...
Run Format

Source file src/crypto/tls/handshake_messages.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	package tls
     6	
     7	import "bytes"
     8	
     9	type clientHelloMsg struct {
    10		raw                 []byte
    11		vers                uint16
    12		random              []byte
    13		sessionId           []byte
    14		cipherSuites        []uint16
    15		compressionMethods  []uint8
    16		nextProtoNeg        bool
    17		serverName          string
    18		ocspStapling        bool
    19		scts                bool
    20		supportedCurves     []CurveID
    21		supportedPoints     []uint8
    22		ticketSupported     bool
    23		sessionTicket       []uint8
    24		signatureAndHashes  []signatureAndHash
    25		secureRenegotiation bool
    26		alpnProtocols       []string
    27	}
    28	
    29	func (m *clientHelloMsg) equal(i interface{}) bool {
    30		m1, ok := i.(*clientHelloMsg)
    31		if !ok {
    32			return false
    33		}
    34	
    35		return bytes.Equal(m.raw, m1.raw) &&
    36			m.vers == m1.vers &&
    37			bytes.Equal(m.random, m1.random) &&
    38			bytes.Equal(m.sessionId, m1.sessionId) &&
    39			eqUint16s(m.cipherSuites, m1.cipherSuites) &&
    40			bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
    41			m.nextProtoNeg == m1.nextProtoNeg &&
    42			m.serverName == m1.serverName &&
    43			m.ocspStapling == m1.ocspStapling &&
    44			m.scts == m1.scts &&
    45			eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
    46			bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
    47			m.ticketSupported == m1.ticketSupported &&
    48			bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
    49			eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
    50			m.secureRenegotiation == m1.secureRenegotiation &&
    51			eqStrings(m.alpnProtocols, m1.alpnProtocols)
    52	}
    53	
    54	func (m *clientHelloMsg) marshal() []byte {
    55		if m.raw != nil {
    56			return m.raw
    57		}
    58	
    59		length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
    60		numExtensions := 0
    61		extensionsLength := 0
    62		if m.nextProtoNeg {
    63			numExtensions++
    64		}
    65		if m.ocspStapling {
    66			extensionsLength += 1 + 2 + 2
    67			numExtensions++
    68		}
    69		if len(m.serverName) > 0 {
    70			extensionsLength += 5 + len(m.serverName)
    71			numExtensions++
    72		}
    73		if len(m.supportedCurves) > 0 {
    74			extensionsLength += 2 + 2*len(m.supportedCurves)
    75			numExtensions++
    76		}
    77		if len(m.supportedPoints) > 0 {
    78			extensionsLength += 1 + len(m.supportedPoints)
    79			numExtensions++
    80		}
    81		if m.ticketSupported {
    82			extensionsLength += len(m.sessionTicket)
    83			numExtensions++
    84		}
    85		if len(m.signatureAndHashes) > 0 {
    86			extensionsLength += 2 + 2*len(m.signatureAndHashes)
    87			numExtensions++
    88		}
    89		if m.secureRenegotiation {
    90			extensionsLength += 1
    91			numExtensions++
    92		}
    93		if len(m.alpnProtocols) > 0 {
    94			extensionsLength += 2
    95			for _, s := range m.alpnProtocols {
    96				if l := len(s); l == 0 || l > 255 {
    97					panic("invalid ALPN protocol")
    98				}
    99				extensionsLength++
   100				extensionsLength += len(s)
   101			}
   102			numExtensions++
   103		}
   104		if m.scts {
   105			numExtensions++
   106		}
   107		if numExtensions > 0 {
   108			extensionsLength += 4 * numExtensions
   109			length += 2 + extensionsLength
   110		}
   111	
   112		x := make([]byte, 4+length)
   113		x[0] = typeClientHello
   114		x[1] = uint8(length >> 16)
   115		x[2] = uint8(length >> 8)
   116		x[3] = uint8(length)
   117		x[4] = uint8(m.vers >> 8)
   118		x[5] = uint8(m.vers)
   119		copy(x[6:38], m.random)
   120		x[38] = uint8(len(m.sessionId))
   121		copy(x[39:39+len(m.sessionId)], m.sessionId)
   122		y := x[39+len(m.sessionId):]
   123		y[0] = uint8(len(m.cipherSuites) >> 7)
   124		y[1] = uint8(len(m.cipherSuites) << 1)
   125		for i, suite := range m.cipherSuites {
   126			y[2+i*2] = uint8(suite >> 8)
   127			y[3+i*2] = uint8(suite)
   128		}
   129		z := y[2+len(m.cipherSuites)*2:]
   130		z[0] = uint8(len(m.compressionMethods))
   131		copy(z[1:], m.compressionMethods)
   132	
   133		z = z[1+len(m.compressionMethods):]
   134		if numExtensions > 0 {
   135			z[0] = byte(extensionsLength >> 8)
   136			z[1] = byte(extensionsLength)
   137			z = z[2:]
   138		}
   139		if m.nextProtoNeg {
   140			z[0] = byte(extensionNextProtoNeg >> 8)
   141			z[1] = byte(extensionNextProtoNeg & 0xff)
   142			// The length is always 0
   143			z = z[4:]
   144		}
   145		if len(m.serverName) > 0 {
   146			z[0] = byte(extensionServerName >> 8)
   147			z[1] = byte(extensionServerName & 0xff)
   148			l := len(m.serverName) + 5
   149			z[2] = byte(l >> 8)
   150			z[3] = byte(l)
   151			z = z[4:]
   152	
   153			// RFC 3546, section 3.1
   154			//
   155			// struct {
   156			//     NameType name_type;
   157			//     select (name_type) {
   158			//         case host_name: HostName;
   159			//     } name;
   160			// } ServerName;
   161			//
   162			// enum {
   163			//     host_name(0), (255)
   164			// } NameType;
   165			//
   166			// opaque HostName<1..2^16-1>;
   167			//
   168			// struct {
   169			//     ServerName server_name_list<1..2^16-1>
   170			// } ServerNameList;
   171	
   172			z[0] = byte((len(m.serverName) + 3) >> 8)
   173			z[1] = byte(len(m.serverName) + 3)
   174			z[3] = byte(len(m.serverName) >> 8)
   175			z[4] = byte(len(m.serverName))
   176			copy(z[5:], []byte(m.serverName))
   177			z = z[l:]
   178		}
   179		if m.ocspStapling {
   180			// RFC 4366, section 3.6
   181			z[0] = byte(extensionStatusRequest >> 8)
   182			z[1] = byte(extensionStatusRequest)
   183			z[2] = 0
   184			z[3] = 5
   185			z[4] = 1 // OCSP type
   186			// Two zero valued uint16s for the two lengths.
