Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 35a7a4492ddc6082e1b0e71252f35701f8aa848a / . / ssl / test / runner / handshake_messages.go
blob: edb45d83cdf3f093ce9c69a47de2f0188a98765e [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1// Copyright 2009 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package main
6
7import "bytes"
8
9type clientHelloMsg struct {
10 raw []byte
11 vers uint16
12 random []byte
13 sessionId []byte
14 cipherSuites []uint16
15 compressionMethods []uint8
16 nextProtoNeg bool
17 serverName string
18 ocspStapling bool
19 supportedCurves []CurveID
20 supportedPoints []uint8
21 ticketSupported bool
22 sessionTicket []uint8
23 signatureAndHashes []signatureAndHash
24 secureRenegotiation bool
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]25 duplicateExtension bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]26}
27
28func (m *clientHelloMsg) equal(i interface{}) bool {
29 m1, ok := i.(*clientHelloMsg)
30 if !ok {
31 return false
32 }
33
34 return bytes.Equal(m.raw, m1.raw) &&
35 m.vers == m1.vers &&
36 bytes.Equal(m.random, m1.random) &&
37 bytes.Equal(m.sessionId, m1.sessionId) &&
38 eqUint16s(m.cipherSuites, m1.cipherSuites) &&
39 bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
40 m.nextProtoNeg == m1.nextProtoNeg &&
41 m.serverName == m1.serverName &&
42 m.ocspStapling == m1.ocspStapling &&
43 eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
44 bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
45 m.ticketSupported == m1.ticketSupported &&
46 bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
47 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
48 m.secureRenegotiation == m1.secureRenegotiation
49}
50
51func (m *clientHelloMsg) marshal() []byte {
52 if m.raw != nil {
53 return m.raw
54 }
55
56 length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
57 numExtensions := 0
58 extensionsLength := 0
59 if m.nextProtoNeg {
60 numExtensions++
61 }
62 if m.ocspStapling {
63 extensionsLength += 1 + 2 + 2
64 numExtensions++
65 }
66 if len(m.serverName) > 0 {
67 extensionsLength += 5 + len(m.serverName)
68 numExtensions++
69 }
70 if len(m.supportedCurves) > 0 {
71 extensionsLength += 2 + 2*len(m.supportedCurves)
72 numExtensions++
73 }
74 if len(m.supportedPoints) > 0 {
75 extensionsLength += 1 + len(m.supportedPoints)
76 numExtensions++
77 }
78 if m.ticketSupported {
79 extensionsLength += len(m.sessionTicket)
80 numExtensions++
81 }
82 if len(m.signatureAndHashes) > 0 {
83 extensionsLength += 2 + 2*len(m.signatureAndHashes)
84 numExtensions++
85 }
86 if m.secureRenegotiation {
87 extensionsLength += 1
88 numExtensions++
89 }
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]90 if m.duplicateExtension {
91 numExtensions += 2
92 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]93 if numExtensions > 0 {
94 extensionsLength += 4 * numExtensions
95 length += 2 + extensionsLength
96 }
97
98 x := make([]byte, 4+length)
99 x[0] = typeClientHello
100 x[1] = uint8(length >> 16)
101 x[2] = uint8(length >> 8)
102 x[3] = uint8(length)
103 x[4] = uint8(m.vers >> 8)
104 x[5] = uint8(m.vers)
105 copy(x[6:38], m.random)
106 x[38] = uint8(len(m.sessionId))
107 copy(x[39:39+len(m.sessionId)], m.sessionId)
108 y := x[39+len(m.sessionId):]
109 y[0] = uint8(len(m.cipherSuites) >> 7)
110 y[1] = uint8(len(m.cipherSuites) << 1)
111 for i, suite := range m.cipherSuites {
112 y[2+i*2] = uint8(suite >> 8)
113 y[3+i*2] = uint8(suite)
114 }
115 z := y[2+len(m.cipherSuites)*2:]
116 z[0] = uint8(len(m.compressionMethods))
117 copy(z[1:], m.compressionMethods)
118
119 z = z[1+len(m.compressionMethods):]
120 if numExtensions > 0 {
121 z[0] = byte(extensionsLength >> 8)
122 z[1] = byte(extensionsLength)
123 z = z[2:]
124 }
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]125 if m.duplicateExtension {
126 // Add a duplicate bogus extension at the beginning and end.
