1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
9 type clientHelloMsg struct {
17 compressionMethods []uint8
21 supportedCurves []CurveID
22 supportedPoints []uint8
25 signatureAndHashes []signatureAndHash
26 secureRenegotiation []byte
27 alpnProtocols []string
28 duplicateExtension bool
29 channelIDSupported bool
31 extendedMasterSecret bool
34 func (m *clientHelloMsg) equal(i interface{}) bool {
35 m1, ok := i.(*clientHelloMsg)
40 return bytes.Equal(m.raw, m1.raw) &&
41 m.isDTLS == m1.isDTLS &&
43 bytes.Equal(m.random, m1.random) &&
44 bytes.Equal(m.sessionId, m1.sessionId) &&
45 bytes.Equal(m.cookie, m1.cookie) &&
46 eqUint16s(m.cipherSuites, m1.cipherSuites) &&
47 bytes.Equal(m.compressionMethods, m1.compressionMethods) &&
48 m.nextProtoNeg == m1.nextProtoNeg &&
49 m.serverName == m1.serverName &&
50 m.ocspStapling == m1.ocspStapling &&
51 eqCurveIDs(m.supportedCurves, m1.supportedCurves) &&
52 bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
53 m.ticketSupported == m1.ticketSupported &&
54 bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
55 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
56 bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
57 (m.secureRenegotiation == nil) == (m1.secureRenegotiation == nil) &&
58 eqStrings(m.alpnProtocols, m1.alpnProtocols) &&
59 m.duplicateExtension == m1.duplicateExtension &&
60 m.channelIDSupported == m1.channelIDSupported &&
61 m.npnLast == m1.npnLast &&
62 m.extendedMasterSecret == m1.extendedMasterSecret
65 func (m *clientHelloMsg) marshal() []byte {
70 length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods)
72 length += 1 + len(m.cookie)
80 extensionsLength += 1 + 2 + 2
83 if len(m.serverName) > 0 {
84 extensionsLength += 5 + len(m.serverName)
87 if len(m.supportedCurves) > 0 {
88 extensionsLength += 2 + 2*len(m.supportedCurves)
91 if len(m.supportedPoints) > 0 {
92 extensionsLength += 1 + len(m.supportedPoints)
95 if m.ticketSupported {
96 extensionsLength += len(m.sessionTicket)
99 if len(m.signatureAndHashes) > 0 {
100 extensionsLength += 2 + 2*len(m.signatureAndHashes)
103 if m.secureRenegotiation != nil {
104 extensionsLength += 1 + len(m.secureRenegotiation)
107 if m.duplicateExtension {
110 if m.channelIDSupported {
113 if len(m.alpnProtocols) > 0 {
114 extensionsLength += 2
115 for _, s := range m.alpnProtocols {
116 if l := len(s); l == 0 || l > 255 {
117 panic("invalid ALPN protocol")
120 extensionsLength += len(s)
124 if m.extendedMasterSecret {
127 if numExtensions > 0 {
128 extensionsLength += 4 * numExtensions
129 length += 2 + extensionsLength
132 x := make([]byte, 4+length)
133 x[0] = typeClientHello
134 x[1] = uint8(length >> 16)
135 x[2] = uint8(length >> 8)
137 vers := versionToWire(m.vers, m.isDTLS)
138 x[4] = uint8(vers >> 8)
140 copy(x[6:38], m.random)
141 x[38] = uint8(len(m.sessionId))
142 copy(x[39:39+len(m.sessionId)], m.sessionId)
143 y := x[39+len(m.sessionId):]
145 y[0] = uint8(len(m.cookie))
146 copy(y[1:], m.cookie)
147 y = y[1+len(m.cookie):]
149 y[0] = uint8(len(m.cipherSuites) >> 7)
150 y[1] = uint8(len(m.cipherSuites) << 1)
151 for i, suite := range m.cipherSuites {
152 y[2+i*2] = uint8(suite >> 8)
153 y[3+i*2] = uint8(suite)
155 z := y[2+len(m.cipherSuites)*2:]
156 z[0] = uint8(len(m.compressionMethods))
157 copy(z[1:], m.compressionMethods)
159 z = z[1+len(m.compressionMethods):]
160 if numExtensions > 0 {
161 z[0] = byte(extensionsLength >> 8)
162 z[1] = byte(extensionsLength)
165 if m.duplicateExtension {
166 // Add a duplicate bogus extension at the beginning and end.