   187			z = z[9:]
   188		}
   189		if len(m.supportedCurves) > 0 {
   190			// http://tools.ietf.org/html/rfc4492#section-5.5.1
   191			z[0] = byte(extensionSupportedCurves >> 8)
   192			z[1] = byte(extensionSupportedCurves)
   193			l := 2 + 2*len(m.supportedCurves)
   194			z[2] = byte(l >> 8)
   195			z[3] = byte(l)
   196			l -= 2
   197			z[4] = byte(l >> 8)
   198			z[5] = byte(l)
   199			z = z[6:]
   200			for _, curve := range m.supportedCurves {
   201				z[0] = byte(curve >> 8)
   202				z[1] = byte(curve)
   203				z = z[2:]
   204			}
   205		}
   206		if len(m.supportedPoints) > 0 {
   207			// http://tools.ietf.org/html/rfc4492#section-5.5.2
   208			z[0] = byte(extensionSupportedPoints >> 8)
   209			z[1] = byte(extensionSupportedPoints)
   210			l := 1 + len(m.supportedPoints)
   211			z[2] = byte(l >> 8)
   212			z[3] = byte(l)
   213			l--
   214			z[4] = byte(l)
   215			z = z[5:]
   216			for _, pointFormat := range m.supportedPoints {
   217				z[0] = byte(pointFormat)
   218				z = z[1:]
   219			}
   220		}
   221		if m.ticketSupported {
   222			// http://tools.ietf.org/html/rfc5077#section-3.2
   223			z[0] = byte(extensionSessionTicket >> 8)
   224			z[1] = byte(extensionSessionTicket)
   225			l := len(m.sessionTicket)
   226			z[2] = byte(l >> 8)
   227			z[3] = byte(l)
   228			z = z[4:]
   229			copy(z, m.sessionTicket)
   230			z = z[len(m.sessionTicket):]
   231		}
   232		if len(m.signatureAndHashes) > 0 {
   233			// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
   234			z[0] = byte(extensionSignatureAlgorithms >> 8)
   235			z[1] = byte(extensionSignatureAlgorithms)
   236			l := 2 + 2*len(m.signatureAndHashes)
   237			z[2] = byte(l >> 8)
   238			z[3] = byte(l)
   239			z = z[4:]
   240	
   241			l -= 2
   242			z[0] = byte(l >> 8)
   243			z[1] = byte(l)
   244			z = z[2:]
   245			for _, sigAndHash := range m.signatureAndHashes {
   246				z[0] = sigAndHash.hash
   247				z[1] = sigAndHash.signature
   248				z = z[2:]
   249			}
   250		}
   251		if m.secureRenegotiation {
   252			z[0] = byte(extensionRenegotiationInfo >> 8)
   253			z[1] = byte(extensionRenegotiationInfo & 0xff)
   254			z[2] = 0
   255			z[3] = 1
   256			z = z[5:]
   257		}
   258		if len(m.alpnProtocols) > 0 {
   259			z[0] = byte(extensionALPN >> 8)
   260			z[1] = byte(extensionALPN & 0xff)
   261			lengths := z[2:]
   262			z = z[6:]
   263	
   264			stringsLength := 0
   265			for _, s := range m.alpnProtocols {
   266				l := len(s)
   267				z[0] = byte(l)
   268				copy(z[1:], s)
   269				z = z[1+l:]
   270				stringsLength += 1 + l
   271			}
   272	
   273			lengths[2] = byte(stringsLength >> 8)
   274			lengths[3] = byte(stringsLength)
   275			stringsLength += 2
   276			lengths[0] = byte(stringsLength >> 8)
   277			lengths[1] = byte(stringsLength)
   278		}
   279		if m.scts {
   280			// https://tools.ietf.org/html/rfc6962#section-3.3.1
   281			z[0] = byte(extensionSCT >> 8)
   282			z[1] = byte(extensionSCT)
   283			// zero uint16 for the zero-length extension_data
   284			z = z[4:]
   285		}
   286	
   287		m.raw = x
   288	
   289		return x
   290	}
   291	
   292	func (m *clientHelloMsg) unmarshal(data []byte) bool {
   293		if len(data) < 42 {
   294			return false
   295		}
   296		m.raw = data
   297		m.vers = uint16(data[4])<<8 | uint16(data[5])
   298		m.random = data[6:38]
   299		sessionIdLen := int(data[38])
   300		if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
   301			return false
   302		}
   303		m.sessionId = data[39 : 39+sessionIdLen]
   304		data = data[39+sessionIdLen:]
   305		if len(data) < 2 {
   306			return false
   307		}
   308		// cipherSuiteLen is the number of bytes of cipher suite numbers. Since
   309		// they are uint16s, the number must be even.
   310		cipherSuiteLen := int(data[0])<<8 | int(data[1])
   311		if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
   312			return false
   313		}
   314		numCipherSuites := cipherSuiteLen / 2
   315		m.cipherSuites = make([]uint16, numCipherSuites)
   316		for i := 0; i < numCipherSuites; i++ {
   317			m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
   318			if m.cipherSuites[i] == scsvRenegotiation {
   319				m.secureRenegotiation = true
   320			}
   321		}
   322		data = data[2+cipherSuiteLen:]
   323		if len(data) < 1 {
   324			return false
   325		}
   326		compressionMethodsLen := int(data[0])
   327		if len(data) < 1+compressionMethodsLen {
   328			return false
   329		}
   330		m.compressionMethods = data[1 : 1+compressionMethodsLen]
   331	
   332		data = data[1+compressionMethodsLen:]
   333	
   334		m.nextProtoNeg = false
   335		m.serverName = ""
   336		m.ocspStapling = false
   337		m.ticketSupported = false
   338		m.sessionTicket = nil
   339		m.signatureAndHashes = nil
   340		m.alpnProtocols = nil
   341		m.scts = false
   342	
   343		if len(data) == 0 {
   344			// ClientHello is optionally followed by extension data
   345			return true
   346		}
   347		if len(data) < 2 {
   348			return false
   349		}
   350	
   351		extensionsLength := int(data[0])<<8 | int(data[1])
   352		data = data[2:]
   353		if extensionsLength != len(data) {
   354			return false
   355		}
   356	
   357		for len(data) != 0 {
   358			if len(data) < 4 {
   359				return false
   360			}
   361			extension := uint16(data[0])<<8 | uint16(data[1])
   362			length := int(data[2])<<8 | int(data[3])
   363			data = data[4:]
   364			if len(data) < length {
   365				return false
   366			}
   367	
   368			switch extension {
   369			case extensionServerName:
   370				d := data[:length]
   371				if len(d) < 2 {
   372					return false
   373				}
   374				namesLen := int(d[0])<<8 | int(d[1])
   375				d = d[2:]
   376				if len(d) != namesLen {
   377					return false
   378				}
   379				for len(d) > 0 {
   380					if len(d) < 3 {
   381						return false
   382					}
   383					nameType := d[0]
   384					nameLen := int(d[1])<<8 | int(d[2])
   385					d = d[3:]
   386					if len(d) < nameLen {
   387						return false
   388					}
   389					if nameType == 0 {
   390						m.serverName = string(d[:nameLen])
   391						break
   392					}
   393					d = d[nameLen:]
   394				}
   395			case extensionNextProtoNeg:
   396				if length > 0 {
   397					return false
   398				}
   399				m.nextProtoNeg = true
   400			case extensionStatusRequest:
   401				m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
   402			case extensionSupportedCurves:
   403				// http://tools.ietf.org/html/rfc4492#section-5.5.1
   404				if length < 2 {
   405					return false
   406				}
   407				l := int(data[0])<<8 | int(data[1])
   408				if l%2 == 1 || length != l+2 {
   409					return false
   410				}
   411				numCurves := l / 2
   412				m.supportedCurves = make([]CurveID, numCurves)
   413				d := data[2:]
   414				for i := 0; i < numCurves; i++ {
   415					m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
   416					d = d[2:]
   417				}
   418			case extensionSupportedPoints:
   419				// http://tools.ietf.org/html/rfc4492#section-5.5.2
   420				if length < 1 {
   421					return false
   422				}
   423				l := int(data[0])
   424				if length != l+1 {
   425					return false
   426				}
   427				m.supportedPoints = make([]uint8, l)
   428				copy(m.supportedPoints, data[1:])
   429			case extensionSessionTicket:
   430				// http://tools.ietf.org/html/rfc5077#section-3.2
   431				m.ticketSupported = true
   432				m.sessionTicket = data[:length]
   433			case extensionSignatureAlgorithms:
   434				// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
   435				if length < 2 || length&1 != 0 {
   436					return false
   437				}
   438				l := int(data[0])<<8 | int(data[1])
   439				if l != length-2 {
   440					return false
   441				}
   442				n := l / 2
   443				d := data[2:]
   444				m.signatureAndHashes = make([]signatureAndHash, n)
   445				for i := range m.signatureAndHashes {
   446					m.signatureAndHashes[i].hash = d[0]
   447					m.signatureAndHashes[i].signature = d[1]
   448					d = d[2:]
   449				}
   450			case extensionRenegotiationInfo:
   451				if length != 1 || data[0] != 0 {
   452					return false
   453				}
   454				m.secureRenegotiation = true
   455			case extensionALPN:
   456				if length < 2 {
   457					return false
   458				}
   459				l := int(data[0])<<8 | int(data[1])
   460				if l != length-2 {
   461					return false
   462				}
   463				d := data[2:length]
   464				for len(d) != 0 {
   465					stringLen := int(d[0])
   466					d = d[1:]
   467					if stringLen == 0 || stringLen > len(d) {
   468						return false
   469					}
   470					m.alpnProtocols = append(m.alpnProtocols, string(d[:stringLen]))
   471					d = d[stringLen:]
   472				}
   473			case extensionSCT:
   474				m.scts = true
   475				if length != 0 {
   476					return false
   477				}
   478			}
   479			data = data[length:]
   480		}
   481	
   482		return true
   483	}
   484	
   485	type serverHelloMsg struct {
   486		raw                 []byte
   487		vers                uint16
   488		random              []byte
   489		sessionId           []byte
   490		cipherSuite         uint16
   491		compressionMethod   uint8
   492		nextProtoNeg        bool
   493		nextProtos          []string
   494		ocspStapling        bool
   495		scts                [][]byte
   496		ticketSupported     bool
   497		secureRenegotiation bool
   498		alpnProtocol        string
   499	}
   500	
   501	func (m *serverHelloMsg) equal(i interface{}) bool {
   502		m1, ok := i.(*serverHelloMsg)
   503		if !ok {
   504			return false
   505		}
   506	
   507		if len(m.scts) != len(m1.scts) {
   508			return false
   509		}
   510		for i, sct := range m.scts {
   511			if !bytes.Equal(sct, m1.scts[i]) {
   512				return false
   513			}
   514		}
   515	
   516		return bytes.Equal(m.raw, m1.raw) &&
   517			m.vers == m1.vers &&
   518			bytes.Equal(m.random, m1.random) &&
   519			bytes.Equal(m.sessionId, m1.sessionId) &&
   520			m.cipherSuite == m1.cipherSuite &&
   521			m.compressionMethod == m1.compressionMethod &&
   522			m.nextProtoNeg == m1.nextProtoNeg &&
   523			eqStrings(m.nextProtos, m1.nextProtos) &&
   524			m.ocspStapling == m1.ocspStapling &&
   525			m.ticketSupported == m1.ticketSupported &&
   526			m.secureRenegotiation == m1.secureRenegotiation &&
