From 8a391da8586515affd8c557d422ca0f45e6b6c38 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@rnd.stcnet.ru>
Date: Thu, 28 Jan 2021 13:57:06 +0300
Subject: [PATCH] Ability to check what ECDHE curve was used

---
 src/crypto/tls/common.go                 | 3 +++
 src/crypto/tls/conn.go                   | 3 +++
 src/crypto/tls/handshake_client_tls13.go | 2 ++
 src/crypto/tls/handshake_server_tls13.go | 1 +
 4 files changed, 9 insertions(+)

diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 5a1bdbebcb..cf635cbb8d 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -288,6 +288,9 @@ type ConnectionState struct {
 
 	// ekm is a closure exposed via ExportKeyingMaterial.
 	ekm func(label string, context []byte, length int) ([]byte, error)
+
+	// Exists only GOSTed version! ECDHE curve used during handshake.
+	HSCurve CurveID
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index edcfecf81d..e8e8fd1191 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -114,6 +114,8 @@ type Conn struct {
 	activeCall int32
 
 	tmp [16]byte
+
+	hsCurve CurveID
 }
 
 // Access to net.Conn methods.
@@ -1407,6 +1409,7 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	} else {
 		state.ekm = c.ekm
 	}
+	state.HSCurve = c.hsCurve
 	return state
 }
 
diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index 400e8826b7..a74866f7fc 100644
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -231,6 +231,7 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
 		}
 		hs.ecdheParams = params
 		hs.hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
+		c.hsCurve = curveID
 	}
 
 	hs.hello.raw = nil
@@ -308,6 +309,7 @@ func (hs *clientHandshakeStateTLS13) processServerHello() error {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: server selected unsupported group")
 	}
+	c.hsCurve = hs.ecdheParams.CurveID()
 
 	if !hs.serverHello.selectedIdentityPresent {
 		return nil
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index e02dc9f824..51e34bc3ac 100644
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -220,6 +220,7 @@ GroupSelection:
 	}
 
 	c.serverName = hs.clientHello.serverName
+	c.hsCurve = selectedGroup
 	return nil
 }
 
-- 
2.48.1