Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(991)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Delta Between Two Patch Sets: src/pkg/crypto/tls/key_agreement.go

Issue 4607052: code review 4607052: os.Error API: don't export os.ErrorString, use os.NewEr... (Closed)
Left Patch Set: Created 13 years, 9 months ago
Right Patch Set: diff -r 6e3e06fb2dc3 https://go.googlecode.com/hg/ Created 13 years, 9 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « src/pkg/crypto/tls/handshake_server.go ('k') | src/pkg/crypto/tls/tls.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 // Copyright 2010 The Go Authors. All rights reserved. 1 // Copyright 2010 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package tls 5 package tls
6 6
7 import ( 7 import (
8 "big" 8 "big"
9 "crypto" 9 "crypto"
10 "crypto/elliptic" 10 "crypto/elliptic"
(...skipping 14 matching lines...) Expand all
25 } 25 }
26 26
27 func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe yExchangeMsg) ([]byte, os.Error) { 27 func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe yExchangeMsg) ([]byte, os.Error) {
28 preMasterSecret := make([]byte, 48) 28 preMasterSecret := make([]byte, 48)
29 _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) 29 _, err := io.ReadFull(config.rand(), preMasterSecret[2:])
30 if err != nil { 30 if err != nil {
31 return nil, err 31 return nil, err
32 } 32 }
33 33
34 if len(ckx.ciphertext) < 2 { 34 if len(ckx.ciphertext) < 2 {
35 » » return nil, os.ErrorString("bad ClientKeyExchange") 35 » » return nil, os.NewError("bad ClientKeyExchange")
36 } 36 }
37 ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1]) 37 ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1])
38 if ciphertextLen != len(ckx.ciphertext)-2 { 38 if ciphertextLen != len(ckx.ciphertext)-2 {
39 » » return nil, os.ErrorString("bad ClientKeyExchange") 39 » » return nil, os.NewError("bad ClientKeyExchange")
40 } 40 }
41 ciphertext := ckx.ciphertext[2:] 41 ciphertext := ckx.ciphertext[2:]
42 42
43 err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0 ].PrivateKey, ciphertext, preMasterSecret) 43 err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0 ].PrivateKey, ciphertext, preMasterSecret)
44 if err != nil { 44 if err != nil {
45 return nil, err 45 return nil, err
46 } 46 }
47 // We don't check the version number in the premaster secret. For one, 47 // We don't check the version number in the premaster secret. For one,
48 // by checking it, we would leak information about the validity of the 48 // by checking it, we would leak information about the validity of the
49 // encrypted pre-master secret. Secondly, it provides only a small 49 // encrypted pre-master secret. Secondly, it provides only a small
50 // benefit against a downgrade attack and some implementations send the 50 // benefit against a downgrade attack and some implementations send the
51 // wrong version anyway. See the discussion at the end of section 51 // wrong version anyway. See the discussion at the end of section
52 // 7.4.7.1 of RFC 4346. 52 // 7.4.7.1 of RFC 4346.
