()
| 285 | } |
| 286 | |
| 287 | func (hs *clientHandshakeStateTLS13) processServerHello() error { |
| 288 | c := hs.c |
| 289 | |
| 290 | if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) { |
| 291 | c.sendAlert(alertUnexpectedMessage) |
| 292 | return errors.New("tls: server sent two HelloRetryRequest messages") |
| 293 | } |
| 294 | |
| 295 | if len(hs.serverHello.cookie) != 0 { |
| 296 | c.sendAlert(alertUnsupportedExtension) |
| 297 | return errors.New("tls: server sent a cookie in a normal ServerHello") |
| 298 | } |
| 299 | |
| 300 | if hs.serverHello.selectedGroup != 0 { |
| 301 | c.sendAlert(alertDecodeError) |
| 302 | return errors.New("tls: malformed key_share extension") |
| 303 | } |
| 304 | |
| 305 | if hs.serverHello.serverShare.group == 0 { |
| 306 | c.sendAlert(alertIllegalParameter) |
| 307 | return errors.New("tls: server did not send a key share") |
| 308 | } |
| 309 | if hs.serverHello.serverShare.group != hs.ecdheParams.CurveID() { |
| 310 | c.sendAlert(alertIllegalParameter) |
| 311 | return errors.New("tls: server selected unsupported group") |
| 312 | } |
| 313 | |
| 314 | if !hs.serverHello.selectedIdentityPresent { |
| 315 | return nil |
| 316 | } |
| 317 | |
| 318 | if int(hs.serverHello.selectedIdentity) >= len(hs.hello.pskIdentities) { |
| 319 | c.sendAlert(alertIllegalParameter) |
| 320 | return errors.New("tls: server selected an invalid PSK") |
| 321 | } |
| 322 | |
| 323 | if len(hs.hello.pskIdentities) != 1 || hs.session == nil { |
| 324 | return c.sendAlert(alertInternalError) |
| 325 | } |
| 326 | pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite) |
| 327 | if pskSuite == nil { |
| 328 | return c.sendAlert(alertInternalError) |
| 329 | } |
| 330 | if pskSuite.hash != hs.suite.hash { |
| 331 | c.sendAlert(alertIllegalParameter) |
| 332 | return errors.New("tls: server selected an invalid PSK and cipher suite pair") |
| 333 | } |
| 334 | |
| 335 | hs.usingPSK = true |
| 336 | c.didResume = true |
| 337 | c.peerCertificates = hs.session.serverCertificates |
| 338 | c.verifiedChains = hs.session.verifiedChains |
| 339 | c.ocspResponse = hs.session.ocspResponse |
| 340 | c.scts = hs.session.scts |
| 341 | return nil |
| 342 | } |
| 343 | |
| 344 | func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error { |
no test coverage detected