From cdb6fe90cb117c4fda2f0981b772962d268020cd Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 7 Feb 2017 16:06:48 -0500 Subject: [PATCH] Test the exporter at all versions + ciphers + side. The Go side (thankfully not the C side) was not fully updated for the exporter secret derivation being earlier at some point. Also TLS 1.2 upgrades the PRF hash for pre-1.2 ciphers to SHA-256, so make sure we cover that. Change-Id: Ibdf50ef500e7e48a52799ac75577822bc304a613 Reviewed-on: https://boringssl-review.googlesource.com/13663 Reviewed-by: Steven Valdez Reviewed-by: David Benjamin Commit-Queue: David Benjamin CQ-Verified: CQ bot account: commit-bot@chromium.org --- ssl/test/runner/handshake_client.go | 5 ++++- ssl/test/runner/runner.go | 29 +++++++++++++++++++---------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index afc19582..83ac3a5c 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go @@ -860,6 +860,10 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { hs.finishedHash.addEntropy(zeroSecret) clientTrafficSecret := hs.finishedHash.deriveSecret(clientApplicationTrafficLabel) serverTrafficSecret := hs.finishedHash.deriveSecret(serverApplicationTrafficLabel) + c.exporterSecret = hs.finishedHash.deriveSecret(exporterLabel) + + // Switch to application data keys on read. In particular, any alerts + // from the client certificate are read over these keys. c.in.useTrafficSecret(c.vers, hs.suite, serverTrafficSecret, serverWrite) // If we're expecting 0.5-RTT messages from the server, read them @@ -966,7 +970,6 @@ func (hs *clientHandshakeState) doTLS13Handshake() error { // Switch to application data keys. c.out.useTrafficSecret(c.vers, hs.suite, clientTrafficSecret, clientWrite) - c.exporterSecret = hs.finishedHash.deriveSecret(exporterLabel) c.resumptionSecret = hs.finishedHash.deriveSecret(resumptionLabel) return nil } diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 74a5a435..dd18ce8a 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -2553,6 +2553,13 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto sendCipherSuite = suite.id } + // For cipher suites and versions where exporters are defined, verify + // that they interoperate. + var exportKeyingMaterial int + if ver.version > VersionSSL30 { + exportKeyingMaterial = 1024 + } + testCases = append(testCases, testCase{ testType: serverTest, protocol: protocol, @@ -2568,12 +2575,13 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto AdvertiseAllConfiguredCiphers: true, }, }, - certFile: certFile, - keyFile: keyFile, - flags: flags, - resumeSession: true, - shouldFail: shouldServerFail, - expectedError: expectedServerError, + certFile: certFile, + keyFile: keyFile, + flags: flags, + resumeSession: true, + shouldFail: shouldServerFail, + expectedError: expectedServerError, + exportKeyingMaterial: exportKeyingMaterial, }) testCases = append(testCases, testCase{ @@ -2592,10 +2600,11 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto SendCipherSuite: sendCipherSuite, }, }, - flags: flags, - resumeSession: true, - shouldFail: shouldClientFail, - expectedError: expectedClientError, + flags: flags, + resumeSession: true, + shouldFail: shouldClientFail, + expectedError: expectedClientError, + exportKeyingMaterial: exportKeyingMaterial, }) if shouldClientFail {