MCPcopy
hub / github.com/XTLS/REALITY / processServerKeyExchange

Method processServerKeyExchange

key_agreement.go:276–363  ·  view source on GitHub ↗
(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg)

Source from the content-addressed store, hash-verified

274}
275
276func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
277 if len(skx.key) < 4 {
278 return errServerKeyExchange
279 }
280 if skx.key[0] != 3 { // named curve
281 return errors.New("tls: server selected unsupported curve")
282 }
283 curveID := CurveID(skx.key[1])<<8 | CurveID(skx.key[2])
284
285 publicLen := int(skx.key[3])
286 if publicLen+4 > len(skx.key) {
287 return errServerKeyExchange
288 }
289 serverECDHEParams := skx.key[:4+publicLen]
290 publicKey := serverECDHEParams[4:]
291
292 sig := skx.key[4+publicLen:]
293 if len(sig) < 2 {
294 return errServerKeyExchange
295 }
296
297 if !slices.Contains(clientHello.supportedCurves, curveID) {
298 return errors.New("tls: server selected unoffered curve")
299 }
300
301 if _, ok := curveForCurveID(curveID); !ok {
302 return errors.New("tls: server selected unsupported curve")
303 }
304
305 key, err := generateECDHEKey(config.rand(), curveID)
306 if err != nil {
307 return err
308 }
309 ka.key = key
310
311 peerKey, err := key.Curve().NewPublicKey(publicKey)
312 if err != nil {
313 return errServerKeyExchange
314 }
315 ka.preMasterSecret, err = key.ECDH(peerKey)
316 if err != nil {
317 return errServerKeyExchange
318 }
319
320 ourPublicKey := key.PublicKey().Bytes()
321 ka.ckx = new(clientKeyExchangeMsg)
322 ka.ckx.ciphertext = make([]byte, 1+len(ourPublicKey))
323 ka.ckx.ciphertext[0] = byte(len(ourPublicKey))
324 copy(ka.ckx.ciphertext[1:], ourPublicKey)
325
326 var sigType uint8
327 var sigHash crypto.Hash
328 if ka.version >= VersionTLS12 {
329 signatureAlgorithm := SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
330 sig = sig[2:]
331 if len(sig) < 2 {
332 return errServerKeyExchange
333 }

Callers

nothing calls this directly

Calls 12

CurveIDTypeAlias · 0.85
curveForCurveIDFunction · 0.85
generateECDHEKeyFunction · 0.85
SignatureSchemeTypeAlias · 0.85
hashForServerKeyExchangeFunction · 0.85
verifyHandshakeSignatureFunction · 0.85
randMethod · 0.80
BytesMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected