Update to TLS 1.3 draft 18.
This is the squash of the following CLs:
https://boringssl-review.googlesource.com/c/12021/9
https://boringssl-review.googlesource.com/c/12022/9
https://boringssl-review.googlesource.com/c/12107/19
https://boringssl-review.googlesource.com/c/12141/22
https://boringssl-review.googlesource.com/c/12181/33
The Go portions were written by Nick Harper
BUG=112
Change-Id: I375a1fcead493ec3e0282e231ccc8d7c4dde5063
Reviewed-on: https://boringssl-review.googlesource.com/12300
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index bb036ad..39c2785 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -208,9 +208,9 @@
}
// useTrafficSecret sets the current cipher state for TLS 1.3.
-func (hc *halfConn) useTrafficSecret(version uint16, suite *cipherSuite, secret, phase []byte, side trafficDirection) {
+func (hc *halfConn) useTrafficSecret(version uint16, suite *cipherSuite, secret []byte, side trafficDirection) {
hc.version = version
- hc.cipher = deriveTrafficAEAD(version, suite, secret, phase, side)
+ hc.cipher = deriveTrafficAEAD(version, suite, secret, side)
if hc.config.Bugs.NullAllCiphers {
hc.cipher = nullCipher{}
}
@@ -223,7 +223,7 @@
if c.isClient == isOutgoing {
side = clientWrite
}
- hc.useTrafficSecret(hc.version, c.cipherSuite, updateTrafficSecret(c.cipherSuite.hash(), hc.trafficSecret), applicationPhase, side)
+ hc.useTrafficSecret(hc.version, c.cipherSuite, updateTrafficSecret(c.cipherSuite.hash(), hc.trafficSecret), side)
}
// incSeq increments the sequence number.
@@ -1404,27 +1404,14 @@
return errors.New("tls: no GREASE ticket extension found")
}
+ if c.config.Bugs.ExpectNoNewSessionTicket {
+ return errors.New("tls: received unexpected NewSessionTicket")
+ }
+
if c.config.ClientSessionCache == nil || newSessionTicket.ticketLifetime == 0 {
return nil
}
- var foundKE, foundAuth bool
- for _, mode := range newSessionTicket.keModes {
- if mode == pskDHEKEMode {
- foundKE = true
- }
- }
- for _, mode := range newSessionTicket.authModes {
- if mode == pskAuthMode {
- foundAuth = true
- }
- }
-
- // Ignore the ticket if the server preferences do not match a mode we implement.
- if !foundKE || !foundAuth {
- return nil
- }
-
session := &ClientSessionState{
sessionTicket: newSessionTicket.ticket,
vers: c.vers,
@@ -1435,6 +1422,7 @@
ocspResponse: c.ocspResponse,
ticketCreationTime: c.config.time(),
ticketExpiration: c.config.time().Add(time.Duration(newSessionTicket.ticketLifetime) * time.Second),
+ ticketAgeAdd: newSessionTicket.ticketAgeAdd,
}
cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
@@ -1717,20 +1705,20 @@
peerCertificatesRaw = append(peerCertificatesRaw, cert.Raw)
}
+ addBuffer := make([]byte, 4)
+ _, err := io.ReadFull(c.config.rand(), addBuffer)
+ if err != nil {
+ c.sendAlert(alertInternalError)
+ return errors.New("tls: short read from Rand: " + err.Error())
+ }
+ ticketAgeAdd := uint32(addBuffer[3])<<24 | uint32(addBuffer[2])<<16 | uint32(addBuffer[1])<<8 | uint32(addBuffer[0])
+
// TODO(davidben): Allow configuring these values.
m := &newSessionTicketMsg{
version: c.vers,
ticketLifetime: uint32(24 * time.Hour / time.Second),
- keModes: []byte{pskDHEKEMode},
- authModes: []byte{pskAuthMode},
customExtension: c.config.Bugs.CustomTicketExtension,
- }
-
- if len(c.config.Bugs.SendPSKKeyExchangeModes) != 0 {
- m.keModes = c.config.Bugs.SendPSKKeyExchangeModes
- }
- if len(c.config.Bugs.SendPSKAuthModes) != 0 {
- m.authModes = c.config.Bugs.SendPSKAuthModes
+ ticketAgeAdd: ticketAgeAdd,
}
state := sessionState{
@@ -1740,6 +1728,7 @@
certificates: peerCertificatesRaw,
ticketCreationTime: c.config.time(),
ticketExpiration: c.config.time().Add(time.Duration(m.ticketLifetime) * time.Second),
+ ticketAgeAdd: uint32(addBuffer[3])<<24 | uint32(addBuffer[2])<<16 | uint32(addBuffer[1])<<8 | uint32(addBuffer[0]),
}
if !c.config.Bugs.SendEmptySessionTicket {
@@ -1752,7 +1741,7 @@
c.out.Lock()
defer c.out.Unlock()
- _, err := c.writeRecord(recordTypeHandshake, m.marshal())
+ _, err = c.writeRecord(recordTypeHandshake, m.marshal())
return err
}