   527			m.alpnProtocol == m1.alpnProtocol
   528	}
   529	
   530	func (m *serverHelloMsg) marshal() []byte {
   531		if m.raw != nil {
   532			return m.raw
   533		}
   534	
   535		length := 38 + len(m.sessionId)
   536		numExtensions := 0
   537		extensionsLength := 0
   538	
   539		nextProtoLen := 0
   540		if m.nextProtoNeg {
   541			numExtensions++
   542			for _, v := range m.nextProtos {
   543				nextProtoLen += len(v)
   544			}
   545			nextProtoLen += len(m.nextProtos)
   546			extensionsLength += nextProtoLen
   547		}
   548		if m.ocspStapling {
   549			numExtensions++
   550		}
   551		if m.ticketSupported {
   552			numExtensions++
   553		}
   554		if m.secureRenegotiation {
   555			extensionsLength += 1
   556			numExtensions++
   557		}
   558		if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
   559			if alpnLen >= 256 {
   560				panic("invalid ALPN protocol")
   561			}
   562			extensionsLength += 2 + 1 + alpnLen
   563			numExtensions++
   564		}
   565		sctLen := 0
   566		if len(m.scts) > 0 {
   567			for _, sct := range m.scts {
   568				sctLen += len(sct) + 2
   569			}
   570			extensionsLength += 2 + sctLen
   571			numExtensions++
   572		}
   573	
   574		if numExtensions > 0 {
   575			extensionsLength += 4 * numExtensions
   576			length += 2 + extensionsLength
   577		}
   578	
   579		x := make([]byte, 4+length)
   580		x[0] = typeServerHello
   581		x[1] = uint8(length >> 16)
   582		x[2] = uint8(length >> 8)
   583		x[3] = uint8(length)
   584		x[4] = uint8(m.vers >> 8)
   585		x[5] = uint8(m.vers)
   586		copy(x[6:38], m.random)
   587		x[38] = uint8(len(m.sessionId))
   588		copy(x[39:39+len(m.sessionId)], m.sessionId)
   589		z := x[39+len(m.sessionId):]
   590		z[0] = uint8(m.cipherSuite >> 8)
   591		z[1] = uint8(m.cipherSuite)
   592		z[2] = uint8(m.compressionMethod)
   593	
   594		z = z[3:]
   595		if numExtensions > 0 {
   596			z[0] = byte(extensionsLength >> 8)
   597			z[1] = byte(extensionsLength)
   598			z = z[2:]
   599		}
   600		if m.nextProtoNeg {
   601			z[0] = byte(extensionNextProtoNeg >> 8)
   602			z[1] = byte(extensionNextProtoNeg & 0xff)
   603			z[2] = byte(nextProtoLen >> 8)
   604			z[3] = byte(nextProtoLen)
   605			z = z[4:]
   606	
   607			for _, v := range m.nextProtos {
   608				l := len(v)
   609				if l > 255 {
   610					l = 255
   611				}
   612				z[0] = byte(l)
   613				copy(z[1:], []byte(v[0:l]))
   614				z = z[1+l:]
   615			}
   616		}
   617		if m.ocspStapling {
   618			z[0] = byte(extensionStatusRequest >> 8)
   619			z[1] = byte(extensionStatusRequest)
   620			z = z[4:]
   621		}
   622		if m.ticketSupported {
   623			z[0] = byte(extensionSessionTicket >> 8)
   624			z[1] = byte(extensionSessionTicket)
   625			z = z[4:]
   626		}
   627		if m.secureRenegotiation {
   628			z[0] = byte(extensionRenegotiationInfo >> 8)
   629			z[1] = byte(extensionRenegotiationInfo & 0xff)
   630			z[2] = 0
   631			z[3] = 1
   632			z = z[5:]
   633		}
   634		if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
   635			z[0] = byte(extensionALPN >> 8)
   636			z[1] = byte(extensionALPN & 0xff)
   637			l := 2 + 1 + alpnLen
   638			z[2] = byte(l >> 8)
   639			z[3] = byte(l)
   640			l -= 2
   641			z[4] = byte(l >> 8)
   642			z[5] = byte(l)
   643			l -= 1
   644			z[6] = byte(l)
   645			copy(z[7:], []byte(m.alpnProtocol))
   646			z = z[7+alpnLen:]
   647		}
   648		if sctLen > 0 {
   649			z[0] = byte(extensionSCT >> 8)
   650			z[1] = byte(extensionSCT)
   651			l := sctLen + 2
   652			z[2] = byte(l >> 8)
   653			z[3] = byte(l)
   654			z[4] = byte(sctLen >> 8)
   655			z[5] = byte(sctLen)
   656	
   657			z = z[6:]
   658			for _, sct := range m.scts {
   659				z[0] = byte(len(sct) >> 8)
   660				z[1] = byte(len(sct))
   661				copy(z[2:], sct)
   662				z = z[len(sct)+2:]
   663			}
   664		}
   665	
   666		m.raw = x
   667	
   668		return x
   669	}
   670	
   671	func (m *serverHelloMsg) unmarshal(data []byte) bool {
   672		if len(data) < 42 {
   673			return false
   674		}
   675		m.raw = data
   676		m.vers = uint16(data[4])<<8 | uint16(data[5])
   677		m.random = data[6:38]
   678		sessionIdLen := int(data[38])
   679		if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
   680			return false
   681		}
   682		m.sessionId = data[39 : 39+sessionIdLen]
   683		data = data[39+sessionIdLen:]
   684		if len(data) < 3 {
   685			return false
   686		}
   687		m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
   688		m.compressionMethod = data[2]
   689		data = data[3:]
   690	
   691		m.nextProtoNeg = false
   692		m.nextProtos = nil
   693		m.ocspStapling = false
   694		m.scts = nil
   695		m.ticketSupported = false
   696		m.alpnProtocol = ""
   697	
   698		if len(data) == 0 {
   699			// ServerHello is optionally followed by extension data
   700			return true
   701		}
   702		if len(data) < 2 {
   703			return false
   704		}
   705	
   706		extensionsLength := int(data[0])<<8 | int(data[1])
   707		data = data[2:]
   708		if len(data) != extensionsLength {
   709			return false
   710		}
   711	
   712		for len(data) != 0 {
   713			if len(data) < 4 {
   714				return false
   715			}
   716			extension := uint16(data[0])<<8 | uint16(data[1])
   717			length := int(data[2])<<8 | int(data[3])
   718			data = data[4:]
   719			if len(data) < length {
   720				return false
   721			}
   722	
   723			switch extension {
   724			case extensionNextProtoNeg:
   725				m.nextProtoNeg = true
   726				d := data[:length]
   727				for len(d) > 0 {
   728					l := int(d[0])
   729					d = d[1:]
   730					if l == 0 || l > len(d) {
   731						return false
   732					}
   733					m.nextProtos = append(m.nextProtos, string(d[:l]))
   734					d = d[l:]
   735				}
   736			case extensionStatusRequest:
   737				if length > 0 {
   738					return false
   739				}
   740				m.ocspStapling = true
   741			case extensionSessionTicket:
   742				if length > 0 {
   743					return false
   744				}
   745				m.ticketSupported = true
   746			case extensionRenegotiationInfo:
   747				if length != 1 || data[0] != 0 {
   748					return false
   749				}
   750				m.secureRenegotiation = true
   751			case extensionALPN:
   752				d := data[:length]
   753				if len(d) < 3 {
   754					return false
   755				}
   756				l := int(d[0])<<8 | int(d[1])
   757				if l != len(d)-2 {
   758					return false
   759				}
   760				d = d[2:]
   761				l = int(d[0])
   762				if l != len(d)-1 {
   763					return false
   764				}
   765				d = d[1:]
   766				if len(d) == 0 {
   767					// ALPN protocols must not be empty.
