MCPcopy
hub / github.com/XTLS/REALITY / readServerFinished

Method readServerFinished

handshake_client_tls13.go:705–752  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

703}
704
705func (hs *clientHandshakeStateTLS13) readServerFinished() error {
706 c := hs.c
707
708 // finishedMsg is included in the transcript, but not until after we
709 // check the client version, since the state before this message was
710 // sent is used during verification.
711 msg, err := c.readHandshake(nil)
712 if err != nil {
713 return err
714 }
715
716 finished, ok := msg.(*finishedMsg)
717 if !ok {
718 c.sendAlert(alertUnexpectedMessage)
719 return unexpectedMessageError(finished, msg)
720 }
721
722 expectedMAC := hs.suite.finishedHash(c.in.trafficSecret, hs.transcript)
723 if !hmac.Equal(expectedMAC, finished.verifyData) {
724 c.sendAlert(alertDecryptError)
725 return errors.New("tls: invalid server finished hash")
726 }
727
728 if err := transcriptMsg(finished, hs.transcript); err != nil {
729 return err
730 }
731
732 // Derive secrets that take context through the server Finished.
733
734 hs.trafficSecret = hs.masterSecret.ClientApplicationTrafficSecret(hs.transcript)
735 serverSecret := hs.masterSecret.ServerApplicationTrafficSecret(hs.transcript)
736 c.in.setTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret)
737
738 err = c.config.writeKeyLog(keyLogLabelClientTraffic, hs.hello.random, hs.trafficSecret)
739 if err != nil {
740 c.sendAlert(alertInternalError)
741 return err
742 }
743 err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.hello.random, serverSecret)
744 if err != nil {
745 c.sendAlert(alertInternalError)
746 return err
747 }
748
749 c.ekm = hs.suite.exportKeyingMaterial(hs.masterSecret, hs.transcript)
750
751 return nil
752}
753
754func (hs *clientHandshakeStateTLS13) sendClientCertificate() error {
755 c := hs.c

Callers 1

handshakeMethod · 0.95

Calls 10

unexpectedMessageErrorFunction · 0.85
transcriptMsgFunction · 0.85
readHandshakeMethod · 0.80
sendAlertMethod · 0.80
finishedHashMethod · 0.80
setTrafficSecretMethod · 0.80
writeKeyLogMethod · 0.80
exportKeyingMaterialMethod · 0.80

Tested by

no test coverage detected