...
Run Format

Source file src/crypto/tls/handshake_messages.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	package tls
     6	
     7	import "bytes"
     8	
     9	type clientHelloMsg struct {
    10		raw                          []byte
    11		vers                         uint16
    12		random                       []byte
    13		sessionId                    []byte
    14		cipherSuites                 []uint16
    15		compressionMethods           []uint8
    16		nextProtoNeg                 bool
    17		serverName                   string
    18		ocspStapling                 bool
    19		scts                         bool
    20		supportedCurves              []CurveID
    21		supportedPoints              []uint8
    22		ticketSupported              bool
    23		sessionTicket                []uint8
    24		signatureAndHashes           []signatureAndHash
    25		secureRenegotiation          []byte
    26		secureRenegotiationSupported bool
    27		alpnProtocols                []string
    28	}
    29	
    30	func (m *clientHelloMsg) equal(i interface{}) bool {
    31		m1, ok := i.(*clientHelloMsg)
    32		if !ok {
    33			return false
    34		}
    35	
    36		return bytes.Equal(m.raw, m1.raw) &&
    37			m.vers == m1.vers &&
    38			bytes.Equal(m.random, m1.random) &&
    39			bytes.Equal(m.sessionId, m1.sessionId) &&
    40			eqUint16s(m.cipherSuites, m1.cipherSuites) &&
    41			bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
    42			m.nextProtoNeg == m1.nextProtoNeg &&
    43			m.serverName == m1.serverName &&
    44			m.ocspStapling == m1.ocspStapling &&
    45			m.scts == m1.scts &&
    46			eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
    47			bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
    48			m.ticketSupported == m1.ticketSupported &&
    49			bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
    50			eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
    51			m.secureRenegotiationSupported == m1.secureRenegotiationSupported &&
    52			bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
    53			eqStrings(m.alpnProtocols, m1.alpnProtocols)
    54	}
    55	
    56	func (m *clientHelloMsg) marshal() []byte {
    57		if m.raw != nil {
    58			return m.raw
    59		}
    60	
    61		length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
    62		numExtensions := 0
    63		extensionsLength := 0
    64		if m.nextProtoNeg {
    65			numExtensions++
    66		}
    67		if m.ocspStapling {
    68			extensionsLength += 1 + 2 + 2
    69			numExtensions++
    70		}
    71		if len(m.serverName) > 0 {
    72			extensionsLength += 5 + len(m.serverName)
    73			numExtensions++
    74		}
    75		if len(m.supportedCurves) > 0 {
    76			extensionsLength += 2 + 2*len(m.supportedCurves)
    77			numExtensions++
    78		}
    79		if len(m.supportedPoints) > 0 {
    80			extensionsLength += 1 + len(m.supportedPoints)
    81			numExtensions++
    82		}
    83		if m.ticketSupported {
    84			extensionsLength += len(m.sessionTicket)
    85			numExtensions++
    86		}
    87		if len(m.signatureAndHashes) > 0 {
    88			extensionsLength += 2 + 2*len(m.signatureAndHashes)
    89			numExtensions++
    90		}
    91		if m.secureRenegotiationSupported {
    92			extensionsLength += 1 + len(m.secureRenegotiation)
    93			numExtensions++
    94		}
    95		if len(m.alpnProtocols) > 0 {
    96			extensionsLength += 2
    97			for _, s := range m.alpnProtocols {
    98				if l := len(s); l == 0 || l > 255 {
    99					panic("invalid ALPN protocol")
   100				}
   101				extensionsLength++
   102				extensionsLength += len(s)
   103			}
   104			numExtensions++
   105		}
   106		if m.scts {
   107			numExtensions++
   108		}
   109		if numExtensions > 0 {
   110			extensionsLength += 4 * numExtensions
   111			length += 2 + extensionsLength
   112		}
   113	
   114		x := make([]byte, 4+length)
   115		x[0] = typeClientHello
   116		x[1] = uint8(length >> 16)
   117		x[2] = uint8(length >> 8)
   118		x[3] = uint8(length)
   119		x[4] = uint8(m.vers >> 8)
   120		x[5] = uint8(m.vers)
   121		copy(x[6:38], m.random)
   122		x[38] = uint8(len(m.sessionId))
   123		copy(x[39:39+len(m.sessionId)], m.sessionId)
   124		y := x[39+len(m.sessionId):]
   125		y[0] = uint8(len(m.cipherSuites) >> 7)
   126		y[1] = uint8(len(m.cipherSuites) << 1)
   127		for i, suite := range m.cipherSuites {
   128			y[2+i*2] = uint8(suite >> 8)
   129			y[3+i*2] = uint8(suite)
   130		}
   131		z := y[2+len(m.cipherSuites)*2:]
   132		z[0] = uint8(len(m.compressionMethods))
   133		copy(z[1:], m.compressionMethods)
   134	
   135		z = z[1+len(m.compressionMethods):]
   136		if numExtensions > 0 {
   137			z[0] = byte(extensionsLength >> 8)
   138			z[1] = byte(extensionsLength)
   139			z = z[2:]
   140		}
   141		if m.nextProtoNeg {
   142			z[0] = byte(extensionNextProtoNeg >> 8)
   143			z[1] = byte(extensionNextProtoNeg & 0xff)
   144			// The length is always 0
   145			z = z[4:]
   146		}
   147		if len(m.serverName) > 0 {
   148			z[0] = byte(extensionServerName >> 8)
   149			z[1] = byte(extensionServerName & 0xff)
   150			l := len(m.serverName) + 5
   151			z[2] = byte(l >> 8)
   152			z[3] = byte(l)
   153			z = z[4:]
   154	
   155			// RFC 3546, section 3.1
   156			//
   157			// struct {
   158			//     NameType name_type;
   159			//     select (name_type) {
   160			//         case host_name: HostName;
   161			//     } name;
   162			// } ServerName;
   163			//
   164			// enum {
   165			//     host_name(0), (255)
   166			// } NameType;
   167			//
   168			// opaque HostName<1..2^16-1>;
   169			//
   170			// struct {
   171			//     ServerName server_name_list<1..2^16-1>
   172			// } ServerNameList;
   173	
   174			z[0] = byte((len(m.serverName) + 3) >> 8)
   175			z[1] = byte(len(m.serverName) + 3)
   176			z[3] = byte(len(m.serverName) >> 8)
   177			z[4] = byte(len(m.serverName))
   178			copy(z[5:], []byte(m.serverName))
   179			z = z[l:]
   180		}
   181		if m.ocspStapling {
   182			// RFC 4366, section 3.6
   183			z[0] = byte(extensionStatusRequest >> 8)
   184			z[1] = byte(extensionStatusRequest)
   185			z[2] = 0
   186			z[3] = 5
   187			z[4] = 1 // OCSP type
   188			// Two zero valued uint16s for the two lengths.
