...
Run Format

Source file src/pkg/crypto/tls/handshake_messages.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	package tls
     6	
     7	import "bytes"
     8	
     9	type clientHelloMsg struct {
    10		raw                 []byte
    11		vers                uint16
    12		random              []byte
    13		sessionId           []byte
    14		cipherSuites        []uint16
    15		compressionMethods  []uint8
    16		nextProtoNeg        bool
    17		serverName          string
    18		ocspStapling        bool
    19		supportedCurves     []CurveID
    20		supportedPoints     []uint8
    21		ticketSupported     bool
    22		sessionTicket       []uint8
    23		signatureAndHashes  []signatureAndHash
    24		secureRenegotiation bool
    25	}
    26	
    27	func (m *clientHelloMsg) equal(i interface{}) bool {
    28		m1, ok := i.(*clientHelloMsg)
    29		if !ok {
    30			return false
    31		}
    32	
    33		return bytes.Equal(m.raw, m1.raw) &&
    34			m.vers == m1.vers &&
    35			bytes.Equal(m.random, m1.random) &&
    36			bytes.Equal(m.sessionId, m1.sessionId) &&
    37			eqUint16s(m.cipherSuites, m1.cipherSuites) &&
    38			bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
    39			m.nextProtoNeg == m1.nextProtoNeg &&
    40			m.serverName == m1.serverName &&
    41			m.ocspStapling == m1.ocspStapling &&
    42			eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
    43			bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
    44			m.ticketSupported == m1.ticketSupported &&
    45			bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
    46			eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
    47			m.secureRenegotiation == m1.secureRenegotiation
    48	}
    49	
    50	func (m *clientHelloMsg) marshal() []byte {
    51		if m.raw != nil {
    52			return m.raw
    53		}
    54	
    55		length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
    56		numExtensions := 0
    57		extensionsLength := 0
    58		if m.nextProtoNeg {
    59			numExtensions++
    60		}
    61		if m.ocspStapling {
    62			extensionsLength += 1 + 2 + 2
    63			numExtensions++
    64		}
    65		if len(m.serverName) > 0 {
    66			extensionsLength += 5 + len(m.serverName)
    67			numExtensions++
    68		}
    69		if len(m.supportedCurves) > 0 {
    70			extensionsLength += 2 + 2*len(m.supportedCurves)
    71			numExtensions++
    72		}
    73		if len(m.supportedPoints) > 0 {
    74			extensionsLength += 1 + len(m.supportedPoints)
    75			numExtensions++
    76		}
    77		if m.ticketSupported {
    78			extensionsLength += len(m.sessionTicket)
    79			numExtensions++
    80		}
    81		if len(m.signatureAndHashes) > 0 {
    82			extensionsLength += 2 + 2*len(m.signatureAndHashes)
    83			numExtensions++
    84		}
    85		if m.secureRenegotiation {
    86			extensionsLength += 1
    87			numExtensions++
    88		}
    89		if numExtensions > 0 {
    90			extensionsLength += 4 * numExtensions
    91			length += 2 + extensionsLength
    92		}
    93	
    94		x := make([]byte, 4+length)
    95		x[0] = typeClientHello
    96		x[1] = uint8(length >> 16)
    97		x[2] = uint8(length >> 8)
    98		x[3] = uint8(length)
    99		x[4] = uint8(m.vers >> 8)
   100		x[5] = uint8(m.vers)
   101		copy(x[6:38], m.random)
   102		x[38] = uint8(len(m.sessionId))
   103		copy(x[39:39+len(m.sessionId)], m.sessionId)
   104		y := x[39+len(m.sessionId):]
   105		y[0] = uint8(len(m.cipherSuites) >> 7)
   106		y[1] = uint8(len(m.cipherSuites) << 1)
   107		for i, suite := range m.cipherSuites {
   108			y[2+i*2] = uint8(suite >> 8)
   109			y[3+i*2] = uint8(suite)
   110		}
   111		z := y[2+len(m.cipherSuites)*2:]
   112		z[0] = uint8(len(m.compressionMethods))
   113		copy(z[1:], m.compressionMethods)
   114	
   115		z = z[1+len(m.compressionMethods):]
   116		if numExtensions > 0 {
   117			z[0] = byte(extensionsLength >> 8)
   118			z[1] = byte(extensionsLength)
   119			z = z[2:]
   120		}
   121		if m.nextProtoNeg {
   122			z[0] = byte(extensionNextProtoNeg >> 8)
   123			z[1] = byte(extensionNextProtoNeg & 0xff)
   124			// The length is always 0
   125			z = z[4:]
   126		}
   127		if len(m.serverName) > 0 {
   128			z[0] = byte(extensionServerName >> 8)
   129			z[1] = byte(extensionServerName & 0xff)
   130			l := len(m.serverName) + 5
   131			z[2] = byte(l >> 8)
   132			z[3] = byte(l)
   133			z = z[4:]
   134	
   135			// RFC 3546, section 3.1
   136			//
   137			// struct {
   138			//     NameType name_type;
   139			//     select (name_type) {
   140			//         case host_name: HostName;
   141			//     } name;
   142			// } ServerName;
   143			//
   144			// enum {
   145			//     host_name(0), (255)
   146			// } NameType;
   147			//
   148			// opaque HostName<1..2^16-1>;
   149			//
   150			// struct {
   151			//     ServerName server_name_list<1..2^16-1>
   152			// } ServerNameList;
   153	
   154			z[0] = byte((len(m.serverName) + 3) >> 8)
   155			z[1] = byte(len(m.serverName) + 3)
   156			z[3] = byte(len(m.serverName) >> 8)
   157			z[4] = byte(len(m.serverName))
   158			copy(z[5:], []byte(m.serverName))
   159			z = z[l:]
   160		}
   161		if m.ocspStapling {
   162			// RFC 4366, section 3.6
   163			z[0] = byte(extensionStatusRequest >> 8)
   164			z[1] = byte(extensionStatusRequest)
   165			z[2] = 0
   166			z[3] = 5
   167			z[4] = 1 // OCSP type
   168			// Two zero valued uint16s for the two lengths.