53 return preMasterSecret, nil 53 return preMasterSecret, nil
54 } 54 }
55 55
56 func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello * clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *server KeyExchangeMsg) os.Error { 56 func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello * clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *server KeyExchangeMsg) os.Error {
57 » return os.ErrorString("unexpected ServerKeyExchange") 57 » return os.NewError("unexpected ServerKeyExchange")
58 } 58 }
59 59
60 func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Erro r) { 60 func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Erro r) {
61 preMasterSecret := make([]byte, 48) 61 preMasterSecret := make([]byte, 48)
62 preMasterSecret[0] = byte(clientHello.vers >> 8) 62 preMasterSecret[0] = byte(clientHello.vers >> 8)
63 preMasterSecret[1] = byte(clientHello.vers) 63 preMasterSecret[1] = byte(clientHello.vers)
64 _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) 64 _, err := io.ReadFull(config.rand(), preMasterSecret[2:])
65 if err != nil { 65 if err != nil {
66 return nil, nil, err 66 return nil, nil, err
67 } 67 }
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
139 serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic)) 139 serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic))
140 serverECDHParams[0] = 3 // named curve 140 serverECDHParams[0] = 3 // named curve
141 serverECDHParams[1] = byte(curveid >> 8) 141 serverECDHParams[1] = byte(curveid >> 8)
142 serverECDHParams[2] = byte(curveid) 142 serverECDHParams[2] = byte(curveid)
143 serverECDHParams[3] = byte(len(ecdhePublic)) 143 serverECDHParams[3] = byte(len(ecdhePublic))
144 copy(serverECDHParams[4:], ecdhePublic) 144 copy(serverECDHParams[4:], ecdhePublic)
145 145
146 md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParam s) 146 md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParam s)
147 sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].Priva teKey, crypto.MD5SHA1, md5sha1) 147 sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].Priva teKey, crypto.MD5SHA1, md5sha1)
148 if err != nil { 148 if err != nil {
149 » » return nil, os.ErrorString("failed to sign ECDHE parameters: " + err.String()) 149 » » return nil, os.NewError("failed to sign ECDHE parameters: " + er r.String())
150 } 150 }
151 151
152 skx := new(serverKeyExchangeMsg) 152 skx := new(serverKeyExchangeMsg)
153 skx.key = make([]byte, len(serverECDHParams)+2+len(sig)) 153 skx.key = make([]byte, len(serverECDHParams)+2+len(sig))
154 copy(skx.key, serverECDHParams) 154 copy(skx.key, serverECDHParams)
155 k := skx.key[len(serverECDHParams):] 155 k := skx.key[len(serverECDHParams):]
156 k[0] = byte(len(sig) >> 8) 156 k[0] = byte(len(sig) >> 8)
157 k[1] = byte(len(sig)) 157 k[1] = byte(len(sig))
158 copy(k[2:], sig) 158 copy(k[2:], sig)
159 159
160 return skx, nil 160 return skx, nil
161 } 161 }
162 162
163 func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl ientKeyExchangeMsg) ([]byte, os.Error) { 163 func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl ientKeyExchangeMsg) ([]byte, os.Error) {
164 if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphert ext)-1 { 164 if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphert ext)-1 {
165 » » return nil, os.ErrorString("bad ClientKeyExchange") 165 » » return nil, os.NewError("bad ClientKeyExchange")
166 } 166 }
167 x, y := ka.curve.Unmarshal(ckx.ciphertext[1:]) 167 x, y := ka.curve.Unmarshal(ckx.ciphertext[1:])
168 if x == nil { 168 if x == nil {
169 » » return nil, os.ErrorString("bad ClientKeyExchange") 169 » » return nil, os.NewError("bad ClientKeyExchange")
170 } 170 }
171 x, _ = ka.curve.ScalarMult(x, y, ka.privateKey) 171 x, _ = ka.curve.ScalarMult(x, y, ka.privateKey)
172 preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3) 172 preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3)
173 xBytes := x.Bytes() 173 xBytes := x.Bytes()
174 copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) 174 copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
175 175
176 return preMasterSecret, nil 176 return preMasterSecret, nil
177 } 177 }
178 178
179 var errServerKeyExchange = os.ErrorString("invalid ServerKeyExchange") 179 var errServerKeyExchange = os.NewError("invalid ServerKeyExchange")
180 180
