kris
/
boringssl
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
ソースを参照

Add ClientHello no_session_id variant. 

Change-Id: I3d249582dea871d7b1c078a6b5f57679037d1b8f
Reviewed-on: https://boringssl-review.googlesource.com/17984
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
kris/onging/CECPQ3_patch15
Steven Valdez 7年前
6f2cd5d5c2
コミット
0e4a448ab8
7個のファイルの変更129行の追加16行の削除
分割表示
差分オプション
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード
  1. +1
    -0
      include/openssl/ssl.h
  2. +2
    -1
      ssl/handshake_client.cc
  3. +1
    -0
      ssl/ssl_versions.cc
  4. +17
    -4
      ssl/test/runner/common.go
  5. +7
    -0
      ssl/test/runner/handshake_client.go
  6. +7
    -0
      ssl/test/runner/handshake_server.go
  7. +94
    -11
      ssl/test/runner/runner.go

+ 1
- 0
include/openssl/ssl.h ファイルの表示

@@ -3186,6 +3186,7 @@ enum tls13_variant_t {
tls13_default = 0,
tls13_experiment = 1,
tls13_record_type_experiment = 2,
tls13_no_session_id_experiment = 3,
};

/* SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the


+ 2
- 1
ssl/handshake_client.cc ファイルの表示

@@ -764,7 +764,8 @@ static int ssl3_send_client_hello(SSL_HANDSHAKE *hs) {
return -1;
}

/* Initialize a random session ID for the experimental TLS 1.3 variant. */
/* Initialize a random session ID for the experimental TLS 1.3 variant
* requiring a session id. */
if (ssl->tls13_variant == tls13_experiment) {
hs->session_id_len = sizeof(hs->session_id);
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {


+ 1
- 0
ssl/ssl_versions.cc ファイルの表示

@@ -312,6 +312,7 @@ int ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
}
} else {
if ((ssl->tls13_variant != tls13_experiment &&
ssl->tls13_variant != tls13_no_session_id_experiment &&
version == TLS1_3_EXPERIMENT_VERSION) ||
(ssl->tls13_variant != tls13_record_type_experiment &&
version == TLS1_3_RECORD_TYPE_EXPERIMENT_VERSION) ||


+ 17
- 4
ssl/test/runner/common.go ファイルの表示

@@ -39,9 +39,10 @@ const (
)

const (
TLS13Default = 0
TLS13Experiment = 1
TLS13RecordTypeExperiment = 2
TLS13Default = 0
TLS13Experiment = 1
TLS13RecordTypeExperiment = 2
TLS13NoSessionIDExperiment = 3
)

var allTLSWireVersions = []uint16{
@@ -717,6 +718,18 @@ type ProtocolBugs struct {
// normally expected to look ahead for ChangeCipherSpec.)
EmptyTicketSessionID bool

// SendClientHelloSessionID, if not nil, is the session ID sent in the
// ClientHello.
SendClientHelloSessionID []byte

// ExpectClientHelloSessionID, if true, causes the server to fail the
// connection if there is not a SessionID in the ClientHello.
ExpectClientHelloSessionID bool

// ExpectEmptyClientHelloSessionID, if true, causes the server to fail the
// connection if there is a SessionID in the ClientHello.
ExpectEmptyClientHelloSessionID bool

// ExpectNoTLS12Session, if true, causes the server to fail the
// connection if either a session ID or TLS 1.2 ticket is offered.
ExpectNoTLS12Session bool
@@ -1500,7 +1513,7 @@ func (c *Config) defaultCurves() map[CurveID]bool {
// it returns true and the corresponding protocol version. Otherwise, it returns
// false.
func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) {
if (c.TLS13Variant != TLS13Experiment && wireVers == tls13ExperimentVersion) ||
if (c.TLS13Variant != TLS13Experiment && c.TLS13Variant != TLS13NoSessionIDExperiment && wireVers == tls13ExperimentVersion) ||
(c.TLS13Variant != TLS13RecordTypeExperiment && wireVers == tls13RecordTypeExperimentVersion) ||
(c.TLS13Variant != TLS13Default && wireVers == tls13DraftVersion) {
return 0, false


+ 7
- 0
ssl/test/runner/handshake_client.go ファイルの表示

@@ -358,6 +358,9 @@ NextCipherSuite:
if c.config.Bugs.OmitEarlyDataExtension {
hello.hasEarlyData = false
}
if c.config.Bugs.SendClientHelloSessionID != nil {
hello.sessionId = c.config.Bugs.SendClientHelloSessionID
}

var helloBytes []byte
if c.config.Bugs.SendV2ClientHello {
@@ -684,6 +687,10 @@ NextCipherSuite:
func (hs *clientHandshakeState) doTLS13Handshake() error {
c := hs.c

if c.wireVersion == tls13ExperimentVersion && !bytes.Equal(hs.hello.sessionId, hs.serverHello.sessionId) {
return errors.New("tls: session IDs did not match.")
}

// Once the PRF hash is known, TLS 1.3 does not require a handshake
// buffer.
hs.finishedHash.discardHandshakeBuffer()


+ 7
- 0
ssl/test/runner/handshake_server.go ファイルの表示

@@ -1087,6 +1087,13 @@ func (hs *serverHandshakeState) processClientHello() (isResume bool, err error)
copy(hs.hello.random[len(hs.hello.random)-8:], downgradeTLS12)
}

if len(hs.clientHello.sessionId) > 0 && c.config.Bugs.ExpectEmptyClientHelloSessionID {
return false, errors.New("tls: expected empty session ID from client")
}
if len(hs.clientHello.sessionId) == 0 && c.config.Bugs.ExpectClientHelloSessionID {
return false, errors.New("tls: expected non-empty session ID from client")
}

foundCompression := false
// We only support null compression, so check that the client offered it.
for _, compression := range hs.clientHello.compressionMethods {


