MCPcopy
hub / github.com/XTLS/REALITY / sendServerCertificate

Method sendServerCertificate

handshake_server_tls13.go:936–1002  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

934}
935
936func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
937 c := hs.c
938
939 // Only one of PSK and certificates are used at a time.
940 if hs.usingPSK {
941 return nil
942 }
943
944 if hs.requestClientCert() {
945 // Request a client certificate
946 certReq := new(certificateRequestMsgTLS13)
947 certReq.ocspStapling = true
948 certReq.scts = true
949 certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms(c.vers)
950 certReq.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithmsCert()
951 if c.config.ClientCAs != nil {
952 certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
953 }
954
955 if _, err := hs.c.writeHandshakeRecord(certReq, hs.transcript); err != nil {
956 return err
957 }
958 }
959
960 certMsg := new(certificateMsgTLS13)
961
962 certMsg.certificate = *hs.cert
963 certMsg.scts = hs.clientHello.scts && len(hs.cert.SignedCertificateTimestamps) > 0
964 certMsg.ocspStapling = hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0
965
966 if _, err := hs.c.writeHandshakeRecord(certMsg, hs.transcript); err != nil {
967 return err
968 }
969
970 certVerifyMsg := new(certificateVerifyMsg)
971 certVerifyMsg.hasSignatureAlgorithm = true
972 certVerifyMsg.signatureAlgorithm = hs.sigAlg
973
974 sigType, sigHash, err := typeAndHashFromSignatureScheme(hs.sigAlg)
975 if err != nil {
976 return c.sendAlert(alertInternalError)
977 }
978
979 signed := signedMessage(sigHash, serverSignatureContext, hs.transcript)
980 signOpts := crypto.SignerOpts(sigHash)
981 if sigType == signatureRSAPSS {
982 signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
983 }
984 sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts)
985 if err != nil {
986 public := hs.cert.PrivateKey.(crypto.Signer).Public()
987 if rsaKey, ok := public.(*rsa.PublicKey); ok && sigType == signatureRSAPSS &&
988 rsaKey.N.BitLen()/8 < sigHash.Size()*2+2 { // key too small for RSA-PSS
989 c.sendAlert(alertHandshakeFailure)
990 } else {
991 c.sendAlert(alertInternalError)
992 }
993 return errors.New("tls: failed to sign handshake: " + err.Error())

Callers 1

handshakeMethod · 0.95

Calls 10

requestClientCertMethod · 0.95
signedMessageFunction · 0.85
writeHandshakeRecordMethod · 0.80
sendAlertMethod · 0.80
randMethod · 0.80
SizeMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected