Minimal number of changes needed to udpate to draft-28 (#115)
* includes AD in authentication check of TLS records As per 5.2 of TLS 1.3 draft-28, the additional data is record header. * tests: Update tests in order to support draft-28 * Interoperability: Updates NSS and BoringSSL versions to the one supporting draft-28 * Bogo: Updates revision number to use tests for draft-28 * FIX: makefile was using test-compat target instead of test-interop * DC test: constify * Use binary interface to encode in big-endian
Esse commit está contido em:
pai
0d6e4561a6
commit
d3e18f99e2
@ -71,7 +71,7 @@ We run 3 kinds of test:.
|
||||
|
||||
* Unit testing: <br/>``make -f _dev/Makefile test-unit``
|
||||
* Testing against BoringSSL test suite: <br/>``make -f _dev/Makefile test-bogo``
|
||||
* Compatibility testing (see below):<br/>``make -f _dev/Makefile test-compat``
|
||||
* Compatibility testing (see below):<br/>``make -f _dev/Makefile test-interop``
|
||||
|
||||
To run all the tests in one go use:
|
||||
```
|
||||
|
@ -115,4 +115,4 @@ clean-all: clean
|
||||
fmtcheck:
|
||||
$(DEV_DIR)/utils/fmtcheck.sh
|
||||
|
||||
.PHONY: $(BUILD_DIR) clean build build-test test test-unit test-bogo test-compat
|
||||
.PHONY: $(BUILD_DIR) clean build build-test test test-unit test-bogo test-interop
|
||||
|
@ -26,7 +26,10 @@ RUN git clone https://github.com/henrydcase/crypto-tls-bogo-shim \
|
||||
#ARG REVISION=d07b9e80a87c871c2569ce4aabd06695336c5dc5
|
||||
|
||||
# Draft 23 (+ client authentication)
|
||||
ARG REVISION=cd33ad248ae9490854f0077ca046b47cac3735bf
|
||||
# ARG REVISION=cd33ad248ae9490854f0077ca046b47cac3735bf
|
||||
|
||||
# Draft 28
|
||||
ARG REVISION=33204d1eaa497819c6325998d7ba6b66316790f3
|
||||
|
||||
RUN cd /go/src/github.com/henrydcase/crypto-tls-bogo-shim && \
|
||||
git checkout $REVISION
|
||||
|
@ -2,7 +2,7 @@
|
||||
set -e
|
||||
|
||||
/boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
|
||||
-tls13-variant draft23 -session-out /session -connect "$@" < /httpreq.txt
|
||||
-tls13-variant draft28 -session-out /session -connect "$@" < /httpreq.txt
|
||||
exec /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
|
||||
-tls13-variant draft23 -session-in /session -connect "$@" < /httpreq.txt
|
||||
-tls13-variant draft28 -session-in /session -connect "$@" < /httpreq.txt
|
||||
|
||||
|
@ -6,21 +6,21 @@ set -x
|
||||
bssl server \
|
||||
-key rsa.pem \
|
||||
-min-version tls1.2 -max-version tls1.3 \
|
||||
-tls13-variant draft23 \
|
||||
-tls13-variant draft28 \
|
||||
-accept 1443 -loop -www 2>&1 &
|
||||
|
||||
# ECDSA
|
||||
bssl server \
|
||||
-key ecdsa.pem \
|
||||
-min-version tls1.2 -max-version tls1.3 \
|
||||
-tls13-variant draft23 \
|
||||
-tls13-variant draft28 \
|
||||
-accept 2443 -loop -www 2>&1 &
|
||||
|
||||
# Require client authentication (with ECDSA)
|
