Add ClientHello no_session_id variant.
Change-Id: I3d249582dea871d7b1c078a6b5f57679037d1b8f Reviewed-on: https://boringssl-review.googlesource.com/17984 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com>
This commit is contained in:
Steven Valdez
parent
6f2cd5d5c2
commit
0e4a448ab8
@ -3186,6 +3186,7 @@ enum tls13_variant_t {
|
||||
tls13_default = 0,
|
||||
tls13_experiment = 1,
|
||||
tls13_record_type_experiment = 2,
|
||||
tls13_no_session_id_experiment = 3,
|
||||
};
|
||||
|
||||
/* SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
|
||||
|
||||
@ -764,7 +764,8 @@ static int ssl3_send_client_hello(SSL_HANDSHAKE *hs) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Initialize a random session ID for the experimental TLS 1.3 variant. */
|
||||
/* Initialize a random session ID for the experimental TLS 1.3 variant
|
||||
* requiring a session id. */
|
||||
if (ssl->tls13_variant == tls13_experiment) {
|
||||
hs->session_id_len = sizeof(hs->session_id);
|
||||
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
|
||||
|
||||
@ -312,6 +312,7 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
|
||||
}
|
||||
} else {
|
||||
if ((ssl->tls13_variant != tls13_experiment &&
|
||||
ssl->tls13_variant != tls13_no_session_id_experiment &&
|
||||
version == TLS1_3_EXPERIMENT_VERSION) ||
|
||||
(ssl->tls13_variant != tls13_record_type_experiment &&
|
||||
version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION) ||
|
||||
|
||||
@ -39,9 +39,10 @@ const (
|
||||
)
|
||||
|
||||
const (
|
||||
TLS13Default = 0
|
||||
TLS13Experiment = 1
|
||||
TLS13RecordTypeExperiment = 2
|
||||
TLS13Default = 0
|
||||
TLS13Experiment = 1
|
||||
TLS13RecordTypeExperiment = 2
|
||||
TLS13NoSessionIDExperiment = 3
|
||||
)
|
||||
|
||||
var allTLSWireVersions = []uint16{
|
||||
@ -717,6 +718,18 @@ type ProtocolBugs struct {
|
||||
// normally expected to look ahead for ChangeCipherSpec.)
|
||||
EmptyTicketSessionID bool
|
||||
|
||||
// SendClientHelloSessionID, if not nil, is the session ID sent in the
|
||||
// ClientHello.
|
||||
SendClientHelloSessionID []byte
|
||||
|
||||
// ExpectClientHelloSessionID, if true, causes the server to fail the
|
||||
// connection if there is not a SessionID in the ClientHello.
|
||||
ExpectClientHelloSessionID bool
|
||||
|
||||
// ExpectEmptyClientHelloSessionID, if true, causes the server to fail the
|
||||
// connection if there is a SessionID in the ClientHello.
|
||||
ExpectEmptyClientHelloSessionID bool
|
||||
|
||||
// ExpectNoTLS12Session, if true, causes the server to fail the
|
||||
// connection if either a session ID or TLS 1.2 ticket is offered.
|
||||
ExpectNoTLS12Session bool
|
||||
@ -1500,7 +1513,7 @@ func (c *Config) defaultCurves() map[CurveID]bool {
|
||||
// it returns true and the corresponding protocol version. Otherwise, it returns
|
||||
// false.