127 z[0] = 0xff
128 z[1] = 0xff
129 z = z[4:]
130 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]131 if m.nextProtoNeg {
132 z[0] = byte(extensionNextProtoNeg >> 8)
133 z[1] = byte(extensionNextProtoNeg & 0xff)
134 // The length is always 0
135 z = z[4:]
136 }
137 if len(m.serverName) > 0 {
138 z[0] = byte(extensionServerName >> 8)
139 z[1] = byte(extensionServerName & 0xff)
140 l := len(m.serverName) + 5
141 z[2] = byte(l >> 8)
142 z[3] = byte(l)
143 z = z[4:]
144
145 // RFC 3546, section 3.1
146 //
147 // struct {
148 // NameType name_type;
149 // select (name_type) {
150 // case host_name: HostName;
151 // } name;
152 // } ServerName;
153 //
154 // enum {
155 // host_name(0), (255)
156 // } NameType;
157 //
158 // opaque HostName<1..2^16-1>;
159 //
160 // struct {
161 // ServerName server_name_list<1..2^16-1>
162 // } ServerNameList;
163
164 z[0] = byte((len(m.serverName) + 3) >> 8)
165 z[1] = byte(len(m.serverName) + 3)
166 z[3] = byte(len(m.serverName) >> 8)
167 z[4] = byte(len(m.serverName))
168 copy(z[5:], []byte(m.serverName))
169 z = z[l:]
170 }
171 if m.ocspStapling {
172 // RFC 4366, section 3.6
173 z[0] = byte(extensionStatusRequest >> 8)
174 z[1] = byte(extensionStatusRequest)
175 z[2] = 0
176 z[3] = 5
177 z[4] = 1 // OCSP type
178 // Two zero valued uint16s for the two lengths.
179 z = z[9:]
180 }
181 if len(m.supportedCurves) > 0 {
182 // http://tools.ietf.org/html/rfc4492#section-5.5.1
183 z[0] = byte(extensionSupportedCurves >> 8)
184 z[1] = byte(extensionSupportedCurves)
185 l := 2 + 2*len(m.supportedCurves)
186 z[2] = byte(l >> 8)
187 z[3] = byte(l)
188 l -= 2
189 z[4] = byte(l >> 8)
190 z[5] = byte(l)
191 z = z[6:]
192 for _, curve := range m.supportedCurves {
193 z[0] = byte(curve >> 8)
194 z[1] = byte(curve)
195 z = z[2:]
196 }
197 }
198 if len(m.supportedPoints) > 0 {
199 // http://tools.ietf.org/html/rfc4492#section-5.5.2
200 z[0] = byte(extensionSupportedPoints >> 8)
201 z[1] = byte(extensionSupportedPoints)
202 l := 1 + len(m.supportedPoints)
203 z[2] = byte(l >> 8)
204 z[3] = byte(l)
205 l--
206 z[4] = byte(l)
207 z = z[5:]
208 for _, pointFormat := range m.supportedPoints {
209 z[0] = byte(pointFormat)
210 z = z[1:]
211 }
212 }
213 if m.ticketSupported {
214 // http://tools.ietf.org/html/rfc5077#section-3.2
215 z[0] = byte(extensionSessionTicket >> 8)
216 z[1] = byte(extensionSessionTicket)
217 l := len(m.sessionTicket)
218 z[2] = byte(l >> 8)
219 z[3] = byte(l)
220 z = z[4:]
221 copy(z, m.sessionTicket)
222 z = z[len(m.sessionTicket):]
223 }
224 if len(m.signatureAndHashes) > 0 {
225 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
226 z[0] = byte(extensionSignatureAlgorithms >> 8)
227 z[1] = byte(extensionSignatureAlgorithms)
228 l := 2 + 2*len(m.signatureAndHashes)
229 z[2] = byte(l >> 8)
230 z[3] = byte(l)
231 z = z[4:]
232
233 l -= 2
234 z[0] = byte(l >> 8)
235 z[1] = byte(l)
236 z = z[2:]
237 for _, sigAndHash := range m.signatureAndHashes {
238 z[0] = sigAndHash.hash
239 z[1] = sigAndHash.signature
240 z = z[2:]
241 }
242 }
243 if m.secureRenegotiation {
244 z[0] = byte(extensionRenegotiationInfo >> 8)
245 z[1] = byte(extensionRenegotiationInfo & 0xff)
246 z[2] = 0
247 z[3] = 1
248 z = z[5:]
249 }
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]250 if m.duplicateExtension {
251 // Add a duplicate bogus extension at the beginning and end.
252 z[0] = 0xff
253 z[1] = 0xff
254 z = z[4:]
255 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]256
257 m.raw = x
258
259 return x
260}
261
262func (m *clientHelloMsg) unmarshal(data []byte) bool {
263 if len(data) < 42 {
264 return false
265 }
266 m.raw = data
267 m.vers = uint16(data[4])<<8 | uint16(data[5])
268 m.random = data[6:38]
269 sessionIdLen := int(data[38])
270 if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
271 return false
272 }
273 m.sessionId = data[39 : 39+sessionIdLen]
274 data = data[39+sessionIdLen:]
275 if len(data) < 2 {
276 return false
277 }
278 // cipherSuiteLen is the number of bytes of cipher suite numbers. Since
279 // they are uint16s, the number must be even.
