handshake

package
v2.0.0-...-8205865 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2024 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package handshake provides the DTLS wire protocol for handshakes

Index

Constants

View Source 
const (
	RandomBytesLength = 28
	RandomLength      = RandomBytesLength + 4
)

Consts for Random in Handshake

View Source 
const HeaderLength = 12

HeaderLength msg_len for Handshake messages assumes an extra 12 bytes for sequence, fragment and version information vs TLS

Variables

This section is empty.

Functions

This section is empty.

Types

type Handshake 

type Handshake struct {
	Header  Header
	Message Message

	KeyExchangeAlgorithm types.KeyExchangeAlgorithm
}

Handshake protocol is responsible for selecting a cipher spec and generating a master secret, which together comprise the primary cryptographic parameters associated with a secure session. The handshake protocol can also optionally authenticate parties who have certificates signed by a trusted certificate authority. https://tools.ietf.org/html/rfc5246#section-7.3

func (Handshake) ContentType 

func (h Handshake) ContentType() protocol.ContentType

ContentType returns what kind of content this message is carying

func (*Handshake) Marshal 

func (h *Handshake) Marshal() ([]byte, error)

Marshal encodes a handshake into a binary message

func (*Handshake) Unmarshal 

func (h *Handshake) Unmarshal(data []byte) error

Unmarshal decodes a handshake from a binary message 

type Header struct {
	Type            Type
	Length          uint32 // uint24 in spec
	MessageSequence uint16
	FragmentOffset  uint32 // uint24 in spec
	FragmentLength  uint32 // uint24 in spec
}

Header is the static first 12 bytes of each RecordLayer of type Handshake. These fields allow us to support message loss, reordering, and message fragmentation,

https://tools.ietf.org/html/rfc6347#section-4.2.2

func (*Header) Marshal 

func (h *Header) Marshal() ([]byte, error)

Marshal encodes the Header

func (*Header) Unmarshal 

func (h *Header) Unmarshal(data []byte) error

Unmarshal populates the header from encoded data

type Message 

type Message interface {
	Marshal() ([]byte, error)
	Unmarshal(data []byte) error
	Type() Type
}

Message is the body of a Handshake datagram

type MessageCertificate 

type MessageCertificate struct {
	Certificate [][]byte
}

MessageCertificate is a DTLS Handshake Message it can contain either a Client or Server Certificate

https://tools.ietf.org/html/rfc5246#section-7.4.2

func (*MessageCertificate) Marshal 

func (m *MessageCertificate) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageCertificate) Type 

func (m MessageCertificate) Type() Type

Type returns the Handshake Type

func (*MessageCertificate) Unmarshal 

func (m *MessageCertificate) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageCertificateRequest 

type MessageCertificateRequest struct {
	CertificateTypes            []clientcertificate.Type
	SignatureHashAlgorithms     []signaturehash.Algorithm
	CertificateAuthoritiesNames [][]byte
}

MessageCertificateRequest is so a non-anonymous server can optionally request a certificate from the client, if appropriate for the selected cipher suite. This message, if sent, will immediately follow the ServerKeyExchange message (if it is sent; otherwise, this message follows the server's Certificate message).

https://tools.ietf.org/html/rfc5246#section-7.4.4

func (*MessageCertificateRequest) Marshal 

func (m *MessageCertificateRequest) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageCertificateRequest) Type 

func (m MessageCertificateRequest) Type() Type

Type returns the Handshake Type

func (*MessageCertificateRequest) Unmarshal 

func (m *MessageCertificateRequest) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageCertificateVerify 

type MessageCertificateVerify struct {
	HashAlgorithm      hash.Algorithm
	SignatureAlgorithm signature.Algorithm
	Signature          []byte
}

MessageCertificateVerify provide explicit verification of a client certificate.

https://tools.ietf.org/html/rfc5246#section-7.4.8

func (*MessageCertificateVerify) Marshal 

func (m *MessageCertificateVerify) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageCertificateVerify) Type 

func (m MessageCertificateVerify) Type() Type

Type returns the Handshake Type

func (*MessageCertificateVerify) Unmarshal 

func (m *MessageCertificateVerify) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageClientHello 

type MessageClientHello struct {
	Version protocol.Version
	Random  Random
	Cookie  []byte

	SessionID []byte

	CipherSuiteIDs     []uint16
	CompressionMethods []*protocol.CompressionMethod
	Extensions         []extension.Extension
}

MessageClientHello is for when a client first connects to a server it is required to send the client hello as its first message. The client can also send a client hello in response to a hello request or on its own initiative in order to renegotiate the security parameters in an existing connection.

func (*MessageClientHello) Marshal 

func (m *MessageClientHello) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageClientHello) Type 

func (m MessageClientHello) Type() Type

Type returns the Handshake Type

func (*MessageClientHello) Unmarshal 

func (m *MessageClientHello) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageClientKeyExchange 

type MessageClientKeyExchange struct {
	IdentityHint []byte
	PublicKey    []byte

	// for unmarshaling
	KeyExchangeAlgorithm types.KeyExchangeAlgorithm
}

MessageClientKeyExchange is a DTLS Handshake Message With this message, the premaster secret is set, either by direct transmission of the RSA-encrypted secret or by the transmission of Diffie-Hellman parameters that will allow each side to agree upon the same premaster secret.

https://tools.ietf.org/html/rfc5246#section-7.4.7

func (*MessageClientKeyExchange) Marshal 

func (m *MessageClientKeyExchange) Marshal() (out []byte, err error)

