MCPcopy
hub / github.com/XTLS/REALITY / processServerHello

Method processServerHello

handshake_client_tls13.go:416–473  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

414}
415
416func (hs *clientHandshakeStateTLS13) processServerHello() error {
417 c := hs.c
418
419 if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) {
420 c.sendAlert(alertUnexpectedMessage)
421 return errors.New("tls: server sent two HelloRetryRequest messages")
422 }
423
424 if len(hs.serverHello.cookie) != 0 {
425 c.sendAlert(alertUnsupportedExtension)
426 return errors.New("tls: server sent a cookie in a normal ServerHello")
427 }
428
429 if hs.serverHello.selectedGroup != 0 {
430 c.sendAlert(alertDecodeError)
431 return errors.New("tls: malformed key_share extension")
432 }
433
434 if hs.serverHello.serverShare.group == 0 {
435 c.sendAlert(alertIllegalParameter)
436 return errors.New("tls: server did not send a key share")
437 }
438 if !slices.ContainsFunc(hs.hello.keyShares, func(ks keyShare) bool {
439 return ks.group == hs.serverHello.serverShare.group
440 }) {
441 c.sendAlert(alertIllegalParameter)
442 return errors.New("tls: server selected unsupported group")
443 }
444
445 if !hs.serverHello.selectedIdentityPresent {
446 return nil
447 }
448
449 if int(hs.serverHello.selectedIdentity) >= len(hs.hello.pskIdentities) {
450 c.sendAlert(alertIllegalParameter)
451 return errors.New("tls: server selected an invalid PSK")
452 }
453
454 if len(hs.hello.pskIdentities) != 1 || hs.session == nil {
455 return c.sendAlert(alertInternalError)
456 }
457 pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite)
458 if pskSuite == nil {
459 return c.sendAlert(alertInternalError)
460 }
461 if pskSuite.hash != hs.suite.hash {
462 c.sendAlert(alertIllegalParameter)
463 return errors.New("tls: server selected an invalid PSK and cipher suite pair")
464 }
465
466 hs.usingPSK = true
467 c.didResume = true
468 c.peerCertificates = hs.session.peerCertificates
469 c.verifiedChains = hs.session.verifiedChains
470 c.ocspResponse = hs.session.ocspResponse
471 c.scts = hs.session.scts
472 return nil
473}

Callers 1

handshakeMethod · 0.95

Calls 2

cipherSuiteTLS13ByIDFunction · 0.85
sendAlertMethod · 0.80

Tested by

no test coverage detected