Add support for TLS 1.3 PSK resumption in Go.
Change-Id: I998f69269cdf813da19ccccc208b476f3501c8c4
Reviewed-on: https://boringssl-review.googlesource.com/8991
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 703908a..77543e6 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -1389,6 +1389,10 @@
serverCertificates: c.peerCertificates,
sctList: c.sctList,
ocspResponse: c.ocspResponse,
+ ticketCreationTime: c.config.time(),
+ ticketExpiration: c.config.time().Add(time.Duration(newSessionTicket.ticketLifetime) * time.Second),
+ ticketFlags: newSessionTicket.ticketFlags,
+ ticketAgeAdd: newSessionTicket.ticketAgeAdd,
}
cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
@@ -1667,11 +1671,10 @@
for _, cert := range c.peerCertificates {
peerCertificatesRaw = append(peerCertificatesRaw, cert.Raw)
}
- state := sessionState{
- vers: c.vers,
- cipherSuite: c.cipherSuite.id,
- masterSecret: c.resumptionSecret,
- certificates: peerCertificatesRaw,
+
+ var ageAdd uint32
+ if err := binary.Read(c.config.rand(), binary.LittleEndian, &ageAdd); err != nil {
+ return err
}
// TODO(davidben): Allow configuring these values.
@@ -1679,7 +1682,20 @@
version: c.vers,
ticketLifetime: uint32(24 * time.Hour / time.Second),
ticketFlags: ticketAllowDHEResumption | ticketAllowPSKResumption,
+ ticketAgeAdd: ageAdd,
}
+
+ state := sessionState{
+ vers: c.vers,
+ cipherSuite: c.cipherSuite.id,
+ masterSecret: c.resumptionSecret,
+ certificates: peerCertificatesRaw,
+ ticketCreationTime: c.config.time(),
+ ticketExpiration: c.config.time().Add(time.Duration(m.ticketLifetime) * time.Second),
+ ticketFlags: m.ticketFlags,
+ ticketAgeAdd: ageAdd,
+ }
+
if !c.config.Bugs.SendEmptySessionTicket {
var err error
m.ticket, err = c.encryptTicket(&state)