181 func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH ello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx * serverKeyExchangeMsg) os.Error { 181 func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH ello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx * serverKeyExchangeMsg) os.Error {
182 if len(skx.key) < 4 { 182 if len(skx.key) < 4 {
183 return errServerKeyExchange 183 return errServerKeyExchange
184 } 184 }
185 if skx.key[0] != 3 { // named curve 185 if skx.key[0] != 3 { // named curve
186 » » return os.ErrorString("server selected unsupported curve") 186 » » return os.NewError("server selected unsupported curve")
187 } 187 }
188 curveid := uint16(skx.key[1])<<8 | uint16(skx.key[2]) 188 curveid := uint16(skx.key[1])<<8 | uint16(skx.key[2])
189 189
190 switch curveid { 190 switch curveid {
191 case curveP256: 191 case curveP256:
192 ka.curve = elliptic.P256() 192 ka.curve = elliptic.P256()
193 case curveP384: 193 case curveP384:
194 ka.curve = elliptic.P384() 194 ka.curve = elliptic.P384()
195 case curveP521: 195 case curveP521:
196 ka.curve = elliptic.P521() 196 ka.curve = elliptic.P521()
197 default: 197 default:
198 » » return os.ErrorString("server selected unsupported curve") 198 » » return os.NewError("server selected unsupported curve")
199 } 199 }
200 200
201 publicLen := int(skx.key[3]) 201 publicLen := int(skx.key[3])
202 if publicLen+4 > len(skx.key) { 202 if publicLen+4 > len(skx.key) {
203 return errServerKeyExchange 203 return errServerKeyExchange
204 } 204 }
205 ka.x, ka.y = ka.curve.Unmarshal(skx.key[4 : 4+publicLen]) 205 ka.x, ka.y = ka.curve.Unmarshal(skx.key[4 : 4+publicLen])
206 if ka.x == nil { 206 if ka.x == nil {
207 return errServerKeyExchange 207 return errServerKeyExchange
208 } 208 }
209 serverECDHParams := skx.key[:4+publicLen] 209 serverECDHParams := skx.key[:4+publicLen]
210 210
211 sig := skx.key[4+publicLen:] 211 sig := skx.key[4+publicLen:]
212 if len(sig) < 2 { 212 if len(sig) < 2 {
213 return errServerKeyExchange 213 return errServerKeyExchange
214 } 214 }
215 sigLen := int(sig[0])<<8 | int(sig[1]) 215 sigLen := int(sig[0])<<8 | int(sig[1])
216 if sigLen+2 != len(sig) { 216 if sigLen+2 != len(sig) {
217 return errServerKeyExchange 217 return errServerKeyExchange
218 } 218 }
219 sig = sig[2:] 219 sig = sig[2:]
220 220
221 md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECD HParams) 221 md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECD HParams)
222 return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA 1, md5sha1, sig) 222 return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA 1, md5sha1, sig)
223 } 223 }
224 224
225 func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, client Hello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, o s.Error) { 225 func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, client Hello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, o s.Error) {
226 if ka.curve == nil { 226 if ka.curve == nil {
227 » » return nil, nil, os.ErrorString("missing ServerKeyExchange messa ge") 227 » » return nil, nil, os.NewError("missing ServerKeyExchange message" )
228 } 228 }
229 priv, mx, my, err := ka.curve.GenerateKey(config.rand()) 229 priv, mx, my, err := ka.curve.GenerateKey(config.rand())
230 if err != nil { 230 if err != nil {
231 return nil, nil, err 231 return nil, nil, err
232 } 232 }
233 x, _ := ka.curve.ScalarMult(ka.x, ka.y, priv) 233 x, _ := ka.curve.ScalarMult(ka.x, ka.y, priv)
234 preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3) 234 preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3)
235 xBytes := x.Bytes() 235 xBytes := x.Bytes()
236 copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) 236 copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
237 237
238 serialized := ka.curve.Marshal(mx, my) 238 serialized := ka.curve.Marshal(mx, my)
239 239
240 ckx := new(clientKeyExchangeMsg) 240 ckx := new(clientKeyExchangeMsg)
241 ckx.ciphertext = make([]byte, 1+len(serialized)) 241 ckx.ciphertext = make([]byte, 1+len(serialized))
242 ckx.ciphertext[0] = byte(len(serialized)) 242 ckx.ciphertext[0] = byte(len(serialized))
243 copy(ckx.ciphertext[1:], serialized) 243 copy(ckx.ciphertext[1:], serialized)
244 244
245 return preMasterSecret, ckx, nil 245 return preMasterSecret, ckx, nil
246 } 246 }
LEFTRIGHT
« src/pkg/crypto/tls/handshake_server.go ('k') | src/pkg/crypto/tls/tls.go » ('j') | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b