(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg)
| 274 | } |
| 275 | |
| 276 | func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { |
| 277 | if len(skx.key) < 4 { |
| 278 | return errServerKeyExchange |
| 279 | } |
| 280 | if skx.key[0] != 3 { // named curve |
| 281 | return errors.New("tls: server selected unsupported curve") |
| 282 | } |
| 283 | curveID := CurveID(skx.key[1])<<8 | CurveID(skx.key[2]) |
| 284 | |
| 285 | publicLen := int(skx.key[3]) |
| 286 | if publicLen+4 > len(skx.key) { |
| 287 | return errServerKeyExchange |
| 288 | } |
| 289 | serverECDHEParams := skx.key[:4+publicLen] |
| 290 | publicKey := serverECDHEParams[4:] |
| 291 | |
| 292 | sig := skx.key[4+publicLen:] |
| 293 | if len(sig) < 2 { |
| 294 | return errServerKeyExchange |
| 295 | } |
| 296 | |
| 297 | if !slices.Contains(clientHello.supportedCurves, curveID) { |
| 298 | return errors.New("tls: server selected unoffered curve") |
| 299 | } |
| 300 | |
| 301 | if _, ok := curveForCurveID(curveID); !ok { |
| 302 | return errors.New("tls: server selected unsupported curve") |
| 303 | } |
| 304 | |
| 305 | key, err := generateECDHEKey(config.rand(), curveID) |
| 306 | if err != nil { |
| 307 | return err |
| 308 | } |
| 309 | ka.key = key |
| 310 | |
| 311 | peerKey, err := key.Curve().NewPublicKey(publicKey) |
| 312 | if err != nil { |
| 313 | return errServerKeyExchange |
| 314 | } |
| 315 | ka.preMasterSecret, err = key.ECDH(peerKey) |
| 316 | if err != nil { |
| 317 | return errServerKeyExchange |
| 318 | } |
| 319 | |
| 320 | ourPublicKey := key.PublicKey().Bytes() |
| 321 | ka.ckx = new(clientKeyExchangeMsg) |
| 322 | ka.ckx.ciphertext = make([]byte, 1+len(ourPublicKey)) |
| 323 | ka.ckx.ciphertext[0] = byte(len(ourPublicKey)) |
| 324 | copy(ka.ckx.ciphertext[1:], ourPublicKey) |
| 325 | |
| 326 | var sigType uint8 |
| 327 | var sigHash crypto.Hash |
| 328 | if ka.version >= VersionTLS12 { |
| 329 | signatureAlgorithm := SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1]) |
| 330 | sig = sig[2:] |
| 331 | if len(sig) < 2 { |
| 332 | return errServerKeyExchange |
| 333 | } |
nothing calls this directly
no test coverage detected