+ 94
- 11
ssl/test/runner/runner.go ファイルの表示

@@ -527,6 +527,9 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
if *deterministic {
config.Time = func() time.Time { return time.Unix(1234, 1234) }
}
if test.tls13Variant != 0 {
config.TLS13Variant = test.tls13Variant
}

conn = &timeoutConn{conn, *idleTimeout}

@@ -1038,7 +1041,6 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
}

if test.tls13Variant != 0 {
test.config.TLS13Variant = test.tls13Variant
flags = append(flags, "-tls13-variant", strconv.Itoa(test.tls13Variant))
}

@@ -4015,25 +4017,23 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
config: Config{
MaxVersion: VersionTLS13,
MinVersion: VersionTLS13,
TLS13Variant: TLS13Experiment,
MaxEarlyDataSize: 16384,
},
resumeConfig: &Config{
MaxVersion: VersionTLS13,
MinVersion: VersionTLS13,
TLS13Variant: TLS13Experiment,
MaxEarlyDataSize: 16384,
Bugs: ProtocolBugs{
ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}},
},
},
tls13Variant: TLS13Experiment,
resumeSession: true,
flags: []string{
"-enable-early-data",
"-expect-early-data-info",
"-expect-accept-early-data",
"-on-resume-shim-writes-first",
"-tls13-variant", "1",
},
})

@@ -4055,13 +4055,13 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
ExpectEarlyData: [][]byte{{'h', 'e', 'l', 'l', 'o'}},
},
},
tls13Variant: TLS13RecordTypeExperiment,
resumeSession: true,
flags: []string{
"-enable-early-data",
"-expect-early-data-info",
"-expect-accept-early-data",
"-on-resume-shim-writes-first",
"-tls13-variant", "2",
},
})

@@ -11038,6 +11038,93 @@ func addTLS13HandshakeTests() {
},
})

for _, noSessionID := range []bool{false, true} {
prefix := "TLS13Experiment"
variant := TLS13Experiment
if noSessionID {
prefix = "TLS13NoSessionIDExperiment"
variant = TLS13NoSessionIDExperiment
}

// Test that enabling a TLS 1.3 variant does not interfere with
// TLS 1.2 session ID resumption.
testCases = append(testCases, testCase{
testType: clientTest,
name: prefix + "-ResumeTLS12SessionID",
config: Config{
MaxVersion: VersionTLS12,
SessionTicketsDisabled: true,
},
resumeSession: true,
flags: []string{"-tls13-variant", strconv.Itoa(variant)},
})

// Test that the server correctly echoes back session IDs of
// various lengths.
testCases = append(testCases, testCase{
testType: serverTest,
name: prefix + "-EmptySessionID",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendClientHelloSessionID: []byte{},
},
},
tls13Variant: variant,
})

testCases = append(testCases, testCase{
testType: serverTest,
name: prefix + "-ShortSessionID",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendClientHelloSessionID: make([]byte, 16),
},
},
tls13Variant: variant,
})

testCases = append(testCases, testCase{
testType: serverTest,
name: prefix + "-FullSessionID",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendClientHelloSessionID: make([]byte, 32),
},
},
tls13Variant: variant,
})
}

// Test that the client sends a fake session ID in TLS13Experiment.
testCases = append(testCases, testCase{
testType: clientTest,
name: "TLS13Experiment-RequireSessionID",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
ExpectClientHelloSessionID: true,
},
},
tls13Variant: TLS13Experiment,
})

// Test that the client does not send a fake session ID in
// TLS13NoSessionIDExperiment.
testCases = append(testCases, testCase{
testType: clientTest,
name: "TLS13NoSessionIDExperiment-RequireEmptySessionID",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
ExpectEmptyClientHelloSessionID: true,
},
},
tls13Variant: TLS13NoSessionIDExperiment,
})

testCases = append(testCases, testCase{
testType: clientTest,
name: "TLS13-EarlyData-Reject-Client",
@@ -11067,23 +11154,21 @@ func addTLS13HandshakeTests() {
config: Config{
MaxVersion: VersionTLS13,
MaxEarlyDataSize: 16384,
TLS13Variant: TLS13Experiment,
},
resumeConfig: &Config{
MaxVersion: VersionTLS13,
TLS13Variant: TLS13Experiment,
MaxEarlyDataSize: 16384,
Bugs: ProtocolBugs{
AlwaysRejectEarlyData: true,
},
},
tls13Variant: TLS13Experiment,
resumeSession: true,
flags: []string{
"-enable-early-data",
"-expect-early-data-info",
"-expect-reject-early-data",
"-on-resume-shim-writes-first",
"-tls13-variant", "1",
},
})

@@ -11093,23 +11178,21 @@ func addTLS13HandshakeTests() {
config: Config{
MaxVersion: VersionTLS13,
MaxEarlyDataSize: 16384,
TLS13Variant: TLS13RecordTypeExperiment,
},
resumeConfig: &Config{
MaxVersion: VersionTLS13,
TLS13Variant: TLS13RecordTypeExperiment,
MaxEarlyDataSize: 16384,
Bugs: ProtocolBugs{
AlwaysRejectEarlyData: true,
},
},
tls13Variant: TLS13RecordTypeExperiment,
resumeSession: true,
flags: []string{
"-enable-early-data",
"-expect-early-data-info",
"-expect-reject-early-data",
"-on-resume-shim-writes-first",
"-tls13-variant", "2",
},
})



書き込み プレビュー
読み込み中…
キャンセル
保存