   768					return false
   769				}
   770				m.alpnProtocol = string(d)
   771			case extensionSCT:
   772				d := data[:length]
   773	
   774				if len(d) < 2 {
   775					return false
   776				}
   777				l := int(d[0])<<8 | int(d[1])
   778				d = d[2:]
   779				if len(d) != l {
   780					return false
   781				}
   782				if l == 0 {
   783					continue
   784				}
   785	
   786				m.scts = make([][]byte, 0, 3)
   787				for len(d) != 0 {
   788					if len(d) < 2 {
   789						return false
   790					}
   791					sctLen := int(d[0])<<8 | int(d[1])
   792					d = d[2:]
   793					if len(d) < sctLen {
   794						return false
   795					}
   796					m.scts = append(m.scts, d[:sctLen])
   797					d = d[sctLen:]
   798				}
   799			}
   800			data = data[length:]
   801		}
   802	
   803		return true
   804	}
   805	
   806	type certificateMsg struct {
   807		raw          []byte
   808		certificates [][]byte
   809	}
   810	
   811	func (m *certificateMsg) equal(i interface{}) bool {
   812		m1, ok := i.(*certificateMsg)
   813		if !ok {
   814			return false
   815		}
   816	
   817		return bytes.Equal(m.raw, m1.raw) &&
   818			eqByteSlices(m.certificates, m1.certificates)
   819	}
   820	
   821	func (m *certificateMsg) marshal() (x []byte) {
   822		if m.raw != nil {
   823			return m.raw
   824		}
   825	
   826		var i int
   827		for _, slice := range m.certificates {
   828			i += len(slice)
   829		}
   830	
   831		length := 3 + 3*len(m.certificates) + i
   832		x = make([]byte, 4+length)
   833		x[0] = typeCertificate
   834		x[1] = uint8(length >> 16)
   835		x[2] = uint8(length >> 8)
   836		x[3] = uint8(length)
   837	
   838		certificateOctets := length - 3
   839		x[4] = uint8(certificateOctets >> 16)
   840		x[5] = uint8(certificateOctets >> 8)
   841		x[6] = uint8(certificateOctets)
   842	
   843		y := x[7:]
   844		for _, slice := range m.certificates {
   845			y[0] = uint8(len(slice) >> 16)
   846			y[1] = uint8(len(slice) >> 8)
   847			y[2] = uint8(len(slice))
   848			copy(y[3:], slice)
   849			y = y[3+len(slice):]
   850		}
   851	
   852		m.raw = x
   853		return
   854	}
   855	
   856	func (m *certificateMsg) unmarshal(data []byte) bool {
   857		if len(data) < 7 {
   858			return false
   859		}
   860	
   861		m.raw = data
   862		certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
   863		if uint32(len(data)) != certsLen+7 {
   864			return false
   865		}
   866	
   867		numCerts := 0
   868		d := data[7:]
   869		for certsLen > 0 {
   870			if len(d) < 4 {
   871				return false
   872			}
   873			certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
   874			if uint32(len(d)) < 3+certLen {
   875				return false
   876			}
   877			d = d[3+certLen:]
   878			certsLen -= 3 + certLen
   879			numCerts++
   880		}
   881	
   882		m.certificates = make([][]byte, numCerts)
   883		d = data[7:]
   884		for i := 0; i < numCerts; i++ {
   885			certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
   886			m.certificates[i] = d[3 : 3+certLen]
   887			d = d[3+certLen:]
   888		}
   889	
   890		return true
   891	}
   892	
   893	type serverKeyExchangeMsg struct {
   894		raw []byte
   895		key []byte
   896	}
   897	
   898	func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
   899		m1, ok := i.(*serverKeyExchangeMsg)
   900		if !ok {
   901			return false
   902		}
   903	
   904		return bytes.Equal(m.raw, m1.raw) &&
   905			bytes.Equal(m.key, m1.key)
   906	}
   907	
   908	func (m *serverKeyExchangeMsg) marshal() []byte {
   909		if m.raw != nil {
   910			return m.raw
   911		}
   912		length := len(m.key)
   913		x := make([]byte, length+4)
   914		x[0] = typeServerKeyExchange
   915		x[1] = uint8(length >> 16)
   916		x[2] = uint8(length >> 8)
   917		x[3] = uint8(length)
   918		copy(x[4:], m.key)
   919	
   920		m.raw = x
   921		return x
   922	}
   923	
   924	func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool {
   925		m.raw = data
   926		if len(data) < 4 {
   927			return false
   928		}
   929		m.key = data[4:]
   930		return true
   931	}
   932	
   933	type certificateStatusMsg struct {
   934		raw        []byte
   935		statusType uint8
   936		response   []byte
   937	}
   938	
   939	func (m *certificateStatusMsg) equal(i interface{}) bool {
   940		m1, ok := i.(*certificateStatusMsg)
   941		if !ok {
   942			return false
   943		}
   944	
   945		return bytes.Equal(m.raw, m1.raw) &&
   946			m.statusType == m1.statusType &&
   947			bytes.Equal(m.response, m1.response)
   948	}
   949	
   950	func (m *certificateStatusMsg) marshal() []byte {
   951		if m.raw != nil {
   952			return m.raw
   953		}
   954	
   955		var x []byte
   956		if m.statusType == statusTypeOCSP {
   957			x = make([]byte, 4+4+len(m.response))
   958			x[0] = typeCertificateStatus
   959			l := len(m.response) + 4
   960			x[1] = byte(l >> 16)
   961			x[2] = byte(l >> 8)
   962			x[3] = byte(l)
   963			x[4] = statusTypeOCSP
   964	
   965			l -= 4
   966			x[5] = byte(l >> 16)
   967			x[6] = byte(l >> 8)
