Change-Id: Ifcdbeab9291d1141605a09a1960702c792cffa86 Reviewed-on: https://boringssl-review.googlesource.com/11561 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
@@ -100,6 +100,11 @@ const ( | |||||
extensionChannelID uint16 = 30032 // not IANA assigned | extensionChannelID uint16 = 30032 // not IANA assigned | ||||
) | ) | ||||
// TLS ticket extension numbers | |||||
const ( | |||||
ticketExtensionCustom uint16 = 1234 // not IANA assigned | |||||
) | |||||
// TLS signaling cipher suite values | // TLS signaling cipher suite values | ||||
const ( | const ( | ||||
scsvRenegotiation uint16 = 0x00ff | scsvRenegotiation uint16 = 0x00ff | ||||
@@ -887,6 +892,10 @@ type ProtocolBugs struct { | |||||
// of a custom extension. | // of a custom extension. | ||||
ExpectedCustomExtension *string | ExpectedCustomExtension *string | ||||
// CustomTicketExtension, if not empty, contains the contents of an | |||||
// extension what will be added to NewSessionTicket in TLS 1.3. | |||||
CustomTicketExtension string | |||||
// NoCloseNotify, if true, causes the close_notify alert to be skipped | // NoCloseNotify, if true, causes the close_notify alert to be skipped | ||||
// on connection shutdown. | // on connection shutdown. | ||||
NoCloseNotify bool | NoCloseNotify bool | ||||
@@ -1714,10 +1714,11 @@ func (c *Conn) SendNewSessionTicket() error { | |||||
// TODO(davidben): Allow configuring these values. | // TODO(davidben): Allow configuring these values. | ||||
m := &newSessionTicketMsg{ | m := &newSessionTicketMsg{ | ||||
version: c.vers, | |||||
ticketLifetime: uint32(24 * time.Hour / time.Second), | |||||
keModes: []byte{pskDHEKEMode}, | |||||
authModes: []byte{pskAuthMode}, | |||||
version: c.vers, | |||||
ticketLifetime: uint32(24 * time.Hour / time.Second), | |||||
keModes: []byte{pskDHEKEMode}, | |||||
authModes: []byte{pskAuthMode}, | |||||
customExtension: c.config.Bugs.CustomTicketExtension, | |||||
} | } | ||||
if len(c.config.Bugs.SendPSKKeyExchangeModes) != 0 { | if len(c.config.Bugs.SendPSKKeyExchangeModes) != 0 { | ||||
@@ -1825,6 +1825,7 @@ type newSessionTicketMsg struct { | |||||
keModes []byte | keModes []byte | ||||
authModes []byte | authModes []byte | ||||
ticket []byte | ticket []byte | ||||
customExtension string | |||||
hasGREASEExtension bool | hasGREASEExtension bool | ||||
} | } | ||||
@@ -1847,11 +1848,11 @@ func (m *newSessionTicketMsg) marshal() []byte { | |||||
ticket.addBytes(m.ticket) | ticket.addBytes(m.ticket) | ||||
if m.version >= VersionTLS13 { | if m.version >= VersionTLS13 { | ||||
// Send no extensions. | |||||
// | |||||
// TODO(davidben): Add an option to send a custom extension to | |||||
// test we correctly ignore unknown ones. | |||||
body.addU16(0) | |||||
extensions := body.addU16LengthPrefixed() | |||||
if len(m.customExtension) > 0 { | |||||
extensions.addU16(ticketExtensionCustom) | |||||
extensions.addU16LengthPrefixed().addBytes([]byte(m.customExtension)) | |||||
} | |||||
} | } | ||||
m.raw = ticketMsg.finish() | m.raw = ticketMsg.finish() | ||||
@@ -8595,6 +8595,17 @@ func addTLS13HandshakeTests() { | |||||
shouldFail: true, | shouldFail: true, | ||||
expectedError: ":PSK_IDENTITY_NOT_FOUND:", | expectedError: ":PSK_IDENTITY_NOT_FOUND:", | ||||
}) | }) | ||||
// Test that unknown NewSessionTicket extensions are tolerated. | |||||
testCases = append(testCases, testCase{ | |||||
name: "TLS13-CustomTicketExtension", | |||||
config: Config{ | |||||
MaxVersion: VersionTLS13, | |||||
Bugs: ProtocolBugs{ | |||||
CustomTicketExtension: "1234", | |||||
}, | |||||
}, | |||||
}) | |||||
} | } | ||||
func addPeekTests() { | func addPeekTests() { | ||||