   169			z = z[9:]
   170		}
   171		if len(m.supportedCurves) > 0 {
   172			// http://tools.ietf.org/html/rfc4492#section-5.5.1
   173			z[0] = byte(extensionSupportedCurves >> 8)
   174			z[1] = byte(extensionSupportedCurves)
   175			l := 2 + 2*len(m.supportedCurves)
   176			z[2] = byte(l >> 8)
   177			z[3] = byte(l)
   178			l -= 2
   179			z[4] = byte(l >> 8)
   180			z[5] = byte(l)
   181			z = z[6:]
   182			for _, curve := range m.supportedCurves {
   183				z[0] = byte(curve >> 8)
   184				z[1] = byte(curve)
   185				z = z[2:]
   186			}
   187		}
   188		if len(m.supportedPoints) > 0 {
   189			// http://tools.ietf.org/html/rfc4492#section-5.5.2
   190			z[0] = byte(extensionSupportedPoints >> 8)
   191			z[1] = byte(extensionSupportedPoints)
   192			l := 1 + len(m.supportedPoints)
   193			z[2] = byte(l >> 8)
   194			z[3] = byte(l)
   195			l--
   196			z[4] = byte(l)
   197			z = z[5:]
   198			for _, pointFormat := range m.supportedPoints {
   199				z[0] = byte(pointFormat)
   200				z = z[1:]
   201			}
   202		}
   203		if m.ticketSupported {
   204			// http://tools.ietf.org/html/rfc5077#section-3.2
   205			z[0] = byte(extensionSessionTicket >> 8)
   206			z[1] = byte(extensionSessionTicket)
   207			l := len(m.sessionTicket)
   208			z[2] = byte(l >> 8)
   209			z[3] = byte(l)
   210			z = z[4:]
   211			copy(z, m.sessionTicket)
   212			z = z[len(m.sessionTicket):]
   213		}
   214		if len(m.signatureAndHashes) > 0 {
   215			// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
   216			z[0] = byte(extensionSignatureAlgorithms >> 8)
   217			z[1] = byte(extensionSignatureAlgorithms)
   218			l := 2 + 2*len(m.signatureAndHashes)
   219			z[2] = byte(l >> 8)
   220			z[3] = byte(l)
   221			z = z[4:]
   222	
   223			l -= 2
   224			z[0] = byte(l >> 8)
   225			z[1] = byte(l)
   226			z = z[2:]
   227			for _, sigAndHash := range m.signatureAndHashes {
   228				z[0] = sigAndHash.hash
   229				z[1] = sigAndHash.signature
   230				z = z[2:]
   231			}
   232		}
   233		if m.secureRenegotiation {
   234			z[0] = byte(extensionRenegotiationInfo >> 8)
   235			z[1] = byte(extensionRenegotiationInfo & 0xff)
   236			z[2] = 0
   237			z[3] = 1
   238			z = z[5:]
   239		}
   240	
   241		m.raw = x
   242	
   243		return x
   244	}
   245	
   246	func (m *clientHelloMsg) unmarshal(data []byte) bool {
   247		if len(data) < 42 {
   248			return false
   249		}
   250		m.raw = data
   251		m.vers = uint16(data[4])<<8 | uint16(data[5])
   252		m.random = data[6:38]
   253		sessionIdLen := int(data[38])
   254		if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
   255			return false
   256		}
   257		m.sessionId = data[39 : 39+sessionIdLen]
   258		data = data[39+sessionIdLen:]
   259		if len(data) < 2 {
   260			return false
   261		}
   262		// cipherSuiteLen is the number of bytes of cipher suite numbers. Since
   263		// they are uint16s, the number must be even.