   968			x[7] = byte(l)
   969			copy(x[8:], m.response)
   970		} else {
   971			x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
   972		}
   973	
   974		m.raw = x
   975		return x
   976	}
   977	
   978	func (m *certificateStatusMsg) unmarshal(data []byte) bool {
   979		m.raw = data
   980		if len(data) < 5 {
   981			return false
   982		}
   983		m.statusType = data[4]
   984	
   985		m.response = nil
   986		if m.statusType == statusTypeOCSP {
   987			if len(data) < 8 {
   988				return false
   989			}
   990			respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
   991			if uint32(len(data)) != 4+4+respLen {
   992				return false
   993			}
   994			m.response = data[8:]
   995		}
   996		return true
   997	}
   998	
   999	type serverHelloDoneMsg struct{}
  1000	
  1001	func (m *serverHelloDoneMsg) equal(i interface{}) bool {
  1002		_, ok := i.(*serverHelloDoneMsg)
  1003		return ok
  1004	}
  1005	
  1006	func (m *serverHelloDoneMsg) marshal() []byte {
  1007		x := make([]byte, 4)
  1008		x[0] = typeServerHelloDone
  1009		return x
  1010	}
  1011	
  1012	func (m *serverHelloDoneMsg) unmarshal(data []byte) bool {
  1013		return len(data) == 4
  1014	}
  1015	
  1016	type clientKeyExchangeMsg struct {
  1017		raw        []byte
  1018		ciphertext []byte
  1019	}
  1020	
  1021	func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
  1022		m1, ok := i.(*clientKeyExchangeMsg)
  1023		if !ok {
  1024			return false
  1025		}
  1026	
  1027		return bytes.Equal(m.raw, m1.raw) &&
  1028			bytes.Equal(m.ciphertext, m1.ciphertext)
  1029	}
  1030	
  1031	func (m *clientKeyExchangeMsg) marshal() []byte {
  1032		if m.raw != nil {
  1033			return m.raw
  1034		}
  1035		length := len(m.ciphertext)
  1036		x := make([]byte, length+4)
  1037		x[0] = typeClientKeyExchange
  1038		x[1] = uint8(length >> 16)
  1039		x[2] = uint8(length >> 8)
  1040		x[3] = uint8(length)
  1041		copy(x[4:], m.ciphertext)
  1042	
  1043		m.raw = x
  1044		return x
  1045	}
  1046	
  1047	func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool {
  1048		m.raw = data
  1049		if len(data) < 4 {
  1050			return false
  1051		}
  1052		l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
  1053		if l != len(data)-4 {
  1054			return false
  1055		}
  1056		m.ciphertext = data[4:]
  1057		return true
  1058	}
  1059	
  1060	type finishedMsg struct {
  1061		raw        []byte
  1062		verifyData []byte
  1063	}
  1064	
  1065	func (m *finishedMsg) equal(i interface{}) bool {
  1066		m1, ok := i.(*finishedMsg)
  1067		if !ok {
  1068			return false
  1069		}
  1070	
  1071		return bytes.Equal(m.raw, m1.raw) &&
  1072			bytes.Equal(m.verifyData, m1.verifyData)
  1073	}
  1074	
  1075	func (m *finishedMsg) marshal() (x []byte) {
  1076		if m.raw != nil {
  1077			return m.raw
  1078		}
  1079	
  1080		x = make([]byte, 4+len(m.verifyData))
  1081		x[0] = typeFinished
  1082		x[3] = byte(len(m.verifyData))
  1083		copy(x[4:], m.verifyData)
  1084		m.raw = x
  1085		return
  1086	}
  1087	
  1088	func (m *finishedMsg) unmarshal(data []byte) bool {
  1089		m.raw = data
  1090		if len(data) < 4 {
  1091			return false
  1092		}
  1093		m.verifyData = data[4:]
  1094		return true
  1095	}
  1096	
  1097	type nextProtoMsg struct {
  1098		raw   []byte
  1099		proto string
  1100	}
  1101	
  1102	func (m *nextProtoMsg) equal(i interface{}) bool {
  1103		m1, ok := i.(*nextProtoMsg)
  1104		if !ok {
  1105			return false
  1106		}
  1107	
  1108		return bytes.Equal(m.raw, m1.raw) &&
  1109			m.proto == m1.proto
  1110	}
  1111	
  1112	func (m *nextProtoMsg) marshal() []byte {
  1113		if m.raw != nil {
  1114			return m.raw
  1115		}
  1116		l := len(m.proto)
  1117		if l > 255 {
  1118			l = 255
  1119		}
  1120	
  1121		padding := 32 - (l+2)%32
  1122		length := l + padding + 2
  1123		x := make([]byte, length+4)
  1124		x[0] = typeNextProtocol
  1125		x[1] = uint8(length >> 16)
  1126		x[2] = uint8(length >> 8)
  1127		x[3] = uint8(length)
  1128	
  1129		y := x[4:]
  1130		y[0] = byte(l)
  1131		copy(y[1:], []byte(m.proto[0:l]))
  1132		y = y[1+l:]
  1133		y[0] = byte(padding)
  1134	
  1135		m.raw = x
  1136	
  1137		return x
  1138	}
  1139	
  1140	func (m *nextProtoMsg) unmarshal(data []byte) bool {
  1141		m.raw = data
  1142	
  1143		if len(data) < 5 {
  1144			return false
  1145		}
  1146		data = data[4:]
  1147		protoLen := int(data[0])
  1148		data = data[1:]
  1149		if len(data) < protoLen {
  1150			return false
  1151		}
  1152		m.proto = string(data[0:protoLen])
  1153		data = data[protoLen:]
  1154	
  1155		if len(data) < 1 {
  1156			return false
  1157		}
  1158		paddingLen := int(data[0])
  1159		data = data[1:]
  1160		if len(data) != paddingLen {
  1161			return false
  1162		}
  1163	
  1164		return true
  1165	}
  1166	
  1167	type certificateRequestMsg struct {
  1168		raw []byte
  1169		// hasSignatureAndHash indicates whether this message includes a list
  1170		// of signature and hash functions. This change was introduced with TLS
  1171		// 1.2.
