commit 143e8b3fd9b96a4599d303e7800c4043904ff55f
author Steven Valdez <svaldez@google.com> Mon Jul 11 13:19:03 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Jul 18 09:54:46 2016 +0000
tree 2aab32a5d5d37f4c05caa9294658ec22669ca499
parent 4ee027fd0560ea3644ff13697a7a97bcd0c588d0

Add TLS 1.3 1-RTT.

This adds the machinery for doing TLS 1.3 1RTT.

Change-Id: I736921ffe9dc6f6e64a08a836df6bb166d20f504
Reviewed-on: https://boringssl-review.googlesource.com/8720
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/runner/handshake_server.go

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index d4dba75..24d6425 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -279,6 +279,7 @@
 
 	// Prepare an EncryptedExtensions message, but do not send it yet.
 	encryptedExtensions := new(encryptedExtensionsMsg)
+	encryptedExtensions.empty = config.Bugs.EmptyEncryptedExtensions
 	if err := hs.processClientExtensions(&encryptedExtensions.extensions); err != nil {
 		return err
 	}
@@ -341,7 +342,7 @@
 
 	// Resolve ECDHE and compute the handshake secret.
 	var ecdheSecret []byte
-	if hs.suite.flags&suiteECDHE != 0 {
+	if hs.suite.flags&suiteECDHE != 0 && !config.Bugs.MissingKeyShare {
 		// Look for the key share corresponding to our selected curve.
 		var selectedKeyShare *keyShareEntry
 		for i := range hs.clientHello.keyShares {
@@ -384,6 +385,14 @@
 			group:       curveID,
 			keyExchange: publicKey,
 		}
+
+		if config.Bugs.EncryptedExtensionsWithKeyShare {
+			encryptedExtensions.extensions.hasKeyShare = true
+			encryptedExtensions.extensions.keyShare = keyShareEntry{
+				group:       curveID,
+				keyExchange: publicKey,
+			}
+		}
 	} else {
 		ecdheSecret = hs.finishedHash.zeroSecret()
 	}
@@ -700,7 +709,7 @@
 	config := hs.c.config
 	c := hs.c
 
-	if c.vers < VersionTLS13 || !enableTLS13Handshake {
+	if c.vers < VersionTLS13 || config.Bugs.NegotiateRenegotiationInfoAtAllVersions || !enableTLS13Handshake {
 		if !bytes.Equal(c.clientVerify, hs.clientHello.secureRenegotiation) {
 			c.sendAlert(alertHandshakeFailure)
 			return errors.New("tls: renegotiation mismatch")
@@ -751,7 +760,7 @@
 		}
 	}
 
-	if c.vers < VersionTLS13 || !enableTLS13Handshake {
+	if c.vers < VersionTLS13 || config.Bugs.NegotiateNPNAtAllVersions || !enableTLS13Handshake {
 		if len(hs.clientHello.alpnProtocols) == 0 || c.config.Bugs.NegotiateALPNAndNPN {
 			// Although sending an empty NPN extension is reasonable, Firefox has
 			// had a bug around this. Best to send nothing at all if
@@ -763,9 +772,13 @@
 				serverExtensions.npnLast = config.Bugs.SwapNPNAndALPN
 			}
 		}
+	}
 
+	if c.vers < VersionTLS13 || config.Bugs.NegotiateEMSAtAllVersions || !enableTLS13Handshake {
 		serverExtensions.extendedMasterSecret = c.vers >= VersionTLS10 && hs.clientHello.extendedMasterSecret && !c.config.Bugs.NoExtendedMasterSecret
+	}
 
+	if c.vers < VersionTLS13 || config.Bugs.NegotiateChannelIDAtAllVersions || !enableTLS13Handshake {
 		if hs.clientHello.channelIDSupported && config.RequestChannelID {
 			serverExtensions.channelIDRequested = true
 		}
@@ -795,6 +808,10 @@
 	}
 	serverExtensions.customExtension = config.Bugs.CustomExtension
 
+	if c.config.Bugs.AdvertiseTicketExtension {
+		serverExtensions.ticketSupported = true
+	}
+
 	return nil
 }