   264		cipherSuiteLen := int(data[0])<<8 | int(data[1])
   265		if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
   266			return false
   267		}
   268		numCipherSuites := cipherSuiteLen / 2
   269		m.cipherSuites = make([]uint16, numCipherSuites)
   270		for i := 0; i < numCipherSuites; i++ {
   271			m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
   272			if m.cipherSuites[i] == scsvRenegotiation {
   273				m.secureRenegotiation = true
   274			}
   275		}
   276		data = data[2+cipherSuiteLen:]
   277		if len(data) < 1 {
   278			return false
   279		}
   280		compressionMethodsLen := int(data[0])
   281		if len(data) < 1+compressionMethodsLen {
   282			return false
   283		}
   284		m.compressionMethods = data[1 : 1+compressionMethodsLen]
   285	
   286		data = data[1+compressionMethodsLen:]
   287	
   288		m.nextProtoNeg = false
   289		m.serverName = ""
   290		m.ocspStapling = false
   291		m.ticketSupported = false
   292		m.sessionTicket = nil
   293		m.signatureAndHashes = nil
   294	
   295		if len(data) == 0 {
   296			// ClientHello is optionally followed by extension data
   297			return true
   298		}
   299		if len(data) < 2 {
   300			return false
   301		}
   302	
   303		extensionsLength := int(data[0])<<8 | int(data[1])
   304		data = data[2:]
   305		if extensionsLength != len(data) {
   306			return false
   307		}
   308	
   309		for len(data) != 0 {
   310			if len(data) < 4 {
   311				return false
   312			}
   313			extension := uint16(data[0])<<8 | uint16(data[1])
   314			length := int(data[2])<<8 | int(data[3])
   315			data = data[4:]
   316			if len(data) < length {
   317				return false
   318			}
   319	
   320			switch extension {
   321			case extensionServerName:
   322				if length < 2 {
   323					return false
   324				}
   325				numNames := int(data[0])<<8 | int(data[1])
   326				d := data[2:]
   327				for i := 0; i < numNames; i++ {
   328					if len(d) < 3 {
   329						return false
   330					}
   331					nameType := d[0]
   332					nameLen := int(d[1])<<8 | int(d[2])
   333					d = d[3:]
   334					if len(d) < nameLen {
   335						return false
   336					}
   337					if nameType == 0 {
   338						m.serverName = string(d[0:nameLen])
   339						break
   340					}
   341					d = d[nameLen:]
   342				}
   343			case extensionNextProtoNeg:
   344				if length > 0 {
   345					return false
   346				}
   347				m.nextProtoNeg = true
   348			case extensionStatusRequest:
   349				m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
   350			case extensionSupportedCurves:
   351				// http://tools.ietf.org/html/rfc4492#section-5.5.1
   352				if length < 2 {
   353					return false
   354				}
   355				l := int(data[0])<<8 | int(data[1])
   356				if l%2 == 1 || length != l+2 {
   357					return false
   358				}
   359				numCurves := l / 2
   360				m.supportedCurves = make([]CurveID, numCurves)
   361				d := data[2:]
   362				for i := 0; i < numCurves; i++ {
   363					m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
   364					d = d[2:]
   365				}
   366			case extensionSupportedPoints:
   367				// http://tools.ietf.org/html/rfc4492#section-5.5.2
   368				if length < 1 {
   369					return false
   370				}
   371				l := int(data[0])
   372				if length != l+1 {
   373					return false
   374				}
   375				m.supportedPoints = make([]uint8, l)
   376				copy(m.supportedPoints, data[1:])
   377			case extensionSessionTicket:
   378				// http://tools.ietf.org/html/rfc5077#section-3.2
   379				m.ticketSupported = true
   380				m.sessionTicket = data[:length]
   381			case extensionSignatureAlgorithms:
   382				// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
   383				if length < 2 || length&1 != 0 {
   384					return false
   385				}
   386				l := int(data[0])<<8 | int(data[1])
   387				if l != length-2 {
   388					return false
   389				}
   390				n := l / 2
   391				d := data[2:]
   392				m.signatureAndHashes = make([]signatureAndHash, n)
   393				for i := range m.signatureAndHashes {
   394					m.signatureAndHashes[i].hash = d[0]
   395					m.signatureAndHashes[i].signature = d[1]
   396					d = d[2:]
   397				}
   398			case extensionRenegotiationInfo + 1:
   399				if length != 1 || data[0] != 0 {
   400					return false
   401				}
   402				m.secureRenegotiation = true
   403			}
   404			data = data[length:]
   405		}
   406	
   407		return true
   408	}
   409	
   410	type serverHelloMsg struct {
   411		raw                 []byte
   412		vers                uint16
   413		random              []byte
   414		sessionId           []byte
   415		cipherSuite         uint16
   416		compressionMethod   uint8
   417		nextProtoNeg        bool
   418		nextProtos          []string
   419		ocspStapling        bool
   420		ticketSupported     bool
   421		secureRenegotiation bool
   422	}
   423	
   424	func (m *serverHelloMsg) equal(i interface{}) bool {