   189			z = z[9:]
   190		}
   191		if len(m.supportedCurves) > 0 {
   192			// http://tools.ietf.org/html/rfc4492#section-5.5.1
   193			z[0] = byte(extensionSupportedCurves >> 8)
   194			z[1] = byte(extensionSupportedCurves)
   195			l := 2 + 2*len(m.supportedCurves)
   196			z[2] = byte(l >> 8)
   197			z[3] = byte(l)
   198			l -= 2
   199			z[4] = byte(l >> 8)
   200			z[5] = byte(l)
   201			z = z[6:]
   202			for _, curve := range m.supportedCurves {
   203				z[0] = byte(curve >> 8)
   204				z[1] = byte(curve)
   205				z = z[2:]
   206			}
   207		}
   208		if len(m.supportedPoints) > 0 {
   209			// http://tools.ietf.org/html/rfc4492#section-5.5.2
   210			z[0] = byte(extensionSupportedPoints >> 8)
   211			z[1] = byte(extensionSupportedPoints)
   212			l := 1 + len(m.supportedPoints)
   213			z[2] = byte(l >> 8)
   214			z[3] = byte(l)
   215			l--
   216			z[4] = byte(l)
   217			z = z[5:]
   218			for _, pointFormat := range m.supportedPoints {
   219				z[0] = pointFormat
   220				z = z[1:]
   221			}
   222		}
   223		if m.ticketSupported {
   224			// http://tools.ietf.org/html/rfc5077#section-3.2
   225			z[0] = byte(extensionSessionTicket >> 8)
   226			z[1] = byte(extensionSessionTicket)
   227			l := len(m.sessionTicket)
   228			z[2] = byte(l >> 8)
   229			z[3] = byte(l)
   230			z = z[4:]
   231			copy(z, m.sessionTicket)
   232			z = z[len(m.sessionTicket):]
   233		}
   234		if len(m.signatureAndHashes) > 0 {
   235			// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
   236			z[0] = byte(extensionSignatureAlgorithms >> 8)
   237			z[1] = byte(extensionSignatureAlgorithms)
   238			l := 2 + 2*len(m.signatureAndHashes)
   239			z[2] = byte(l >> 8)
   240			z[3] = byte(l)
   241			z = z[4:]
   242	
   243			l -= 2
   244			z[0] = byte(l >> 8)
   245			z[1] = byte(l)
   246			z = z[2:]
   247			for _, sigAndHash := range m.signatureAndHashes {
   248				z[0] = sigAndHash.hash
   249				z[1] = sigAndHash.signature
   250				z = z[2:]
   251			}
   252		}
   253		if m.secureRenegotiationSupported {
   254			z[0] = byte(extensionRenegotiationInfo >> 8)
   255			z[1] = byte(extensionRenegotiationInfo & 0xff)
   256			z[2] = 0
   257			z[3] = byte(len(m.secureRenegotiation) + 1)
   258			z[4] = byte(len(m.secureRenegotiation))
   259			z = z[5:]
   260			copy(z, m.secureRenegotiation)
   261			z = z[len(m.secureRenegotiation):]
   262		}
   263		if len(m.alpnProtocols) > 0 {
   264			z[0] = byte(extensionALPN >> 8)
   265			z[1] = byte(extensionALPN & 0xff)
   266			lengths := z[2:]
   267			z = z[6:]
   268	
   269			stringsLength := 0
   270			for _, s := range m.alpnProtocols {
   271				l := len(s)
   272				z[0] = byte(l)
   273				copy(z[1:], s)
   274				z = z[1+l:]
   275				stringsLength += 1 + l
   276			}
   277	
   278			lengths[2] = byte(stringsLength >> 8)
   279			lengths[3] = byte(stringsLength)
   280			stringsLength += 2
   281			lengths[0] = byte(stringsLength >> 8)
   282			lengths[1] = byte(stringsLength)
   283		}
   284		if m.scts {
   285			// https://tools.ietf.org/html/rfc6962#section-3.3.1
   286			z[0] = byte(extensionSCT >> 8)
   287			z[1] = byte(extensionSCT)
   288			// zero uint16 for the zero-length extension_data
   289			z = z[4:]
   290		}
   291	
   292		m.raw = x
   293	
   294		return x
   295	}
   296	
   297	func (m *clientHelloMsg) unmarshal(data []byte) bool {
   298		if len(data) < 42 {
   299			return false
   300		}
   301		m.raw = data
   302		m.vers = uint16(data[4])<<8 | uint16(data[5])
   303		m.random = data[6:38]
   304		sessionIdLen := int(data[38])
   305		if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
   306			return false
   307		}
   308		m.sessionId = data[39 : 39+sessionIdLen]
   309		data = data[39+sessionIdLen:]
   310		if len(data) < 2 {
   311			return false
   312		}
   313		// cipherSuiteLen is the number of bytes of cipher suite numbers. Since
   314		// they are uint16s, the number must be even.