||||
bssl server \
|
||||
-key ecdsa.pem \
|
||||
-min-version tls1.2 -max-version tls1.3 \
|
||||
-tls13-variant draft23 \
|
||||
-tls13-variant draft28 \
|
||||
-accept 6443 -loop -www \
|
||||
-require-any-client-cert -debug 2>&1 &
|
||||
|
||||
|
@ -44,6 +44,7 @@ var tlsVersionToName = map[uint16]string{
|
||||
tls.VersionTLS13Draft21: "1.3 (draft 21)",
|
||||
tls.VersionTLS13Draft22: "1.3 (draft 22)",
|
||||
tls.VersionTLS13Draft23: "1.3 (draft 23)",
|
||||
tls.VersionTLS13Draft28: "1.3 (draft 28)",
|
||||
}
|
||||
|
||||
func NewServer() *server {
|
||||
|
@ -18,6 +18,7 @@ var tlsVersionToName = map[uint16]string{
|
||||
tls.VersionTLS13: "1.3",
|
||||
tls.VersionTLS13Draft18: "1.3 (draft 18)",
|
||||
tls.VersionTLS13Draft23: "1.3 (draft 23)",
|
||||
tls.VersionTLS13Draft28: "1.3 (draft 28)",
|
||||
}
|
||||
|
||||
var cipherSuiteIdToName = map[uint16]string{
|
||||
|
@ -24,7 +24,10 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
|
||||
#ARG REVISION=88c3f3fa581b
|
||||
|
||||
# Draft 23
|
||||
ARG REVISION=16c622c9e1cc
|
||||
# ARG REVISION=16c622c9e1cc
|
||||
|
||||
# Latest
|
||||
ARG REVISION=09ab3310e710
|
||||
|
||||
RUN cd nss && hg pull
|
||||
RUN cd nss && hg checkout -C $REVISION
|
||||
|
@ -174,7 +174,10 @@ type fixedNonceAEAD struct {
|
||||
aead cipher.AEAD
|
||||
}
|
||||
|
||||
func (f *fixedNonceAEAD) NonceSize() int { return 8 }
|
||||
func (f *fixedNonceAEAD) NonceSize() int { return 8 }
|
||||
|
||||
// Overhead returns the maximum difference between the lengths of a
|
||||
// plaintext and its ciphertext.
|
||||
func (f *fixedNonceAEAD) Overhead() int { return f.aead.Overhead() }
|
||||
func (f *fixedNonceAEAD) explicitNonceLen() int { return 8 }
|
||||
|
||||
|
@ -31,6 +31,7 @@ const (
|
||||
VersionTLS13Draft21 = 0x7f00 | 21
|
||||
VersionTLS13Draft22 = 0x7f00 | 22
|
||||
VersionTLS13Draft23 = 0x7f00 | 23
|
||||
VersionTLS13Draft28 = 0x7f00 | 28
|
||||
)
|
||||
|
||||
const (
|
||||
@ -41,7 +42,7 @@ const (
|
||||
maxWarnAlertCount = 5 // maximum number of consecutive warning alerts
|
||||
|
||||
minVersion = VersionTLS12
|
||||
maxVersion = VersionTLS13Draft23
|
||||
maxVersion = VersionTLS13Draft28
|
||||
)
|
||||
|
||||
// TLS record types.
|
||||
@ -888,7 +889,7 @@ var configSuppVersArray = [...]uint16{VersionTLS13, VersionTLS12, VersionTLS11,
|
||||
// with TLS 1.3 draft versions included.
|
||||
//
|
||||
// TODO: remove once TLS 1.3 is finalised.
|
||||
var tls13DraftSuppVersArray = [...]uint16{VersionTLS13Draft23, VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30}
|
||||
var tls13DraftSuppVersArray = [...]uint16{VersionTLS13Draft28, VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30}
|
||||
|
||||
// getSupportedVersions returns the protocol versions that are supported by the
|
||||
// current configuration.
