https://halfrost.me/tags/https/HTTPSHugoBlox Kit (https://hugoblox.com)en-usSun, 21 Oct 2018 10:05:36 +0000https://halfrost.me/media/favicon_hu_4db6119fa52e8e17.pnghttps://halfrost.me/tags/https/https://halfrost.me/post/tls-1.3-handshake-protocol/Sun, 21 Oct 2018 10:05:36 +0000https://halfrost.me/post/tls-1.3-handshake-protocol/<p>握手协议用于协商连接的安全参数。握手消息被提供给 TLS 记录层，在记录层它们被封装到一个或多个 TLSPlaintext 或 TLSCiphertext 中，它们按照当前活动连接状态进行处理和传输。</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-c" data-lang="c"><span class="line"><span class="cl"> <span class="k">enum</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nf">client_hello</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">server_hello</span><span class="p">(</span><span class="mi">2</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">new_session_ticket</span><span class="p">(</span><span class="mi">4</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">end_of_early_data</span><span class="p">(</span><span class="mi">5</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">encrypted_extensions</span><span class="p">(</span><span class="mi">8</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">certificate</span><span class="p">(</span><span class="mi">11</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">certificate_request</span><span class="p">(</span><span class="mi">13</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">certificate_verify</span><span class="p">(</span><span class="mi">15</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">finished</span><span class="p">(</span><span class="mi">20</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">key_update</span><span class="p">(</span><span class="mi">24</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="nf">message_hash</span><span class="p">(</span><span class="mi">254</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="p">(</span><span class="mi">255</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> <span class="n">HandshakeType</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="k">struct</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">HandshakeType</span> <span class="n">msg_type</span><span class="p">;</span> <span class="cm">/* handshake type */</span> </span></span><span class="line"><span class="cl"> <span class="n">uint24</span> <span class="n">length</span><span class="p">;</span> <span class="cm">/* remaining bytes in message */</span> </span></span><span class="line"><span class="cl"> <span class="nf">select</span> <span class="p">(</span><span class="n">Handshake</span><span class="p">.</span><span class="n">msg_type</span><span class="p">)</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">client_hello</span><span class="p">:</span> <span class="n">ClientHello</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">server_hello</span><span class="p">:</span> <span class="n">ServerHello</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">end_of_early_data</span><span class="p">:</span> <span class="n">EndOfEarlyData</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">encrypted_extensions</span><span class="p">:</span> <span class="n">EncryptedExtensions</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">certificate_request</span><span class="p">:</span> <span class="n">CertificateRequest</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">certificate</span><span class="p">:</span> <span class="n">Certificate</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">certificate_verify</span><span class="p">:</span> <span class="n">CertificateVerify</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">finished</span><span class="p">:</span> <span class="n">Finished</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">new_session_ticket</span><span class="p">:</span> <span class="n">NewSessionTicket</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="k">case</span> <span class="nl">key_update</span><span class="p">:</span> <span class="n">KeyUpdate</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">};</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> <span class="n">Handshake</span><span class="p">;</span> </span></span></code></pre></div><p>协议消息必须按照一定顺序发送(顺序见下文)。如果对端发现收到的握手消息顺序不对，必须使用 “unexpected_message” alert 消息来中止握手。</p> <p>点击 看全文。</p>