280 cipherSuiteLen := int(data[0])<<8 | int(data[1])
281 if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
282 return false
283 }
284 numCipherSuites := cipherSuiteLen / 2
285 m.cipherSuites = make([]uint16, numCipherSuites)
286 for i := 0; i < numCipherSuites; i++ {
287 m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
288 if m.cipherSuites[i] == scsvRenegotiation {
289 m.secureRenegotiation = true
290 }
291 }
292 data = data[2+cipherSuiteLen:]
293 if len(data) < 1 {
294 return false
295 }
296 compressionMethodsLen := int(data[0])
297 if len(data) < 1+compressionMethodsLen {
298 return false
299 }
300 m.compressionMethods = data[1 : 1+compressionMethodsLen]
301
302 data = data[1+compressionMethodsLen:]
303
304 m.nextProtoNeg = false
305 m.serverName = ""
306 m.ocspStapling = false
307 m.ticketSupported = false
308 m.sessionTicket = nil
309 m.signatureAndHashes = nil
310
311 if len(data) == 0 {
312 // ClientHello is optionally followed by extension data
313 return true
314 }
315 if len(data) < 2 {
316 return false
317 }
318
319 extensionsLength := int(data[0])<<8 | int(data[1])
320 data = data[2:]
321 if extensionsLength != len(data) {
322 return false
323 }
324
325 for len(data) != 0 {
326 if len(data) < 4 {
327 return false
328 }
329 extension := uint16(data[0])<<8 | uint16(data[1])
330 length := int(data[2])<<8 | int(data[3])
331 data = data[4:]
332 if len(data) < length {
333 return false
334 }
335
336 switch extension {
337 case extensionServerName:
338 if length < 2 {
339 return false
340 }
341 numNames := int(data[0])<<8 | int(data[1])
342 d := data[2:]
343 for i := 0; i < numNames; i++ {
344 if len(d) < 3 {
345 return false
346 }
347 nameType := d[0]
348 nameLen := int(d[1])<<8 | int(d[2])
349 d = d[3:]
350 if len(d) < nameLen {
351 return false
352 }
353 if nameType == 0 {
354 m.serverName = string(d[0:nameLen])
355 break
356 }
357 d = d[nameLen:]
358 }
359 case extensionNextProtoNeg:
360 if length > 0 {
361 return false
362 }
363 m.nextProtoNeg = true
364 case extensionStatusRequest:
365 m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
366 case extensionSupportedCurves:
367 // http://tools.ietf.org/html/rfc4492#section-5.5.1
368 if length < 2 {
369 return false
370 }
371 l := int(data[0])<<8 | int(data[1])
372 if l%2 == 1 || length != l+2 {
373 return false
374 }
375 numCurves := l / 2
376 m.supportedCurves = make([]CurveID, numCurves)
377 d := data[2:]
378 for i := 0; i < numCurves; i++ {
379 m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
380 d = d[2:]
381 }
382 case extensionSupportedPoints:
383 // http://tools.ietf.org/html/rfc4492#section-5.5.2
384 if length < 1 {
385 return false
386 }
387 l := int(data[0])
388 if length != l+1 {
389 return false
390 }
391 m.supportedPoints = make([]uint8, l)
392 copy(m.supportedPoints, data[1:])
393 case extensionSessionTicket:
394 // http://tools.ietf.org/html/rfc5077#section-3.2
395 m.ticketSupported = true
396 m.sessionTicket = data[:length]
397 case extensionSignatureAlgorithms:
398 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
399 if length < 2 || length&1 != 0 {
400 return false
401 }
402 l := int(data[0])<<8 | int(data[1])
403 if l != length-2 {
404 return false
405 }
406 n := l / 2
407 d := data[2:]
408 m.signatureAndHashes = make([]signatureAndHash, n)
409 for i := range m.signatureAndHashes {
410 m.signatureAndHashes[i].hash = d[0]
411 m.signatureAndHashes[i].signature = d[1]
412 d = d[2:]
413 }
414 case extensionRenegotiationInfo + 1:
415 if length != 1 || data[0] != 0 {
416 return false
417 }
418 m.secureRenegotiation = true
419 }
420 data = data[length:]
421 }
422
423 return true
424}
425
426type serverHelloMsg struct {
427 raw []byte
428 vers uint16
429 random []byte
430 sessionId []byte
431 cipherSuite uint16
432 compressionMethod uint8
433 nextProtoNeg bool
434 nextProtos []string
435 ocspStapling bool
436 ticketSupported bool
437 secureRenegotiation bool
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]438 duplicateExtension bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]439}
440
441func (m *serverHelloMsg) equal(i interface{}) bool {
442 m1, ok := i.(*serverHelloMsg)
443 if !ok {
444 return false
445 }
446
447 return bytes.Equal(m.raw, m1.raw) &&
448 m.vers == m1.vers &&