171 if m.nextProtoNeg && !m.npnLast {
172 z[0] = byte(extensionNextProtoNeg >> 8)
173 z[1] = byte(extensionNextProtoNeg & 0xff)
174 // The length is always 0
177 if len(m.serverName) > 0 {
178 z[0] = byte(extensionServerName >> 8)
179 z[1] = byte(extensionServerName & 0xff)
180 l := len(m.serverName) + 5
185 // RFC 3546, section 3.1
188 // NameType name_type;
189 // select (name_type) {
190 // case host_name: HostName;
195 // host_name(0), (255)
198 // opaque HostName<1..2^16-1>;
201 // ServerName server_name_list<1..2^16-1>
204 z[0] = byte((len(m.serverName) + 3) >> 8)
205 z[1] = byte(len(m.serverName) + 3)
206 z[3] = byte(len(m.serverName) >> 8)
207 z[4] = byte(len(m.serverName))
208 copy(z[5:], []byte(m.serverName))
212 // RFC 4366, section 3.6
213 z[0] = byte(extensionStatusRequest >> 8)
214 z[1] = byte(extensionStatusRequest)
217 z[4] = 1 // OCSP type
218 // Two zero valued uint16s for the two lengths.
221 if len(m.supportedCurves) > 0 {
222 // http://tools.ietf.org/html/rfc4492#section-5.5.1
223 z[0] = byte(extensionSupportedCurves >> 8)
224 z[1] = byte(extensionSupportedCurves)
225 l := 2 + 2*len(m.supportedCurves)
232 for _, curve := range m.supportedCurves {
233 z[0] = byte(curve >> 8)
238 if len(m.supportedPoints) > 0 {
239 // http://tools.ietf.org/html/rfc4492#section-5.5.2
240 z[0] = byte(extensionSupportedPoints >> 8)
241 z[1] = byte(extensionSupportedPoints)
242 l := 1 + len(m.supportedPoints)
248 for _, pointFormat := range m.supportedPoints {
249 z[0] = byte(pointFormat)
253 if m.ticketSupported {
254 // http://tools.ietf.org/html/rfc5077#section-3.2
255 z[0] = byte(extensionSessionTicket >> 8)
256 z[1] = byte(extensionSessionTicket)
257 l := len(m.sessionTicket)
261 copy(z, m.sessionTicket)
262 z = z[len(m.sessionTicket):]
264 if len(m.signatureAndHashes) > 0 {
265 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
266 z[0] = byte(extensionSignatureAlgorithms >> 8)
267 z[1] = byte(extensionSignatureAlgorithms)
268 l := 2 + 2*len(m.signatureAndHashes)
277 for _, sigAndHash := range m.signatureAndHashes {
278 z[0] = sigAndHash.hash
279 z[1] = sigAndHash.signature
283 if m.secureRenegotiation != nil {
284 z[0] = byte(extensionRenegotiationInfo >> 8)
285 z[1] = byte(extensionRenegotiationInfo & 0xff)
287 z[3] = byte(1 + len(m.secureRenegotiation))
288 z[4] = byte(len(m.secureRenegotiation))
290 copy(z, m.secureRenegotiation)
291 z = z[len(m.secureRenegotiation):]
293 if len(m.alpnProtocols) > 0 {
294 z[0] = byte(extensionALPN >> 8)
295 z[1] = byte(extensionALPN & 0xff)
300 for _, s := range m.alpnProtocols {
305 stringsLength += 1 + l
308 lengths[2] = byte(stringsLength >> 8)
309 lengths[3] = byte(stringsLength)
311 lengths[0] = byte(stringsLength >> 8)
312 lengths[1] = byte(stringsLength)
314 if m.channelIDSupported {
315 z[0] = byte(extensionChannelID >> 8)
316 z[1] = byte(extensionChannelID & 0xff)
319 if m.nextProtoNeg && m.npnLast {
320 z[0] = byte(extensionNextProtoNeg >> 8)
321 z[1] = byte(extensionNextProtoNeg & 0xff)
322 // The length is always 0
325 if m.duplicateExtension {
326 // Add a duplicate bogus extension at the beginning and end.
331 if m.extendedMasterSecret {
332 // https://tools.ietf.org/html/draft-ietf-tls-session-hash-01
333 z[0] = byte(extensionExtendedMasterSecret >> 8)
334 z[1] = byte(extensionExtendedMasterSecret & 0xff)
343 func (m *clientHelloMsg) unmarshal(data []byte) bool {
348 m.vers = wireToVersion(uint16(data[4])<<8|uint16(data[5]), m.isDTLS)
349 m.random = data[6:38]
350 sessionIdLen := int(data[38])
351 if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
354 m.sessionId = data[39 : 39+sessionIdLen]
355 data = data[39+sessionIdLen:]
360 cookieLen := int(data[0])
361 if cookieLen > 32 || len(data) < 1+cookieLen {
364 m.cookie = data[1 : 1+cookieLen]
365 data = data[1+cookieLen:]
370 // cipherSuiteLen is the number of bytes of cipher suite numbers. Since
371 // they are uint16s, the number must be even.
