extractClientKeyShare function

ParsedKeyShare extractClientKeyShare(
  1. ClientHello ch
)

QUIC ClientHello KeyShare parser (RFC 9001) QUIC ALWAYS wraps key_share in a vector: uint16 key_share_list_length; KeyShareEntry entrieskey_share_list_length;

Implementation

ParsedKeyShare extractClientKeyShare(ClientHello ch) {
  final ext = ch.extensions.firstWhere(
    (e) => e.type == 51,
    orElse: () => throw "Client did not send key_share",
  );

  final r = ByteReader(ext.data);

  // ✅ QUIC ALWAYS has a 16-bit list length first, so ALWAYS skip it.
  // This is the bug that caused group = 0x24.
  // final listLength = r.readUint16be();

  // (Optional) Debug
  // print("✅ key_share_list_length = $listLength");

  // ✅ Now read actual KeyShareEntry
  final group = r.readUint16be();
  final kxLen = r.readUint16be();
  final pub = r.readBytes(kxLen);

  return ParsedKeyShare(group, pub);
}