  1172		hasSignatureAndHash bool
  1173	
  1174		certificateTypes       []byte
  1175		signatureAndHashes     []signatureAndHash
  1176		certificateAuthorities [][]byte
  1177	}
  1178	
  1179	func (m *certificateRequestMsg) equal(i interface{}) bool {
  1180		m1, ok := i.(*certificateRequestMsg)
  1181		if !ok {
  1182			return false
  1183		}
  1184	
  1185		return bytes.Equal(m.raw, m1.raw) &&
  1186			bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
  1187			eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
  1188			eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
  1189	}
  1190	
  1191	func (m *certificateRequestMsg) marshal() (x []byte) {
  1192		if m.raw != nil {
  1193			return m.raw
  1194		}
  1195	
  1196		// See http://tools.ietf.org/html/rfc4346#section-7.4.4
  1197		length := 1 + len(m.certificateTypes) + 2
  1198		casLength := 0
  1199		for _, ca := range m.certificateAuthorities {
  1200			casLength += 2 + len(ca)
  1201		}
  1202		length += casLength
  1203	
  1204		if m.hasSignatureAndHash {
  1205			length += 2 + 2*len(m.signatureAndHashes)
  1206		}
  1207	
  1208		x = make([]byte, 4+length)
  1209		x[0] = typeCertificateRequest
  1210		x[1] = uint8(length >> 16)
  1211		x[2] = uint8(length >> 8)
  1212		x[3] = uint8(length)
  1213	
  1214		x[4] = uint8(len(m.certificateTypes))
  1215	
  1216		copy(x[5:], m.certificateTypes)
  1217		y := x[5+len(m.certificateTypes):]
  1218	
  1219		if m.hasSignatureAndHash {
  1220			n := len(m.signatureAndHashes) * 2
  1221			y[0] = uint8(n >> 8)
  1222			y[1] = uint8(n)
  1223			y = y[2:]
  1224			for _, sigAndHash := range m.signatureAndHashes {
  1225				y[0] = sigAndHash.hash
  1226				y[1] = sigAndHash.signature
  1227				y = y[2:]
  1228			}
  1229		}
  1230	
  1231		y[0] = uint8(casLength >> 8)
  1232		y[1] = uint8(casLength)
  1233		y = y[2:]
  1234		for _, ca := range m.certificateAuthorities {
  1235			y[0] = uint8(len(ca) >> 8)
  1236			y[1] = uint8(len(ca))
  1237			y = y[2:]
  1238			copy(y, ca)
  1239			y = y[len(ca):]
  1240		}
  1241	
  1242		m.raw = x
  1243		return
  1244	}
  1245	
  1246	func (m *certificateRequestMsg) unmarshal(data []byte) bool {
  1247		m.raw = data
  1248	
  1249		if len(data) < 5 {
  1250			return false
  1251		}
  1252	
  1253		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1254		if uint32(len(data))-4 != length {
  1255			return false
  1256		}
  1257	
  1258		numCertTypes := int(data[4])
  1259		data = data[5:]
  1260		if numCertTypes == 0 || len(data) <= numCertTypes {
  1261			return false
  1262		}
  1263	
  1264		m.certificateTypes = make([]byte, numCertTypes)
  1265		if copy(m.certificateTypes, data) != numCertTypes {
  1266			return false
  1267		}
  1268	
  1269		data = data[numCertTypes:]
  1270	
  1271		if m.hasSignatureAndHash {
  1272			if len(data) < 2 {
  1273				return false
  1274			}
  1275			sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
  1276			data = data[2:]
  1277			if sigAndHashLen&1 != 0 {
  1278				return false
  1279			}
  1280			if len(data) < int(sigAndHashLen) {
  1281				return false
  1282			}
  1283			numSigAndHash := sigAndHashLen / 2
  1284			m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
  1285			for i := range m.signatureAndHashes {
  1286				m.signatureAndHashes[i].hash = data[0]
  1287				m.signatureAndHashes[i].signature = data[1]
  1288				data = data[2:]
  1289			}
  1290		}
  1291	
  1292		if len(data) < 2 {
  1293			return false
  1294		}
  1295		casLength := uint16(data[0])<<8 | uint16(data[1])
  1296		data = data[2:]
  1297		if len(data) < int(casLength) {
  1298			return false
  1299		}
  1300		cas := make([]byte, casLength)
  1301		copy(cas, data)
  1302		data = data[casLength:]
  1303	
  1304		m.certificateAuthorities = nil
  1305		for len(cas) > 0 {
  1306			if len(cas) < 2 {
  1307				return false
  1308			}
  1309			caLen := uint16(cas[0])<<8 | uint16(cas[1])
  1310			cas = cas[2:]
  1311	
  1312			if len(cas) < int(caLen) {
  1313				return false
  1314			}
  1315	
  1316			m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
  1317			cas = cas[caLen:]
  1318		}
  1319		if len(data) > 0 {
  1320			return false
  1321		}
  1322	
  1323		return true
  1324	}
  1325	
  1326	type certificateVerifyMsg struct {
  1327		raw                 []byte
  1328		hasSignatureAndHash bool
  1329		signatureAndHash    signatureAndHash
  1330		signature           []byte
  1331	}
  1332	
  1333	func (m *certificateVerifyMsg) equal(i interface{}) bool {
  1334		m1, ok := i.(*certificateVerifyMsg)
  1335		if !ok {
  1336			return false
  1337		}
  1338	
  1339		return bytes.Equal(m.raw, m1.raw) &&