449 bytes.Equal(m.random, m1.random) &&
450 bytes.Equal(m.sessionId, m1.sessionId) &&
451 m.cipherSuite == m1.cipherSuite &&
452 m.compressionMethod == m1.compressionMethod &&
453 m.nextProtoNeg == m1.nextProtoNeg &&
454 eqStrings(m.nextProtos, m1.nextProtos) &&
455 m.ocspStapling == m1.ocspStapling &&
456 m.ticketSupported == m1.ticketSupported &&
457 m.secureRenegotiation == m1.secureRenegotiation
458}
459
460func (m *serverHelloMsg) marshal() []byte {
461 if m.raw != nil {
462 return m.raw
463 }
464
465 length := 38 + len(m.sessionId)
466 numExtensions := 0
467 extensionsLength := 0
468
469 nextProtoLen := 0
470 if m.nextProtoNeg {
471 numExtensions++
472 for _, v := range m.nextProtos {
473 nextProtoLen += len(v)
474 }
475 nextProtoLen += len(m.nextProtos)
476 extensionsLength += nextProtoLen
477 }
478 if m.ocspStapling {
479 numExtensions++
480 }
481 if m.ticketSupported {
482 numExtensions++
483 }
484 if m.secureRenegotiation {
485 extensionsLength += 1
486 numExtensions++
487 }
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]488 if m.duplicateExtension {
489 numExtensions += 2
490 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]491 if numExtensions > 0 {
492 extensionsLength += 4 * numExtensions
493 length += 2 + extensionsLength
494 }
495
496 x := make([]byte, 4+length)
497 x[0] = typeServerHello
498 x[1] = uint8(length >> 16)
499 x[2] = uint8(length >> 8)
500 x[3] = uint8(length)
501 x[4] = uint8(m.vers >> 8)
502 x[5] = uint8(m.vers)
503 copy(x[6:38], m.random)
504 x[38] = uint8(len(m.sessionId))
505 copy(x[39:39+len(m.sessionId)], m.sessionId)
506 z := x[39+len(m.sessionId):]
507 z[0] = uint8(m.cipherSuite >> 8)
508 z[1] = uint8(m.cipherSuite)
509 z[2] = uint8(m.compressionMethod)
510
511 z = z[3:]
512 if numExtensions > 0 {
513 z[0] = byte(extensionsLength >> 8)
514 z[1] = byte(extensionsLength)
515 z = z[2:]
516 }
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]517 if m.duplicateExtension {
518 // Add a duplicate bogus extension at the beginning and end.
519 z[0] = 0xff
520 z[1] = 0xff
521 z = z[4:]
522 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523 if m.nextProtoNeg {
524 z[0] = byte(extensionNextProtoNeg >> 8)
525 z[1] = byte(extensionNextProtoNeg & 0xff)
526 z[2] = byte(nextProtoLen >> 8)
527 z[3] = byte(nextProtoLen)
528 z = z[4:]
529
530 for _, v := range m.nextProtos {
531 l := len(v)
532 if l > 255 {
533 l = 255
534 }
535 z[0] = byte(l)
536 copy(z[1:], []byte(v[0:l]))
537 z = z[1+l:]
538 }
539 }
540 if m.ocspStapling {
541 z[0] = byte(extensionStatusRequest >> 8)
542 z[1] = byte(extensionStatusRequest)
543 z = z[4:]
544 }
545 if m.ticketSupported {
546 z[0] = byte(extensionSessionTicket >> 8)
547 z[1] = byte(extensionSessionTicket)
548 z = z[4:]
549 }
550 if m.secureRenegotiation {
551 z[0] = byte(extensionRenegotiationInfo >> 8)
552 z[1] = byte(extensionRenegotiationInfo & 0xff)
553 z[2] = 0
554 z[3] = 1
555 z = z[5:]
556 }
David Benjamin35a7a442014-07-05 00:23:20 -0400[diff] [blame^]557 if m.duplicateExtension {
558 // Add a duplicate bogus extension at the beginning and end.
559 z[0] = 0xff
560 z[1] = 0xff
561 z = z[4:]
562 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]563
564 m.raw = x
565
566 return x
567}
568
569func (m *serverHelloMsg) unmarshal(data []byte) bool {
570 if len(data) < 42 {
571 return false
572 }
573 m.raw = data
574 m.vers = uint16(data[4])<<8 | uint16(data[5])
575 m.random = data[6:38]
576 sessionIdLen := int(data[38])
577 if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
578 return false
579 }
580 m.sessionId = data[39 : 39+sessionIdLen]
581 data = data[39+sessionIdLen:]
582 if len(data) < 3 {
583 return false
584 }
585 m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
586 m.compressionMethod = data[2]
587 data = data[3:]
588
589 m.nextProtoNeg = false
590 m.nextProtos = nil
591 m.ocspStapling = false
592 m.ticketSupported = false
593
594 if len(data) == 0 {
595 // ServerHello is optionally followed by extension data
596 return true
597 }
598 if len(data) < 2 {
599 return false
600 }
601
602 extensionsLength := int(data[0])<<8 | int(data[1])
603 data = data[2:]
604 if len(data) != extensionsLength {
605 return false
606 }
607
608 for len(data) != 0 {
609 if len(data) < 4 {
610 return false
611 }
