(list []EchConfig)
| 164 | } |
| 165 | |
| 166 | func pickECHConfig(list []EchConfig) *EchConfig { |
| 167 | for _, ec := range list { |
| 168 | if _, ok := hpke.SupportedKEMs[ec.KemID]; !ok { |
| 169 | continue |
| 170 | } |
| 171 | var validSCS bool |
| 172 | for _, cs := range ec.SymmetricCipherSuite { |
| 173 | if _, ok := hpke.SupportedAEADs[cs.AEADID]; !ok { |
| 174 | continue |
| 175 | } |
| 176 | if _, ok := hpke.SupportedKDFs[cs.KDFID]; !ok { |
| 177 | continue |
| 178 | } |
| 179 | validSCS = true |
| 180 | break |
| 181 | } |
| 182 | if !validSCS { |
| 183 | continue |
| 184 | } |
| 185 | if !validDNSName(string(ec.PublicName)) { |
| 186 | continue |
| 187 | } |
| 188 | var unsupportedExt bool |
| 189 | for _, ext := range ec.Extensions { |
| 190 | // If high order bit is set to 1 the extension is mandatory. |
| 191 | // Since we don't support any extensions, if we see a mandatory |
| 192 | // bit, we skip the config. |
| 193 | if ext.Type&uint16(1<<15) != 0 { |
| 194 | unsupportedExt = true |
| 195 | } |
| 196 | } |
| 197 | if unsupportedExt { |
| 198 | continue |
| 199 | } |
| 200 | return &ec |
| 201 | } |
| 202 | return nil |
| 203 | } |
| 204 | |
| 205 | func pickECHCipherSuite(suites []EchCipher) (EchCipher, error) { |
| 206 | for _, s := range suites { |
no test coverage detected
searching dependent graphs…