fixes #127 (#175)

* fix for tls13 when server selects a keyshare  with index > 0

* Update handshake_client_tls13.go

* resolved [uTLS section] problems

---------

Co-authored-by: Chaos Pjeles <chaos@fqr.us>

handshake_client_tls13.go

@@ -17,12 +17,30 @@ import (
 	"time"
 )
 
+// [uTLS SECTION START]
+type KeySharesEcdheParameters map[CurveID]ecdheParameters
+
+func (keymap KeySharesEcdheParameters) AddEcdheParams(curveID CurveID, params ecdheParameters) {
+	keymap[curveID] = params
+}
+func (keymap KeySharesEcdheParameters) GetEcdheParams(curveID CurveID) (params ecdheParameters, ok bool) {
+	params, ok = keymap[curveID]
+	return
+}
+func (keymap KeySharesEcdheParameters) GetPublicEcdheParams(curveID CurveID) (params EcdheParameters, ok bool) {
+	params, ok = keymap[curveID]
+	return
+}
+
+// [uTLS SECTION END]
+
 type clientHandshakeStateTLS13 struct {
-	c           *Conn
-	ctx         context.Context
-	serverHello *serverHelloMsg
-	hello       *clientHelloMsg
-	ecdheParams ecdheParameters
+	c                    *Conn
+	ctx                  context.Context
+	serverHello          *serverHelloMsg
+	hello                *clientHelloMsg
+	ecdheParams          ecdheParameters
+	keySharesEcdheParams KeySharesEcdheParameters // [uTLS]
 
 	session     *ClientSessionState
 	earlySecret []byte
@@ -55,6 +73,14 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 		return errors.New("tls: server selected TLS 1.3 in a renegotiation")
 	}
 
+	// [uTLS SECTION START]
+
+	// set echdheParams to what we received from server
+	if ecdheParams, ok := hs.keySharesEcdheParams.GetEcdheParams(hs.serverHello.serverShare.group); ok {
+		hs.ecdheParams = ecdheParams
+	}
+	// [uTLS SECTION END]
+
 	// Consistency check on the presence of a keyShare and its parameters.
 	if hs.ecdheParams == nil || len(hs.hello.keyShares) < 1 { // [uTLS]
 		// keyshares "< 1" instead of "!= 1", as uTLS may send multiple