]> git.ipfire.org Git - thirdparty/gcc.git/blob - libgo/go/crypto/tls/common.go
projects / thirdparty / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add Go frontend, libgo library, and Go testsuite.
[thirdparty/gcc.git] / libgo / go / crypto / tls / common.go
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package tls
6
7 import (
8 "crypto/rand"
9 "crypto/rsa"
10 "io"
11 "io/ioutil"
12 "sync"
13 "time"
14 )
15
16 const (
17 maxPlaintext = 16384 // maximum plaintext payload length
18 maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
19 recordHeaderLen = 5 // record header length
20 maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
21
22 minVersion = 0x0301 // minimum supported version - TLS 1.0
23 maxVersion = 0x0302 // maximum supported version - TLS 1.1
24 )
25
26 // TLS record types.
27 type recordType uint8
28
29 const (
30 recordTypeChangeCipherSpec recordType = 20
31 recordTypeAlert recordType = 21
32 recordTypeHandshake recordType = 22
33 recordTypeApplicationData recordType = 23
34 )
35
36 // TLS handshake message types.
37 const (
38 typeClientHello uint8 = 1
39 typeServerHello uint8 = 2
40 typeCertificate uint8 = 11
41 typeCertificateRequest uint8 = 13
42 typeServerHelloDone uint8 = 14
43 typeCertificateVerify uint8 = 15
44 typeClientKeyExchange uint8 = 16
45 typeFinished uint8 = 20
46 typeCertificateStatus uint8 = 22
47 typeNextProtocol uint8 = 67 // Not IANA assigned
48 )
49
50 // TLS cipher suites.
51 const (
52 TLS_RSA_WITH_RC4_128_SHA uint16 = 5
53 )
54
55 // TLS compression types.
56 const (
57 compressionNone uint8 = 0
58 )
59
60 // TLS extension numbers
61 var (
62 extensionServerName uint16 = 0
63 extensionStatusRequest uint16 = 5
64 extensionNextProtoNeg uint16 = 13172 // not IANA assigned
65 )
66
67 // TLS CertificateStatusType (RFC 3546)
68 const (
69 statusTypeOCSP uint8 = 1
70 )
71
72 // Certificate types (for certificateRequestMsg)
73 const (
74 certTypeRSASign = 1 // A certificate containing an RSA key
75 certTypeDSSSign = 2 // A certificate containing a DSA key
76 certTypeRSAFixedDH = 3 // A certificate containing a static DH key
77 certTypeDSSFixedDH = 4 // A certficiate containing a static DH key
78 // Rest of these are reserved by the TLS spec
79 )
80
81 type ConnectionState struct {
82 HandshakeComplete bool
83 CipherSuite uint16
84 NegotiatedProtocol string
85 }
86
87 // A Config structure is used to configure a TLS client or server. After one
88 // has been passed to a TLS function it must not be modified.
89 type Config struct {
90 // Rand provides the source of entropy for nonces and RSA blinding.
91 Rand io.Reader
92 // Time returns the current time as the number of seconds since the epoch.
93 Time func() int64
94 // Certificates contains one or more certificate chains.
95 Certificates []Certificate
96 RootCAs *CASet
97 // NextProtos is a list of supported, application level protocols.
98 // Currently only server-side handling is supported.
99 NextProtos []string
100 // ServerName is included in the client's handshake to support virtual
101 // hosting.
102 ServerName string
103 // AuthenticateClient determines if a server will request a certificate
104 // from the client. It does not require that the client send a
105 // certificate nor, if it does, that the certificate is anything more
106 // than self-signed.
107 AuthenticateClient bool
108 }
109
110 type Certificate struct {
111 // Certificate contains a chain of one or more certificates. Leaf
112 // certificate first.
113 Certificate [][]byte
114 PrivateKey *rsa.PrivateKey
115 }
116
117 // A TLS record.
118 type record struct {
119 contentType recordType
120 major, minor uint8
121 payload []byte
122 }
123
124 type handshakeMessage interface {
125 marshal() []byte
126 unmarshal([]byte) bool
127 }
128
129 type encryptor interface {
130 // XORKeyStream xors the contents of the slice with bytes from the key stream.
131 XORKeyStream(buf []byte)
132 }
133
134 // mutualVersion returns the protocol version to use given the advertised
135 // version of the peer.
136 func mutualVersion(vers uint16) (uint16, bool) {
137 if vers < minVersion {
138 return 0, false
139 }
140 if vers > maxVersion {
141 vers = maxVersion
142 }
143 return vers, true
144 }
145
146 // The defaultConfig is used in place of a nil *Config in the TLS server and client.
147 var varDefaultConfig *Config
148
149 var once sync.Once
150
151 func defaultConfig() *Config {
152 once.Do(initDefaultConfig)
153 return varDefaultConfig
154 }
155
156 // Possible certificate files; stop after finding one.
157 // On OS X we should really be using the Directory Services keychain
158 // but that requires a lot of Mach goo to get at. Instead we use
159 // the same root set that curl uses.
160 var certFiles = []string{
161 "/etc/ssl/certs/ca-certificates.crt", // Linux etc
162 "/usr/share/curl/curl-ca-bundle.crt", // OS X
163 }
164
165 func initDefaultConfig() {
166 roots := NewCASet()
167 for _, file := range certFiles {
168 data, err := ioutil.ReadFile(file)
169 if err == nil {
170 roots.SetFromPEM(data)
171 break
172 }
173 }
174
175 varDefaultConfig = &Config{
176 Rand: rand.Reader,
177 Time: time.Seconds,
178 RootCAs: roots,
179 }
180 }
Mirror of https://gcc.gnu.org/git/gcc.git