|
||||
|
26
conn.go
26
conn.go
@ -11,6 +11,7 @@ import (
|
||||
"crypto/cipher"
|
||||
"crypto/subtle"
|
||||
"crypto/x509"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
@ -358,6 +359,15 @@ func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, alertValue alert)
|
||||
hc.additionalData[11] = byte(n >> 8)
|
||||
hc.additionalData[12] = byte(n)
|
||||
additionalData = hc.additionalData[:]
|
||||
} else {
|
||||
if len(payload) > int((1<<14)+256) {
|
||||
return false, 0, alertRecordOverflow
|
||||
}
|
||||
// Check AD header, see 5.2 of RFC8446
|
||||
additionalData = make([]byte, 5)
|
||||
additionalData[0] = 23
|
||||
binary.BigEndian.PutUint16(additionalData[1:], 0x0303)
|
||||
binary.BigEndian.PutUint16(additionalData[3:], uint16(len(payload)))
|
||||
}
|
||||
var err error
|
||||
payload, err = c.Open(payload[:0], nonce, payload, additionalData)
|
||||
@ -460,10 +470,11 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
|
||||
case cipher.Stream:
|
||||
c.XORKeyStream(payload, payload)
|
||||
case aead:
|
||||
// explicitIVLen is always 0 for TLS1.3
|
||||
payloadLen := len(b.data) - recordHeaderLen - explicitIVLen
|
||||
overhead := c.Overhead()
|
||||
if hc.version >= VersionTLS13 {
|
||||
overhead++
|
||||
overhead++ // TODO(kk): why this is done?
|
||||
}
|
||||
b.resize(len(b.data) + overhead)
|
||||
|
||||
@ -478,16 +489,19 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) {
|
||||
if hc.version < VersionTLS13 {
|
||||
copy(hc.additionalData[:], hc.seq[:])
|
||||
copy(hc.additionalData[8:], b.data[:3])
|
||||
hc.additionalData[11] = byte(payloadLen >> 8)
|
||||
hc.additionalData[12] = byte(payloadLen)
|
||||
binary.BigEndian.PutUint16(hc.additionalData[11:], uint16(payloadLen))
|
||||
additionalData = hc.additionalData[:]
|
||||
}
|
||||
|
||||
if hc.version >= VersionTLS13 {
|
||||
} else {
|
||||
// opaque type
|
||||
payload = payload[:len(payload)+1]
|
||||
payload[len(payload)-1] = b.data[0]
|
||||
b.data[0] = byte(recordTypeApplicationData)
|
||||
|
||||
// Add AD header, see 5.2 of RFC8446
|
||||
additionalData = make([]byte, 5)
|
||||
additionalData[0] = byte(recordTypeApplicationData)
|
||||
binary.BigEndian.PutUint16(additionalData[1:], VersionTLS12)
|
||||
binary.BigEndian.PutUint16(additionalData[3:], uint16(payloadLen+overhead))
|
||||
}
|
||||
|
||||
c.Seal(payload[:0], nonce, payload, additionalData)
|
||||
|
@ -155,8 +155,8 @@ func ExampleConfig_keyLogWriter_TLS13() {
|
||||
// preferences.
|
||||
|
||||
// Output:
|
||||
// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 a829dab06ccbe9323e0ad6cf331cd64d9a499f7f4b1e0b52d0dfaba90c07f275
|
||||
// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 5f6a288b5b5aba5cfc65d9966b279e911ac58bd7f81abbb67b10427106f01940
|
||||
// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 1f202d1c1d43e74a8c4f46a56eae2cef9de417ff9f5f3927195eacc168f459b3
|
||||
// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 67ece7874ec4f661fe1f06fb4240decd25f54062d78f0784844bf222d1967c20
|
||||
// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 16ca97d21087a14d406b2601b4713dd82b156cc01d54665baaa4bdb62b72b9a4
|
||||
// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 102c68d960da4f5e2b76a99636ac07bb5774e43b8ce8c14aa4dfd9bf54d11754
|
||||
// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 f3208d533bb885f32f52142acb484eed104739970c2f426e72a1ee31f6d28650
|
||||
// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 70de6b1936df7db171c02f9cfdb04dfa9405a891c959beb15b86f26b2057ba23
|
||||
}
|
||||
|
@ -18,7 +18,7 @@ import (
|
||||
// A PEM-encoded "delegation certificate", an X.509 certificate with the
|
||||
// DelegationUsage extension. The extension is defined in
|
||||
// specified in https://tools.ietf.org/html/draft-ietf-tls-subcerts-02.