  1340			m.hasSignatureAndHash == m1.hasSignatureAndHash &&
  1341			m.signatureAndHash.hash == m1.signatureAndHash.hash &&
  1342			m.signatureAndHash.signature == m1.signatureAndHash.signature &&
  1343			bytes.Equal(m.signature, m1.signature)
  1344	}
  1345	
  1346	func (m *certificateVerifyMsg) marshal() (x []byte) {
  1347		if m.raw != nil {
  1348			return m.raw
  1349		}
  1350	
  1351		// See http://tools.ietf.org/html/rfc4346#section-7.4.8
  1352		siglength := len(m.signature)
  1353		length := 2 + siglength
  1354		if m.hasSignatureAndHash {
  1355			length += 2
  1356		}
  1357		x = make([]byte, 4+length)
  1358		x[0] = typeCertificateVerify
  1359		x[1] = uint8(length >> 16)
  1360		x[2] = uint8(length >> 8)
  1361		x[3] = uint8(length)
  1362		y := x[4:]
  1363		if m.hasSignatureAndHash {
  1364			y[0] = m.signatureAndHash.hash
  1365			y[1] = m.signatureAndHash.signature
  1366			y = y[2:]
  1367		}
  1368		y[0] = uint8(siglength >> 8)
  1369		y[1] = uint8(siglength)
  1370		copy(y[2:], m.signature)
  1371	
  1372		m.raw = x
  1373	
  1374		return
  1375	}
  1376	
  1377	func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
  1378		m.raw = data
  1379	
  1380		if len(data) < 6 {
  1381			return false
  1382		}
  1383	
  1384		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1385		if uint32(len(data))-4 != length {
  1386			return false
  1387		}
  1388	
  1389		data = data[4:]
  1390		if m.hasSignatureAndHash {
  1391			m.signatureAndHash.hash = data[0]
  1392			m.signatureAndHash.signature = data[1]
  1393			data = data[2:]
  1394		}
  1395	
  1396		if len(data) < 2 {
  1397			return false
  1398		}
  1399		siglength := int(data[0])<<8 + int(data[1])
  1400		data = data[2:]
  1401		if len(data) != siglength {
  1402			return false
  1403		}
  1404	
  1405		m.signature = data
  1406	
  1407		return true
  1408	}
  1409	
  1410	type newSessionTicketMsg struct {
  1411		raw    []byte
  1412		ticket []byte
  1413	}
  1414	
  1415	func (m *newSessionTicketMsg) equal(i interface{}) bool {
  1416		m1, ok := i.(*newSessionTicketMsg)
  1417		if !ok {
  1418			return false
  1419		}
  1420	
  1421		return bytes.Equal(m.raw, m1.raw) &&
  1422			bytes.Equal(m.ticket, m1.ticket)
  1423	}
  1424	
  1425	func (m *newSessionTicketMsg) marshal() (x []byte) {
  1426		if m.raw != nil {
  1427			return m.raw
  1428		}
  1429	
  1430		// See http://tools.ietf.org/html/rfc5077#section-3.3
  1431		ticketLen := len(m.ticket)
  1432		length := 2 + 4 + ticketLen
  1433		x = make([]byte, 4+length)
  1434		x[0] = typeNewSessionTicket
  1435		x[1] = uint8(length >> 16)
  1436		x[2] = uint8(length >> 8)
  1437		x[3] = uint8(length)
  1438		x[8] = uint8(ticketLen >> 8)
  1439		x[9] = uint8(ticketLen)
  1440		copy(x[10:], m.ticket)
  1441	
  1442		m.raw = x
  1443	
  1444		return
  1445	}
  1446	
  1447	func (m *newSessionTicketMsg) unmarshal(data []byte) bool {
  1448		m.raw = data
  1449	
  1450		if len(data) < 10 {
  1451			return false
  1452		}
  1453	
  1454		length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
  1455		if uint32(len(data))-4 != length {
  1456			return false
  1457		}
  1458	
  1459		ticketLen := int(data[8])<<8 + int(data[9])
  1460		if len(data)-10 != ticketLen {
  1461			return false
  1462		}
  1463	
  1464		m.ticket = data[10:]
  1465	
  1466		return true
  1467	}
  1468	
  1469	func eqUint16s(x, y []uint16) bool {
  1470		if len(x) != len(y) {
  1471			return false
  1472		}
  1473		for i, v := range x {
  1474			if y[i] != v {
  1475				return false
  1476			}
  1477		}
  1478		return true
  1479	}
  1480	
  1481	func eqCurveIDs(x, y []CurveID) bool {
  1482		if len(x) != len(y) {
  1483			return false
  1484		}
  1485		for i, v := range x {
  1486			if y[i] != v {
  1487				return false
  1488			}
  1489		}
  1490		return true
  1491	}
  1492	
  1493	func eqStrings(x, y []string) bool {
  1494		if len(x) != len(y) {
  1495			return false
  1496		}
  1497		for i, v := range x {
  1498			if y[i] != v {
  1499				return false
  1500			}
  1501		}
  1502		return true
  1503	}
  1504	
  1505	func eqByteSlices(x, y [][]byte) bool {
  1506		if len(x) != len(y) {
  1507			return false
  1508		}
  1509		for i, v := range x {
  1510			if !bytes.Equal(v, y[i]) {
  1511				return false
  1512			}
  1513		}
  1514		return true
  1515	}
  1516	
  1517	func eqSignatureAndHashes(x, y []signatureAndHash) bool {
  1518		if len(x) != len(y) {
  1519			return false
  1520		}
  1521		for i, v := range x {
  1522			v2 := y[i]
  1523			if v.hash != v2.hash || v.signature != v2.signature {
  1524				return false
  1525			}
  1526		}
  1527		return true
  1528	}
  1529	

View as plain text