Fixing TLS 1.3 Go Handshake Bugs.

Change-Id: I2f5c45e0e491f9dd25c2463710697599fea708ed Reviewed-on: https://boringssl-review.googlesource.com/8794 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-15 06:51:15 -04:00 · 2016-07-15 06:51:15 -04:00 · 0ee2e1107e
commit 0ee2e1107e
parent bf5aa846d6
2 changed files with 30 additions and 2 deletions
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@ -120,6 +120,14 @@ func (c *Conn) clientHandshake() error {
 			if err != nil {
 				return err
 			}
+
+			if c.config.Bugs.SendCurve != 0 {
+				curveID = c.config.Bugs.SendCurve
+			}
+			if c.config.Bugs.InvalidECDHPoint {
+				publicKey[0] ^= 0xff
+			}
+
 			hello.keyShares = append(hello.keyShares, keyShareEntry{
 				group:       curveID,
 				keyExchange: publicKey,
@ -601,7 +609,7 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {
 	masterSecret := hs.finishedHash.extractKey(handshakeSecret, zeroSecret)
 	trafficSecret := hs.finishedHash.deriveSecret(masterSecret, applicationTrafficLabel)

-	if certReq != nil {
+	if certReq != nil && !c.config.Bugs.SkipClientCertificate {
 		certMsg := &certificateMsg{
 			hasRequestContext: true,
 			requestContext:    certReq.requestContext,
@ -633,6 +641,9 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {
 				c.sendAlert(alertInternalError)
 				return err
 			}
+			if c.config.Bugs.SendSignatureAlgorithm != 0 {
+				certVerify.signatureAlgorithm = c.config.Bugs.SendSignatureAlgorithm
+			}

 			hs.writeClientHash(certVerify.marshal())
 			c.writeRecord(recordTypeHandshake, certVerify.marshal())
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@ -324,6 +324,10 @@ Curves:
 	}

 	hs.hello.cipherSuite = hs.suite.id
+	if c.config.Bugs.SendCipherSuite != 0 {
+		hs.hello.cipherSuite = c.config.Bugs.SendCipherSuite
+	}
+
 	hs.finishedHash = newFinishedHash(c.vers, hs.suite)
 	hs.finishedHash.discardHandshakeBuffer()
 	hs.writeClientHash(hs.clientHello.marshal())
@ -367,8 +371,17 @@ Curves:
 			return err
 		}
 		hs.hello.hasKeyShare = true
+
+		curveID := selectedKeyShare.group
+		if c.config.Bugs.SendCurve != 0 {
+			curveID = config.Bugs.SendCurve
+		}
+		if c.config.Bugs.InvalidECDHPoint {
+			publicKey[0] ^= 0xff
+		}
+
 		hs.hello.keyShare = keyShareEntry{
-			group:       selectedKeyShare.group,
+			group:       curveID,
 			keyExchange: publicKey,
 		}
 	} else {
@ -460,6 +473,10 @@ Curves:
 			return err
 		}

+		if config.Bugs.SendSignatureAlgorithm != 0 {
+			certVerify.signatureAlgorithm = config.Bugs.SendSignatureAlgorithm
+		}
+
 		hs.writeServerHash(certVerify.marshal())
 		c.writeRecord(recordTypeHandshake, certVerify.marshal())
 	}