| 80 | } |
| 81 | |
| 82 | func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { |
| 83 | preMasterSecret := make([]byte, 48) |
| 84 | preMasterSecret[0] = byte(clientHello.vers >> 8) |
| 85 | preMasterSecret[1] = byte(clientHello.vers) |
| 86 | _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) |
| 87 | if err != nil { |
| 88 | return nil, nil, err |
| 89 | } |
| 90 | |
| 91 | rsaKey, ok := cert.PublicKey.(*rsa.PublicKey) |
| 92 | if !ok { |
| 93 | return nil, nil, errors.New("tls: server certificate contains incorrect key type for selected ciphersuite") |
| 94 | } |
| 95 | encrypted, err := rsa.EncryptPKCS1v15(config.rand(), rsaKey, preMasterSecret) |
| 96 | if err != nil { |
| 97 | return nil, nil, err |
| 98 | } |
| 99 | ckx := new(clientKeyExchangeMsg) |
| 100 | ckx.ciphertext = make([]byte, len(encrypted)+2) |
| 101 | ckx.ciphertext[0] = byte(len(encrypted) >> 8) |
| 102 | ckx.ciphertext[1] = byte(len(encrypted)) |
| 103 | copy(ckx.ciphertext[2:], encrypted) |
| 104 | return preMasterSecret, ckx, nil |
| 105 | } |
| 106 | |
| 107 | // sha1Hash calculates a SHA1 hash over the given byte slices. |
| 108 | func sha1Hash(slices [][]byte) []byte { |