blob: 51de53389af8b9f10763461805ae20e3deab4d93 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tls
import (
"crypto/rsa"
"io"
"os"
)
const (
// maxTLSCiphertext is the maximum length of a plaintext payload.
maxTLSPlaintext = 16384
// maxTLSCiphertext is the maximum length payload after compression and encryption.
maxTLSCiphertext = 16384 + 2048
// maxHandshakeMsg is the largest single handshake message that we'll buffer.
maxHandshakeMsg = 65536
// defaultMajor and defaultMinor are the maximum TLS version that we support.
defaultMajor = 3
defaultMinor = 2
)
// TLS record types.
type recordType uint8
const (
recordTypeChangeCipherSpec recordType = 20
recordTypeAlert recordType = 21
recordTypeHandshake recordType = 22
recordTypeApplicationData recordType = 23
)
// TLS handshake message types.
const (
typeClientHello uint8 = 1
typeServerHello uint8 = 2
typeCertificate uint8 = 11
typeServerHelloDone uint8 = 14
typeClientKeyExchange uint8 = 16
typeFinished uint8 = 20
)
// TLS cipher suites.
var (
TLS_RSA_WITH_RC4_128_SHA uint16 = 5
)
// TLS compression types.
var (
compressionNone uint8 = 0
)
type ConnectionState struct {
HandshakeComplete bool
CipherSuite string
Error alertType
}
// A Config structure is used to configure a TLS client or server. After one
// has been passed to a TLS function it must not be modified.
type Config struct {
// Rand provides the source of entropy for nonces and RSA blinding.
Rand io.Reader
// Time returns the current time as the number of seconds since the epoch.
Time func() int64
Certificates []Certificate
RootCAs *CASet
}
type Certificate struct {
Certificate [][]byte
PrivateKey *rsa.PrivateKey
}
// A TLS record.
type record struct {
contentType recordType
major, minor uint8
payload []byte
}
type handshakeMessage interface {
marshal() []byte
}
type encryptor interface {
// XORKeyStream xors the contents of the slice with bytes from the key stream.
XORKeyStream(buf []byte)
}
// mutualVersion returns the protocol version to use given the advertised
// version of the peer.
func mutualVersion(theirMajor, theirMinor uint8) (major, minor uint8, ok bool) {
// We don't deal with peers < TLS 1.0 (aka version 3.1).
if theirMajor < 3 || theirMajor == 3 && theirMinor < 1 {
return 0, 0, false
}
major = 3
minor = 2
if theirMinor < minor {
minor = theirMinor
}
ok = true
return
}
// A nop implements the NULL encryption and MAC algorithms.
type nop struct{}
func (nop) XORKeyStream(buf []byte) {}
func (nop) Write(buf []byte) (int, os.Error) { return len(buf), nil }
func (nop) Sum() []byte { return nil }
func (nop) Reset() {}
func (nop) Size() int { return 0 }
|