   315		cipherSuiteLen := int(data[0])<<8 | int(data[1])
   316		if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
   317			return false
   318		}
   319		numCipherSuites := cipherSuiteLen / 2
   320		m.cipherSuites = make([]uint16, numCipherSuites)
   321		for i := 0; i < numCipherSuites; i++ {
   322			m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
   323			if m.cipherSuites[i] == scsvRenegotiation {
   324				m.secureRenegotiationSupported = true
   325			}
   326		}
   327		data = data[2+cipherSuiteLen:]
   328		if len(data) < 1 {
   329			return false
   330		}
   331		compressionMethodsLen := int(data[0])
   332		if len(data) < 1+compressionMethodsLen {
   333			return false
   334		}
   335		m.compressionMethods = data[1 : 1+compressionMethodsLen]
   336	
   337		data = data[1+compressionMethodsLen:]
   338	
   339		m.nextProtoNeg = false
   340		m.serverName = ""
   341		m.ocspStapling = false
   342		m.ticketSupported = false
   343		m.sessionTicket = nil
   344		m.signatureAndHashes = nil
   345		m.alpnProtocols = nil
   346		m.scts = false
   347	
   348		if len(data) == 0 {
   349			// ClientHello is optionally followed by extension data
   350			return true
   351		}
   352		if len(data) < 2 {
   353			return false
   354		}
   355	
   356		extensionsLength := int(data[0])<<8 | int(data[1])
   357		data = data[2:]
   358		if extensionsLength != len(data) {
   359			return false
   360		}
   361	
   362		for len(data) != 0 {
   363			if len(data) < 4 {
   364				return false
   365			}
   366			extension := uint16(data[0])<<8 | uint16(data[1])
   367			length := int(data[2])<<8 | int(data[3])
   368			data = data[4:]
   369			if len(data) < length {
   370				return false
   371			}
   372	
   373			switch extension {
   374			case extensionServerName:
   375				d := data[:length]
   376				if len(d) < 2 {
   377					return false
   378				}
   379				namesLen := int(d[0])<<8 | int(d[1])
   380				d = d[2:]
   381				if len(d) != namesLen {
   382					return false
   383				}
   384				for len(d) > 0 {
   385					if len(d) < 3 {
   386						return false
   387					}
   388					nameType := d[0]
   389					nameLen := int(d[1])<<8 | int(d[2])
   390					d = d[3:]
   391					if len(d) < nameLen {
   392						return false
   393					}
   394					if nameType == 0 {
   395						m.serverName = string(d[:nameLen])
   396						break
   397					}
   398					d = d[nameLen:]
   399				}
   400			case extensionNextProtoNeg:
   401				if length > 0 {
   402					return false
   403				}
   404				m.nextProtoNeg = true
   405			case extensionStatusRequest:
   406				m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
   407			case extensionSupportedCurves:
   408				// http://tools.ietf.org/html/rfc4492#section-5.5.1
   409				if length < 2 {
   410					return false
   411				}
   412				l := int(data[0])<<8 | int(data[1])
   413				if l%2 == 1 || length != l+2 {
   414					return false
   415				}
   416				numCurves := l / 2
   417				m.supportedCurves = make([]CurveID, numCurves)
   418				d := data[2:]
   419				for i := 0; i < numCurves; i++ {
   420					m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
   421					d = d[2:]
   422				}
   423			case extensionSupportedPoints:
   424				// http://tools.ietf.org/html/rfc4492#section-5.5.2
   425				if length < 1 {
   426					return false
   427				}
   428				l := int(data[0])
   429				if length != l+1 {
   430					return false
   431				}
   432				m.supportedPoints = make([]uint8, l)
   433				copy(m.supportedPoints, data[1:])
   434			case extensionSessionTicket:
   435				// http://tools.ietf.org/html/rfc5077#section-3.2
   436				m.ticketSupported = true
   437				m.sessionTicket = data[:length]
   438			case extensionSignatureAlgorithms:
   439				// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
   440				if length < 2 || length&1 != 0 {
   441					return false
   442				}
   443				l := int(data[0])<<8 | int(data[1])
   444				if l != length-2 {
   445					return false
   446				}
   447				n := l / 2
   448				d := data[2:]
   449				m.signatureAndHashes = make([]signatureAndHash, n)
   450				for i := range m.signatureAndHashes {
   451					m.signatureAndHashes[i].hash = d[0]
   452					m.signatureAndHashes[i].signature = d[1]
   453					d = d[2:]
   454				}
   455			case extensionRenegotiationInfo:
   456				if length == 0 {
   457					return false
   458				}
   459				d := data[:length]
   460				l := int(d[0])
   461				d = d[1:]
   462				if l != len(d) {
   463					return false
   464				}
   465	
   466				m.secureRenegotiation = d
   467				m.secureRenegotiationSupported = true
   468			case extensionALPN:
   469				if length < 2 {
   470					return false
   471				}
   472				l := int(data[0])<<8 | int(data[1])
   473				if l != length-2 {
   474					return false
   475				}
   476				d := data[2:length]
   477				for len(d) != 0 {
   478					stringLen := int(d[0])
   479					d = d[1:]
   480					if stringLen == 0 || stringLen > len(d) {
   481						return false
   482					}
   483					m.alpnProtocols = append(m.alpnProtocols, string(d[:stringLen]))
   484					d = d[stringLen:]
   485				}
   486			case extensionSCT:
   487				m.scts = true
   488				if length != 0 {
   489					return false
   490				}
   491			}
   492			data = data[length:]
   493		}
   494	
   495		return true
   496	}
   497	
   498	type serverHelloMsg struct {
   499		raw                          []byte
   500		vers                         uint16
   501		random                       []byte
   502		sessionId                    []byte
   503		cipherSuite                  uint16
   504		compressionMethod            uint8
   505		nextProtoNeg                 bool
   506		nextProtos                   []string
   507		ocspStapling                 bool
   508		scts                         [][]byte
   509		ticketSupported              bool
   510		secureRenegotiation          []byte
   511		secureRenegotiationSupported bool
   512		alpnProtocol                 string
   513	}
   514	
   515	func (m *serverHelloMsg) equal(i interface{}) bool {
   516		m1, ok := i.(*serverHelloMsg)
   517		if !ok {
   518			return false
   519		}
   520	
   521		if len(m.scts) != len(m1.scts) {
   522			return false
   523		}
   524		for i, sct := range m.scts {
   525			if !bytes.Equal(sct, m1.scts[i]) {
   526				return false
   527			}
   528		}
   529	
   530		return bytes.Equal(m.raw, m1.raw) &&
   531			m.vers == m1.vers &&
   532			bytes.Equal(m.random, m1.random) &&
   533			bytes.Equal(m.sessionId, m1.sessionId) &&
   534			m.cipherSuite == m1.cipherSuite &&
   535			m.compressionMethod == m1.compressionMethod &&
   536			m.nextProtoNeg == m1.nextProtoNeg &&
   537			eqStrings(m.nextProtos, m1.nextProtos) &&
   538			m.ocspStapling == m1.ocspStapling &&
   539			m.ticketSupported == m1.ticketSupported &&
   540			m.secureRenegotiationSupported == m1.secureRenegotiationSupported &&
   541			bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
   542			m.alpnProtocol == m1.alpnProtocol
   543	}
   544	
   545	func (m *serverHelloMsg) marshal() []byte {
   546		if m.raw != nil {
   547			return m.raw
   548		}
   549	
   550		length := 38 + len(m.sessionId)
   551		numExtensions := 0
   552		extensionsLength := 0
   553	
   554		nextProtoLen := 0
   555		if m.nextProtoNeg {
   556			numExtensions++
   557			for _, v := range m.nextProtos {
   558				nextProtoLen += len(v)
   559			}
   560			nextProtoLen += len(m.nextProtos)
   561			extensionsLength += nextProtoLen
   562		}
   563		if m.ocspStapling {
   564			numExtensions++
   565		}
   566		if m.ticketSupported {
   567			numExtensions++
   568		}
   569		if m.secureRenegotiationSupported {
   570			extensionsLength += 1 + len(m.secureRenegotiation)
   571			numExtensions++
   572		}
   573		if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
   574			if alpnLen >= 256 {
   575				panic("invalid ALPN protocol")
   576			}
   577			extensionsLength += 2 + 1 + alpnLen
   578			numExtensions++
   579		}
   580		sctLen := 0
   581		if len(m.scts) > 0 {
   582			for _, sct := range m.scts {
   583				sctLen += len(sct) + 2
   584			}
   585			extensionsLength += 2 + sctLen
   586			numExtensions++
   587		}
   588	
   589		if numExtensions > 0 {
   590			extensionsLength += 4 * numExtensions
   591			length += 2 + extensionsLength
   592		}
   593	
   594		x := make([]byte, 4+length)
   595		x[0] = typeServerHello
   596		x[1] = uint8(length >> 16)
   597		x[2] = uint8(length >> 8)
   598		x[3] = uint8(length)
   599		x[4] = uint8(m.vers >> 8)
   600		x[5] = uint8(m.vers)
   601		copy(x[6:38], m.random)
   602		x[38] = uint8(len(m.sessionId))
   603		copy(x[39:39+len(m.sessionId)], m.sessionId)
   604		z := x[39+len(m.sessionId):]
   605		z[0] = uint8(m.cipherSuite >> 8)
   606		z[1] = uint8(m.cipherSuite)
   607		z[2] = m.compressionMethod
   608	
   609		z = z[3:]
   610		if numExtensions > 0 {
   611			z[0] = byte(extensionsLength >> 8)
   612			z[1] = byte(extensionsLength)
   613			z = z[2:]
   614		}
   615		if m.nextProtoNeg {
   616			z[0] = byte(extensionNextProtoNeg >> 8)
   617			z[1] = byte(extensionNextProtoNeg & 0xff)
   618			z[2] = byte(nextProtoLen >> 8)
   619			z[3] = byte(nextProtoLen)
   620			z = z[4:]
   621	
   622			for _, v := range m.nextProtos {
   623				l := len(v)
   624				if l > 255 {
   625					l = 255
   626				}
   627				z[0] = byte(l)
   628				copy(z[1:], []byte(v[0:l]))
   629				z = z[1+l:]
   630			}
   631		}
   632		if m.ocspStapling {
   633			z[0] = byte(extensionStatusRequest >> 8)
   634			z[1] = byte(extensionStatusRequest)
   635			z = z[4:]
   636		}
   637		if m.ticketSupported {
   638			z[0] = byte(extensionSessionTicket >> 8)
   639			z[1] = byte(extensionSessionTicket)
   640			z = z[4:]
   641		}
   642		if m.secureRenegotiationSupported {
   643			z[0] = byte(extensionRenegotiationInfo >> 8)
   644			z[1] = byte(extensionRenegotiationInfo & 0xff)
   645			z[2] = 0
   646			z[3] = byte(len(m.secureRenegotiation) + 1)
   647			z[4] = byte(len(m.secureRenegotiation))
   648			z = z[5:]
   649			copy(z, m.secureRenegotiation)
   650			z = z[len(m.secureRenegotiation):]
   651		}
   652		if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
   653			z[0] = byte(extensionALPN >> 8)
   654			z[1] = byte(extensionALPN & 0xff)
   655			l := 2 + 1 + alpnLen
   656			z[2] = byte(l >> 8)
   657			z[3] = byte(l)
   658			l -= 2
   659			z[4] = byte(l >> 8)
   660			z[5] = byte(l)
   661			l -= 1
   662			z[6] = byte(l)
   663			copy(z[7:], []byte(m.alpnProtocol))
   664			z = z[7+alpnLen:]
   665		}
   666		if sctLen > 0 {
   667			z[0] = byte(extensionSCT >> 8)
   668			z[1] = byte(extensionSCT)
   669			l := sctLen + 2
   670			z[2] = byte(l >> 8)
   671			z[3] = byte(l)
   672			z[4] = byte(sctLen >> 8)
   673			z[5] = byte(sctLen)
   674	
   675			z = z[6:]
   676			for _, sct := range m.scts {
   677				z[0] = byte(len(sct) >> 8)
   678				z[1] = byte(len(sct))
   679				copy(z[2:], sct)
   680				z = z[len(sct)+2:]
   681			}
   682		}
   683	
   684		m.raw = x
   685	
   686		return x
   687	}
   688	
   689	func (m *serverHelloMsg) unmarshal(data []byte) bool {
   690		if len(data) < 42 {
   691			return false
   692		}
   693		m.raw = data
   694		m.vers = uint16(data[4])<<8 | uint16(data[5])
   695		m.random = data[6:38]
   696		sessionIdLen := int(data[38])
   697		if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
   698			return false
   699		}
   700		m.sessionId = data[39 : 39+sessionIdLen]
   701		data = data[39+sessionIdLen:]
   702		if len(data) < 3 {
   703			return false
   704		}
   705		m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
   706		m.compressionMethod = data[2]
   707		data = data[3:]
   708	
   709		m.nextProtoNeg = false
   710		m.nextProtos = nil
   711		m.ocspStapling = false
   712		m.scts = nil
   713		m.ticketSupported = false
   714		m.alpnProtocol = ""
   715	
   716		if len(data) == 0 {
   717			// ServerHello is optionally followed by extension data
   718			return true
   719		}
   720		if len(data) < 2 {
   721			return false
   722		}
   723	
   724		extensionsLength := int(data[0])<<8 | int(data[1])
   725		data = data[2:]
   726		if len(data) != extensionsLength {
   727			return false
   728		}
   729	
   730		for len(data) != 0 {
   731			if len(data) < 4 {
   732				return false
   733			}
   734			extension := uint16(data[0])<<8 | uint16(data[1])
   735			length := int(data[2])<<8 | int(data[3])
   736			data = data[4:]
   737			if len(data) < length {
   738				return false
   739			}
   740	
   741			switch extension {
   742			case extensionNextProtoNeg:
   743				m.nextProtoNeg = true
   744				d := data[:length]
   745				for len(d) > 0 {
   746					l := int(d[0])
   747					d = d[1:]
   748					if l == 0 || l > len(d) {
   749						return false
   750					}
   751					m.nextProtos = append(m.nextProtos, string(d[:l]))
   752					d = d[l:]
   753				}
   754			case extensionStatusRequest:
   755				if length > 0 {
   756					return false
   757				}
   758				m.ocspStapling = true
   759			case extensionSessionTicket:
   760				if length > 0 {
   761					return false
   762				}
   763				m.ticketSupported = true
   764			case extensionRenegotiationInfo:
   765				if length == 0 {
   766					return false
   767				}
   768				d := data[:length]
   769				l := int(d[0])
   770				d = d[1:]
   771				if l != len(d) {
   772					return false
   773				}
   774	
   775				m.secureRenegotiation = d
   776				m.secureRenegotiationSupported = true
   777			case extensionALPN:
   778				d := data[:length]
   779				if len(d) < 3 {
   780					return false
   781				}
   782				l := int(d[0])<<8 | int(d[1])
   783				if l != len(d)-2 {
   784					return false
   785				}
   786				d = d[2:]
   787				l = int(d[0])
   788				if l != len(d)-1 {
   789					return false
   790				}
   791				d = d[1:]
   792				if len(d) == 0 {
   793					// ALPN protocols must not be empty.