372 cipherSuiteLen := int(data[0])<<8 | int(data[1])
373 if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen {
376 numCipherSuites := cipherSuiteLen / 2
377 m.cipherSuites = make([]uint16, numCipherSuites)
378 for i := 0; i < numCipherSuites; i++ {
379 m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i])
380 if m.cipherSuites[i] == scsvRenegotiation {
381 m.secureRenegotiation = []byte{}
384 data = data[2+cipherSuiteLen:]
388 compressionMethodsLen := int(data[0])
389 if len(data) < 1+compressionMethodsLen {
392 m.compressionMethods = data[1 : 1+compressionMethodsLen]
394 data = data[1+compressionMethodsLen:]
396 m.nextProtoNeg = false
398 m.ocspStapling = false
399 m.ticketSupported = false
400 m.sessionTicket = nil
401 m.signatureAndHashes = nil
402 m.alpnProtocols = nil
403 m.extendedMasterSecret = false
406 // ClientHello is optionally followed by extension data
413 extensionsLength := int(data[0])<<8 | int(data[1])
415 if extensionsLength != len(data) {
423 extension := uint16(data[0])<<8 | uint16(data[1])
424 length := int(data[2])<<8 | int(data[3])
426 if len(data) < length {
431 case extensionServerName:
435 numNames := int(data[0])<<8 | int(data[1])
437 for i := 0; i < numNames; i++ {
442 nameLen := int(d[1])<<8 | int(d[2])
444 if len(d) < nameLen {
448 m.serverName = string(d[0:nameLen])
453 case extensionNextProtoNeg:
457 m.nextProtoNeg = true
458 case extensionStatusRequest:
459 m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
460 case extensionSupportedCurves:
461 // http://tools.ietf.org/html/rfc4492#section-5.5.1
465 l := int(data[0])<<8 | int(data[1])
466 if l%2 == 1 || length != l+2 {
470 m.supportedCurves = make([]CurveID, numCurves)
472 for i := 0; i < numCurves; i++ {
473 m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1])
476 case extensionSupportedPoints:
477 // http://tools.ietf.org/html/rfc4492#section-5.5.2
485 m.supportedPoints = make([]uint8, l)
486 copy(m.supportedPoints, data[1:])
487 case extensionSessionTicket:
488 // http://tools.ietf.org/html/rfc5077#section-3.2
489 m.ticketSupported = true
490 m.sessionTicket = data[:length]
491 case extensionSignatureAlgorithms:
492 // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
493 if length < 2 || length&1 != 0 {
496 l := int(data[0])<<8 | int(data[1])
502 m.signatureAndHashes = make([]signatureAndHash, n)
503 for i := range m.signatureAndHashes {
504 m.signatureAndHashes[i].hash = d[0]
505 m.signatureAndHashes[i].signature = d[1]
508 case extensionRenegotiationInfo:
509 if length < 1 || length != int(data[0])+1 {
512 m.secureRenegotiation = data[1:length]
517 l := int(data[0])<<8 | int(data[1])
523 stringLen := int(d[0])
525 if stringLen == 0 || stringLen > len(d) {
528 m.alpnProtocols = append(m.alpnProtocols, string(d[:stringLen]))
531 case extensionChannelID:
535 m.channelIDSupported = true
536 case extensionExtendedMasterSecret:
540 m.extendedMasterSecret = true
548 type serverHelloMsg struct {
555 compressionMethod uint8
560 secureRenegotiation []byte
562 duplicateExtension bool
563 channelIDRequested bool
564 extendedMasterSecret bool
567 func (m *serverHelloMsg) equal(i interface{}) bool {
568 m1, ok := i.(*serverHelloMsg)