   425		m1, ok := i.(*serverHelloMsg)
   426		if !ok {
   427			return false
   428		}
   429	
   430		return bytes.Equal(m.raw, m1.raw) &&
   431			m.vers == m1.vers &&
   432			bytes.Equal(m.random, m1.random) &&
   433			bytes.Equal(m.sessionId, m1.sessionId) &&
   434			m.cipherSuite == m1.cipherSuite &&
   435			m.compressionMethod == m1.compressionMethod &&
   436			m.nextProtoNeg == m1.nextProtoNeg &&
   437			eqStrings(m.nextProtos, m1.nextProtos) &&
   438			m.ocspStapling == m1.ocspStapling &&
   439			m.ticketSupported == m1.ticketSupported &&
   440			m.secureRenegotiation == m1.secureRenegotiation
   441	}
   442	
   443	func (m *serverHelloMsg) marshal() []byte {
   444		if m.raw != nil {
   445			return m.raw
   446		}
   447	
   448		length := 38 + len(m.sessionId)
   449		numExtensions := 0
   450		extensionsLength := 0
   451	
   452		nextProtoLen := 0
   453		if m.nextProtoNeg {
   454			numExtensions++
   455			for _, v := range m.nextProtos {
   456				nextProtoLen += len(v)
   457			}
   458			nextProtoLen += len(m.nextProtos)
   459			extensionsLength += nextProtoLen
   460		}
   461		if m.ocspStapling {
   462			numExtensions++
   463		}
   464		if m.ticketSupported {
   465			numExtensions++
   466		}
   467		if m.secureRenegotiation {
   468			extensionsLength += 1
   469			numExtensions++
   470		}
   471		if numExtensions > 0 {
   472			extensionsLength += 4 * numExtensions
   473			length += 2 + extensionsLength
   474		}
   475	
   476		x := make([]byte, 4+length)
   477		x[0] = typeServerHello
   478		x[1] = uint8(length >> 16)
   479		x[2] = uint8(length >> 8)
   480		x[3] = uint8(length)
   481		x[4] = uint8(m.vers >> 8)
   482		x[5] = uint8(m.vers)
   483		copy(x[6:38], m.random)
   484		x[38] = uint8(len(m.sessionId))
   485		copy(x[39:39+len(m.sessionId)], m.sessionId)
   486		z := x[39+len(m.sessionId):]
   487		z[0] = uint8(m.cipherSuite >> 8)
   488		z[1] = uint8(m.cipherSuite)
   489		z[2] = uint8(m.compressionMethod)
   490	
   491		z = z[3:]
   492		if numExtensions > 0 {
   493			z[0] = byte(extensionsLength >> 8)
   494			z[1] = byte(extensionsLength)
   495			z = z[2:]
   496		}
   497		if m.nextProtoNeg {
   498			z[0] = byte(extensionNextProtoNeg >> 8)
   499			z[1] = byte(extensionNextProtoNeg & 0xff)
   500			z[2] = byte(nextProtoLen >> 8)
   501			z[3] = byte(nextProtoLen)
   502			z = z[4:]
   503	
   504			for _, v := range m.nextProtos {
   505				l := len(v)
   506				if l > 255 {
   507					l = 255
   508				}
   509				z[0] = byte(l)
   510				copy(z[1:], []byte(v[0:l]))
   511				z = z[1+l:]
   512			}
   513		}
   514		if m.ocspStapling {
   515			z[0] = byte(extensionStatusRequest >> 8)
   516			z[1] = byte(extensionStatusRequest)
   517			z = z[4:]
   518		}
   519		if m.ticketSupported {
   520			z[0] = byte(extensionSessionTicket >> 8)
   521			z[1] = byte(extensionSessionTicket)
   522			z = z[4:]
   523		}
   524		if m.secureRenegotiation {
   525			z[0] = byte(extensionRenegotiationInfo >> 8)
   526			z[1] = byte(extensionRenegotiationInfo & 0xff)
   527			z[2] = 0
   528			z[3] = 1
   529			z = z[5:]
   530		}
   531	
   532		m.raw = x
   533	
   534		return x
   535	}
   536	
   537	func (m *serverHelloMsg) unmarshal(data []byte) bool {
   538		if len(data) < 42 {
   539			return false
   540		}
   541		m.raw = data
   542		m.vers = uint16(data[4])<<8 | uint16(data[5])
   543		m.random = data[6:38]
   544		sessionIdLen := int(data[38])
   545		if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
   546			return false
   547		}
   548		m.sessionId = data[39 : 39+sessionIdLen]
   549		data = data[39+sessionIdLen:]
   550		if len(data) < 3 {
   551			return false
   552		}
   553		m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
   554		m.compressionMethod = data[2]
   555		data = data[3:]
   556	
   557		m.nextProtoNeg = false
   558		m.nextProtos = nil
   559		m.ocspStapling = false
   560		m.ticketSupported = false
   561	
   562		if len(data) == 0 {
   563			// ServerHello is optionally followed by extension data
   564			return true
   565		}
   566		if len(data) < 2 {
   567			return false
   568		}
   569	
   570		extensionsLength := int(data[0])<<8 | int(data[1])
   571		data = data[2:]
   572		if len(data) != extensionsLength {
   573			return false
   574		}
   575	
   576		for len(data) != 0 {
   577			if len(data) < 4 {
   578				return false
   579			}
   580			extension := uint16(data[0])<<8 | uint16(data[1])
   581			length := int(data[2])<<8 | int(data[3])
   582			data = data[4:]
   583			if len(data) < length {
   584				return false
   585			}
   586	
   587			switch extension {
   588			case extensionNextProtoNeg:
   589				m.nextProtoNeg = true
   590				d := data[:length]
   591				for len(d) > 0 {
   592					l := int(d[0])
   593					d = d[1:]
   594					if l == 0 || l > len(d) {
   595						return false
   596					}
