 8)
177 z[3] = byte(l)
178 l -= 2
179 z[4] = byte(l >> 8)
180 z[5] = byte(l)
181 z = z[6:]
182 for _, curve := range m.supportedCurves {
183 z[0] = byte(curve >> 8)
184 z[1] = byte(curve)
185 z = z[2:]
186 }
187 }
188 if len(m.supportedPoints) > 0 {
189 // http://tools.ietf.org/html/rfc4492#section-5.5.2
190 z[0] = byte(extensionSupportedPoints >> 8)
191 z[1] = byte(extensionSupportedPoints)
192 l := 1 + len(m.supportedPoints)
193 z[2] = byte(l >> 8)
194 z[3] = byte(l)
195 l--
196 z[4] = byte(l)
197 z = z[5:]
198 for _, pointFormat := range m.supportedPoints {
199 z[0] = byte(pointFormat)
200 z = z[1:]
201 }
202 }
203 if m.ticketSupported {
204 // http://tools.ietf.org/html/rfc5077#section-3.2
205 z[0] = byte(extensionSessionTicket >> 8)
206 z[1] = byte(extensionSessionTicket)
207 l := len(m.sessionTicket)
208 z[2] = byte(l >> 8)
209 z[3] = byte(l)
210 z = z[4:]
211 copy(z, m.sessionTicket)
212 z = z[len(m.sessionTicket):]
213 }
214 if len(m.signatureAndHashes) > 0 {
215 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
216 z[0] = byte(extensionSignatureAlgorithms >> 8)
217 z[1] = byte(extensionSignatureAlgorithms)
218 l := 2 + 2*len(m.signatureAndHashes)
219 z[2] = byte(l >> 8)
220 z[3] = byte(l)
221 z = z[4:]
222
223 l -= 2
224 z[0] = byte(l >> 8)
225 z[1] = byte(l)
226 z = z[2:]
227 for _, sigAndHash := range m.signatureAndHashes {
228 z[0] = sigAndHash.hash
229 z[1] = sigAndHash.signature
230 z = z[2:]
231 }
232 }
233 if m.secureRenegotiation {
234 z[0] = byte(extensionRenegotiationInfo >> 8)
235 z[1] = byte(extensionRenegotiationInfo & 0xff)
236 z[2] = 0
237 z[3] = 1
238 z = z[5:]
239 }
240
241 m.raw = x
242
243 return x
244 }
245
246 func (m *clientHelloMsg) unmarshal(data []byte) bool {
247 if len(data) < 42 {
248 return false
249 }
250 m.raw = data
251 m.vers = uint16(data[4])<<8 | uint16(data[5])
252 m.random = data[6:38]
253 sessionIdLen := int(data[38])
254 if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
255 return false
256 }
257 m.sessionId = data[39 : 39+sessionIdLen]
258 data = data[39+sessionIdLen:]
259 if len(data) < 2 {
260 return false
261 }
262 // cipherSuiteLen is the number of bytes of cipher suite numbers. Since
263 // they are uint16s, the number must be even.