573 return bytes.Equal(m.raw, m1.raw) &&
574 m.isDTLS == m1.isDTLS &&
576 bytes.Equal(m.random, m1.random) &&
577 bytes.Equal(m.sessionId, m1.sessionId) &&
578 m.cipherSuite == m1.cipherSuite &&
579 m.compressionMethod == m1.compressionMethod &&
580 m.nextProtoNeg == m1.nextProtoNeg &&
581 eqStrings(m.nextProtos, m1.nextProtos) &&
582 m.ocspStapling == m1.ocspStapling &&
583 m.ticketSupported == m1.ticketSupported &&
584 bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
585 (m.secureRenegotiation == nil) == (m1.secureRenegotiation == nil) &&
586 m.alpnProtocol == m1.alpnProtocol &&
587 m.duplicateExtension == m1.duplicateExtension &&
588 m.channelIDRequested == m1.channelIDRequested &&
589 m.extendedMasterSecret == m1.extendedMasterSecret
592 func (m *serverHelloMsg) marshal() []byte {
597 length := 38 + len(m.sessionId)
599 extensionsLength := 0
604 for _, v := range m.nextProtos {
605 nextProtoLen += len(v)
607 nextProtoLen += len(m.nextProtos)
608 extensionsLength += nextProtoLen
613 if m.ticketSupported {
616 if m.secureRenegotiation != nil {
617 extensionsLength += 1 + len(m.secureRenegotiation)
620 if m.duplicateExtension {
623 if m.channelIDRequested {
626 if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
628 panic("invalid ALPN protocol")
630 extensionsLength += 2 + 1 + alpnLen
633 if m.extendedMasterSecret {
637 if numExtensions > 0 {
638 extensionsLength += 4 * numExtensions
639 length += 2 + extensionsLength
642 x := make([]byte, 4+length)
643 x[0] = typeServerHello
644 x[1] = uint8(length >> 16)
645 x[2] = uint8(length >> 8)
647 vers := versionToWire(m.vers, m.isDTLS)
648 x[4] = uint8(vers >> 8)
650 copy(x[6:38], m.random)
651 x[38] = uint8(len(m.sessionId))
652 copy(x[39:39+len(m.sessionId)], m.sessionId)
653 z := x[39+len(m.sessionId):]
654 z[0] = uint8(m.cipherSuite >> 8)
655 z[1] = uint8(m.cipherSuite)
656 z[2] = uint8(m.compressionMethod)
659 if numExtensions > 0 {
660 z[0] = byte(extensionsLength >> 8)
661 z[1] = byte(extensionsLength)
664 if m.duplicateExtension {
665 // Add a duplicate bogus extension at the beginning and end.
671 z[0] = byte(extensionNextProtoNeg >> 8)
672 z[1] = byte(extensionNextProtoNeg & 0xff)
673 z[2] = byte(nextProtoLen >> 8)
674 z[3] = byte(nextProtoLen)
677 for _, v := range m.nextProtos {
683 copy(z[1:], []byte(v[0:l]))
688 z[0] = byte(extensionStatusRequest >> 8)
689 z[1] = byte(extensionStatusRequest)
692 if m.ticketSupported {
693 z[0] = byte(extensionSessionTicket >> 8)
694 z[1] = byte(extensionSessionTicket)
697 if m.secureRenegotiation != nil {
698 z[0] = byte(extensionRenegotiationInfo >> 8)
699 z[1] = byte(extensionRenegotiationInfo & 0xff)
701 z[3] = byte(1 + len(m.secureRenegotiation))
702 z[4] = byte(len(m.secureRenegotiation))
704 copy(z, m.secureRenegotiation)
705 z = z[len(m.secureRenegotiation):]
707 if alpnLen := len(m.alpnProtocol); alpnLen > 0 {
708 z[0] = byte(extensionALPN >> 8)
709 z[1] = byte(extensionALPN & 0xff)
718 copy(z[7:], []byte(m.alpnProtocol))
721 if m.channelIDRequested {
722 z[0] = byte(extensionChannelID >> 8)
723 z[1] = byte(extensionChannelID & 0xff)
726 if m.duplicateExtension {
727 // Add a duplicate bogus extension at the beginning and end.