   597					m.nextProtos = append(m.nextProtos, string(d[:l]))
   598					d = d[l:]
   599				}
   600			case extensionStatusRequest:
   601				if length > 0 {
   602					return false
   603				}
   604				m.ocspStapling = true
   605			case extensionSessionTicket:
   606				if length > 0 {
   607					return false
   608				}
   609				m.ticketSupported = true
   610			case extensionRenegotiationInfo:
   611				if length != 1 || data[0] != 0 {
   612					return false
   613				}
   614				m.secureRenegotiation = true
   615			}
   616			data = data[length:]
   617		}
   618	
   619		return true
   620	}
   621	
   622	type certificateMsg struct {
   623		raw          []byte
   624		certificates [][]byte
   625	}
   626	
   627	func (m *certificateMsg) equal(i interface{}) bool {
   628		m1, ok := i.(*certificateMsg)
   629		if !ok {
   630			return false
   631		}
   632	
   633		return bytes.Equal(m.raw, m1.raw) &&
   634			eqByteSlices(m.certificates, m1.certificates)
   635	}
   636	
   637	func (m *certificateMsg) marshal() (x []byte) {
   638		if m.raw != nil {
   639			return m.raw
   640		}
   641	
   642		var i int
   643		for _, slice := range m.certificates {
   644			i += len(slice)
   645		}
   646	
   647		length := 3 + 3*len(m.certificates) + i
   648		x = make([]byte, 4+length)
   649		x[0] = typeCertificate
   650		x[1] = uint8(length >> 16)
   651		x[2] = uint8(length >> 8)
   652		x[3] = uint8(length)
   653	
   654		certificateOctets := length - 3
   655		x[4] = uint8(certificateOctets >> 16)
   656		x[5] = uint8(certificateOctets >> 8)
   657		x[6] = uint8(certificateOctets)
   658	
   659		y := x[7:]
   660		for _, slice := range m.certificates {
   661			y[0] = uint8(len(slice) >> 16)
   662			y[1] = uint8(len(slice) >> 8)
   663			y[2] = uint8(len(slice))
   664			copy(y[3:], slice)
   665			y = y[3+len(slice):]
   666		}
   667	
   668		m.raw = x
   669		return
   670	}
   671	
   672	func (m *certificateMsg) unmarshal(data []byte) bool {
   673		if len(data) < 7 {
   674			return false
   675		}
   676	
   677		m.raw = data
   678		certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
   679		if uint32(len(data)) != certsLen+7 {
   680			return false
   681		}
   682	
   683		numCerts := 0
   684		d := data[7:]
   685		for certsLen > 0 {
   686			if len(d) < 4 {
   687				return false
   688			}
   689			certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
   690			if uint32(len(d)) < 3+certLen {
   691				return false
   692			}
   693			d = d[3+certLen:]
   694			certsLen -= 3 + certLen
   695			numCerts++
   696		}
   697	
   698		m.certificates = make([][]byte, numCerts)
   699		d = data[7:]
   700		for i := 0; i < numCerts; i++ {
   701			certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
   702			m.certificates[i] = d[3 : 3+certLen]
   703			d = d[3+certLen:]
   704		}
   705	
   706		return true
   707	}
   708	
   709	type serverKeyExchangeMsg struct {
   710		raw []byte
   711		key []byte
   712	}
   713	
   714	func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
   715		m1, ok := i.(*serverKeyExchangeMsg)
   716		if !ok {
   717			return false
   718		}
   719	
   720		return bytes.Equal(m.raw, m1.raw) &&
   721			bytes.Equal(m.key, m1.key)
   722	}
   723	
   724	func (m *serverKeyExchangeMsg) marshal() []byte {
   725		if m.raw != nil {
   726			return m.raw
   727		}
   728		length := len(m.key)
   729		x := make([]byte, length+4)
   730		x[0] = typeServerKeyExchange
   731		x[1] = uint8(length >> 16)
   732		x[2] = uint8(length >> 8)
   733		x[3] = uint8(length)
   734		copy(x[4:], m.key)
   735	
   736		m.raw = x
   737		return x
   738	}
   739	
   740	func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool {
   741		m.raw = data
   742		if len(data) < 4 {
   743			return false
   744		}
   745		m.key = data[4:]
   746		return true
   747	}
   748	
   749	type certificateStatusMsg struct {
   750		raw        []byte
   751		statusType uint8
   752		response   []byte
   753	}
   754	
   755	func (m *certificateStatusMsg) equal(i interface{}) bool {
   756		m1, ok := i.(*certificateStatusMsg)
   757		if !ok {
   758			return false
   759		}
   760	
   761		return bytes.Equal(m.raw, m1.raw) &&
   762			m.statusType == m1.statusType &&
   763			bytes.Equal(m.response, m1.response)
   764	}
   765	
   766	func (m *certificateStatusMsg) marshal() []byte {
   767		if m.raw != nil {
   768			return m.raw
   769		}
   770	
   771		var x []byte
   772		if m.statusType == statusTypeOCSP {
   773			x = make([]byte, 4+4+len(m.response))
   774			x[0] = typeCertificateStatus
   775			l := len(m.response) + 4
   776			x[1] = byte(l >> 16)
   777			x[2] = byte(l >> 8)
   778			x[3] = byte(l)
   779			x[4] = statusTypeOCSP
   780	
   781			l -= 4
   782			x[5] = byte(l >> 16)
   783			x[6] = byte(l >> 8)
   784			x[7] = byte(l)
   785			copy(x[8:], m.response)
   786		} else {
   787			x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