264 cipherSuiteLen := int(data[0])<<8 | int(data[1])
265 if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
266 return false
267 }
268 numCipherSuites := cipherSuiteLen / 2
269 m.cipherSuites = make([]uint16, numCipherSuites)
270 for i := 0; i < numCipherSuites; i++ {
271 m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
272 if m.cipherSuites[i] == scsvRenegotiation {
273 m.secureRenegotiation = true
274 }
275 }
276 data = data[2+cipherSuiteLen:]
277 if len(data) < 1 {
278 return false
279 }
280 compressionMethodsLen := int(data[0])
281 if len(data) < 1+compressionMethodsLen {
282 return false
283 }
284 m.compressionMethods = data[1 : 1+compressionMethodsLen]
285
286 data = data[1+compressionMethodsLen:]
287
288 m.nextProtoNeg = false
289 m.serverName = ""
290 m.ocspStapling = false
291 m.ticketSupported = false
292 m.sessionTicket = nil
293 m.signatureAndHashes = nil
294
295 if len(data) == 0 {
296 // ClientHello is optionally followed by extension data
297 return true
298 }
299 if len(data) < 2 {
300 return false
301 }
302
303 extensionsLength := int(data[0])<<8 | int(data[1])
304 data = data[2:]
305 if extensionsLength != len(data) {
306 return false
307 }
308
309 for len(data) != 0 {
310 if len(data) < 4 {
311 return false
312 }
313 extension := uint16(data[0])<<8 | uint16(data[1])
314 length := int(data[2])<<8 | int(data[3])
315 data = data[4:]
316 if len(data) < length {
317 return false
318 }
319
320 switch extension {
321 case extensionServerName:
322 if length < 2 {
323 return false
324 }
325 numNames := int(data[0])<<8 | int(data[1])
326 d := data[2:]
327 for i := 0; i < numNames; i++ {
328 if len(d) < 3 {
329 return false
330 }
331 nameType := d[0]
332 nameLen := int(d[1])<<8 | int(d[2])
333 d = d[3:]
334 if len(d) < nameLen {
335 return false
336 }
337 if nameType == 0 {
338 m.serverName = string(d[0:nameLen])
339 break
340 }
341 d = d[nameLen:]
342 }
343 case extensionNextProtoNeg:
344 if length > 0 {
345 return false
346 }
347 m.nextProtoNeg = true
348 case extensionStatusRequest:
349 m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
350 case extensionSupportedCurves:
351 // http://tools.ietf.org/html/rfc4492#section-5.5.1
352 if length < 2 {
353 return false
354 }
355 l := int(data[0])<<8 | int(data[1])
356 if l%2 == 1 || length != l+2 {
357 return false
358 }
359 numCurves := l / 2
360 m.supportedCurves = make([]CurveID, numCurves)
361 d := data[2:]
362 for i := 0; i < numCurves; i++ {
363 m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
364 d = d[2:]
365 }
366 case extensionSupportedPoints:
367 // http://tools.ietf.org/html/rfc4492#section-5.5.2
368 if length < 1 {
369 return false
370 }
371 l := int(data[0])
372 if length != l+1 {
373 return false
374 }
375 m.supportedPoints = make([]uint8, l)
376 copy(m.supportedPoints, data[1:])
377 case extensionSessionTicket:
378 // http://tools.ietf.org/html/rfc5077#section-3.2
379 m.ticketSupported = true
380 m.sessionTicket = data[:length]
381 case extensionSignatureAlgorithms:
382 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
383 if length < 2 || length&1 != 0 {
384 return false
385 }
386 l := int(data[0])<<8 | int(data[1])
387 if l != length-2 {
388 return false
389 }
390 n := l / 2
391 d := data[2:]
392 m.signatureAndHashes = make([]signatureAndHash, n)
393 for i := range m.signatureAndHashes {
394 m.signatureAndHashes[i].hash = d[0]
395 m.signatureAndHashes[i].signature = d[1]
396 d = d[2:]
397 }
398 case extensionRenegotiationInfo + 1:
399 if length != 1 || data[0] != 0 {
400 return false
401 }
402 m.secureRenegotiation = true
403 }
404 data = data[length:]
405 }
406
407 return true
408 }
409
410 type serverHelloMsg struct {
411 raw []byte
412 vers uint16
413 random []byte
414 sessionId []byte
415 cipherSuite uint16
416 compressionMethod uint8
417 nextProtoNeg bool
418 nextProtos []string
419 ocspStapling bool
420 ticketSupported bool
421 secureRenegotiation bool
422 }
423
424 func (m *serverHelloMsg) equal(i interface{}) bool {
425 m1, ok := i.(*serverHelloMsg)
426 if !ok {
427 return false
428 }
429
430 return bytes.Equal(m.raw, m1.raw) &&
431 m.vers == m1.vers &&
432 bytes.Equal(m.random, m1.random) &&
433 bytes.Equal(m.sessionId, m1.sessionId) &&
434 m.cipherSuite == m1.cipherSuite &&
435 m.compressionMethod == m1.compressionMethod &&
436 m.nextProtoNeg == m1.nextProtoNeg &&
437 eqStrings(m.nextProtos, m1.nextProtos) &&
438 m.ocspStapling == m1.ocspStapling &&
439 m.ticketSupported == m1.ticketSupported &&
440 m.secureRenegotiation == m1.secureRenegotiation
441 }
442
443 func (m *serverHelloMsg) marshal() []byte {
444 if m.raw != nil {
445 return m.raw
446 }
447
448 length := 38 + len(m.sessionId)
449 numExtensions := 0
450 extensionsLength := 0
451
452 nextProtoLen := 0
453 if m.nextProtoNeg {
454 numExtensions++
455 for _, v := range m.nextProtos {
456 nextProtoLen += len(v)
457 }
458 nextProtoLen += len(m.nextProtos)
459 extensionsLength += nextProtoLen
460 }
461 if m.ocspStapling {
462 numExtensions++
463 }
464 if m.ticketSupported {
465 numExtensions++
466 }
467 if m.secureRenegotiation {
468 extensionsLength += 1
469 numExtensions++
470 }
471 if numExtensions > 0 {
472 extensionsLength += 4 * numExtensions
473 length += 2 + extensionsLength
474 }
475
476 x := make([]byte, 4+length)
477 x[0] = typeServerHello
478 x[1] = uint8(length >> 16)
479 x[2] = uint8(length >> 8)
480 x[3] = uint8(length)
481 x[4] = uint8(m.vers >> 8)
482 x[5] = uint8(m.vers)
483 copy(x[6:38], m.random)
484 x[38] = uint8(len(m.sessionId))
485 copy(x[39:39+len(m.sessionId)], m.sessionId)
486 z := x[39+len(m.sessionId):]
487 z[0] = uint8(m.cipherSuite >> 8)
488 z[1] = uint8(m.cipherSuite)
489 z[2] = uint8(m.compressionMethod)
490
491 z = z[3:]
492 if numExtensions > 0 {
493 z[0] = byte(extensionsLength >> 8)
494 z[1] = byte(extensionsLength)
495 z = z[2:]
496 }
497 if m.nextProtoNeg {
498 z[0] = byte(extensionNextProtoNeg >> 8)
499 z[1] = byte(extensionNextProtoNeg & 0xff)
500 z[2] = byte(nextProtoLen >> 8)
501 z[3] = byte(nextProtoLen)
502 z = z[4:]
503
504 for _, v := range m.nextProtos {
505 l := len(v)
506 if l > 255 {
507 l = 255
508 }
509 z[0] = byte(l)
510 copy(z[1:], []byte(v[0:l]))
511 z = z[1+l:]
512 }
513 }
514 if m.ocspStapling {
515 z[0] = byte(extensionStatusRequest >> 8)
516 z[1] = byte(extensionStatusRequest)
517 z = z[4:]
518 }
519 if m.ticketSupported {
520 z[0] = byte(extensionSessionTicket >> 8)
521 z[1] = byte(extensionSessionTicket)
522 z = z[4:]
523 }
524 if m.secureRenegotiation {
525 z[0] = byte(extensionRenegotiationInfo >> 8)
526 z[1] = byte(extensionRenegotiationInfo & 0xff)
527 z[2] = 0
528 z[3] = 1
529 z = z[5:]
530 }
531
532 m.raw = x
533
534 return x
535 }
536
537 func (m *serverHelloMsg) unmarshal(data []byte) bool {
538 if len(data) < 42 {
539 return false
540 }
541 m.raw = data
542 m.vers = uint16(data[4])<<8 | uint16(data[5])
543 m.random = data[6:38]
544 sessionIdLen := int(data[38])
545 if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
546 return false