732 if m.extendedMasterSecret {
733 z[0] = byte(extensionExtendedMasterSecret >> 8)
734 z[1] = byte(extensionExtendedMasterSecret & 0xff)
743 func (m *serverHelloMsg) unmarshal(data []byte) bool {
748 m.vers = wireToVersion(uint16(data[4])<<8|uint16(data[5]), m.isDTLS)
749 m.random = data[6:38]
750 sessionIdLen := int(data[38])
751 if sessionIdLen > 32 || len(data) < 39+sessionIdLen {
754 m.sessionId = data[39 : 39+sessionIdLen]
755 data = data[39+sessionIdLen:]
759 m.cipherSuite = uint16(data[0])<<8 | uint16(data[1])
760 m.compressionMethod = data[2]
763 m.nextProtoNeg = false
765 m.ocspStapling = false
766 m.ticketSupported = false
768 m.extendedMasterSecret = false
771 // ServerHello is optionally followed by extension data
778 extensionsLength := int(data[0])<<8 | int(data[1])
780 if len(data) != extensionsLength {
788 extension := uint16(data[0])<<8 | uint16(data[1])
789 length := int(data[2])<<8 | int(data[3])
791 if len(data) < length {
796 case extensionNextProtoNeg:
797 m.nextProtoNeg = true
802 if l == 0 || l > len(d) {
805 m.nextProtos = append(m.nextProtos, string(d[:l]))
808 case extensionStatusRequest:
812 m.ocspStapling = true
813 case extensionSessionTicket:
817 m.ticketSupported = true
818 case extensionRenegotiationInfo:
819 if length < 1 || length != int(data[0])+1 {
822 m.secureRenegotiation = data[1:length]
828 l := int(d[0])<<8 | int(d[1])
838 m.alpnProtocol = string(d)
839 case extensionChannelID:
843 m.channelIDRequested = true
844 case extensionExtendedMasterSecret:
848 m.extendedMasterSecret = true
856 type certificateMsg struct {
858 certificates [][]byte
861 func (m *certificateMsg) equal(i interface{}) bool {
862 m1, ok := i.(*certificateMsg)
867 return bytes.Equal(m.raw, m1.raw) &&
868 eqByteSlices(m.certificates, m1.certificates)
871 func (m *certificateMsg) marshal() (x []byte) {
877 for _, slice := range m.certificates {
881 length := 3 + 3*len(m.certificates) + i
882 x = make([]byte, 4+length)
883 x[0] = typeCertificate
884 x[1] = uint8(length >> 16)
885 x[2] = uint8(length >> 8)
888 certificateOctets := length - 3
889 x[4] = uint8(certificateOctets >> 16)
890 x[5] = uint8(certificateOctets >> 8)
891 x[6] = uint8(certificateOctets)
894 for _, slice := range m.certificates {
895 y[0] = uint8(len(slice) >> 16)
896 y[1] = uint8(len(slice) >> 8)
897 y[2] = uint8(len(slice))
906 func (m *certificateMsg) unmarshal(data []byte) bool {
912 certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6])
913 if uint32(len(data)) != certsLen+7 {
923 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
924 if uint32(len(d)) < 3+certLen {
928 certsLen -= 3 + certLen
932 m.certificates = make([][]byte, numCerts)
934 for i := 0; i < numCerts; i++ {
935 certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2])
936 m.certificates[i] = d[3 : 3+certLen]
943 type serverKeyExchangeMsg struct {
948 func (m *serverKeyExchangeMsg) equal(i interface{}) bool {
949 m1, ok := i.(*serverKeyExchangeMsg)
954 return bytes.Equal(m.raw, m1.raw) &&
955 bytes.Equal(m.key, m1.key)
958 func (m *serverKeyExchangeMsg) marshal() []byte {
963 x := make([]byte, length+4)
964 x[0] = typeServerKeyExchange
965 x[1] = uint8(length >> 16)
966 x[2] = uint8(length >> 8)
974 func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool {
983 type certificateStatusMsg struct {
989 func (m *certificateStatusMsg) equal(i interface{}) bool {
990 m1, ok := i.(*certificateStatusMsg)
995 return bytes.Equal(m.raw, m1.raw) &&
996 m.statusType == m1.statusType &&
997 bytes.Equal(m.response, m1.response)
1000 func (m *certificateStatusMsg) marshal() []byte {
1006 if m.statusType == statusTypeOCSP {
1007 x = make([]byte, 4+4+len(m.response))
1008 x[0] = typeCertificateStatus
1009 l := len(m.response) + 4
1010 x[1] = byte(l >> 16)
1013 x[4] = statusTypeOCSP
1016 x[5] = byte(l >> 16)