   794					return false
   795				}
   796				m.alpnProtocol = string(d)
   797			case extensionSCT:
   798				d := data[:length]
   799	
   800				if len(d) < 2 {
   801					return false
   802				}
   803				l := int(d[0])<<8 | int(d[1])
   804				d = d[2:]
   805				if len(d) != l {
   806					return false
   807				}
   808				if l == 0 {
   809					continue
   810				}
   811	
   812				m.scts = make([][]byte, 0, 3)
   813				for len(d) != 0 {
   814					if len(d) < 2 {
   815						return false
   816					}
   817					sctLen := int(d[0])<<8 | int(d[1])
   818					d = d[2:]
   819					if len(d) < sctLen {
   820						return false
   821					}
   822					m.scts = append(m.scts, d[:sctLen])
   823					d = d[sctLen:]
   824				}
   825			}
   826			data = data[length:]
   827		}
   828	
   829		return true
   830	}
   831	
   832	type certificateMsg struct {
   833		raw          []byte
   834		certificates [][]byte
   835	}
   836	
   837	func (m *certificateMsg) equal(i interface{}) bool {
   838		m1, ok := i.(*certificateMsg)
   839		if !ok {
   840			return false
   841		}
   842	
   843		return bytes.Equal(m.raw, m1.raw) &&
   844			eqByteSlices(m.certificates, m1.certificates)
   845	}
   846	
   847	func (m *certificateMsg) marshal() (x []byte) {
   848		if m.raw != nil {
   849			return m.raw
   850		}
   851	
   852		var i int
   853		for _, slice := range m.certificates {
   854			i += len(slice)
   855		}
   856	
   857		length := 3 + 3*len(m.certificates) + i
   858		x = make([]byte, 4+length)
   859		x[0] = typeCertificate
   860		x[1] = uint8(length >> 16)
   861		x[2] = uint8(length >> 8)
   862		x[3] = uint8(length)
   863	
   864		certificateOctets := length - 3
   865		x[4] = uint8(certificateOctets >> 16)
   866		x[5] = uint8(certificateOctets >> 8)
   867		x[6] = uint8(certificateOctets)
   868	
   869		y := x[7:]
   870		for _, slice := range m.certificates {
   871			y[0] = uint8(len(slice) >> 16)
   872			y[1] = uint8(len(slice) >> 8)
   873			y[2] = uint8(len(slice))
   874			copy(y[3:], slice)
   875			y = y[3+len(slice):]
   876		}
   877	
   878		m.raw = x
   879		return
   880	}
   881	
   882	func (m *certificateMsg) unmarshal(data []byte) bool {
   883		if len(data) < 7 {
   884			return false
   885		}
   886	
   887		m.raw = data
   888		certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
   889		if uint32(len(data)) != certsLen+7 {
   890			return false
   891		}
   892	
   893		numCerts := 0
   894		d := data[7:]
   895		for certsLen > 0 {
   896			if len(d) < 4 {
   897				return false
   898			}
   899			certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
   900			if uint32(len(d)) < 3+certLen {
   901				return false
   902			}
   903			d = d[3+certLen:]
   904			certsLen -= 3 + certLen
   905			numCerts++
   906		}
   907	
   908		m.certificates = make([][]byte, numCerts)
   909		d = data[7:]
   910		for i := 0; i < numCerts; i++ {
   911			certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
   912			m.certificates[i] = d[3 : 3+certLen]
   913			d = d[3+certLen:]
   914		}
   915	
   916		return true
   917	}
   918	
   919	type serverKeyExchangeMsg struct {
   920		raw []byte
   921		key []byte
   922	}
   923	
   924	func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
   925		m1, ok := i.(*serverKeyExchangeMsg)
   926		if !ok {
   927			return false
   928		}
   929	
   930		return bytes.Equal(m.raw, m1.raw) &&
   931			bytes.Equal(m.key, m1.key)
   932	}
   933	
   934	func (m *serverKeyExchangeMsg) marshal() []byte {
   935		if m.raw != nil {
   936			return m.raw
   937		}
   938		length := len(m.key)
   939		x := make([]byte, length+4)
   940		x[0] = typeServerKeyExchange
   941		x[1] = uint8(length >> 16)
   942		x[2] = uint8(length >> 8)
   943		x[3] = uint8(length)
   944		copy(x[4:], m.key)
   945	
   946		m.raw = x
   947		return x
   948	}
   949	
   950	func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool {
   951		m.raw = data
   952		if len(data) < 4 {
   953			return false
   954		}
   955		m.key = data[4:]
   956		return true
   957	}
   958	
   959	type certificateStatusMsg struct {
   960		raw        []byte
   961		statusType uint8
   962		response   []byte
   963	}
   964	
   965	func (m *certificateStatusMsg) equal(i interface{}) bool {
   966		m1, ok := i.(*certificateStatusMsg)
   967		if !ok {
   968			return false
   969		}
   970	
   971		return bytes.Equal(m.raw, m1.raw) &&
   972			m.statusType == m1.statusType &&
   973			bytes.Equal(m.response, m1.response)
   974	}
   975	
   976	func (m *certificateStatusMsg) marshal() []byte {
   977		if m.raw != nil {
   978			return m.raw
   979		}
   980	
   981		var x []byte
   982		if m.statusType == statusTypeOCSP {
   983			x = make([]byte, 4+4+len(m.response))
   984			x[0] = typeCertificateStatus
   985			l := len(m.response) + 4
   986			x[1] = byte(l >> 16)
   987			x[2] = byte(l >> 8)
   988			x[3] = byte(l)
   989			x[4] = statusTypeOCSP
   990	
   991			l -= 4
   992			x[5] = byte(l >> 16)
   993			x[6] = byte(l >> 8)
   994			x[7] = byte(l)
   995			copy(x[8:], m.response)
   996		} else {
   997			x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
   998		}
   999	
  1000		m.raw = x
  1001		return x
  1002	}
  1003	
  1004	func (m *certificateStatusMsg) unmarshal(data []byte) bool {
  1005		m.raw = data
  1006		if len(data) < 5 {
  1007			return false
  1008		}
  1009		m.statusType = data[4]
  1010	
  1011		m.response = nil
  1012		if m.statusType == statusTypeOCSP {
  1013			if len(data) < 8 {
  1014				return false
  1015			}
  1016			respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
  1017			if uint32(len(data)) != 4+4+respLen {
  1018				return false
  1019			}
  1020			m.response = data[8:]
  1021		}
  1022		return true
  1023	}
  1024	
  1025	type serverHelloDoneMsg struct{}
  1026	
  1027	func (m *serverHelloDoneMsg) equal(i interface{}) bool {
  1028		_, ok := i.(*serverHelloDoneMsg)
  1029		return ok
  1030	}
  1031	
  1032	func (m *serverHelloDoneMsg) marshal() []byte {
  1033		x := make([]byte, 4)
  1034		x[0] = typeServerHelloDone
  1035		return x
  1036	}
  1037	
  1038	func (m *serverHelloDoneMsg) unmarshal(data []byte) bool {
  1039		return len(data) == 4
  1040	}
  1041	
  1042	type clientKeyExchangeMsg struct {
  1043		raw        []byte
  1044		ciphertext []byte
  1045	}
  1046	
  1047	func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
  1048		m1, ok := i.(*clientKeyExchangeMsg)
  1049		if !ok {
  1050			return false
  1051		}
  1052	
  1053		return bytes.Equal(m.raw, m1.raw) &&
  1054			bytes.Equal(m.ciphertext, m1.ciphertext)
  1055	}
  1056	
  1057	func (m *clientKeyExchangeMsg) marshal() []byte {
  1058		if m.raw != nil {
  1059			return m.raw
  1060		}
  1061		length := len(m.ciphertext)
  1062		x := make([]byte, length+4)
  1063		x[0] = typeClientKeyExchange
  1064		x[1] = uint8(length >> 16)
  1065		x[2] = uint8(length >> 8)
  1066		x[3] = uint8(length)
  1067		copy(x[4:], m.ciphertext)
  1068	
  1069		m.raw = x
  1070		return x
  1071	}
  1072	
  1073	func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool {
  1074		m.raw = data
  1075		if len(data) < 4 {
  1076			return false
  1077		}
  1078		l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
  1079		if l != len(data)-4 {
  1080			return false
  1081		}
  1082		m.ciphertext = data[4:]
  1083		return true
  1084	}
  1085	
  1086	type finishedMsg struct {
  1087		raw        []byte
  1088		verifyData []byte
  1089	}
  1090	
  1091	func (m *finishedMsg) equal(i interface{}) bool {
  1092		m1, ok := i.(*finishedMsg)
  1093		if !ok {
  1094			return false
  1095		}
  1096	
  1097		return bytes.Equal(m.raw, m1.raw) &&
  1098			bytes.Equal(m.verifyData, m1.verifyData)
  1099	}
  1100	
  1101	func (m *finishedMsg) marshal() (x []byte) {
  1102		if m.raw != nil {
  1103			return m.raw
  1104		}
  1105	
  1106		x = make([]byte, 4+len(m.verifyData))
  1107		x[0] = typeFinished
  1108		x[3] = byte(len(m.verifyData))
  1109		copy(x[4:], m.verifyData)
  1110		m.raw = x
  1111		return
  1112	}
  1113	
  1114	func (m *finishedMsg) unmarshal(data []byte) bool {
  1115		m.raw = data
  1116		if len(data) < 4 {
  1117			return false
  1118		}
  1119		m.verifyData = data[4:]
  1120		return true
  1121	}
  1122	
  1123	type nextProtoMsg struct {
  1124		raw   []byte
  1125		proto string
  1126	}
  1127	
  1128	func (m *nextProtoMsg) equal(i interface{}) bool {
  1129		m1, ok := i.(*nextProtoMsg)
  1130		if !ok {
  1131			return false
  1132		}
  1133	
  1134		return bytes.Equal(m.raw, m1.raw) &&
  1135			m.proto == m1.proto
  1136	}
  1137	
  1138	func (m *nextProtoMsg) marshal() []byte {
  1139		if m.raw != nil {
  1140			return m.raw
  1141		}
  1142		l := len(m.proto)
  1143		if l > 255 {
  1144			l = 255
  1145		}
  1146	
  1147		padding := 32 - (l+2)%32
  1148		length := l + padding + 2
  1149		x := make([]byte, length+4)
  1150		x[0] = typeNextProtocol
  1151		x[1] = uint8(length >> 16)
  1152		x[2] = uint8(length >> 8)
  1153		x[3] = uint8(length)
  1154	
  1155		y := x[4:]
  1156		y[0] = byte(l)
  1157		copy(y[1:], []byte(m.proto[0:l]))
  1158		y = y[1+l:]
  1159		y[0] = byte(padding)
  1160	
  1161		m.raw = x
  1162	
  1163		return x
  1164	}
  1165	
  1166	func (m *nextProtoMsg) unmarshal(data []byte) bool {
  1167		m.raw = data
  1168	
  1169		if len(data) < 5 {
  1170			return false
  1171		}
  1172		data = data[4:]
  1173		protoLen := int(data[0])
  1174		data = data[1:]
  1175		if len(data) < protoLen {
  1176			return false
  1177		}
  1178		m.proto = string(data[0:protoLen])
  1179		data = data[protoLen:]
  1180	
  1181		if len(data) < 1 {
  1182			return false
  1183		}
  1184		paddingLen := int(data[0])
  1185		data = data[1:]
  1186		if len(data) != paddingLen {
  1187			return false
  1188		}
  1189	
  1190		return true
  1191	}
  1192	
  1193	type certificateRequestMsg struct {
  1194		raw []byte
  1195		// hasSignatureAndHash indicates whether this message includes a list
  1196		// of signature and hash functions. This change was introduced with TLS
  1197		// 1.2.