612 extension := uint16(data[0])<<8 | uint16(data[1])
613 length := int(data[2])<<8 | int(data[3])
614 data = data[4:]
615 if len(data) < length {
616 return false
617 }
618
619 switch extension {
620 case extensionNextProtoNeg:
621 m.nextProtoNeg = true
622 d := data[:length]
623 for len(d) > 0 {
624 l := int(d[0])
625 d = d[1:]
626 if l == 0 || l > len(d) {
627 return false
628 }
629 m.nextProtos = append(m.nextProtos, string(d[:l]))
630 d = d[l:]
631 }
632 case extensionStatusRequest:
633 if length > 0 {
634 return false
635 }
636 m.ocspStapling = true
637 case extensionSessionTicket:
638 if length > 0 {
639 return false
640 }
641 m.ticketSupported = true
642 case extensionRenegotiationInfo:
643 if length != 1 || data[0] != 0 {
644 return false
645 }
646 m.secureRenegotiation = true
647 }
648 data = data[length:]
649 }
650
651 return true
652}
653
654type certificateMsg struct {
655 raw []byte
656 certificates [][]byte
657}
658
659func (m *certificateMsg) equal(i interface{}) bool {
660 m1, ok := i.(*certificateMsg)
661 if !ok {
662 return false
663 }
664
665 return bytes.Equal(m.raw, m1.raw) &&
666 eqByteSlices(m.certificates, m1.certificates)
667}
668
669func (m *certificateMsg) marshal() (x []byte) {
670 if m.raw != nil {
671 return m.raw
672 }
673
674 var i int
675 for _, slice := range m.certificates {
676 i += len(slice)
677 }
678
679 length := 3 + 3*len(m.certificates) + i
680 x = make([]byte, 4+length)
681 x[0] = typeCertificate
682 x[1] = uint8(length >> 16)
683 x[2] = uint8(length >> 8)
684 x[3] = uint8(length)
685
686 certificateOctets := length - 3
687 x[4] = uint8(certificateOctets >> 16)
688 x[5] = uint8(certificateOctets >> 8)
689 x[6] = uint8(certificateOctets)
690
691 y := x[7:]
692 for _, slice := range m.certificates {
693 y[0] = uint8(len(slice) >> 16)
694 y[1] = uint8(len(slice) >> 8)
695 y[2] = uint8(len(slice))
696 copy(y[3:], slice)
697 y = y[3+len(slice):]
698 }
699
700 m.raw = x
701 return
702}
703
704func (m *certificateMsg) unmarshal(data []byte) bool {
705 if len(data) < 7 {
706 return false
707 }
708
709 m.raw = data
710 certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
711 if uint32(len(data)) != certsLen+7 {
712 return false
713 }
714
715 numCerts := 0
716 d := data[7:]
717 for certsLen > 0 {
718 if len(d) < 4 {
719 return false
720 }
721 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
722 if uint32(len(d)) < 3+certLen {
723 return false
724 }
725 d = d[3+certLen:]
726 certsLen -= 3 + certLen
727 numCerts++
728 }
729
730 m.certificates = make([][]byte, numCerts)
731 d = data[7:]
732 for i := 0; i < numCerts; i++ {
733 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
734 m.certificates[i] = d[3 : 3+certLen]
735 d = d[3+certLen:]
736 }
737
738 return true
739}
740
741type serverKeyExchangeMsg struct {
742 raw []byte
743 key []byte
744}
745
746func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
747 m1, ok := i.(*serverKeyExchangeMsg)
748 if !ok {
749 return false
750 }
751
752 return bytes.Equal(m.raw, m1.raw) &&
753 bytes.Equal(m.key, m1.key)
754}
755
756func (m *serverKeyExchangeMsg) marshal() []byte {
757 if m.raw != nil {
758 return m.raw
759 }
760 length := len(m.key)
761 x := make([]byte, length+4)
762 x[0] = typeServerKeyExchange
763 x[1] = uint8(length >> 16)
764 x[2] = uint8(length >> 8)
765 x[3] = uint8(length)
766 copy(x[4:], m.key)
767
768 m.raw = x
769 return x
770}
771
772func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool {
773 m.raw = data
774 if len(data) < 4 {
775 return false
776 }
777 m.key = data[4:]
778 return true
779}
780
781type certificateStatusMsg struct {
782 raw []byte
783 statusType uint8
784 response []byte
785}
786
787func (m *certificateStatusMsg) equal(i interface{}) bool {
788 m1, ok := i.(*certificateStatusMsg)
789 if !ok {
790 return false
791 }
792
793 return bytes.Equal(m.raw, m1.raw) &&
794 m.statusType == m1.statusType &&
795 bytes.Equal(m.response, m1.response)
796}
797
798func (m *certificateStatusMsg) marshal() []byte {
799 if m.raw != nil {
800 return m.raw
801 }
802
803 var x []byte
804 if m.statusType == statusTypeOCSP {
805 x = make([]byte, 4+4+len(m.response))
806 x[0] = typeCertificateStatus
807 l := len(m.response) + 4
808 x[1] = byte(l >> 16)
809 x[2] = byte(l >> 8)
810 x[3] = byte(l)
811 x[4] = statusTypeOCSP
