]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fd8bb86)
Ability to check what ECDHE curve was used go1.15.7-gost
authorSergey Matveev <stargrave@rnd.stcnet.ru>
Thu, 28 Jan 2021 10:57:06 +0000 (13:57 +0300)
committerSergey Matveev <stargrave@rnd.stcnet.ru>
Thu, 28 Jan 2021 10:57:06 +0000 (13:57 +0300)
src/crypto/tls/common.go patch | blob | history
src/crypto/tls/conn.go patch | blob | history
src/crypto/tls/handshake_client_tls13.go patch | blob | history
src/crypto/tls/handshake_server_tls13.go patch | blob | history

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 5a1bdbebcb715affb0a6e3139f48053b05e2f2a7..cf635cbb8d12eb7ddeb820f7dae8d3adf9ae592a 100644 (file)
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -288,6 +288,9 @@ type ConnectionState struct {
 
        // ekm is a closure exposed via ExportKeyingMaterial.
        ekm func(label string, context []byte, length int) ([]byte, error)
+
+       // Exists only GOSTed version! ECDHE curve used during handshake.
+       HSCurve CurveID
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index edcfecf81d77c63d9b3a14eee29a85bf0fed3324..e8e8fd119153d5603be5336d79e8b19494a29d15 100644 (file)
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -114,6 +114,8 @@ type Conn struct {
        activeCall int32
 
        tmp [16]byte
+
+       hsCurve CurveID
 }
 
 // Access to net.Conn methods.
@@ -1407,6 +1409,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
        } else {
                state.ekm = c.ekm
        }
+       state.HSCurve = c.hsCurve
        return state
 }
 
diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index 400e8826b70633208b26e46b449b41cec06de6b4..a74866f7fccae64079037677b11d3c494c0953f0 100644 (file)
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -231,6 +231,7 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
                }
                hs.ecdheParams = params
                hs.hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
+               c.hsCurve = curveID
        }
 
        hs.hello.raw = nil
@@ -308,6 +309,7 @@ func (hs *clientHandshakeStateTLS13) processServerHello() error {
                c.sendAlert(alertIllegalParameter)
                return errors.New("tls: server selected unsupported group")
        }
+       c.hsCurve = hs.ecdheParams.CurveID()
 
        if !hs.serverHello.selectedIdentityPresent {
                return nil
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index e02dc9f824abeca765f83aa3d78da1c30dcb9b14..51e34bc3ace71ee389c7e05400b16d0fb4b271f5 100644 (file)
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -220,6 +220,7 @@ GroupSelection:
        }
 
        c.serverName = hs.clientHello.serverName
+       c.hsCurve = selectedGroup
        return nil
 }
 
Go GOST TLS 1.3