MCPcopy
hub / github.com/XTLS/REALITY / processClientKeyExchange

Method processClientKeyExchange

key_agreement.go:50–76  ·  view source on GitHub ↗
(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16)

Source from the content-addressed store, hash-verified

48}
49
50func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
51 if len(ckx.ciphertext) < 2 {
52 return nil, errClientKeyExchange
53 }
54 ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1])
55 if ciphertextLen != len(ckx.ciphertext)-2 {
56 return nil, errClientKeyExchange
57 }
58 ciphertext := ckx.ciphertext[2:]
59
60 priv, ok := cert.PrivateKey.(crypto.Decrypter)
61 if !ok {
62 return nil, errors.New("tls: certificate private key does not implement crypto.Decrypter")
63 }
64 // Perform constant time RSA PKCS #1 v1.5 decryption
65 preMasterSecret, err := priv.Decrypt(config.rand(), ciphertext, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: 48})
66 if err != nil {
67 return nil, err
68 }
69 // We don't check the version number in the premaster secret. For one,
70 // by checking it, we would leak information about the validity of the
71 // encrypted pre-master secret. Secondly, it provides only a small
72 // benefit against a downgrade attack and some implementations send the
73 // wrong version anyway. See the discussion at the end of section
74 // 7.4.7.1 of RFC 4346.
75 return preMasterSecret, nil
76}
77
78func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
79 return errors.New("tls: unexpected ServerKeyExchange")

Callers

nothing calls this directly

Calls 1

randMethod · 0.80

Tested by

no test coverage detected