  1198		hasSignatureAndHash bool
  1199	
  1200		certificateTypes       []byte
  1201		signatureAndHashes     []signatureAndHash
  1202		certificateAuthorities [][]byte
  1203	}
  1204	
  1205	func (m *certificateRequestMsg) equal(i interface{}) bool {
  1206		m1, ok := i.(*certificateRequestMsg)
  1207		if !ok {
  1208			return false
  1209		}
  1210	
  1211		return bytes.Equal(m.raw, m1.raw) &&
  1212			bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
  1213			eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
  1214			eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
  1215	}
  1216	
  1217	func (m *certificateRequestMsg) marshal() (x []byte) {
  1218		if m.raw != nil {
  1219			return m.raw
  1220		}
  1221	
  1222		// See http://tools.ietf.org/html/rfc4346#section-7.4.4
  1223		length := 1 + len(m.certificateTypes) + 2
  1224		casLength := 0
  1225		for _, ca := range m.certificateAuthorities {
  1226			casLength += 2 + len(ca)
  1227		}
  1228		length += casLength
  1229	
  1230		if m.hasSignatureAndHash {
  1231			length += 2 + 2*len(m.signatureAndHashes)
  1232		}
  1233	
  1234		x = make([]byte, 4+length)
  1235		x[0] = typeCertificateRequest
  1236		x[1] = uint8(length >> 16)
  1237		x[2] = uint8(length >> 8)
  1238		x[3] = uint8(length)
  1239	
  1240		x[4] = uint8(len(m.certificateTypes))
  1241	
  1242		copy(x[5:], m.certificateTypes)
  1243		y := x[5+len(m.certificateTypes):]
  1244	
  1245		if m.hasSignatureAndHash {
  1246			n := len(m.signatureAndHashes) * 2
  1247			y[0] = uint8(n >> 8)
  1248			y[1] = uint8(n)
  1249			y = y[2:]
  1250			for _, sigAndHash := range m.signatureAndHashes {
  1251				y[0] = sigAndHash.hash
  1252				y[1] = sigAndHash.signature
  1253				y = y[2:]
  1254			}
  1255		}
  1256	
  1257		y[0] = uint8(casLength >> 8)
  1258		y[1] = uint8(casLength)
  1259		y = y[2:]
  1260		for _, ca := range m.certificateAuthorities {
  1261			y[0] = uint8(len(ca) >> 8)
  1262			y[1] = uint8(len(ca))
  1263			y = y[2:]
  1264			copy(y, ca)
  1265			y = y[len(ca):]
  1266		}
  1267	
  1268		m.raw = x
  1269		return
  1270	}
  1271	
  1272	func (m *certificateRequestMsg) unmarshal(data []byte) bool {
  1273		m.raw = data
  1274	
  1275		if len(data) < 5 {
  1276			return false
  1277		}
  1278	
  1279		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1280		if uint32(len(data))-4 != length {
  1281			return false
  1282		}
  1283	
  1284		numCertTypes := int(data[4])
  1285		data = data[5:]
  1286		if numCertTypes == 0 || len(data) <= numCertTypes {
  1287			return false
  1288		}
  1289	
  1290		m.certificateTypes = make([]byte, numCertTypes)
  1291		if copy(m.certificateTypes, data) != numCertTypes {
  1292			return false
  1293		}
  1294	
  1295		data = data[numCertTypes:]
  1296	
  1297		if m.hasSignatureAndHash {
  1298			if len(data) < 2 {
  1299				return false
  1300			}
  1301			sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
  1302			data = data[2:]
  1303			if sigAndHashLen&1 != 0 {
  1304				return false
  1305			}
  1306			if len(data) < int(sigAndHashLen) {
  1307				return false
  1308			}
  1309			numSigAndHash := sigAndHashLen / 2
  1310			m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
  1311			for i := range m.signatureAndHashes {
  1312				m.signatureAndHashes[i].hash = data[0]
  1313				m.signatureAndHashes[i].signature = data[1]
  1314				data = data[2:]
  1315			}
  1316		}
  1317	
  1318		if len(data) < 2 {
  1319			return false
  1320		}
  1321		casLength := uint16(data[0])<<8 | uint16(data[1])
  1322		data = data[2:]
  1323		if len(data) < int(casLength) {
  1324			return false
  1325		}
  1326		cas := make([]byte, casLength)
  1327		copy(cas, data)
  1328		data = data[casLength:]
  1329	
  1330		m.certificateAuthorities = nil
  1331		for len(cas) > 0 {
  1332			if len(cas) < 2 {
  1333				return false
  1334			}
  1335			caLen := uint16(cas[0])<<8 | uint16(cas[1])
  1336			cas = cas[2:]
  1337	
  1338			if len(cas) < int(caLen) {
  1339				return false
  1340			}
  1341	
  1342			m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
  1343			cas = cas[caLen:]
  1344		}
  1345	
  1346		return len(data) == 0
  1347	}
  1348	
  1349	type certificateVerifyMsg struct {
  1350		raw                 []byte
  1351		hasSignatureAndHash bool
  1352		signatureAndHash    signatureAndHash
  1353		signature           []byte
  1354	}
  1355	
  1356	func (m *certificateVerifyMsg) equal(i interface{}) bool {
  1357		m1, ok := i.(*certificateVerifyMsg)
  1358		if !ok {
  1359			return false
  1360		}
  1361	
  1362		return bytes.Equal(m.raw, m1.raw) &&
  1363			m.hasSignatureAndHash == m1.hasSignatureAndHash &&
  1364			m.signatureAndHash.hash == m1.signatureAndHash.hash &&
  1365			m.signatureAndHash.signature == m1.signatureAndHash.signature &&
