removing duplicated code on group.

kazu-yamamoto · Apr 11, 2017 · ff7a254 · ff7a254
1 parent 30e59eb
commit ff7a254
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/core/Network/TLS/Handshake/Server.hs b/core/Network/TLS/Handshake/Server.hs
@@ -150,8 +150,12 @@ handshakeServerWith sparams ctx clientHello@(ClientHello clientVersion _ clientS
     -- (i.e. elliptic curves and D-H groups)
     let serverGroups = supportedGroups (ctxSupported ctx) `intersect` availableGroups
         possibleGroups = serverGroups `intersect` clientGroups
-        hasCommonGroupForECDHE = not (null possibleGroups)
-        hasCommonGroup cipher =
+    hasCommonGroupForECDHE <- case possibleGroups of
+        []  -> return False
+        g:_ -> do
+            usingState_ ctx $ setGroup g
+            return True
+    let hasCommonGroup cipher =
             case cipherKeyExchange cipher of
                 CipherKeyExchange_ECDHE_RSA    -> hasCommonGroupForECDHE
                 CipherKeyExchange_ECDHE_ECDSA  -> hasCommonGroupForECDHE
@@ -404,11 +408,7 @@ doHandshake sparams mcred ctx chosenVersion usedCipher usedCompression clientSes
             return serverParams
 
         generateSKX_ECDHE sigAlg = do
-            clientGroups <- fromJust "ClientGroupSuggest" <$> usingState_ ctx getClientGroupSuggest
-            let serverGroups = supportedGroups (ctxSupported ctx) `intersect` availableGroups
-            grp <- case serverGroups `intersect` clientGroups of
-                     []  -> throwCore $ Error_Protocol ("no common group", True, HandshakeFailure)
-                     g:_ -> return g
+            Just grp <- usingState_ ctx getGroup -- cannot be Nothing
             serverParams <- setup_ECDHE grp
             mhash <- decideHash sigAlg
             signed <- digitallySignECDHParams ctx serverParams sigAlg mhash

diff --git a/core/Network/TLS/State.hs b/core/Network/TLS/State.hs
@@ -50,6 +50,8 @@ module Network.TLS.State
     , getVerifiedData
     , setSession
     , getSession
+    , setGroup
+    , getGroup
     , isSessionResuming
     , isClientContext
     -- * random
@@ -90,6 +92,7 @@ data TLSState = TLSState
     , stRandomGen           :: StateRNG
     , stVersion             :: Maybe Version
     , stClientContext       :: Role
+    , stGroup               :: Maybe Group
     }
 
 newtype TLSSt a = TLSSt { runTLSSt :: ErrT TLSError (State TLSState) a }
@@ -125,6 +128,7 @@ newTLSState rng clientContext = TLSState
     , stRandomGen           = rng
     , stVersion             = Nothing
     , stClientContext       = clientContext
+    , stGroup               = Nothing
     }
 
 updateVerifiedData :: Role -> Bytes -> TLSSt ()
@@ -250,6 +254,12 @@ setClientSNI hn = modify (\st -> st { stClientSNI = Just hn })
 getClientSNI :: TLSSt (Maybe HostName)
 getClientSNI = gets stClientSNI
 
+setGroup :: Group -> TLSSt ()
+setGroup grp = modify (\st -> st { stGroup = Just grp })
+
+getGroup :: TLSSt (Maybe Group)
+getGroup = gets stGroup
+
 getVerifiedData :: Role -> TLSSt Bytes
 getVerifiedData client = gets (if client == ClientRole then stClientVerifiedData else stServerVerifiedData)