Does the handshake, either a full one or resumes old session. Requires hs.c, hs.hello, and, optionally, hs.session to be set.
()
| 65 | // Does the handshake, either a full one or resumes old session. |
| 66 | // Requires hs.c, hs.hello, and, optionally, hs.session to be set. |
| 67 | func (hs *clientHandshakeStateGM) handshake() error { |
| 68 | c := hs.c |
| 69 | |
| 70 | // send ClientHello |
| 71 | if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { |
| 72 | return err |
| 73 | } |
| 74 | |
| 75 | msg, err := c.readHandshake() |
| 76 | if err != nil { |
| 77 | return err |
| 78 | } |
| 79 | |
| 80 | var ok bool |
| 81 | if hs.serverHello, ok = msg.(*serverHelloMsg); !ok { |
| 82 | c.sendAlert(alertUnexpectedMessage) |
| 83 | return unexpectedMessageError(hs.serverHello, msg) |
| 84 | } |
| 85 | |
| 86 | if hs.serverHello.vers != VersionGMSSL { |
| 87 | hs.c.sendAlert(alertProtocolVersion) |
| 88 | return fmt.Errorf("tls: server selected unsupported protocol version %x, while expecting %x", hs.serverHello.vers, VersionGMSSL) |
| 89 | } |
| 90 | |
| 91 | if err = hs.pickCipherSuite(); err != nil { |
| 92 | return err |
| 93 | } |
| 94 | |
| 95 | isResume, err := hs.processServerHello() |
| 96 | if err != nil { |
| 97 | return err |
| 98 | } |
| 99 | |
| 100 | hs.finishedHash = newFinishedHashGM(hs.suite) |
| 101 | |
| 102 | // No signatures of the handshake are needed in a resumption. |
| 103 | // Otherwise, in a full handshake, if we don't have any certificates |
| 104 | // configured then we will never send a CertificateVerify message and |
| 105 | // thus no signatures are needed in that case either. |
| 106 | if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) { |
| 107 | hs.finishedHash.discardHandshakeBuffer() |
| 108 | } |
| 109 | |
| 110 | hs.finishedHash.Write(hs.hello.marshal()) |
| 111 | hs.finishedHash.Write(hs.serverHello.marshal()) |
| 112 | |
| 113 | c.buffering = true |
| 114 | if isResume { |
| 115 | if err := hs.establishKeys(); err != nil { |
| 116 | return err |
| 117 | } |
| 118 | if err := hs.readSessionTicket(); err != nil { |
| 119 | return err |
| 120 | } |
| 121 | if err := hs.readFinished(c.serverFinished[:]); err != nil { |
| 122 | return err |
| 123 | } |
| 124 | c.clientFinishedIsFirst = false |
nothing calls this directly
no test coverage detected