|
||||
func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) {
|
||||
if (c.TLS13Variant != TLS13Experiment && wireVers == tls13ExperimentVersion) ||
|
||||
if (c.TLS13Variant != TLS13Experiment && c.TLS13Variant != TLS13NoSessionIDExperiment && wireVers == tls13ExperimentVersion) ||
|
||||
(c.TLS13Variant != TLS13RecordTypeExperiment && wireVers == tls13RecordTypeExperimentVersion) ||
|
||||
(c.TLS13Variant != TLS13Default && wireVers == tls13DraftVersion) {
|
||||
return 0, false
|
||||
|
||||
@ -358,6 +358,9 @@ NextCipherSuite:
|
||||
if c.config.Bugs.OmitEarlyDataExtension {
|
||||
hello.hasEarlyData = false
|
||||
}
|
||||
if c.config.Bugs.SendClientHelloSessionID != nil {
|
||||
hello.sessionId = c.config.Bugs.SendClientHelloSessionID
|
||||
}
|
||||
|
||||
var helloBytes []byte
|
||||
if c.config.Bugs.SendV2ClientHello {
|
||||
@ -684,6 +687,10 @@ NextCipherSuite:
|
||||
func (hs *clientHandshakeState) doTLS13Handshake() error {
|
||||
c := hs.c
|
||||
|
||||
if c.wireVersion == tls13ExperimentVersion && !bytes.Equal(hs.hello.sessionId, hs.serverHello.sessionId) {
|
||||
return errors.New("tls: session IDs did not match.")
|
||||
}
|
||||
|
||||
// Once the PRF hash is known, TLS 1.3 does not require a handshake
|
||||
// buffer.
|
||||
hs.finishedHash.discardHandshakeBuffer()
|
||||
|
||||
@ -1087,6 +1087,13 @@ func (hs *serverHandshakeState) processClientHello() (isResume bool, err error)
|
||||
copy(hs.hello.random[len(hs.hello.random)-8:], downgradeTLS12)
|
||||
}
|
||||
|
||||
if len(hs.clientHello.sessionId) > 0 && c.config.Bugs.ExpectEmptyClientHelloSessionID {
|
||||
return false, errors.New("tls: expected empty session ID from client")
|
||||
}
|
||||
if len(hs.clientHello.sessionId) == 0 && c.config.Bugs.ExpectClientHelloSessionID {
|
||||
return false, errors.New("tls: expected non-empty session ID from client")
|
||||
}
|
||||
|
||||
foundCompression := false
|
||||
// We only support null compression, so check that the client offered it.
|
||||
for _, compression := range hs.clientHello.compressionMethods {
|
||||
|
||||
@ -527,6 +527,9 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
|
||||
if *deterministic {
|
||||
config.Time = func() time.Time { return time.Unix(1234, 1234) }
|
||||
}
|
||||
if test.tls13Variant != 0 {
|
||||
config.TLS13Variant = test.tls13Variant
|
||||
}
|
||||
|
||||
conn = &timeoutConn{conn, *idleTimeout}
|
||||
|
||||
@ -1038,7 +1041,6 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
|
||||
}
|
||||
|
||||
if test.tls13Variant != 0 {
|
||||
test.config.TLS13Variant = test.tls13Variant
|
||||
flags = append(flags, "-tls13-variant", strconv.Itoa(test.tls13Variant))
|
||||
}
|
||||
|
||||
@ -4015,25 +4017,23 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
MinVersion: VersionTLS13,
|
||||
TLS13Variant: TLS13Experiment,
|
||||
MaxEarlyDataSize: 16384,
|
||||
},
|
||||
resumeConfig: &Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
MinVersion: VersionTLS13,
|
||||
TLS13Variant: TLS13Experiment,
|
||||
MaxEarlyDataSize: 16384,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}},
|
||||
},
|
||||
},
|
||||
tls13Variant: TLS13Experiment,
|
||||
resumeSession: true,
|
||||
flags: []string{
|
||||
"-enable-early-data",
|
||||
"-expect-early-data-info",
|
||||
"-expect-accept-early-data",
|
||||
"-on-resume-shim-writes-first",
|
||||
"-tls13-variant", "1",
|
||||
},
|
||||
})
|
||||
|
||||
@ -4055,13 +4055,13 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}},
|
||||
},
|
||||
},
|
||||
tls13Variant: TLS13RecordTypeExperiment,
|
||||
resumeSession: true,
|
||||
flags: []string{
|
||||
"-enable-early-data",
|
||||
"-expect-early-data-info",
|
||||
"-expect-accept-early-data",
|
||||
"-on-resume-shim-writes-first",
|
||||
"-tls13-variant", "2",
|
||||
},
|
||||
})
|
||||
|
||||
@ -11038,6 +11038,93 @@ func addTLS13HandshakeTests() {
|
||||
},
|
||||
})
|
||||
|
||||
for _, noSessionID := range []bool{false, true} {
|
||||
prefix := "TLS13Experiment"
|
||||
variant := TLS13Experiment
|
||||
if noSessionID {
|
||||
prefix = "TLS13NoSessionIDExperiment"
|
||||
variant = TLS13NoSessionIDExperiment
|
||||
}
|
||||
|
||||
// Test that enabling a TLS 1.3 variant does not interfere with
|
||||
// TLS 1.2 session ID resumption.