547 }
548 m.sessionId = data[39 : 39+sessionIdLen]
549 data = data[39+sessionIdLen:]
550 if len(data) < 3 {
551 return false
552 }
553 m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
554 m.compressionMethod = data[2]
555 data = data[3:]
556
557 m.nextProtoNeg = false
558 m.nextProtos = nil
559 m.ocspStapling = false
560 m.ticketSupported = false
561
562 if len(data) == 0 {
563 // ServerHello is optionally followed by extension data
564 return true
565 }
566 if len(data) < 2 {
567 return false
568 }
569
570 extensionsLength := int(data[0])<<8 | int(data[1])
571 data = data[2:]
572 if len(data) != extensionsLength {
573 return false
574 }
575
576 for len(data) != 0 {
577 if len(data) < 4 {
578 return false
579 }
580 extension := uint16(data[0])<<8 | uint16(data[1])
581 length := int(data[2])<<8 | int(data[3])
582 data = data[4:]
583 if len(data) < length {
584 return false
585 }
586
587 switch extension {
588 case extensionNextProtoNeg:
589 m.nextProtoNeg = true
590 d := data[:length]
591 for len(d) > 0 {
592 l := int(d[0])
593 d = d[1:]
594 if l == 0 || l > len(d) {
595 return false
596 }
597 m.nextProtos = append(m.nextProtos, string(d[:l]))
598 d = d[l:]
599 }
600 case extensionStatusRequest:
601 if length > 0 {
602 return false
603 }
604 m.ocspStapling = true
605 case extensionSessionTicket:
606 if length > 0 {
607 return false
608 }
609 m.ticketSupported = true
610 case extensionRenegotiationInfo:
611 if length != 1 || data[0] != 0 {
612 return false
613 }
614 m.secureRenegotiation = true
615 }
616 data = data[length:]
617 }
618
619 return true
620 }
621
622 type certificateMsg struct {
623 raw []byte
624 certificates [][]byte
625 }
626
627 func (m *certificateMsg) equal(i interface{}) bool {
628 m1, ok := i.(*certificateMsg)
629 if !ok {
630 return false
631 }
632
633 return bytes.Equal(m.raw, m1.raw) &&
634 eqByteSlices(m.certificates, m1.certificates)
635 }
636
637 func (m *certificateMsg) marshal() (x []byte) {
638 if m.raw != nil {
639 return m.raw
640 }
641
642 var i int
643 for _, slice := range m.certificates {
644 i += len(slice)
645 }
646
647 length := 3 + 3*len(m.certificates) + i
648 x = make([]byte, 4+length)
649 x[0] = typeCertificate
650 x[1] = uint8(length >> 16)
651 x[2] = uint8(length >> 8)
652 x[3] = uint8(length)
653
654 certificateOctets := length - 3
655 x[4] = uint8(certificateOctets >> 16)
656 x[5] = uint8(certificateOctets >> 8)
657 x[6] = uint8(certificateOctets)
658
659 y := x[7:]
660 for _, slice := range m.certificates {
661 y[0] = uint8(len(slice) >> 16)
662 y[1] = uint8(len(slice) >> 8)
663 y[2] = uint8(len(slice))
664 copy(y[3:], slice)
665 y = y[3+len(slice):]
666 }
667
668 m.raw = x
669 return
670 }
671
672 func (m *certificateMsg) unmarshal(data []byte) bool {
673 if len(data) < 7 {
674 return false
675 }
676
677 m.raw = data
678 certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
679 if uint32(len(data)) != certsLen+7 {
680 return false
681 }
682
683 numCerts := 0
684 d := data[7:]
685 for certsLen > 0 {
686 if len(d) < 4 {
687 return false
688 }
689 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
690 if uint32(len(d)) < 3+certLen {
691 return false
692 }
693 d = d[3+certLen:]
694 certsLen -= 3 + certLen
695 numCerts++
696 }
697
698 m.certificates = make([][]byte, numCerts)
699 d = data[7:]
700 for i := 0; i < numCerts; i++ {
701 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
702 m.certificates[i] = d[3 : 3+certLen]
703 d = d[3+certLen:]
704 }
705
706 return true
707 }