Marshal encodes the Handshake

func (MessageClientKeyExchange) Type 

func (m MessageClientKeyExchange) Type() Type

Type returns the Handshake Type

func (*MessageClientKeyExchange) Unmarshal 

func (m *MessageClientKeyExchange) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageFinished 

type MessageFinished struct {
	VerifyData []byte
}

MessageFinished is a DTLS Handshake Message this message is the first one protected with the just negotiated algorithms, keys, and secrets. Recipients of Finished messages MUST verify that the contents are correct.

https://tools.ietf.org/html/rfc5246#section-7.4.9

func (*MessageFinished) Marshal 

func (m *MessageFinished) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageFinished) Type 

func (m MessageFinished) Type() Type

Type returns the Handshake Type

func (*MessageFinished) Unmarshal 

func (m *MessageFinished) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageHelloVerifyRequest 

type MessageHelloVerifyRequest struct {
	Version protocol.Version
	Cookie  []byte
}

MessageHelloVerifyRequest is as follows: 

struct {
  ProtocolVersion server_version;
  opaque cookie<0..2^8-1>;
} HelloVerifyRequest;

The HelloVerifyRequest message type is hello_verify_request(3).

When the client sends its ClientHello message to the server, the server
MAY respond with a HelloVerifyRequest message.  This message contains
a stateless cookie generated using the technique of [PHOTURIS].  The
client MUST retransmit the ClientHello with the cookie added.

https://tools.ietf.org/html/rfc6347#section-4.2.1

func (*MessageHelloVerifyRequest) Marshal 

func (m *MessageHelloVerifyRequest) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageHelloVerifyRequest) Type 

func (m MessageHelloVerifyRequest) Type() Type

Type returns the Handshake Type

func (*MessageHelloVerifyRequest) Unmarshal 

func (m *MessageHelloVerifyRequest) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageServerHello 

type MessageServerHello struct {
	Version protocol.Version
	Random  Random

	SessionID []byte

	CipherSuiteID     *uint16
	CompressionMethod *protocol.CompressionMethod
	Extensions        []extension.Extension
}

MessageServerHello is sent in response to a ClientHello message when it was able to find an acceptable set of algorithms. If it cannot find such a match, it will respond with a handshake failure alert.

https://tools.ietf.org/html/rfc5246#section-7.4.1.3

func (*MessageServerHello) Marshal 

func (m *MessageServerHello) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageServerHello) Type 

func (m MessageServerHello) Type() Type

Type returns the Handshake Type

func (*MessageServerHello) Unmarshal 

func (m *MessageServerHello) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type MessageServerHelloDone 

type MessageServerHelloDone struct{}

MessageServerHelloDone is final non-encrypted message from server this communicates server has sent all its handshake messages and next should be MessageFinished

func (*MessageServerHelloDone) Marshal 

func (m *MessageServerHelloDone) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageServerHelloDone) Type 

func (m MessageServerHelloDone) Type() Type

Type returns the Handshake Type

func (*MessageServerHelloDone) Unmarshal 

func (m *MessageServerHelloDone) Unmarshal([]byte) error

Unmarshal populates the message from encoded data

type MessageServerKeyExchange 

type MessageServerKeyExchange struct {
	IdentityHint []byte

	EllipticCurveType  elliptic.CurveType
	NamedCurve         elliptic.Curve
	PublicKey          []byte
	HashAlgorithm      hash.Algorithm
	SignatureAlgorithm signature.Algorithm
	Signature          []byte

	// for unmarshaling
	KeyExchangeAlgorithm types.KeyExchangeAlgorithm
}

MessageServerKeyExchange supports ECDH and PSK

func (*MessageServerKeyExchange) Marshal 

func (m *MessageServerKeyExchange) Marshal() ([]byte, error)

Marshal encodes the Handshake

func (MessageServerKeyExchange) Type 

func (m MessageServerKeyExchange) Type() Type

Type returns the Handshake Type

func (*MessageServerKeyExchange) Unmarshal 

func (m *MessageServerKeyExchange) Unmarshal(data []byte) error

Unmarshal populates the message from encoded data

type Random 

type Random struct {
	GMTUnixTime time.Time
	RandomBytes [RandomBytesLength]byte
}

Random value that is used in ClientHello and ServerHello

https://tools.ietf.org/html/rfc4346#section-7.4.1.2

func (*Random) MarshalFixed 

func (r *Random) MarshalFixed() [RandomLength]byte

MarshalFixed encodes the Handshake

func (*Random) Populate 

func (r *Random) Populate() error

Populate fills the handshakeRandom with random values may be called multiple times

func (*Random) UnmarshalFixed 

func (r *Random) UnmarshalFixed(data [RandomLength]byte)

UnmarshalFixed populates the message from encoded data

type Type 

type Type uint8

Type is the unique identifier for each handshake message https://tools.ietf.org/html/rfc5246#section-7.4 

const (
	TypeHelloRequest       Type = 0
	TypeClientHello        Type = 1
	TypeServerHello        Type = 2
	TypeHelloVerifyRequest Type = 3
	TypeCertificate        Type = 11
	TypeServerKeyExchange  Type = 12
	TypeCertificateRequest Type = 13
	TypeServerHelloDone    Type = 14
	TypeCertificateVerify  Type = 15
	TypeClientKeyExchange  Type = 16
	TypeFinished           Type = 20
)

Types of DTLS Handshake messages we know about

func (Type) String 

func (t Type) String() string

String returns the string representation of this type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.