()
| 414 | } |
| 415 | |
| 416 | func (hs *clientHandshakeStateTLS13) processServerHello() error { |
| 417 | c := hs.c |
| 418 | |
| 419 | if bytes.Equal(hs.serverHello.random, helloRetryRequestRandom) { |
| 420 | c.sendAlert(alertUnexpectedMessage) |
| 421 | return errors.New("tls: server sent two HelloRetryRequest messages") |
| 422 | } |
| 423 | |
| 424 | if len(hs.serverHello.cookie) != 0 { |
| 425 | c.sendAlert(alertUnsupportedExtension) |
| 426 | return errors.New("tls: server sent a cookie in a normal ServerHello") |
| 427 | } |
| 428 | |
| 429 | if hs.serverHello.selectedGroup != 0 { |
| 430 | c.sendAlert(alertDecodeError) |
| 431 | return errors.New("tls: malformed key_share extension") |
| 432 | } |
| 433 | |
| 434 | if hs.serverHello.serverShare.group == 0 { |
| 435 | c.sendAlert(alertIllegalParameter) |
| 436 | return errors.New("tls: server did not send a key share") |
| 437 | } |
| 438 | if !slices.ContainsFunc(hs.hello.keyShares, func(ks keyShare) bool { |
| 439 | return ks.group == hs.serverHello.serverShare.group |
| 440 | }) { |
| 441 | c.sendAlert(alertIllegalParameter) |
| 442 | return errors.New("tls: server selected unsupported group") |
| 443 | } |
| 444 | |
| 445 | if !hs.serverHello.selectedIdentityPresent { |
| 446 | return nil |
| 447 | } |
| 448 | |
| 449 | if int(hs.serverHello.selectedIdentity) >= len(hs.hello.pskIdentities) { |
| 450 | c.sendAlert(alertIllegalParameter) |
| 451 | return errors.New("tls: server selected an invalid PSK") |
| 452 | } |
| 453 | |
| 454 | if len(hs.hello.pskIdentities) != 1 || hs.session == nil { |
| 455 | return c.sendAlert(alertInternalError) |
| 456 | } |
| 457 | pskSuite := cipherSuiteTLS13ByID(hs.session.cipherSuite) |
| 458 | if pskSuite == nil { |
| 459 | return c.sendAlert(alertInternalError) |
| 460 | } |
| 461 | if pskSuite.hash != hs.suite.hash { |
| 462 | c.sendAlert(alertIllegalParameter) |
| 463 | return errors.New("tls: server selected an invalid PSK and cipher suite pair") |
| 464 | } |
| 465 | |
| 466 | hs.usingPSK = true |
| 467 | c.didResume = true |
| 468 | c.peerCertificates = hs.session.peerCertificates |
| 469 | c.verifiedChains = hs.session.verifiedChains |
| 470 | c.ocspResponse = hs.session.ocspResponse |
| 471 | c.scts = hs.session.scts |
| 472 | return nil |
| 473 | } |
no test coverage detected