708
709 type serverKeyExchangeMsg struct {
710 raw []byte
711 key []byte
712 }
713
714 func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
715 m1, ok := i.(*serverKeyExchangeMsg)
716 if !ok {
717 return false
718 }
719
720 return bytes.Equal(m.raw, m1.raw) &&
721 bytes.Equal(m.key, m1.key)
722 }
723
724 func (m *serverKeyExchangeMsg) marshal() []byte {
725 if m.raw != nil {
726 return m.raw
727 }
728 length := len(m.key)
729 x := make([]byte, length+4)
730 x[0] = typeServerKeyExchange
731 x[1] = uint8(length >> 16)
732 x[2] = uint8(length >> 8)
733 x[3] = uint8(length)
734 copy(x[4:], m.key)
735
736 m.raw = x
737 return x
738 }
739
740 func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool {
741 m.raw = data
742 if len(data) < 4 {
743 return false
744 }
745 m.key = data[4:]
746 return true
747 }
748
749 type certificateStatusMsg struct {
750 raw []byte
751 statusType uint8
752 response []byte
753 }
754
755 func (m *certificateStatusMsg) equal(i interface{}) bool {
756 m1, ok := i.(*certificateStatusMsg)
757 if !ok {
758 return false
759 }
760
761 return bytes.Equal(m.raw, m1.raw) &&
762 m.statusType == m1.statusType &&
763 bytes.Equal(m.response, m1.response)
764 }
765
766 func (m *certificateStatusMsg) marshal() []byte {
767 if m.raw != nil {
768 return m.raw
769 }
770
771 var x []byte
772 if m.statusType == statusTypeOCSP {
773 x = make([]byte, 4+4+len(m.response))
774 x[0] = typeCertificateStatus
775 l := len(m.response) + 4
776 x[1] = byte(l >> 16)
777 x[2] = byte(l >> 8)
778 x[3] = byte(l)
779 x[4] = statusTypeOCSP
780
781 l -= 4
782 x[5] = byte(l >> 16)
783 x[6] = byte(l >> 8)
784 x[7] = byte(l)
785 copy(x[8:], m.response)
786 } else {
787 x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
788 }
789
790 m.raw = x
791 return x
792 }
793
794 func (m *certificateStatusMsg) unmarshal(data []byte) bool {
795 m.raw = data
796 if len(data) < 5 {
797 return false
798 }
799 m.statusType = data[4]
800
801 m.response = nil
802 if m.statusType == statusTypeOCSP {
803 if len(data) < 8 {
804 return false
805 }
806 respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
807 if uint32(len(data)) != 4+4+respLen {
808 return false
809 }
810 m.response = data[8:]
811 }
812 return true
813 }
814
815 type serverHelloDoneMsg struct{}
816
817 func (m *serverHelloDoneMsg) equal(i interface{}) bool {
818 _, ok := i.(*serverHelloDoneMsg)
819 return ok
820 }
821
822 func (m *serverHelloDoneMsg) marshal() []byte {
823 x := make([]byte, 4)
824 x[0] = typeServerHelloDone
825 return x
826 }
827
828 func (m *serverHelloDoneMsg) unmarshal(data []byte) bool {
829 return len(data) == 4
830 }
831
832 type clientKeyExchangeMsg struct {
833 raw []byte
834 ciphertext []byte
835 }
836
837 func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
838 m1, ok := i.(*clientKeyExchangeMsg)
839 if !ok {
840 return false
841 }
842
843 return bytes.Equal(m.raw, m1.raw) &&
844 bytes.Equal(m.ciphertext, m1.ciphertext)
845 }
846
847 func (m *clientKeyExchangeMsg) marshal() []byte {
848 if m.raw != nil {
849 return m.raw
850 }
851 length := len(m.ciphertext)
852 x := make([]byte, length+4)
853 x[0] = typeClientKeyExchange
854 x[1] = uint8(length >> 16)
855 x[2] = uint8(length >> 8)
856 x[3] = uint8(length)
857 copy(x[4:], m.ciphertext)
858
859 m.raw = x
860 return x
861 }
862
863 func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool {
864 m.raw = data
865 if len(data) < 4 {
866 return false
867 }
868 l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
