(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg)
| 268 | } |
| 269 | |
| 270 | func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { |
| 271 | if len(skx.key) < 4 { |
| 272 | return errServerKeyExchange |
| 273 | } |
| 274 | if skx.key[0] != 3 { // named curve |
| 275 | return errors.New("tls: server selected unsupported curve") |
| 276 | } |
| 277 | curveID := CurveID(skx.key[1])<<8 | CurveID(skx.key[2]) |
| 278 | |
| 279 | publicLen := int(skx.key[3]) |
| 280 | if publicLen+4 > len(skx.key) { |
| 281 | return errServerKeyExchange |
| 282 | } |
| 283 | serverECDHEParams := skx.key[:4+publicLen] |
| 284 | publicKey := serverECDHEParams[4:] |
| 285 | |
| 286 | sig := skx.key[4+publicLen:] |
| 287 | if len(sig) < 2 { |
| 288 | return errServerKeyExchange |
| 289 | } |
| 290 | |
| 291 | if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok { |
| 292 | return errors.New("tls: server selected unsupported curve") |
| 293 | } |
| 294 | |
| 295 | params, err := generateECDHEParameters(config.rand(), curveID) |
| 296 | if err != nil { |
| 297 | return err |
| 298 | } |
| 299 | ka.params = params |
| 300 | |
| 301 | ka.preMasterSecret = params.SharedKey(publicKey) |
| 302 | if ka.preMasterSecret == nil { |
| 303 | return errServerKeyExchange |
| 304 | } |
| 305 | |
| 306 | ourPublicKey := params.PublicKey() |
| 307 | ka.ckx = new(clientKeyExchangeMsg) |
| 308 | ka.ckx.ciphertext = make([]byte, 1+len(ourPublicKey)) |
| 309 | ka.ckx.ciphertext[0] = byte(len(ourPublicKey)) |
| 310 | copy(ka.ckx.ciphertext[1:], ourPublicKey) |
| 311 | |
| 312 | var sigType uint8 |
| 313 | var sigHash crypto.Hash |
| 314 | if ka.version >= VersionTLS12 { |
| 315 | signatureAlgorithm := SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1]) |
| 316 | sig = sig[2:] |
| 317 | if len(sig) < 2 { |
| 318 | return errServerKeyExchange |
| 319 | } |
| 320 | |
| 321 | if !isSupportedSignatureAlgorithm(signatureAlgorithm, clientHello.supportedSignatureAlgorithms) { |
| 322 | return errors.New("tls: certificate used with invalid signature algorithm") |
| 323 | } |
| 324 | sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm) |
| 325 | if err != nil { |
| 326 | return err |
| 327 | } |
nothing calls this directly
no test coverage detected