Test that unknown TLS 1.3 ticket extensions are tolerated.

Change-Id: Ifcdbeab9291d1141605a09a1960702c792cffa86
Reviewed-on: https://boringssl-review.googlesource.com/11561
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/runner/common.go

@@ -100,6 +100,11 @@ const (
 	extensionChannelID                  uint16 = 30032 // not IANA assigned
 )
 
+// TLS ticket extension numbers
+const (
+	ticketExtensionCustom uint16 = 1234 // not IANA assigned
+)
+
 // TLS signaling cipher suite values
 const (
 	scsvRenegotiation uint16 = 0x00ff
@@ -887,6 +892,10 @@ type ProtocolBugs struct {
 	// of a custom extension.
 	ExpectedCustomExtension *string
 
+	// CustomTicketExtension, if not empty, contains the contents of an
+	// extension what will be added to NewSessionTicket in TLS 1.3.
+	CustomTicketExtension string
+
 	// NoCloseNotify, if true, causes the close_notify alert to be skipped
 	// on connection shutdown.
 	NoCloseNotify bool

ssl/test/runner/conn.go

@@ -1714,10 +1714,11 @@ func (c *Conn) SendNewSessionTicket() error {
 
 	// TODO(davidben): Allow configuring these values.
 	m := &newSessionTicketMsg{
-		version:        c.vers,
-		ticketLifetime: uint32(24 * time.Hour / time.Second),
-		keModes:        []byte{pskDHEKEMode},
-		authModes:      []byte{pskAuthMode},
+		version:         c.vers,
+		ticketLifetime:  uint32(24 * time.Hour / time.Second),
+		keModes:         []byte{pskDHEKEMode},
+		authModes:       []byte{pskAuthMode},
+		customExtension: c.config.Bugs.CustomTicketExtension,
 	}
 
 	if len(c.config.Bugs.SendPSKKeyExchangeModes) != 0 {

ssl/test/runner/handshake_messages.go

@@ -1825,6 +1825,7 @@ type newSessionTicketMsg struct {
 	keModes            []byte
 	authModes          []byte
 	ticket             []byte
+	customExtension    string
 	hasGREASEExtension bool
 }
 
@@ -1847,11 +1848,11 @@ func (m *newSessionTicketMsg) marshal() []byte {
 	ticket.addBytes(m.ticket)
 
 	if m.version >= VersionTLS13 {
-		// Send no extensions.
-		//
-		// TODO(davidben): Add an option to send a custom extension to
-		// test we correctly ignore unknown ones.
-		body.addU16(0)
+		extensions := body.addU16LengthPrefixed()
+		if len(m.customExtension) > 0 {
+			extensions.addU16(ticketExtensionCustom)
+			extensions.addU16LengthPrefixed().addBytes([]byte(m.customExtension))
+		}
 	}
 
 	m.raw = ticketMsg.finish()

ssl/test/runner/runner.go

@@ -8595,6 +8595,17 @@ func addTLS13HandshakeTests() {
 		shouldFail:    true,
 		expectedError: ":PSK_IDENTITY_NOT_FOUND:",
 	})
+
+	// Test that unknown NewSessionTicket extensions are tolerated.
+	testCases = append(testCases, testCase{
+		name: "TLS13-CustomTicketExtension",
+		config: Config{
+			MaxVersion: VersionTLS13,
+			Bugs: ProtocolBugs{
+				CustomTicketExtension: "1234",
+			},
+		},
+	})
 }
 
 func addPeekTests() {