|
||||
var dcDelegationCertPEM = `-----BEGIN CERTIFICATE-----
|
||||
const DcCertWithDelegationUsage = `-----BEGIN CERTIFICATE-----
|
||||
MIIBejCCASGgAwIBAgIQXXtl0v50W2OadoW0QwLUlzAKBggqhkjOPQQDAjAUMRIw
|
||||
EAYDVQQKEwlBY21lIEluYy4wHhcNMTgwNzMwMjAxMTE5WhcNMTgwODA2MjAxMTE5
|
||||
WjAUMRIwEAYDVQQKEwlBY21lIEluYy4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
|
||||
@ -32,7 +32,7 @@ AQQBgtpLLAQAMAoGCCqGSM49BAMCA0cAMEQCIEMdIkwwmzQAJ6RSDT3wcrsySx2B
|
||||
|
||||
// The PEM-encoded "delegation key", the secret key associated with the
|
||||
// delegation certificate. This is a key for ECDSA with P256 and SHA256.
|
||||
var dcDelegationKeyPEM = `-----BEGIN EC PRIVATE KEY-----
|
||||
const DcKeyWithDelegationUsage = `-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIAS/pGktmxK1hlt3gF4N2nkMrJnoZihvOO63nnNcxXQroAoGCCqGSM49
|
||||
AwEHoUQDQgAE3ELrmlDSd5KihrOAwXSVXe81s8hgDU+LgTRlZGdnIGg7HRZ8ffXx
|
||||
om34KFnq/By7fWfkuh7PvGwzwRzYE0fy3w==
|
||||
@ -40,7 +40,7 @@ om34KFnq/By7fWfkuh7PvGwzwRzYE0fy3w==
|
||||
`
|
||||
|
||||
// A certificate without the DelegationUsage extension.
|
||||
var dcCertPEM = `-----BEGIN CERTIFICATE-----
|
||||
const DcCertWithoutDelegationUsage = `-----BEGIN CERTIFICATE-----
|
||||
MIIBajCCAQ+gAwIBAgIRAMUg/VFqJaWWJwZ9iHoMjqIwCgYIKoZIzj0EAwIwEjEQ
|
||||
MA4GA1UEChMHQWNtZSBDbzAeFw0xODA3MzAyMDExMTlaFw0xOTA3MzAyMDExMTla
|
||||
MBIxEDAOBgNVBAoTB0FjbWUgQ28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATA
|
||||
@ -52,8 +52,8 @@ KFyrowMTan791RJnyANH/4uYhmvkfhfrFGSTXUli
|
||||
-----END CERTIFICATE-----
|
||||
`
|
||||
|
||||
// The secret key associatted with dcCertPEM.
|
||||
var dcKeyPEM = `-----BEGIN EC PRIVATE KEY-----
|
||||
// The secret key associatted with DcCertWithoutDelegationUsage.
|
||||
const DcKeyWithoutDelegationUsage = `-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIEP82pOhzx0tKkky9t0OmUo9MHgmfdAHxDN2cHmWGqOhoAoGCCqGSM49
|
||||
AwEHoUQDQgAEwJ/qHlkr0jR4RLJEkYJJHqwkA6FfzQPq90uQLQjhU+QGC7fMZbUk
|
||||
1nqxSP2JWSyHC8ZST0+0/l6QZ30usWgLsQ==
|
||||
@ -75,7 +75,7 @@ type dcTestDC struct {
|
||||
// Use with maxVersion == VersionTLS13Draft23.
|
||||
//
|
||||
// TODO(henrydcase): Remove this when we drop support for draft23.
|
||||
var dcTestDataDraft23PEM = `-----BEGIN DC TEST DATA-----
|
||||
const DcTestDataDraft23PEM = `-----BEGIN DC TEST DATA-----
|
||||
MIIIPDCCAUETCXRsczEzcDI1NgICfxcCAgQDBIGwAAk6gAQDfxcAWzBZMBMGByqG
|
||||
SM49AgEGCCqGSM49AwEHA0IABDFeK+EcMQWKDM6xZJqHEHLcIWE0iHTAL1xAB5r6
|
||||
bkm7GLlz1HLWcTy28PNsb9KQLV3Yeay2WYA2d2zGQjNbEhcEAwBHMEUCIQDnXyP4
|
||||
@ -126,7 +126,7 @@ AiEiKCRicw1Upfdy+xdSF0N3XXkLHB13criCfJr2rbZ1o8V7CsX6U70o+/48huPI
|
||||
// Use with maxVersion == VersionTLS13Draft28.
|
||||
//
|
||||
// TODO(henrydcase): Remove this when we drop support for draft28.
|
||||
var dcTestDataDraft28PEM = `-----BEGIN DC TEST DATA-----
|
||||
const DcTestDataDraft28PEM = `-----BEGIN DC TEST DATA-----
|
||||
MIIIOjCCAUATCXRsczEzcDI1NgICfxwCAgQDBIGvAAk6gAQDfxwAWzBZMBMGByqG
|
||||
SM49AgEGCCqGSM49AwEHA0IABAOcQMVs6VmVQ1BYyK+YhUAucZqH3LmDQmAaVDs8
|
||||
brnePHVmSdOoQCU+Ybp3kgnklW958EFZiJ2oK7iWkIpi4TIEAwBGMEQCIB8w0eko
|
||||
@ -175,7 +175,7 @@ x/tlNfATUGmFQGwPug4RyWVux22dGrn81/SsIXJ8hz1eb0s9EKOBbxwhJ//ACg==
|
||||
`
|
||||
|
||||
// Use with maxVersion == VersionTLS13.
|
||||
var dcTestDataPEM = `-----BEGIN DC TEST DATA-----
|
||||
const DcTestDataTLS13PEM = `-----BEGIN DC TEST DATA-----
|
||||
MIIIOzCCAUATCXRsczEzcDI1NgICAwQCAgQDBIGvAAk6gAQDAwQAWzBZMBMGByqG
|
||||
SM49AgEGCCqGSM49AwEHA0IABFTImzqflLfyu3rqlCVsezSv45fKJglhjDYcwJ3H
|
||||
ylqX6rFCupeCwKmMhFvxRkkWAOobv2DZxLYALFgggC8KckkEAwBGMEQCIBWO8rFt
|
||||
@ -273,11 +273,11 @@ func init() {
|
||||
var testData []byte
|
||||
switch maxVersion {
|
||||
case VersionTLS13Draft23:
|
||||
testData = []byte(dcTestDataDraft23PEM)
|
||||
testData = []byte(DcTestDataDraft23PEM)
|
||||
case 0x7f00 | 28: // TODO(henrydcase): Fix once draft 28 is implemented
|
||||
testData = []byte(dcTestDataDraft28PEM)
|
||||
testData = []byte(DcTestDataDraft28PEM)
|
||||
case 0x0304: // TODO(henrydcase): Fix once the final version is implemented
|
||||
testData = []byte(dcTestDataPEM)
|
||||
testData = []byte(DcTestDataTLS13PEM)
|
||||
default:
|
||||
panic(fmt.Errorf("no test data for version %04x", maxVersion))
|
||||
}
|
||||
@ -299,7 +299,7 @@ func init() {
|
||||
}
|
||||
|
||||
// The delegation certificate.
|
||||
dcTestDelegationCert, err = X509KeyPair([]byte(dcDelegationCertPEM), []byte(dcDelegationKeyPEM))
|
||||
dcTestDelegationCert, err = X509KeyPair([]byte(DcCertWithDelegationUsage), []byte(DcKeyWithDelegationUsage))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@ -309,7 +309,7 @@ func init() {
|
||||
}
|
||||
|
||||
// A certificate without the the DelegationUsage extension for X.509.
|
||||
dcTestCert, err = X509KeyPair([]byte(dcCertPEM), []byte(dcKeyPEM))
|
||||
dcTestCert, err = X509KeyPair([]byte(DcCertWithoutDelegationUsage), []byte(DcKeyWithoutDelegationUsage))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
Carregando…
Referência em uma nova issue
Block a user