MCPcopy
hub / github.com/XTLS/REALITY / handshake

Method handshake

handshake_server_tls13.go:88–199  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

86}
87
88func (hs *serverHandshakeStateTLS13) handshake() error {
89 c := hs.c
90 if c.config.Show {
91 remoteAddr := c.RemoteAddr().String()
92 fmt.Printf("REALITY remoteAddr: %v\tis using X25519MLKEM768 for TLS' communication: %v\n", remoteAddr, hs.hello.serverShare.group == X25519MLKEM768)
93 fmt.Printf("REALITY remoteAddr: %v\tis using ML-DSA-65 for cert's extra signature: %v\n", remoteAddr, len(c.config.Mldsa65Key) > 0)
94 }
95 // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2.
96 /*
97 if err := hs.processClientHello(); err != nil {
98 return err
99 }
100 */
101 {
102 hs.suite = cipherSuiteTLS13ByID(hs.hello.cipherSuite)
103 c.cipherSuite = hs.suite.id
104 hs.transcript = hs.suite.hash.New()
105
106 var peerData []byte
107 for _, keyShare := range hs.clientHello.keyShares {
108 if keyShare.group == hs.hello.serverShare.group {
109 peerData = keyShare.data
110 break
111 }
112 }
113
114 var peerPub = peerData
115 if hs.hello.serverShare.group == X25519MLKEM768 {
116 peerPub = peerData[mlkem.EncapsulationKeySize768:]
117 }
118
119 key, _ := generateECDHEKey(c.config.rand(), X25519)
120 copy(hs.hello.serverShare.data, key.PublicKey().Bytes())
121 peerKey, _ := key.Curve().NewPublicKey(peerPub)
122 hs.sharedKey, _ = key.ECDH(peerKey)
123
124 if hs.hello.serverShare.group == X25519MLKEM768 {
125 k, _ := mlkem.NewEncapsulationKey768(peerData[:mlkem.EncapsulationKeySize768])
126 mlkemSharedSecret, ciphertext := k.Encapsulate()
127 hs.sharedKey = append(mlkemSharedSecret, hs.sharedKey...)
128 copy(hs.hello.serverShare.data, append(ciphertext, hs.hello.serverShare.data[:32]...))
129 }
130
131 c.serverName = hs.clientHello.serverName
132 }
133 /*
134 if err := hs.checkForResumption(); err != nil {
135 return err
136 }
137 if err := hs.pickCertificate(); err != nil {
138 return err
139 }
140 */
141 {
142 var cert []byte
143 if len(c.config.Mldsa65Key) > 0 {
144 cert = bytes.Clone(signedCertMldsa65)
145 } else {

Callers 1

ServerFunction · 0.95

Calls 15

sendServerParametersMethod · 0.95
sendServerCertificateMethod · 0.95
sendServerFinishedMethod · 0.95
readClientCertificateMethod · 0.95
readClientFinishedMethod · 0.95
cipherSuiteTLS13ByIDFunction · 0.85
generateECDHEKeyFunction · 0.85
RemoteAddrMethod · 0.80
randMethod · 0.80
BytesMethod · 0.80
CloneMethod · 0.80
writeRecordMethod · 0.80

Tested by

no test coverage detected