869 if l != len(data)-4 {
870 return false
871 }
872 m.ciphertext = data[4:]
873 return true
874 }
875
876 type finishedMsg struct {
877 raw []byte
878 verifyData []byte
879 }
880
881 func (m *finishedMsg) equal(i interface{}) bool {
882 m1, ok := i.(*finishedMsg)
883 if !ok {
884 return false
885 }
886
887 return bytes.Equal(m.raw, m1.raw) &&
888 bytes.Equal(m.verifyData, m1.verifyData)
889 }
890
891 func (m *finishedMsg) marshal() (x []byte) {
892 if m.raw != nil {
893 return m.raw
894 }
895
896 x = make([]byte, 4+len(m.verifyData))
897 x[0] = typeFinished
898 x[3] = byte(len(m.verifyData))
899 copy(x[4:], m.verifyData)
900 m.raw = x
901 return
902 }
903
904 func (m *finishedMsg) unmarshal(data []byte) bool {
905 m.raw = data
906 if len(data) < 4 {
907 return false
908 }
909 m.verifyData = data[4:]
910 return true
911 }
912
913 type nextProtoMsg struct {
914 raw []byte
915 proto string
916 }
917
918 func (m *nextProtoMsg) equal(i interface{}) bool {
919 m1, ok := i.(*nextProtoMsg)
920 if !ok {
921 return false
922 }
923
924 return bytes.Equal(m.raw, m1.raw) &&
925 m.proto == m1.proto
926 }
927
928 func (m *nextProtoMsg) marshal() []byte {
929 if m.raw != nil {
930 return m.raw
931 }
932 l := len(m.proto)
933 if l > 255 {
934 l = 255
935 }
936
937 padding := 32 - (l+2)%32
938 length := l + padding + 2
939 x := make([]byte, length+4)
940 x[0] = typeNextProtocol
941 x[1] = uint8(length >> 16)
942 x[2] = uint8(length >> 8)
943 x[3] = uint8(length)
944
945 y := x[4:]
946 y[0] = byte(l)
947 copy(y[1:], []byte(m.proto[0:l]))
948 y = y[1+l:]
949 y[0] = byte(padding)
950
951 m.raw = x
952
953 return x
954 }
955
956 func (m *nextProtoMsg) unmarshal(data []byte) bool {
957 m.raw = data
958
959 if len(data) < 5 {
960 return false
961 }
962 data = data[4:]
963 protoLen := int(data[0])
964 data = data[1:]
965 if len(data) < protoLen {
966 return false
967 }
968 m.proto = string(data[0:protoLen])
969 data = data[protoLen:]
970
971 if len(data) < 1 {
972 return false
973 }
974 paddingLen := int(data[0])
975 data = data[1:]
976 if len(data) != paddingLen {
977 return false
978 }
979
980 return true
981 }
982
983 type certificateRequestMsg struct {
984 raw []byte
985 // hasSignatureAndHash indicates whether this message includes a list
986 // of signature and hash functions. This change was introduced with TLS
987 // 1.2.
988 hasSignatureAndHash bool
989
990 certificateTypes []byte
991 signatureAndHashes []signatureAndHash
992 certificateAuthorities [][]byte
993 }
994
995 func (m *certificateRequestMsg) equal(i interface{}) bool {
996 m1, ok := i.(*certificateRequestMsg)
997 if !ok {
998 return false
999 }
1000
1001 return bytes.Equal(m.raw, m1.raw) &&
1002 bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
1003 eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
1004 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
1005 }
1006
1007 func (m *certificateRequestMsg) marshal() (x []byte) {
1008 if m.raw != nil {
1009 return m.raw
1010 }
1011
1012 // See http://tools.ietf.org/html/rfc4346#section-7.4.4
1013 length := 1 + len(m.certificateTypes) + 2
1014 casLength := 0
1015 for _, ca := range m.certificateAuthorities {
1016 casLength += 2 + len(ca)
1017 }
1018 length += casLength
1019
1020 if m.hasSignatureAndHash {
1021 length += 2 + 2*len(m.signatureAndHashes)
1022 }
1023
1024 x = make([]byte, 4+length)
1025 x[0] = typeCertificateRequest
1026 x[1] = uint8(length >> 16)
1027 x[2] = uint8(length >> 8)
1028 x[3] = uint8(length)
1029