1019 copy(x[8:], m.response)
1021 x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType}
1028 func (m *certificateStatusMsg) unmarshal(data []byte) bool {
1033 m.statusType = data[4]
1036 if m.statusType == statusTypeOCSP {
1040 respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7])
1041 if uint32(len(data)) != 4+4+respLen {
1044 m.response = data[8:]
1049 type serverHelloDoneMsg struct{}
1051 func (m *serverHelloDoneMsg) equal(i interface{}) bool {
1052 _, ok := i.(*serverHelloDoneMsg)
1056 func (m *serverHelloDoneMsg) marshal() []byte {
1057 x := make([]byte, 4)
1058 x[0] = typeServerHelloDone
1062 func (m *serverHelloDoneMsg) unmarshal(data []byte) bool {
1063 return len(data) == 4
1066 type clientKeyExchangeMsg struct {
1071 func (m *clientKeyExchangeMsg) equal(i interface{}) bool {
1072 m1, ok := i.(*clientKeyExchangeMsg)
1077 return bytes.Equal(m.raw, m1.raw) &&
1078 bytes.Equal(m.ciphertext, m1.ciphertext)
1081 func (m *clientKeyExchangeMsg) marshal() []byte {
1085 length := len(m.ciphertext)
1086 x := make([]byte, length+4)
1087 x[0] = typeClientKeyExchange
1088 x[1] = uint8(length >> 16)
1089 x[2] = uint8(length >> 8)
1090 x[3] = uint8(length)
1091 copy(x[4:], m.ciphertext)
1097 func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool {
1102 l := int(data[1])<<16 | int(data[2])<<8 | int(data[3])
1103 if l != len(data)-4 {
1106 m.ciphertext = data[4:]
1110 type finishedMsg struct {
1115 func (m *finishedMsg) equal(i interface{}) bool {
1116 m1, ok := i.(*finishedMsg)
1121 return bytes.Equal(m.raw, m1.raw) &&
1122 bytes.Equal(m.verifyData, m1.verifyData)
1125 func (m *finishedMsg) marshal() (x []byte) {
1130 x = make([]byte, 4+len(m.verifyData))
1132 x[3] = byte(len(m.verifyData))
1133 copy(x[4:], m.verifyData)
1138 func (m *finishedMsg) unmarshal(data []byte) bool {
1143 m.verifyData = data[4:]
1147 type nextProtoMsg struct {
1152 func (m *nextProtoMsg) equal(i interface{}) bool {
1153 m1, ok := i.(*nextProtoMsg)
1158 return bytes.Equal(m.raw, m1.raw) &&
1162 func (m *nextProtoMsg) marshal() []byte {
1171 padding := 32 - (l+2)%32
1172 length := l + padding + 2
1173 x := make([]byte, length+4)
1174 x[0] = typeNextProtocol
1175 x[1] = uint8(length >> 16)
1176 x[2] = uint8(length >> 8)
1177 x[3] = uint8(length)
1181 copy(y[1:], []byte(m.proto[0:l]))
1183 y[0] = byte(padding)
1190 func (m *nextProtoMsg) unmarshal(data []byte) bool {
1197 protoLen := int(data[0])
1199 if len(data) < protoLen {
1202 m.proto = string(data[0:protoLen])
1203 data = data[protoLen:]
1208 paddingLen := int(data[0])
1210 if len(data) != paddingLen {
1217 type certificateRequestMsg struct {
1219 // hasSignatureAndHash indicates whether this message includes a list
1220 // of signature and hash functions. This change was introduced with TLS
1222 hasSignatureAndHash bool
1224 certificateTypes []byte
1225 signatureAndHashes []signatureAndHash
1226 certificateAuthorities [][]byte
1229 func (m *certificateRequestMsg) equal(i interface{}) bool {
1230 m1, ok := i.(*certificateRequestMsg)
1235 return bytes.Equal(m.raw, m1.raw) &&
1236 bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
1237 eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
1238 eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
1241 func (m *certificateRequestMsg) marshal() (x []byte) {
1246 // See http://tools.ietf.org/html/rfc4346#section-7.4.4
1247 length := 1 + len(m.certificateTypes) + 2
1249 for _, ca := range m.certificateAuthorities {
1250 casLength += 2 + len(ca)
1254 if m.hasSignatureAndHash {
1255 length += 2 + 2*len(m.signatureAndHashes)
1258 x = make([]byte, 4+length)
1259 x[0] = typeCertificateRequest
1260 x[1] = uint8(length >> 16)
1261 x[2] = uint8(length >> 8)
1262 x[3] = uint8(length)
1264 x[4] = uint8(len(m.certificateTypes))
1266 copy(x[5:], m.certificateTypes)
