mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

crypto/tls: add SessionState.Extra

Browse Source 
This can be used by applications to store additional data in a session.

Fixes #57753
For #60105

Change-Id: Ib42387ad64750fa8dbbdf51de5e9c86378bef0ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/496822
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Marten Seemann <martenseemann@gmail.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
This commit is contained in:
yuhan6665 2023-10-14 08:11:15 -04:00
parent 600acbbb6b
commit e6eabfc665
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ticket.go
View File

@ -33,6 +33,7 @@ type SessionState struct {
// uint16 cipher_suite; // uint16 cipher_suite;
// uint64 created_at; // uint64 created_at;
// opaque secret<1..2^8-1>; // opaque secret<1..2^8-1>;
// opaque extra<0..2^24-1>;
// CertificateEntry certificate_list<0..2^24-1>; // CertificateEntry certificate_list<0..2^24-1>;
// select (SessionState.type) { // select (SessionState.type) {
// case server: /* empty */; // case server: /* empty */;
@ -50,6 +51,18 @@ type SessionState struct {
// } SessionState; // } SessionState;
// //
// Extra is ignored by crypto/tls, but is encoded by [SessionState.Bytes]
// and parsed by [ParseSessionState].
//
// This allows [Config.UnwrapSession]/[Config.WrapSession] and
// [ClientSessionCache] implementations to store and retrieve additional
// data.
//
// If Extra is already set, the implementation must preserve the previous
// value across a round-trip, for example by appending and stripping a
// fixed-length suffix.
Extra []byte
version uint16 version uint16
isClient bool isClient bool
cipherSuite uint16 cipherSuite uint16
@ -90,6 +103,9 @@ func (s *SessionState) Bytes() ([]byte, error) {
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
b.AddBytes(s.secret) b.AddBytes(s.secret)
}) })
b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
b.AddBytes(s.Extra)
})
marshalCertificate(&b, s.certificate()) marshalCertificate(&b, s.certificate())
if s.isClient { if s.isClient {
b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) {
@ -144,6 +160,7 @@ func ParseSessionState(data []byte) (*SessionState, error) {
!s.ReadUint16(&ss.cipherSuite) || !s.ReadUint16(&ss.cipherSuite) ||
!readUint64(&s, &ss.createdAt) || !readUint64(&s, &ss.createdAt) ||
!readUint8LengthPrefixed(&s, &ss.secret) || !readUint8LengthPrefixed(&s, &ss.secret) ||
!readUint24LengthPrefixed(&s, &ss.Extra) ||
len(ss.secret) == 0 || len(ss.secret) == 0 ||
!unmarshalCertificate(&s, &cert) { !unmarshalCertificate(&s, &cert) {
return nil, errors.New("tls: invalid session encoding") return nil, errors.New("tls: invalid session encoding")