1030 x[4] = uint8(len(m.certificateTypes))
1031
1032 copy(x[5:], m.certificateTypes)
1033 y := x[5+len(m.certificateTypes):]
1034
1035 if m.hasSignatureAndHash {
1036 n := len(m.signatureAndHashes) * 2
1037 y[0] = uint8(n >> 8)
1038 y[1] = uint8(n)
1039 y = y[2:]
1040 for _, sigAndHash := range m.signatureAndHashes {
1041 y[0] = sigAndHash.hash
1042 y[1] = sigAndHash.signature
1043 y = y[2:]
1044 }
1045 }
1046
1047 y[0] = uint8(casLength >> 8)
1048 y[1] = uint8(casLength)
1049 y = y[2:]
1050 for _, ca := range m.certificateAuthorities {
1051 y[0] = uint8(len(ca) >> 8)
1052 y[1] = uint8(len(ca))
1053 y = y[2:]
1054 copy(y, ca)
1055 y = y[len(ca):]
1056 }
1057
1058 m.raw = x
1059 return
1060 }
1061
1062 func (m *certificateRequestMsg) unmarshal(data []byte) bool {
1063 m.raw = data
1064
1065 if len(data) < 5 {
1066 return false
1067 }
1068
1069 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1070 if uint32(len(data))-4 != length {
1071 return false
1072 }
1073
1074 numCertTypes := int(data[4])
1075 data = data[5:]
1076 if numCertTypes == 0 || len(data) <= numCertTypes {
1077 return false
1078 }
1079
1080 m.certificateTypes = make([]byte, numCertTypes)
1081 if copy(m.certificateTypes, data) != numCertTypes {
1082 return false
1083 }
1084
1085 data = data[numCertTypes:]
1086
1087 if m.hasSignatureAndHash {
1088 if len(data) < 2 {
1089 return false
1090 }
1091 sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
1092 data = data[2:]
1093 if sigAndHashLen&1 != 0 {
1094 return false
1095 }
1096 if len(data) < int(sigAndHashLen) {
1097 return false
1098 }
1099 numSigAndHash := sigAndHashLen / 2
1100 m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
1101 for i := range m.signatureAndHashes {
1102 m.signatureAndHashes[i].hash = data[0]
1103 m.signatureAndHashes[i].signature = data[1]
1104 data = data[2:]
1105 }
1106 }
1107
1108 if len(data) < 2 {
1109 return false
1110 }
1111 casLength := uint16(data[0])<<8 | uint16(data[1])
1112 data = data[2:]
1113 if len(data) < int(casLength) {
1114 return false
1115 }
1116 cas := make([]byte, casLength)
1117 copy(cas, data)
1118 data = data[casLength:]
1119
1120 m.certificateAuthorities = nil
1121 for len(cas) > 0 {
1122 if len(cas) < 2 {
1123 return false
1124 }
1125 caLen := uint16(cas[0])<<8 | uint16(cas[1])
1126 cas = cas[2:]
1127
1128 if len(cas) < int(caLen) {
1129 return false
1130 }
1131
1132 m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
1133 cas = cas[caLen:]
1134 }
1135 if len(data) > 0 {
1136 return false
1137 }
1138
1139 return true
1140 }
1141
1142 type certificateVerifyMsg struct {
1143 raw []byte
1144 hasSignatureAndHash bool
1145 signatureAndHash signatureAndHash
1146 signature []byte
1147 }
1148
1149 func (m *certificateVerifyMsg) equal(i interface{}) bool {
1150 m1, ok := i.(*certificateVerifyMsg)
1151 if !ok {
1152 return false
1153 }
1154
1155 return bytes.Equal(m.raw, m1.raw) &&
1156 m.hasSignatureAndHash == m1.hasSignatureAndHash &&
1157 m.signatureAndHash.hash == m1.signatureAndHash.hash &&
1158 m.signatureAndHash.signature == m1.signatureAndHash.signature &&
1159 bytes.Equal(m.signature, m1.signature)
1160 }
1161
1162 func (m *certificateVerifyMsg) marshal() (x []byte) {
1163 if m.raw != nil {
1164 return m.raw
1165 }
1166
1167 // See http://tools.ietf.org/html/rfc4346#section-7.4.8
1168 siglength := len(m.signature)
1169 length := 2 + siglength
1170 if m.hasSignatureAndHash {
1171 length += 2
1172 }
1173 x = make([]byte, 4+length)
1174 x[0] = typeCertificateVerify