1267 y := x[5+len(m.certificateTypes):]
1269 if m.hasSignatureAndHash {
1270 n := len(m.signatureAndHashes) * 2
1271 y[0] = uint8(n >> 8)
1274 for _, sigAndHash := range m.signatureAndHashes {
1275 y[0] = sigAndHash.hash
1276 y[1] = sigAndHash.signature
1281 y[0] = uint8(casLength >> 8)
1282 y[1] = uint8(casLength)
1284 for _, ca := range m.certificateAuthorities {
1285 y[0] = uint8(len(ca) >> 8)
1286 y[1] = uint8(len(ca))
1296 func (m *certificateRequestMsg) unmarshal(data []byte) bool {
1303 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1304 if uint32(len(data))-4 != length {
1308 numCertTypes := int(data[4])
1310 if numCertTypes == 0 || len(data) <= numCertTypes {
1314 m.certificateTypes = make([]byte, numCertTypes)
1315 if copy(m.certificateTypes, data) != numCertTypes {
1319 data = data[numCertTypes:]
1321 if m.hasSignatureAndHash {
1325 sigAndHashLen := uint16(data[0])<<8 | uint16(data[1])
1327 if sigAndHashLen&1 != 0 {
1330 if len(data) < int(sigAndHashLen) {
1333 numSigAndHash := sigAndHashLen / 2
1334 m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
1335 for i := range m.signatureAndHashes {
1336 m.signatureAndHashes[i].hash = data[0]
1337 m.signatureAndHashes[i].signature = data[1]
1345 casLength := uint16(data[0])<<8 | uint16(data[1])
1347 if len(data) < int(casLength) {
1350 cas := make([]byte, casLength)
1352 data = data[casLength:]
1354 m.certificateAuthorities = nil
1359 caLen := uint16(cas[0])<<8 | uint16(cas[1])
1362 if len(cas) < int(caLen) {
1366 m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
1376 type certificateVerifyMsg struct {
1378 hasSignatureAndHash bool
1379 signatureAndHash signatureAndHash
1383 func (m *certificateVerifyMsg) equal(i interface{}) bool {
1384 m1, ok := i.(*certificateVerifyMsg)
1389 return bytes.Equal(m.raw, m1.raw) &&
1390 m.hasSignatureAndHash == m1.hasSignatureAndHash &&
1391 m.signatureAndHash.hash == m1.signatureAndHash.hash &&
1392 m.signatureAndHash.signature == m1.signatureAndHash.signature &&
1393 bytes.Equal(m.signature, m1.signature)
1396 func (m *certificateVerifyMsg) marshal() (x []byte) {
1401 // See http://tools.ietf.org/html/rfc4346#section-7.4.8
1402 siglength := len(m.signature)
1403 length := 2 + siglength
1404 if m.hasSignatureAndHash {
1407 x = make([]byte, 4+length)
1408 x[0] = typeCertificateVerify
1409 x[1] = uint8(length >> 16)
1410 x[2] = uint8(length >> 8)
1411 x[3] = uint8(length)
1413 if m.hasSignatureAndHash {
1414 y[0] = m.signatureAndHash.hash
1415 y[1] = m.signatureAndHash.signature
1418 y[0] = uint8(siglength >> 8)
1419 y[1] = uint8(siglength)
1420 copy(y[2:], m.signature)
1427 func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
1434 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1435 if uint32(len(data))-4 != length {
1440 if m.hasSignatureAndHash {
1441 m.signatureAndHash.hash = data[0]
1442 m.signatureAndHash.signature = data[1]
1449 siglength := int(data[0])<<8 + int(data[1])
1451 if len(data) != siglength {
1460 type newSessionTicketMsg struct {
1465 func (m *newSessionTicketMsg) equal(i interface{}) bool {
1466 m1, ok := i.(*newSessionTicketMsg)
1471 return bytes.Equal(m.raw, m1.raw) &&
1472 bytes.Equal(m.ticket, m1.ticket)
1475 func (m *newSessionTicketMsg) marshal() (x []byte) {
1480 // See http://tools.ietf.org/html/rfc5077#section-3.3
1481 ticketLen := len(m.ticket)
1482 length := 2 + 4 + ticketLen
1483 x = make([]byte, 4+length)
1484 x[0] = typeNewSessionTicket
1485 x[1] = uint8(length >> 16)
1486 x[2] = uint8(length >> 8)
1487 x[3] = uint8(length)
1488 x[8] = uint8(ticketLen >> 8)
1489 x[9] = uint8(ticketLen)
1490 copy(x[10:], m.ticket)
1497 func (m *newSessionTicketMsg) unmarshal(data []byte) bool {
1504 length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3])
1505 if uint32(len(data))-4 != length {
1509 ticketLen := int(data[8])<<8 + int(data[9])