812
813 l -= 4
814 x[5] = byte(l >> 16)
815 x[6] = byte(l >> 8)
816 x[7] = byte(l)
817 copy(x[8:], m.response)
818 } else {
819 x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
820 }
821
822 m.raw = x
823 return x
824}
825
826func (m *certificateStatusMsg) unmarshal(data []byte) bool {
827 m.raw = data
828 if len(data) < 5 {
829 return false
830 }
831 m.statusType = data[4]
832
833 m.response = nil
834 if m.statusType == statusTypeOCSP {
835 if len(data) < 8 {
836 return false
837 }
838 respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
839 if uint32(len(data)) != 4+4+respLen {
840 return false
841 }
842 m.response = data[8:]
843 }
844 return true
845}
846
847type serverHelloDoneMsg struct{}
848
849func (m *serverHelloDoneMsg) equal(i interface{}) bool {
850 _, ok := i.(*serverHelloDoneMsg)
851 return ok
852}
853
854func (m *serverHelloDoneMsg) marshal() []byte {
855 x := make([]byte, 4)
856 x[0] = typeServerHelloDone
857 return x
858}
859
860func (m *serverHelloDoneMsg) unmarshal(data []byte) bool {
861 return len(data) == 4
862}
863
864type clientKeyExchangeMsg struct {
865 raw []byte
866 ciphertext []byte
867}
868
869func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
870 m1, ok := i.(*clientKeyExchangeMsg)
871 if !ok {
872 return false
873 }
874
875 return bytes.Equal(m.raw, m1.raw) &&
876 bytes.Equal(m.ciphertext, m1.ciphertext)
877}
878
879func (m *clientKeyExchangeMsg) marshal() []byte {
880 if m.raw != nil {
881 return m.raw
882 }
883 length := len(m.ciphertext)
884 x := make([]byte, length+4)
885 x[0] = typeClientKeyExchange
886 x[1] = uint8(length >> 16)
887 x[2] = uint8(length >> 8)
888 x[3] = uint8(length)
889 copy(x[4:], m.ciphertext)
890
891 m.raw = x
892 return x
893}
894
895func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool {
896 m.raw = data
897 if len(data) < 4 {
898 return false
899 }
900 l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
901 if l != len(data)-4 {
902 return false
903 }
904 m.ciphertext = data[4:]
905 return true
906}
907
908type finishedMsg struct {
909 raw []byte
910 verifyData []byte
911}
912
913func (m *finishedMsg) equal(i interface{}) bool {
914 m1, ok := i.(*finishedMsg)
915 if !ok {
916 return false
917 }
918
919 return bytes.Equal(m.raw, m1.raw) &&
920 bytes.Equal(m.verifyData, m1.verifyData)
921}
922
923func (m *finishedMsg) marshal() (x []byte) {
924 if m.raw != nil {
925 return m.raw
926 }
927
928 x = make([]byte, 4+len(m.verifyData))
929 x[0] = typeFinished
930 x[3] = byte(len(m.verifyData))
931 copy(x[4:], m.verifyData)
932 m.raw = x
933 return
934}
935
936func (m *finishedMsg) unmarshal(data []byte) bool {
937 m.raw = data
938 if len(data) < 4 {
939 return false
940 }
941 m.verifyData = data[4:]
942 return true
943}
944
945type nextProtoMsg struct {
946 raw []byte
947 proto string
948}
949
950func (m *nextProtoMsg) equal(i interface{}) bool {
951 m1, ok := i.(*nextProtoMsg)
952 if !ok {
953 return false
954 }
955
956 return bytes.Equal(m.raw, m1.raw) &&
957 m.proto == m1.proto
958}
959
960func (m *nextProtoMsg) marshal() []byte {
961 if m.raw != nil {
962 return m.raw
963 }
964 l := len(m.proto)
965 if l > 255 {
966 l = 255
967 }
968
969 padding := 32 - (l+2)%32
970 length := l + padding + 2
971 x := make([]byte, length+4)
972 x[0] = typeNextProtocol
973 x[1] = uint8(length >> 16)
974 x[2] = uint8(length >> 8)
975 x[3] = uint8(length)
976
977 y := x[4:]
978 y[0] = byte(l)
979 copy(y[1:], []byte(m.proto[0:l]))
980 y = y[1+l:]
981 y[0] = byte(padding)
982
983 m.raw = x
984
985 return x
986}
987
988func (m *nextProtoMsg) unmarshal(data []byte) bool {
989 m.raw = data
990
991 if len(data) < 5 {
992 return false
993 }
994 data = data[4:]
995 protoLen := int(data[0])
996 data = data[1:]
997 if len(data) < protoLen {
998 return false
999 }
1000 m.proto = string(data[0:protoLen])
1001 data = data[protoLen:]
1002
1003 if len(data) < 1 {
1004 return false
1005 }
1006 paddingLen := int(data[0])
1007 data = data[1:]
1008 if len(data) != paddingLen {
1009 return false
1010 }
1011
1012 return true
1013}
1014
1015type certificateRequestMsg struct {
1016 raw []byte
1017 // hasSignatureAndHash indicates whether this message includes a list
1018 // of signature and hash functions. This change was introduced with TLS
1019 // 1.2.
