Add mTLS flag support

Author: jhoyla

src/crypto/tls/handshake_messages.go

@@ -243,7 +243,9 @@ func (m *clientHelloMsg) marshal() ([]byte, error) {
 	if len(m.tlsFlags) > 0 {
 		exts.AddUint16(extensionTLSFlags)
 		exts.AddUint16LengthPrefixed(func(exts *cryptobyte.Builder) {
-			exts.AddBytes(m.tlsFlags)
+			exts.AddUint8LengthPrefixed(func(exts *cryptobyte.Builder) {
+				exts.AddBytes(m.tlsFlags)
+			})
 		})
 	}
 	if len(m.cookie) > 0 {
@@ -585,9 +587,13 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 				m.supportedVersions = append(m.supportedVersions, vers)
 			}
 		case extensionTLSFlags:
-			for !extData.Empty() {
+			var flagsList cryptobyte.String
+			if !extData.ReadUint8LengthPrefixed(&flagsList) || flagsList.Empty() {
+				return false
+			}
+			for !flagsList.Empty() {
 				var flagByte uint8
-				if !extData.ReadUint8(&flagByte) {
+				if !flagsList.ReadUint8(&flagByte) {
 					return false
 				}
 				m.tlsFlags = append(m.tlsFlags, flagByte)

src/crypto/tls/handshake_server_tls13.go

@@ -320,7 +320,18 @@ GroupSelection:
 		return errors.New("tls: invalid client key share")
 	}
 	if len(hs.clientHello.tlsFlags) != 0 {
-		tlsFlags, err := decodeFlags(hs.clientHello.tlsFlags)
+		supportedFlags, err := encodeFlags(hs.c.config.TLSFlagsSupported)
+		if err != nil {
+			return errors.New("tls: invalid server flags")
+		}
+		var mutuallySupportedFlags []byte
+		for i, sFB := range supportedFlags {
+			if i >= len(hs.clientHello.tlsFlags) {
+				break
+			}
+			mutuallySupportedFlags = append(mutuallySupportedFlags, hs.clientHello.tlsFlags[i]&sFB)
+		}
+		tlsFlags, err := decodeFlags(mutuallySupportedFlags)
 		if err == nil {
 			hs.tlsFlags = tlsFlags
 		}
@@ -910,6 +921,11 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
 }
 
 func (hs *serverHandshakeStateTLS13) requestClientCert() bool {
+	for _, flag := range hs.tlsFlags {
+		if flag == FlagSupportMTLS {
+			return true
+		}
+	}
 	return hs.c.config.ClientAuth >= RequestClientCert && !hs.usingPSK
 }