|
||||
testCases = append(testCases, testCase{
|
||||
testType: clientTest,
|
||||
name: prefix + "-ResumeTLS12SessionID",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
SessionTicketsDisabled: true,
|
||||
},
|
||||
resumeSession: true,
|
||||
flags: []string{"-tls13-variant", strconv.Itoa(variant)},
|
||||
})
|
||||
|
||||
// Test that the server correctly echoes back session IDs of
|
||||
// various lengths.
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: prefix + "-EmptySessionID",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
SendClientHelloSessionID: []byte{},
|
||||
},
|
||||
},
|
||||
tls13Variant: variant,
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: prefix + "-ShortSessionID",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
SendClientHelloSessionID: make([]byte, 16),
|
||||
},
|
||||
},
|
||||
tls13Variant: variant,
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: prefix + "-FullSessionID",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
SendClientHelloSessionID: make([]byte, 32),
|
||||
},
|
||||
},
|
||||
tls13Variant: variant,
|
||||
})
|
||||
}
|
||||
|
||||
// Test that the client sends a fake session ID in TLS13Experiment.
|
||||
testCases = append(testCases, testCase{
|
||||
testType: clientTest,
|
||||
name: "TLS13Experiment-RequireSessionID",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectClientHelloSessionID: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: TLS13Experiment,
|
||||
})
|
||||
|
||||
// Test that the client does not send a fake session ID in
|
||||
// TLS13NoSessionIDExperiment.
|
||||
testCases = append(testCases, testCase{
|
||||
testType: clientTest,
|
||||
name: "TLS13NoSessionIDExperiment-RequireEmptySessionID",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
ExpectEmptyClientHelloSessionID: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: TLS13NoSessionIDExperiment,
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: clientTest,
|
||||
name: "TLS13-EarlyData-Reject-Client",
|
||||
@ -11067,23 +11154,21 @@ func addTLS13HandshakeTests() {
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
MaxEarlyDataSize: 16384,
|
||||
TLS13Variant: TLS13Experiment,
|
||||
},
|
||||
resumeConfig: &Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
TLS13Variant: TLS13Experiment,
|
||||
MaxEarlyDataSize: 16384,
|
||||
Bugs: ProtocolBugs{
|
||||
AlwaysRejectEarlyData: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: TLS13Experiment,
|
||||
resumeSession: true,
|
||||
flags: []string{
|
||||
"-enable-early-data",
|
||||
"-expect-early-data-info",
|
||||
"-expect-reject-early-data",
|
||||
"-on-resume-shim-writes-first",
|
||||
"-tls13-variant", "1",
|
||||
},
|
||||
})
|
||||
|
||||
@ -11093,23 +11178,21 @@ func addTLS13HandshakeTests() {
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
MaxEarlyDataSize: 16384,
|
||||
TLS13Variant: TLS13RecordTypeExperiment,
|
||||
},
|
||||
resumeConfig: &Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
TLS13Variant: TLS13RecordTypeExperiment,
|
||||
MaxEarlyDataSize: 16384,
|
||||
Bugs: ProtocolBugs{
|
||||
AlwaysRejectEarlyData: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: TLS13RecordTypeExperiment,
|
||||
resumeSession: true,
|
||||
flags: []string{
|
||||
"-enable-early-data",
|
||||
"-expect-early-data-info",
|
||||
"-expect-reject-early-data",
|
||||
"-on-resume-shim-writes-first",
|
||||
"-tls13-variant", "2",
|
||||
},
|
||||
})
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user