1175 x[1] = uint8(length >> 16)
1176 x[2] = uint8(length >> 8)
1177 x[3] = uint8(length)
1178 y := x[4:]
1179 if m.hasSignatureAndHash {
1180 y[0] = m.signatureAndHash.hash
1181 y[1] = m.signatureAndHash.signature
1182 y = y[2:]
1183 }
1184 y[0] = uint8(siglength >> 8)
1185 y[1] = uint8(siglength)
1186 copy(y[2:], m.signature)
1187
1188 m.raw = x
1189
1190 return
1191 }
1192
1193 func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
1194 m.raw = data
1195
1196 if len(data) < 6 {
1197 return false
1198 }
1199
1200 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1201 if uint32(len(data))-4 != length {
1202 return false
1203 }
1204
1205 data = data[4:]
1206 if m.hasSignatureAndHash {
1207 m.signatureAndHash.hash = data[0]
1208 m.signatureAndHash.signature = data[1]
1209 data = data[2:]
1210 }
1211
1212 if len(data) < 2 {
1213 return false
1214 }
1215 siglength := int(data[0])<<8 + int(data[1])
1216 data = data[2:]
1217 if len(data) != siglength {
1218 return false
1219 }
1220
1221 m.signature = data
1222
1223 return true
1224 }
1225
1226 type newSessionTicketMsg struct {
1227 raw []byte
1228 ticket []byte
1229 }
1230
1231 func (m *newSessionTicketMsg) equal(i interface{}) bool {
1232 m1, ok := i.(*newSessionTicketMsg)
1233 if !ok {
1234 return false
1235 }
1236
1237 return bytes.Equal(m.raw, m1.raw) &&
1238 bytes.Equal(m.ticket, m1.ticket)
1239 }
1240
1241 func (m *newSessionTicketMsg) marshal() (x []byte) {
1242 if m.raw != nil {
1243 return m.raw
1244 }
1245
1246 // See http://tools.ietf.org/html/rfc5077#section-3.3
1247 ticketLen := len(m.ticket)
1248 length := 2 + 4 + ticketLen
1249 x = make([]byte, 4+length)
1250 x[0] = typeNewSessionTicket
1251 x[1] = uint8(length >> 16)
1252 x[2] = uint8(length >> 8)
1253 x[3] = uint8(length)
1254 x[8] = uint8(ticketLen >> 8)
1255 x[9] = uint8(ticketLen)
1256 copy(x[10:], m.ticket)
1257
1258 m.raw = x
1259
1260 return
1261 }
1262
1263 func (m *newSessionTicketMsg) unmarshal(data []byte) bool {
1264 m.raw = data
1265
1266 if len(data) < 10 {
1267 return false
1268 }
1269
1270 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1271 if uint32(len(data))-4 != length {
1272 return false
1273 }
1274
1275 ticketLen := int(data[8])<<8 + int(data[9])
1276 if len(data)-10 != ticketLen {
1277 return false
1278 }
1279
1280 m.ticket = data[10:]
1281
1282 return true
1283 }
1284
1285 func eqUint16s(x, y []uint16) bool {
1286 if len(x) != len(y) {
1287 return false
1288 }
1289 for i, v := range x {
1290 if y[i] != v {
1291 return false
1292 }
1293 }
1294 return true
1295 }
1296
1297 func eqCurveIDs(x, y []CurveID) bool {
1298 if len(x) != len(y) {
1299 return false
1300 }
1301 for i, v := range x {
1302 if y[i] != v {
1303 return false
1304 }
1305 }
1306 return true
1307 }
1308
1309 func eqStrings(x, y []string) bool {
1310 if len(x) != len(y) {
1311 return false
1312 }
1313 for i, v := range x {
1314 if y[i] != v {
1315 return false
1316 }
1317 }
1318 return true
1319 }
1320
1321 func eqByteSlices(x, y [][]byte) bool {
1322 if len(x) != len(y) {
1323 return false
1324 }
1325 for i, v := range x {
1326 if !bytes.Equal(v, y[i]) {
1327 return false
1328 }
1329 }
1330 return true
1331 }
1332
1333 func eqSignatureAndHashes(x, y []signatureAndHash) bool {
1334 if len(x) != len(y) {
1335 return false
1336 }
1337 for i, v := range x {
1338 v2 := y[i]
1339 if v.hash != v2.hash || v.signature != v2.signature {
1340 return false
1341 }
1342 }
1343 return true
1344 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org