kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Test the exporter at all versions + ciphers + side.

Browse Source 
The Go side (thankfully not the C side) was not fully updated for the
exporter secret derivation being earlier at some point. Also TLS 1.2
upgrades the PRF hash for pre-1.2 ciphers to SHA-256, so make sure we
cover that.

Change-Id: Ibdf50ef500e7e48a52799ac75577822bc304a613
Reviewed-on: https://boringssl-review.googlesource.com/13663
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-02-07 16:06:48 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 3bd57e3a6f
commit cdb6fe90cb
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/test/runner/handshake_client.go
View File

@ -860,6 +860,10 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {
hs.finishedHash.addEntropy(zeroSecret) hs.finishedHash.addEntropy(zeroSecret)
clientTrafficSecret := hs.finishedHash.deriveSecret(clientApplicationTrafficLabel) clientTrafficSecret := hs.finishedHash.deriveSecret(clientApplicationTrafficLabel)
serverTrafficSecret := hs.finishedHash.deriveSecret(serverApplicationTrafficLabel) serverTrafficSecret := hs.finishedHash.deriveSecret(serverApplicationTrafficLabel)
c.exporterSecret = hs.finishedHash.deriveSecret(exporterLabel)
// Switch to application data keys on read. In particular, any alerts
// from the client certificate are read over these keys.
c.in.useTrafficSecret(c.vers, hs.suite, serverTrafficSecret, serverWrite) c.in.useTrafficSecret(c.vers, hs.suite, serverTrafficSecret, serverWrite)
// If we're expecting 0.5-RTT messages from the server, read them // If we're expecting 0.5-RTT messages from the server, read them
@ -966,7 +970,6 @@ func (hs *clientHandshakeState) doTLS13Handshake() error {
// Switch to application data keys. // Switch to application data keys.
c.out.useTrafficSecret(c.vers, hs.suite, clientTrafficSecret, clientWrite) c.out.useTrafficSecret(c.vers, hs.suite, clientTrafficSecret, clientWrite)
c.exporterSecret = hs.finishedHash.deriveSecret(exporterLabel)
c.resumptionSecret = hs.finishedHash.deriveSecret(resumptionLabel) c.resumptionSecret = hs.finishedHash.deriveSecret(resumptionLabel)
return nil return nil
} }

9
ssl/test/runner/runner.go
View File

@ -2553,6 +2553,13 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
sendCipherSuite = suite.id sendCipherSuite = suite.id
} }
// For cipher suites and versions where exporters are defined, verify
// that they interoperate.
var exportKeyingMaterial int
if ver.version > VersionSSL30 {
exportKeyingMaterial = 1024
}
testCases = append(testCases, testCase{ testCases = append(testCases, testCase{
testType: serverTest, testType: serverTest,
protocol: protocol, protocol: protocol,
@ -2574,6 +2581,7 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
resumeSession: true, resumeSession: true,
shouldFail: shouldServerFail, shouldFail: shouldServerFail,
expectedError: expectedServerError, expectedError: expectedServerError,
exportKeyingMaterial: exportKeyingMaterial,
}) })
testCases = append(testCases, testCase{ testCases = append(testCases, testCase{
@ -2596,6 +2604,7 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
resumeSession: true, resumeSession: true,
shouldFail: shouldClientFail, shouldFail: shouldClientFail,
expectedError: expectedClientError, expectedError: expectedClientError,
exportKeyingMaterial: exportKeyingMaterial,
}) })
if shouldClientFail { if shouldClientFail {