   788		}
   789	
   790		m.raw = x
   791		return x
   792	}
   793	
   794	func (m *certificateStatusMsg) unmarshal(data []byte) bool {
   795		m.raw = data
   796		if len(data) < 5 {
   797			return false
   798		}
   799		m.statusType = data[4]
   800	
   801		m.response = nil
   802		if m.statusType == statusTypeOCSP {
   803			if len(data) < 8 {
   804				return false
   805			}
   806			respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
   807			if uint32(len(data)) != 4+4+respLen {
   808				return false
   809			}
   810			m.response = data[8:]
   811		}
   812		return true
   813	}
   814	
   815	type serverHelloDoneMsg struct{}
   816	
   817	func (m *serverHelloDoneMsg) equal(i interface{}) bool {
   818		_, ok := i.(*serverHelloDoneMsg)
   819		return ok
   820	}
   821	
   822	func (m *serverHelloDoneMsg) marshal() []byte {
   823		x := make([]byte, 4)
   824		x[0] = typeServerHelloDone
   825		return x
   826	}
   827	
   828	func (m *serverHelloDoneMsg) unmarshal(data []byte) bool {
   829		return len(data) == 4
   830	}
   831	
   832	type clientKeyExchangeMsg struct {
   833		raw        []byte
   834		ciphertext []byte
   835	}
   836	
   837	func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
   838		m1, ok := i.(*clientKeyExchangeMsg)
   839		if !ok {
   840			return false
   841		}
   842	
   843		return bytes.Equal(m.raw, m1.raw) &&
   844			bytes.Equal(m.ciphertext, m1.ciphertext)
   845	}
   846	
   847	func (m *clientKeyExchangeMsg) marshal() []byte {
   848		if m.raw != nil {
   849			return m.raw
   850		}
   851		length := len(m.ciphertext)
   852		x := make([]byte, length+4)
   853		x[0] = typeClientKeyExchange
   854		x[1] = uint8(length >> 16)
   855		x[2] = uint8(length >> 8)
   856		x[3] = uint8(length)
   857		copy(x[4:], m.ciphertext)
   858	
   859		m.raw = x
   860		return x
   861	}
   862	
   863	func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool {
   864		m.raw = data
   865		if len(data) < 4 {
   866			return false
   867		}
   868		l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
   869		if l != len(data)-4 {
   870			return false
   871		}
   872		m.ciphertext = data[4:]
   873		return true
   874	}
   875	
   876	type finishedMsg struct {
   877		raw        []byte
   878		verifyData []byte
   879	}
   880	
   881	func (m *finishedMsg) equal(i interface{}) bool {
   882		m1, ok := i.(*finishedMsg)
   883		if !ok {
   884			return false
   885		}
   886	
   887		return bytes.Equal(m.raw, m1.raw) &&
   888			bytes.Equal(m.verifyData, m1.verifyData)
   889	}
   890	
   891	func (m *finishedMsg) marshal() (x []byte) {
   892		if m.raw != nil {
   893			return m.raw
   894		}
   895	
   896		x = make([]byte, 4+len(m.verifyData))
   897		x[0] = typeFinished
   898		x[3] = byte(len(m.verifyData))
   899		copy(x[4:], m.verifyData)
   900		m.raw = x
   901		return
   902	}
   903	
   904	func (m *finishedMsg) unmarshal(data []byte) bool {
   905		m.raw = data
   906		if len(data) < 4 {
   907			return false
   908		}
   909		m.verifyData = data[4:]
   910		return true
   911	}
   912	
   913	type nextProtoMsg struct {
   914		raw   []byte
   915		proto string
   916	}
   917	
   918	func (m *nextProtoMsg) equal(i interface{}) bool {
   919		m1, ok := i.(*nextProtoMsg)
   920		if !ok {
   921			return false
   922		}
   923	
   924		return bytes.Equal(m.raw, m1.raw) &&
   925			m.proto == m1.proto
   926	}
   927	
   928	func (m *nextProtoMsg) marshal() []byte {
   929		if m.raw != nil {
   930			return m.raw
   931		}
   932		l := len(m.proto)
   933		if l > 255 {
   934			l = 255
   935		}
   936	
   937		padding := 32 - (l+2)%32
   938		length := l + padding + 2
   939		x := make([]byte, length+4)
   940		x[0] = typeNextProtocol
   941		x[1] = uint8(length >> 16)
   942		x[2] = uint8(length >> 8)
   943		x[3] = uint8(length)
   944	
   945		y := x[4:]
   946		y[0] = byte(l)
   947		copy(y[1:], []byte(m.proto[0:l]))
   948		y = y[1+l:]
   949		y[0] = byte(padding)
   950	
   951		m.raw = x
   952	
   953		return x
   954	}
   955	
   956	func (m *nextProtoMsg) unmarshal(data []byte) bool {
   957		m.raw = data
   958	
   959		if len(data) < 5 {
   960			return false
   961		}
   962		data = data[4:]
   963		protoLen := int(data[0])
   964		data = data[1:]
   965		if len(data) < protoLen {
   966			return false
   967		}
   968		m.proto = string(data[0:protoLen])
   969		data = data[protoLen:]
   970	
   971		if len(data) < 1 {
   972			return false
   973		}
   974		paddingLen := int(data[0])
   975		data = data[1:]
   976		if len(data) != paddingLen {
   977			return false
   978		}
   979	
   980		return true
   981	}
   982	
   983	type certificateRequestMsg struct {
   984		raw []byte
   985		// hasSignatureAndHash indicates whether this message includes a list
   986		// of signature and hash functions. This change was introduced with TLS
   987		// 1.2.
