-
-
Notifications
You must be signed in to change notification settings - Fork 119
/
server_hello.go
66 lines (57 loc) · 1.92 KB
/
server_hello.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package faketls
import (
"bytes"
"crypto/hmac"
"crypto/sha256"
"io"
"golang.org/x/xerrors"
)
// readServerHello reads faketls ServerHello.
// See https://github.com/9seconds/mtg/blob/e075169dd4e9fc4c2b1453668f85f5099c4fb895/tlstypes/server_hello.go#L21-L57.
func readServerHello(r io.Reader, clientRandom [32]byte, secret []byte) error {
packetBuf := bytes.NewBuffer(nil)
r = io.TeeReader(r, packetBuf)
handshake, err := readRecord(r)
if err != nil {
return xerrors.Errorf("handshake record: %w", err)
}
if handshake.Type != RecordTypeHandshake {
return xerrors.Errorf("unexpected record type: %w", err)
}
changeCipher, err := readRecord(r)
if err != nil {
return xerrors.Errorf("change cipher record: %w", err)
}
if changeCipher.Type != RecordTypeChangeCipherSpec {
return xerrors.Errorf("unexpected record type: %w", err)
}
cert, err := readRecord(r)
if err != nil {
return xerrors.Errorf("cert record: %w", err)
}
if cert.Type != RecordTypeApplication {
return xerrors.Errorf("unexpected record type: %w", err)
}
// `$record_header = type 1 byte + version 2 bytes + payload_length 2 bytes = 5 bytes`
// `$server_hello_header = type 1 bytes + version 2 bytes + length 3 bytes = 6 bytes`
// `$offset = $record_header + $server_hello_header = 11 bytes`
const serverRandomOffset = 11
packet := packetBuf.Bytes()
// Copy original digest.
var originalDigest [32]byte
copy(originalDigest[:], packet[serverRandomOffset:serverRandomOffset+32])
// Fill original digest by zeros.
var zeros [32]byte
copy(packet[serverRandomOffset:serverRandomOffset+32], zeros[:])
mac := hmac.New(sha256.New, secret)
if _, err := mac.Write(clientRandom[:]); err != nil {
return xerrors.Errorf("hmac write: %w", err)
}
if _, err := mac.Write(packet); err != nil {
return xerrors.Errorf("hmac write: %w", err)
}
if !bytes.Equal(mac.Sum(nil), originalDigest[:]) {
return xerrors.New("hmac digest mismatch")
}
return nil
}