1 files changed, 123 insertions, 0 deletions
diff --git a/src/vendor/golang.org/x/net/quic/tls.go b/src/vendor/golang.org/x/net/quic/tls.go
new file mode 100644
index 0000000000..9f6e0bc29a
--- /dev/null
+++ b/src/vendor/golang.org/x/net/quic/tls.go
@@ -0,0 +1,123 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package quic
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net"
+	"time"
+)
+
+// startTLS starts the TLS handshake.
+func (c *Conn) startTLS(now time.Time, initialConnID []byte, peerHostname string, params transportParameters) error {
+	tlsConfig := c.config.TLSConfig
+	if a, _, err := net.SplitHostPort(peerHostname); err == nil {
+		peerHostname = a
+	}
+	if tlsConfig.ServerName == "" && peerHostname != "" {
+		tlsConfig = tlsConfig.Clone()
+		tlsConfig.ServerName = peerHostname
+	}
+
+	c.keysInitial = initialKeys(initialConnID, c.side)
+
+	qconfig := &tls.QUICConfig{TLSConfig: tlsConfig}
+	if c.side == clientSide {
+		c.tls = tls.QUICClient(qconfig)
+	} else {
+		c.tls = tls.QUICServer(qconfig)
+	}
+	c.tls.SetTransportParameters(marshalTransportParameters(params))
+	// TODO: We don't need or want a context for cancellation here,
+	// but users can use a context to plumb values through to hooks defined
+	// in the tls.Config. Pass through a context.
+	if err := c.tls.Start(context.TODO()); err != nil {
+		return err
+	}
+	return c.handleTLSEvents(now)
+}
+
+func (c *Conn) handleTLSEvents(now time.Time) error {
+	for {
+		e := c.tls.NextEvent()
+		if c.testHooks != nil {
+			c.testHooks.handleTLSEvent(e)
+		}
+		switch e.Kind {
+		case tls.QUICNoEvent:
+			return nil
+		case tls.QUICSetReadSecret:
+			if err := checkCipherSuite(e.Suite); err != nil {
+				return err
+			}
+			switch e.Level {
+			case tls.QUICEncryptionLevelHandshake:
+				c.keysHandshake.r.init(e.Suite, e.Data)
+			case tls.QUICEncryptionLevelApplication:
+				c.keysAppData.r.init(e.Suite, e.Data)
+			}
+		case tls.QUICSetWriteSecret:
+			if err := checkCipherSuite(e.Suite); err != nil {
+				return err
+			}
+			switch e.Level {
+			case tls.QUICEncryptionLevelHandshake:
+				c.keysHandshake.w.init(e.Suite, e.Data)
+			case tls.QUICEncryptionLevelApplication:
+				c.keysAppData.w.init(e.Suite, e.Data)
+			}
+		case tls.QUICWriteData:
+			var space numberSpace
+			switch e.Level {
+			case tls.QUICEncryptionLevelInitial:
+				space = initialSpace
+			case tls.QUICEncryptionLevelHandshake:
+				space = handshakeSpace
+			case tls.QUICEncryptionLevelApplication:
+				space = appDataSpace
+			default:
+				return fmt.Errorf("quic: internal error: write handshake data at level %v", e.Level)
+			}
+			c.crypto[space].write(e.Data)
+		case tls.QUICHandshakeDone:
+			if c.side == serverSide {
+				// "[...] the TLS handshake is considered confirmed
+				// at the server when the handshake completes."
+				// https://www.rfc-editor.org/rfc/rfc9001#section-4.1.2-1
+				c.confirmHandshake(now)
+			}
+			c.handshakeDone()
+		case tls.QUICTransportParameters:
+			params, err := unmarshalTransportParams(e.Data)
+			if err != nil {
+				return err
+			}
+			if err := c.receiveTransportParameters(params); err != nil {
+				return err
+			}
+		}
+	}
+}
+
+// handleCrypto processes data received in a CRYPTO frame.
+func (c *Conn) handleCrypto(now time.Time, space numberSpace, off int64, data []byte) error {
+	var level tls.QUICEncryptionLevel
+	switch space {
+	case initialSpace:
+		level = tls.QUICEncryptionLevelInitial
+	case handshakeSpace:
+		level = tls.QUICEncryptionLevelHandshake
+	case appDataSpace:
+		level = tls.QUICEncryptionLevelApplication
+	default:
+		return errors.New("quic: internal error: received CRYPTO frame in unexpected number space")
+	}
+	return c.crypto[space].handleCrypto(off, data, func(b []byte) error {
+		return c.tls.HandleData(level, b)
+	})
+}