   988		hasSignatureAndHash bool
   989	
   990		certificateTypes       []byte
   991		signatureAndHashes     []signatureAndHash
   992		certificateAuthorities [][]byte
   993	}
   994	
   995	func (m *certificateRequestMsg) equal(i interface{}) bool {
   996		m1, ok := i.(*certificateRequestMsg)
   997		if !ok {
   998			return false
   999		}
  1000	
  1001		return bytes.Equal(m.raw, m1.raw) &&
  1002			bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
  1003			eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
  1004			eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
  1005	}
  1006	
  1007	func (m *certificateRequestMsg) marshal() (x []byte) {
  1008		if m.raw != nil {
  1009			return m.raw
  1010		}
  1011	
  1012		// See http://tools.ietf.org/html/rfc4346#section-7.4.4
  1013		length := 1 + len(m.certificateTypes) + 2
  1014		casLength := 0
  1015		for _, ca := range m.certificateAuthorities {
  1016			casLength += 2 + len(ca)
  1017		}
  1018		length += casLength
  1019	
  1020		if m.hasSignatureAndHash {
  1021			length += 2 + 2*len(m.signatureAndHashes)
  1022		}
  1023	
  1024		x = make([]byte, 4+length)
  1025		x[0] = typeCertificateRequest
  1026		x[1] = uint8(length >> 16)
  1027		x[2] = uint8(length >> 8)
  1028		x[3] = uint8(length)
  1029	
  1030		x[4] = uint8(len(m.certificateTypes))
  1031	
  1032		copy(x[5:], m.certificateTypes)
  1033		y := x[5+len(m.certificateTypes):]
  1034	
  1035		if m.hasSignatureAndHash {
  1036			n := len(m.signatureAndHashes) * 2
  1037			y[0] = uint8(n >> 8)
  1038			y[1] = uint8(n)
  1039			y = y[2:]
  1040			for _, sigAndHash := range m.signatureAndHashes {
  1041				y[0] = sigAndHash.hash
  1042				y[1] = sigAndHash.signature
  1043				y = y[2:]
  1044			}
  1045		}
  1046	
  1047		y[0] = uint8(casLength >> 8)
  1048		y[1] = uint8(casLength)
  1049		y = y[2:]
  1050		for _, ca := range m.certificateAuthorities {
  1051			y[0] = uint8(len(ca) >> 8)
  1052			y[1] = uint8(len(ca))
  1053			y = y[2:]
  1054			copy(y, ca)
  1055			y = y[len(ca):]
  1056		}
  1057	
  1058		m.raw = x
  1059		return
  1060	}
  1061	
  1062	func (m *certificateRequestMsg) unmarshal(data []byte) bool {
  1063		m.raw = data
  1064	
  1065		if len(data) < 5 {
  1066			return false
  1067		}
  1068	
  1069		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1070		if uint32(len(data))-4 != length {
  1071			return false
  1072		}
  1073	
  1074		numCertTypes := int(data[4])
  1075		data = data[5:]
  1076		if numCertTypes == 0 || len(data) <= numCertTypes {
  1077			return false
  1078		}
  1079	
  1080		m.certificateTypes = make([]byte, numCertTypes)
  1081		if copy(m.certificateTypes, data) != numCertTypes {
  1082			return false
  1083		}
  1084	
  1085		data = data[numCertTypes:]
  1086	
  1087		if m.hasSignatureAndHash {
  1088			if len(data) < 2 {
  1089				return false
  1090			}
  1091			sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
  1092			data = data[2:]
  1093			if sigAndHashLen&1 != 0 {
  1094				return false
  1095			}
  1096			if len(data) < int(sigAndHashLen) {
  1097				return false
  1098			}
  1099			numSigAndHash := sigAndHashLen / 2
  1100			m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
  1101			for i := range m.signatureAndHashes {
  1102				m.signatureAndHashes[i].hash = data[0]
  1103				m.signatureAndHashes[i].signature = data[1]
  1104				data = data[2:]
  1105			}
  1106		}
  1107	
  1108		if len(data) < 2 {
  1109			return false
  1110		}
  1111		casLength := uint16(data[0])<<8 | uint16(data[1])
  1112		data = data[2:]
  1113		if len(data) < int(casLength) {
  1114			return false
  1115		}
  1116		cas := make([]byte, casLength)
  1117		copy(cas, data)
  1118		data = data[casLength:]
  1119	
  1120		m.certificateAuthorities = nil
  1121		for len(cas) > 0 {
  1122			if len(cas) < 2 {
  1123				return false
  1124			}
  1125			caLen := uint16(cas[0])<<8 | uint16(cas[1])
  1126			cas = cas[2:]
  1127	
  1128			if len(cas) < int(caLen) {
  1129				return false
  1130			}
  1131	
  1132			m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
  1133			cas = cas[caLen:]
  1134		}
  1135		if len(data) > 0 {
  1136			return false
  1137		}
  1138	
  1139		return true
  1140	}
  1141	
  1142	type certificateVerifyMsg struct {
  1143		raw                 []byte
  1144		hasSignatureAndHash bool
  1145		signatureAndHash    signatureAndHash
  1146		signature           []byte
  1147	}
  1148	
  1149	func (m *certificateVerifyMsg) equal(i interface{}) bool {
  1150		m1, ok := i.(*certificateVerifyMsg)
  1151		if !ok {
  1152			return false
  1153		}
  1154	
  1155		return bytes.Equal(m.raw, m1.raw) &&
  1156			m.hasSignatureAndHash == m1.hasSignatureAndHash &&
  1157			m.signatureAndHash.hash == m1.signatureAndHash.hash &&
  1158			m.signatureAndHash.signature == m1.signatureAndHash.signature &&
  1159			bytes.Equal(m.signature, m1.signature)
  1160	}
  1161	
  1162	func (m *certificateVerifyMsg) marshal() (x []byte) {
  1163		if m.raw != nil {
  1164			return m.raw
  1165		}
  1166	
  1167		// See http://tools.ietf.org/html/rfc4346#section-7.4.8
  1168		siglength := len(m.signature)
  1169		length := 2 + siglength
  1170		if m.hasSignatureAndHash {
  1171			length += 2
  1172		}
  1173		x = make([]byte, 4+length)
  1174		x[0] = typeCertificateVerify
  1175		x[1] = uint8(length >> 16)
  1176		x[2] = uint8(length >> 8)
  1177		x[3] = uint8(length)
  1178		y := x[4:]
  1179		if m.hasSignatureAndHash {
  1180			y[0] = m.signatureAndHash.hash
  1181			y[1] = m.signatureAndHash.signature
  1182			y = y[2:]
  1183		}
  1184		y[0] = uint8(siglength >> 8)
  1185		y[1] = uint8(siglength)
  1186		copy(y[2:], m.signature)
  1187	
  1188		m.raw = x
  1189	
  1190		return
  1191	}
  1192	
  1193	func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
  1194		m.raw = data
  1195	
  1196		if len(data) < 6 {
  1197			return false
  1198		}
  1199	
  1200		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1201		if uint32(len(data))-4 != length {
  1202			return false
  1203		}
  1204	
  1205		data = data[4:]
  1206		if m.hasSignatureAndHash {
  1207			m.signatureAndHash.hash = data[0]
  1208			m.signatureAndHash.signature = data[1]
  1209			data = data[2:]
  1210		}
  1211	
  1212		if len(data) < 2 {
  1213			return false
  1214		}
  1215		siglength := int(data[0])<<8 + int(data[1])
  1216		data = data[2:]
  1217		if len(data) != siglength {
  1218			return false
  1219		}
  1220	
  1221		m.signature = data
  1222	
  1223		return true
  1224	}
  1225	
  1226	type newSessionTicketMsg struct {
  1227		raw    []byte
  1228		ticket []byte
  1229	}
  1230	
  1231	func (m *newSessionTicketMsg) equal(i interface{}) bool {
  1232		m1, ok := i.(*newSessionTicketMsg)
  1233		if !ok {
  1234			return false
  1235		}
  1236	
  1237		return bytes.Equal(m.raw, m1.raw) &&
  1238			bytes.Equal(m.ticket, m1.ticket)
  1239	}
  1240	
  1241	func (m *newSessionTicketMsg) marshal() (x []byte) {
  1242		if m.raw != nil {
  1243			return m.raw
  1244		}
  1245	
  1246		// See http://tools.ietf.org/html/rfc5077#section-3.3
  1247		ticketLen := len(m.ticket)
  1248		length := 2 + 4 + ticketLen
  1249		x = make([]byte, 4+length)
  1250		x[0] = typeNewSessionTicket
  1251		x[1] = uint8(length >> 16)
  1252		x[2] = uint8(length >> 8)
  1253		x[3] = uint8(length)
  1254		x[8] = uint8(ticketLen >> 8)
  1255		x[9] = uint8(ticketLen)
  1256		copy(x[10:], m.ticket)
  1257	
  1258		m.raw = x
  1259	
  1260		return
  1261	}
  1262	
  1263	func (m *newSessionTicketMsg) unmarshal(data []byte) bool {
  1264		m.raw = data
  1265	
  1266		if len(data) < 10 {
  1267			return false
  1268		}
  1269	
  1270		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1271		if uint32(len(data))-4 != length {
  1272			return false
  1273		}
  1274	
  1275		ticketLen := int(data[8])<<8 + int(data[9])
  1276		if len(data)-10 != ticketLen {
  1277			return false
  1278		}
  1279	
  1280		m.ticket = data[10:]
  1281	
  1282		return true
  1283	}
  1284	
  1285	func eqUint16s(x, y []uint16) bool {
  1286		if len(x) != len(y) {
  1287			return false
  1288		}
  1289		for i, v := range x {
  1290			if y[i] != v {
  1291				return false
  1292			}
  1293		}
  1294		return true
  1295	}
  1296	
  1297	func eqCurveIDs(x, y []CurveID) bool {
  1298		if len(x) != len(y) {
  1299			return false
  1300		}
  1301		for i, v := range x {
  1302			if y[i] != v {
  1303				return false
  1304			}
  1305		}
  1306		return true
  1307	}
  1308	
  1309	func eqStrings(x, y []string) bool {
  1310		if len(x) != len(y) {
  1311			return false
  1312		}
  1313		for i, v := range x {
  1314			if y[i] != v {
  1315				return false
  1316			}
  1317		}
  1318		return true
  1319	}
  1320	
  1321	func eqByteSlices(x, y [][]byte) bool {
  1322		if len(x) != len(y) {
  1323			return false
  1324		}
  1325		for i, v := range x {
  1326			if !bytes.Equal(v, y[i]) {
  1327				return false
  1328			}
  1329		}
  1330		return true
  1331	}
  1332	
  1333	func eqSignatureAndHashes(x, y []signatureAndHash) bool {
  1334		if len(x) != len(y) {
  1335			return false
  1336		}
  1337		for i, v := range x {
  1338			v2 := y[i]
  1339			if v.hash != v2.hash || v.signature != v2.signature {
  1340				return false
  1341			}
  1342		}
  1343		return true
  1344	}
  1345	

View as plain text