  1366			bytes.Equal(m.signature, m1.signature)
  1367	}
  1368	
  1369	func (m *certificateVerifyMsg) marshal() (x []byte) {
  1370		if m.raw != nil {
  1371			return m.raw
  1372		}
  1373	
  1374		// See http://tools.ietf.org/html/rfc4346#section-7.4.8
  1375		siglength := len(m.signature)
  1376		length := 2 + siglength
  1377		if m.hasSignatureAndHash {
  1378			length += 2
  1379		}
  1380		x = make([]byte, 4+length)
  1381		x[0] = typeCertificateVerify
  1382		x[1] = uint8(length >> 16)
  1383		x[2] = uint8(length >> 8)
  1384		x[3] = uint8(length)
  1385		y := x[4:]
  1386		if m.hasSignatureAndHash {
  1387			y[0] = m.signatureAndHash.hash
  1388			y[1] = m.signatureAndHash.signature
  1389			y = y[2:]
  1390		}
  1391		y[0] = uint8(siglength >> 8)
  1392		y[1] = uint8(siglength)
  1393		copy(y[2:], m.signature)
  1394	
  1395		m.raw = x
  1396	
  1397		return
  1398	}
  1399	
  1400	func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
  1401		m.raw = data
  1402	
  1403		if len(data) < 6 {
  1404			return false
  1405		}
  1406	
  1407		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1408		if uint32(len(data))-4 != length {
  1409			return false
  1410		}
  1411	
  1412		data = data[4:]
  1413		if m.hasSignatureAndHash {
  1414			m.signatureAndHash.hash = data[0]
  1415			m.signatureAndHash.signature = data[1]
  1416			data = data[2:]
  1417		}
  1418	
  1419		if len(data) < 2 {
  1420			return false
  1421		}
  1422		siglength := int(data[0])<<8 + int(data[1])
  1423		data = data[2:]
  1424		if len(data) != siglength {
  1425			return false
  1426		}
  1427	
  1428		m.signature = data
  1429	
  1430		return true
  1431	}
  1432	
  1433	type newSessionTicketMsg struct {
  1434		raw    []byte
  1435		ticket []byte
  1436	}
  1437	
  1438	func (m *newSessionTicketMsg) equal(i interface{}) bool {
  1439		m1, ok := i.(*newSessionTicketMsg)
  1440		if !ok {
  1441			return false
  1442		}
  1443	
  1444		return bytes.Equal(m.raw, m1.raw) &&
  1445			bytes.Equal(m.ticket, m1.ticket)
  1446	}
  1447	
  1448	func (m *newSessionTicketMsg) marshal() (x []byte) {
  1449		if m.raw != nil {
  1450			return m.raw
  1451		}
  1452	
  1453		// See http://tools.ietf.org/html/rfc5077#section-3.3
  1454		ticketLen := len(m.ticket)
  1455		length := 2 + 4 + ticketLen
  1456		x = make([]byte, 4+length)
  1457		x[0] = typeNewSessionTicket
  1458		x[1] = uint8(length >> 16)
  1459		x[2] = uint8(length >> 8)
  1460		x[3] = uint8(length)
  1461		x[8] = uint8(ticketLen >> 8)
  1462		x[9] = uint8(ticketLen)
  1463		copy(x[10:], m.ticket)
  1464	
  1465		m.raw = x
  1466	
  1467		return
  1468	}
  1469	
  1470	func (m *newSessionTicketMsg) unmarshal(data []byte) bool {
  1471		m.raw = data
  1472	
  1473		if len(data) < 10 {
  1474			return false
  1475		}
  1476	
  1477		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1478		if uint32(len(data))-4 != length {
  1479			return false
  1480		}
  1481	
  1482		ticketLen := int(data[8])<<8 + int(data[9])
  1483		if len(data)-10 != ticketLen {
  1484			return false
  1485		}
  1486	
  1487		m.ticket = data[10:]
  1488	
  1489		return true
  1490	}
  1491	
  1492	type helloRequestMsg struct {
  1493	}
  1494	
  1495	func (*helloRequestMsg) marshal() []byte {
  1496		return []byte{typeHelloRequest, 0, 0, 0}
  1497	}
  1498	
  1499	func (*helloRequestMsg) unmarshal(data []byte) bool {
  1500		return len(data) == 4
  1501	}
  1502	
  1503	func eqUint16s(x, y []uint16) bool {
  1504		if len(x) != len(y) {
  1505			return false
  1506		}
  1507		for i, v := range x {
  1508			if y[i] != v {
  1509				return false
  1510			}
  1511		}
  1512		return true
  1513	}
  1514	
  1515	func eqCurveIDs(x, y []CurveID) bool {
  1516		if len(x) != len(y) {
  1517			return false
  1518		}
  1519		for i, v := range x {
  1520			if y[i] != v {
  1521				return false
  1522			}
  1523		}
  1524		return true
  1525	}
  1526	
  1527	func eqStrings(x, y []string) bool {
  1528		if len(x) != len(y) {
  1529			return false
  1530		}
  1531		for i, v := range x {
  1532			if y[i] != v {
  1533				return false
  1534			}
  1535		}
  1536		return true
  1537	}
  1538	
  1539	func eqByteSlices(x, y [][]byte) bool {
  1540		if len(x) != len(y) {
  1541			return false
  1542		}
  1543		for i, v := range x {
  1544			if !bytes.Equal(v, y[i]) {
  1545				return false
  1546			}
  1547		}
  1548		return true
  1549	}
  1550	
  1551	func eqSignatureAndHashes(x, y []signatureAndHash) bool {
  1552		if len(x) != len(y) {
  1553			return false
  1554		}
  1555		for i, v := range x {
  1556			v2 := y[i]
  1557			if v.hash != v2.hash || v.signature != v2.signature {
  1558				return false
  1559			}
  1560		}
  1561		return true
  1562	}
  1563	

View as plain text