1510 if len(data)-10 != ticketLen {
1514 m.ticket = data[10:]
1519 type v2ClientHelloMsg struct {
1522 cipherSuites []uint16
1527 func (m *v2ClientHelloMsg) equal(i interface{}) bool {
1528 m1, ok := i.(*v2ClientHelloMsg)
1533 return bytes.Equal(m.raw, m1.raw) &&
1534 m.vers == m1.vers &&
1535 eqUint16s(m.cipherSuites, m1.cipherSuites) &&
1536 bytes.Equal(m.sessionId, m1.sessionId) &&
1537 bytes.Equal(m.challenge, m1.challenge)
1540 func (m *v2ClientHelloMsg) marshal() []byte {
1545 length := 1 + 2 + 2 + 2 + 2 + len(m.cipherSuites)*3 + len(m.sessionId) + len(m.challenge)
1547 x := make([]byte, length)
1549 x[1] = uint8(m.vers >> 8)
1550 x[2] = uint8(m.vers)
1551 x[3] = uint8((len(m.cipherSuites) * 3) >> 8)
1552 x[4] = uint8(len(m.cipherSuites) * 3)
1553 x[5] = uint8(len(m.sessionId) >> 8)
1554 x[6] = uint8(len(m.sessionId))
1555 x[7] = uint8(len(m.challenge) >> 8)
1556 x[8] = uint8(len(m.challenge))
1558 for i, spec := range m.cipherSuites {
1560 y[i*3+1] = uint8(spec >> 8)
1561 y[i*3+2] = uint8(spec)
1563 y = y[len(m.cipherSuites)*3:]
1564 copy(y, m.sessionId)
1565 y = y[len(m.sessionId):]
1566 copy(y, m.challenge)
1573 type helloVerifyRequestMsg struct {
1579 func (m *helloVerifyRequestMsg) equal(i interface{}) bool {
1580 m1, ok := i.(*helloVerifyRequestMsg)
1585 return bytes.Equal(m.raw, m1.raw) &&
1586 m.vers == m1.vers &&
1587 bytes.Equal(m.cookie, m1.cookie)
1590 func (m *helloVerifyRequestMsg) marshal() []byte {
1595 length := 2 + 1 + len(m.cookie)
1597 x := make([]byte, 4+length)
1598 x[0] = typeHelloVerifyRequest
1599 x[1] = uint8(length >> 16)
1600 x[2] = uint8(length >> 8)
1601 x[3] = uint8(length)
1602 vers := versionToWire(m.vers, true)
1603 x[4] = uint8(vers >> 8)
1605 x[6] = uint8(len(m.cookie))
1606 copy(x[7:7+len(m.cookie)], m.cookie)
1611 func (m *helloVerifyRequestMsg) unmarshal(data []byte) bool {
1612 if len(data) < 4+2+1 {
1616 m.vers = wireToVersion(uint16(data[4])<<8|uint16(data[5]), true)
1617 cookieLen := int(data[6])
1618 if cookieLen > 32 || len(data) != 7+cookieLen {
1621 m.cookie = data[7 : 7+cookieLen]
1626 type encryptedExtensionsMsg struct {
1631 func (m *encryptedExtensionsMsg) equal(i interface{}) bool {
1632 m1, ok := i.(*encryptedExtensionsMsg)
1637 return bytes.Equal(m.raw, m1.raw) &&
1638 bytes.Equal(m.channelID, m1.channelID)
1641 func (m *encryptedExtensionsMsg) marshal() []byte {
1646 length := 2 + 2 + len(m.channelID)
1648 x := make([]byte, 4+length)
1649 x[0] = typeEncryptedExtensions
1650 x[1] = uint8(length >> 16)
1651 x[2] = uint8(length >> 8)
1652 x[3] = uint8(length)
1653 x[4] = uint8(extensionChannelID >> 8)
1654 x[5] = uint8(extensionChannelID & 0xff)
1655 x[6] = uint8(len(m.channelID) >> 8)
1656 x[7] = uint8(len(m.channelID) & 0xff)
1657 copy(x[8:], m.channelID)
1662 func (m *encryptedExtensionsMsg) unmarshal(data []byte) bool {
1663 if len(data) != 4+2+2+128 {
1667 if (uint16(data[4])<<8)|uint16(data[5]) != extensionChannelID {
1670 if int(data[6])<<8|int(data[7]) != 128 {
1673 m.channelID = data[4+2+2:]
1678 type helloRequestMsg struct {
1681 func (*helloRequestMsg) marshal() []byte {
1682 return []byte{typeHelloRequest, 0, 0, 0}
1685 func (*helloRequestMsg) unmarshal(data []byte) bool {
1686 return len(data) == 4
1689 func eqUint16s(x, y []uint16) bool {
1690 if len(x) != len(y) {
1693 for i, v := range x {
1701 func eqCurveIDs(x, y []CurveID) bool {
1702 if len(x) != len(y) {
1705 for i, v := range x {
1713 func eqStrings(x, y []string) bool {
1714 if len(x) != len(y) {
1717 for i, v := range x {
1725 func eqByteSlices(x, y [][]byte) bool {
1726 if len(x) != len(y) {
1729 for i, v := range x {
1730 if !bytes.Equal(v, y[i]) {
1737 func eqSignatureAndHashes(x, y []signatureAndHash) bool {
1738 if len(x) != len(y) {
1741 for i, v := range x {
1743 if v.hash != v2.hash || v.signature != v2.signature {