(encrypted []byte, ticketKeys []ticketKey)
| 368 | } |
| 369 | |
| 370 | func (c *Config) decryptTicket(encrypted []byte, ticketKeys []ticketKey) []byte { |
| 371 | if len(encrypted) < aes.BlockSize+sha256.Size { |
| 372 | return nil |
| 373 | } |
| 374 | |
| 375 | iv := encrypted[:aes.BlockSize] |
| 376 | ciphertext := encrypted[aes.BlockSize : len(encrypted)-sha256.Size] |
| 377 | authenticated := encrypted[:len(encrypted)-sha256.Size] |
| 378 | macBytes := encrypted[len(encrypted)-sha256.Size:] |
| 379 | for _, key := range ticketKeys { |
| 380 | mac := hmac.New(sha256.New, key.hmacKey[:]) |
| 381 | mac.Write(authenticated) |
| 382 | expected := mac.Sum(nil) |
| 383 | |
| 384 | if subtle.ConstantTimeCompare(macBytes, expected) != 1 { |
| 385 | continue |
| 386 | } |
| 387 | |
| 388 | block, err := aes.NewCipher(key.aesKey[:]) |
| 389 | if err != nil { |
| 390 | return nil |
| 391 | } |
| 392 | plaintext := make([]byte, len(ciphertext)) |
| 393 | cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext) |
| 394 | |
| 395 | return plaintext |
| 396 | } |
| 397 | |
| 398 | return nil |
| 399 | } |
| 400 | |
| 401 | // ClientSessionState contains the state needed by a client to |
| 402 | // resume a previous TLS session. |
no test coverage detected