code review 10762044: crypto/tls: implement TLS 1.2.

crypto/tls: implement TLS 1.2.

This does not include AES-GCM yet. Also, it assumes that the handshake and
certificate signature hash are always SHA-256, which is true of the ciphersuites
that we currently support.

[agl1, 2013-06-28 20:14:58]

Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com),

I'd like you to review this change to
https://code.google.com/p/go/

[rsc, 2013-07-02 01:47:52]

LGTM

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/handshak...
File src/pkg/crypto/tls/handshake_messages.go (right):

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/handshak...
src/pkg/crypto/tls/handshake_messages.go:997: y[0] =
uint8(len(m.signatureAndHashes) >> 7)
This is kind of opaque.
Appears to be

n := 2*len(m.signatureAndHashes)
y[0] = uint(n>>8)
y[1] = uint(n)

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/prf.go
File src/pkg/crypto/tls/prf.go (right):

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/prf.go#n...
src/pkg/crypto/tls/prf.go:67: // pRF12 implements the TLS 1.2 pseudo-random
function, as defined in RFC 5246, section 5.
fwiw you are inconsistent about prf vs pRF. prf seems better

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/prf.go#n...
src/pkg/crypto/tls/prf.go:170: if version == VersionTLS12 {
Do you want == or >=?
Same question a few times below too.

[agl1, 2013-07-03 00:00:49]

*** Submitted as https://code.google.com/p/go/source/detail?r=44b8d2e5ebc6 ***

crypto/tls: implement TLS 1.2.

This does not include AES-GCM yet. Also, it assumes that the handshake and
certificate signature hash are always SHA-256, which is true of the ciphersuites
that we currently support.

R=golang-dev, rsc
CC=golang-dev
https://codereview.appspot.com/10762044

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/handshak...
File src/pkg/crypto/tls/handshake_messages.go (right):

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/handshak...
src/pkg/crypto/tls/handshake_messages.go:997: y[0] =
uint8(len(m.signatureAndHashes) >> 7)
On 2013/07/02 01:47:53, rsc wrote:
> This is kind of opaque.
> Appears to be
> 
> n := 2*len(m.signatureAndHashes)
> y[0] = uint(n>>8)
> y[1] = uint(n)
> 

Done.

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/prf.go
File src/pkg/crypto/tls/prf.go (right):

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/prf.go#n...
src/pkg/crypto/tls/prf.go:67: // pRF12 implements the TLS 1.2 pseudo-random
function, as defined in RFC 5246, section 5.
On 2013/07/02 01:47:53, rsc wrote:
> fwiw you are inconsistent about prf vs pRF. prf seems better

Done.

https://codereview.appspot.com/10762044/diff/6002/src/pkg/crypto/tls/prf.go#n...
src/pkg/crypto/tls/prf.go:170: if version == VersionTLS12 {
On 2013/07/02 01:47:53, rsc wrote:
> Do you want == or >=?
> Same question a few times below too.

Good point. >= is probably better on the assumption that TLS 1.3 probably looks
more like 1.2 than anything else.