crypto/tls: implement TLS 1.3 client handshake (base)

Implement a basic TLS 1.3 client handshake, only enabled if explicitly requested with MaxVersion. This CL intentionally leaves for future CLs: - PSK modes and resumption - client authentication - post-handshake messages - downgrade protection - KeyLogWriter support Updates #9671 Change-Id: Ieb6130fb6f25aea4f0d39e3a2448dfc942e1de7a Reviewed-on: https://go-review.googlesource.com/c/146559 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2018-11-01 01:01:09 -04:00 · 2018-11-01 01:01:09 -04:00 · 2c3ff7ba06
commit 2c3ff7ba06
parent ed74f7823e
25 changed files with 2074 additions and 362 deletions
--- a/prf.go
+++ b/prf.go
@ -108,7 +108,6 @@ func prf30(result, secret, label, seed []byte) {
 }

 const (
-	tlsRandomLength      = 32 // Length of a random nonce in TLS 1.1.
 	masterSecretLength   = 48 // Length of a master secret in TLS 1.1.
 	finishedVerifyLength = 12 // Length of verify_data in a Finished message.
 )
@ -176,9 +175,9 @@ func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clie
 	return
 }

-// lookupTLSHash looks up the corresponding crypto.Hash for a given
+// hashFromSignatureScheme returns the corresponding crypto.Hash for a given
 // hash from a TLS SignatureScheme.
-func lookupTLSHash(signatureAlgorithm SignatureScheme) (crypto.Hash, error) {
+func hashFromSignatureScheme(signatureAlgorithm SignatureScheme) (crypto.Hash, error) {
 	switch signatureAlgorithm {
 	case PKCS1WithSHA1, ECDSAWithSHA1:
 		return crypto.SHA1, nil