1020 hasSignatureAndHash bool
1021
1022 certificateTypes []byte
1023 signatureAndHashes []signatureAndHash
1024 certificateAuthorities [][]byte
1025}
1026
1027func (m *certificateRequestMsg) equal(i interface{}) bool {
1028 m1, ok := i.(*certificateRequestMsg)
1029 if !ok {
1030 return false
1031 }
1032
1033 return bytes.Equal(m.raw, m1.raw) &&
1034 bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
1035 eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
1036 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
1037}
1038
1039func (m *certificateRequestMsg) marshal() (x []byte) {
1040 if m.raw != nil {
1041 return m.raw
1042 }
1043
1044 // See http://tools.ietf.org/html/rfc4346#section-7.4.4
1045 length := 1 + len(m.certificateTypes) + 2
1046 casLength := 0
1047 for _, ca := range m.certificateAuthorities {
1048 casLength += 2 + len(ca)
1049 }
1050 length += casLength
1051
1052 if m.hasSignatureAndHash {
1053 length += 2 + 2*len(m.signatureAndHashes)
1054 }
1055
1056 x = make([]byte, 4+length)
1057 x[0] = typeCertificateRequest
1058 x[1] = uint8(length >> 16)
1059 x[2] = uint8(length >> 8)
1060 x[3] = uint8(length)
1061
1062 x[4] = uint8(len(m.certificateTypes))
1063
1064 copy(x[5:], m.certificateTypes)
1065 y := x[5+len(m.certificateTypes):]
1066
1067 if m.hasSignatureAndHash {
1068 n := len(m.signatureAndHashes) * 2
1069 y[0] = uint8(n >> 8)
1070 y[1] = uint8(n)
1071 y = y[2:]
1072 for _, sigAndHash := range m.signatureAndHashes {
1073 y[0] = sigAndHash.hash
1074 y[1] = sigAndHash.signature
1075 y = y[2:]
1076 }
1077 }
1078
1079 y[0] = uint8(casLength >> 8)
1080 y[1] = uint8(casLength)
1081 y = y[2:]
1082 for _, ca := range m.certificateAuthorities {
1083 y[0] = uint8(len(ca) >> 8)
1084 y[1] = uint8(len(ca))
1085 y = y[2:]
1086 copy(y, ca)
1087 y = y[len(ca):]
1088 }
1089
1090 m.raw = x
1091 return
1092}
1093
1094func (m *certificateRequestMsg) unmarshal(data []byte) bool {
1095 m.raw = data
1096
1097 if len(data) < 5 {
1098 return false
1099 }
1100
1101 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1102 if uint32(len(data))-4 != length {
1103 return false
1104 }
1105
1106 numCertTypes := int(data[4])
1107 data = data[5:]
1108 if numCertTypes == 0 || len(data) <= numCertTypes {
1109 return false
1110 }
1111
1112 m.certificateTypes = make([]byte, numCertTypes)
1113 if copy(m.certificateTypes, data) != numCertTypes {
1114 return false
1115 }
1116
1117 data = data[numCertTypes:]
1118
1119 if m.hasSignatureAndHash {
1120 if len(data) < 2 {
1121 return false
1122 }
1123 sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
1124 data = data[2:]
1125 if sigAndHashLen&1 != 0 {
1126 return false
1127 }
1128 if len(data) < int(sigAndHashLen) {
1129 return false
1130 }
1131 numSigAndHash := sigAndHashLen / 2
1132 m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
1133 for i := range m.signatureAndHashes {
1134 m.signatureAndHashes[i].hash = data[0]
1135 m.signatureAndHashes[i].signature = data[1]
1136 data = data[2:]
1137 }
1138 }
1139
1140 if len(data) < 2 {
1141 return false
1142 }
1143 casLength := uint16(data[0])<<8 | uint16(data[1])
1144 data = data[2:]
1145 if len(data) < int(casLength) {
1146 return false
1147 }
1148 cas := make([]byte, casLength)
1149 copy(cas, data)
1150 data = data[casLength:]
1151
1152 m.certificateAuthorities = nil
1153 for len(cas) > 0 {
1154 if len(cas) < 2 {
1155 return false
1156 }
1157 caLen := uint16(cas[0])<<8 | uint16(cas[1])
1158 cas = cas[2:]
1159
1160 if len(cas) < int(caLen) {
1161 return false
1162 }
1163
1164 m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
1165 cas = cas[caLen:]
1166 }
1167 if len(data) > 0 {
1168 return false
1169 }
1170
1171 return true
1172}
1173
1174type certificateVerifyMsg struct {
1175 raw []byte
1176 hasSignatureAndHash bool
1177 signatureAndHash signatureAndHash
1178 signature []byte
1179}
1180
1181func (m *certificateVerifyMsg) equal(i interface{}) bool {
1182 m1, ok := i.(*certificateVerifyMsg)
1183 if !ok {
1184 return false
1185 }
1186
1187 return bytes.Equal(m.raw, m1.raw) &&
1188 m.hasSignatureAndHash == m1.hasSignatureAndHash &&
1189 m.signatureAndHash.hash == m1.signatureAndHash.hash &&
1190 m.signatureAndHash.signature == m1.signatureAndHash.signature &&
1191 bytes.Equal(m.signature, m1.signature)
1192}
1193
1194func (m *certificateVerifyMsg) marshal() (x []byte) {
1195 if m.raw != nil {
1196 return m.raw
1197 }
1198
1199 // See http://tools.ietf.org/html/rfc4346#section-7.4.8
1200 siglength := len(m.signature)
1201 length := 2 + siglength
1202 if m.hasSignatureAndHash {
1203 length += 2
1204 }
1205 x = make([]byte, 4+length)
1206 x[0] = typeCertificateVerify
1207 x[1] = uint8(length >> 16)
1208 x[2] = uint8(length >> 8)
1209 x[3] = uint8(length)
1210 y := x[4:]
1211 if m.hasSignatureAndHash {
1212 y[0] = m.signatureAndHash.hash
1213 y[1] = m.signatureAndHash.signature
1214 y = y[2:]
1215 }
1216 y[0] = uint8(siglength >> 8)
1217 y[1] = uint8(siglength)
1218 copy(y[2:], m.signature)
1219
1220 m.raw = x
1221
1222 return
1223}
1224
1225func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
1226 m.raw = data
1227
1228 if len(data) < 6 {
1229 return false
1230 }
1231
1232 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1233 if uint32(len(data))-4 != length {
1234 return false
1235 }
1236
1237 data = data[4:]
1238 if m.hasSignatureAndHash {
1239 m.signatureAndHash.hash = data[0]
1240 m.signatureAndHash.signature = data[1]
1241 data = data[2:]
1242 }
1243
1244 if len(data) < 2 {
1245 return false
1246 }
1247 siglength := int(data[0])<<8 + int(data[1])
1248 data = data[2:]
1249 if len(data) != siglength {
1250 return false
1251 }
1252
1253 m.signature = data
1254
1255 return true
1256}
1257
1258type newSessionTicketMsg struct {
1259 raw []byte
1260 ticket []byte
1261}
1262
1263func (m *newSessionTicketMsg) equal(i interface{}) bool {
1264 m1, ok := i.(*newSessionTicketMsg)
1265 if !ok {
1266 return false
1267 }
1268
1269 return bytes.Equal(m.raw, m1.raw) &&
1270 bytes.Equal(m.ticket, m1.ticket)
1271}
1272
1273func (m *newSessionTicketMsg) marshal() (x []byte) {
1274 if m.raw != nil {
1275 return m.raw
1276 }
1277
1278 // See http://tools.ietf.org/html/rfc5077#section-3.3
1279 ticketLen := len(m.ticket)
1280 length := 2 + 4 + ticketLen
1281 x = make([]byte, 4+length)
1282 x[0] = typeNewSessionTicket
1283 x[1] = uint8(length >> 16)
1284 x[2] = uint8(length >> 8)
1285 x[3] = uint8(length)
1286 x[8] = uint8(ticketLen >> 8)
1287 x[9] = uint8(ticketLen)
1288 copy(x[10:], m.ticket)
1289
1290 m.raw = x
1291
1292 return
1293}
1294
1295func (m *newSessionTicketMsg) unmarshal(data []byte) bool {
1296 m.raw = data
1297
1298 if len(data) < 10 {
1299 return false
1300 }
1301
1302 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1303 if uint32(len(data))-4 != length {
1304 return false
1305 }
1306
1307 ticketLen := int(data[8])<<8 + int(data[9])
1308 if len(data)-10 != ticketLen {
1309 return false
1310 }
1311
1312 m.ticket = data[10:]
1313
1314 return true
1315}
1316
1317func eqUint16s(x, y []uint16) bool {
1318 if len(x) != len(y) {
1319 return false
1320 }
1321 for i, v := range x {
1322 if y[i] != v {
1323 return false
1324 }
1325 }
1326 return true
1327}
1328
1329func eqCurveIDs(x, y []CurveID) bool {
1330 if len(x) != len(y) {
1331 return false
1332 }
1333 for i, v := range x {
1334 if y[i] != v {
1335 return false
1336 }
1337 }
1338 return true
1339}
1340
1341func eqStrings(x, y []string) bool {
1342 if len(x) != len(y) {
1343 return false
1344 }
1345 for i, v := range x {
1346 if y[i] != v {
1347 return false
1348 }
1349 }
1350 return true
1351}
1352
1353func eqByteSlices(x, y [][]byte) bool {
1354 if len(x) != len(y) {
1355 return false
1356 }
1357 for i, v := range x {
1358 if !bytes.Equal(v, y[i]) {
1359 return false
1360 }
1361 }
1362 return true
1363}
1364
1365func eqSignatureAndHashes(x, y []signatureAndHash) bool {
1366 if len(x) != len(y) {
1367 return false
1368 }
1369 for i, v := range x {
1370 v2 := y[i]
1371 if v.hash != v2.hash || v.signature != v2.signature {
1372 return false
1373 }
1374 }
1375 return true
1376}