From da110326f843b57ea3a26cf5945dcfd42dd2246e Mon Sep 17 00:00:00 2001
From: Kris Kwiatkowski <kris@amongbytes.com>
Date: Sun, 16 Sep 2018 08:36:45 +0100
Subject: [PATCH] Swap TLS 1.3 to RFC 8446

---
 _dev/Makefile                   |  2 +-
 _dev/boring/Dockerfile          |  4 +--
 _dev/boring/run.sh              |  4 +--
 _dev/boring/server.sh           |  3 --
 _dev/interop_test_runner        |  4 +--
 _dev/tris-localserver/server.go |  9 +++--
 _dev/tris-testclient/client.go  |  9 +++--
 _dev/tstclnt/Dockerfile         |  2 +-
 common.go                       | 23 ++++--------
 example_test.go                 |  8 ++---
 subcerts_test.go                | 64 ++-------------------------------
 11 files changed, 29 insertions(+), 103 deletions(-)

diff --git a/_dev/Makefile b/_dev/Makefile
index 66efc66..be78bea 100644
--- a/_dev/Makefile
+++ b/_dev/Makefile
@@ -23,7 +23,7 @@ INSTALL_RACE:= $(words $(filter $(ARCH)_$(shell go env CGO_ENABLED), amd64_1))
 TARGET_TEST_COMPAT=boring picotls tstclnt
 
 # Some target-specific constants
-BORINGSSL_REVISION=03de6813d8992a649092b4874ef0ebc022e2f58a
+BORINGSSL_REVISION=d451453067cd665a5c38830fbbaac9e599234a5e
 BOGO_DOCKER_TRIS_LOCATION=/go/src/github.com/cloudflare/tls-tris
 
 ###############
diff --git a/_dev/boring/Dockerfile b/_dev/boring/Dockerfile
index bf712df..414e45a 100644
--- a/_dev/boring/Dockerfile
+++ b/_dev/boring/Dockerfile
@@ -50,8 +50,8 @@ RUN mkdir boringssl/build
 # Draft 28
 # ARG REVISION=861f384d7bc59241a9df1634ae938d8e75be2d30
 
-# Latest
-ARG REVISION=03de6813d8992a649092b4874ef0ebc022e2f58a
+# TLS 1.3
+ARG REVISION=d451453067cd665a5c38830fbbaac9e599234a5e
 
 RUN cd boringssl && git fetch
 RUN cd boringssl && git checkout $REVISION
diff --git a/_dev/boring/run.sh b/_dev/boring/run.sh
index acc26e9..99a8e79 100755
--- a/_dev/boring/run.sh
+++ b/_dev/boring/run.sh
@@ -2,7 +2,7 @@
 set -e
 
 /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
-	-tls13-variant draft28 -session-out /session -connect "$@" < /httpreq.txt
+	-session-out /session -connect "$@" < /httpreq.txt
 exec /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
-	-tls13-variant draft28 -session-in /session -connect "$@" < /httpreq.txt
+    -session-in /session -connect "$@" < /httpreq.txt
 
diff --git a/_dev/boring/server.sh b/_dev/boring/server.sh
index d2f60ee..c2618f1 100755
--- a/_dev/boring/server.sh
+++ b/_dev/boring/server.sh
@@ -6,21 +6,18 @@ set -x
 bssl server \
     -key rsa.pem \
     -min-version tls1.2 -max-version tls1.3 \
-    -tls13-variant draft28 \
     -accept 1443 -loop -www 2>&1 &
 
 # ECDSA
 bssl server \
     -key ecdsa.pem \
     -min-version tls1.2 -max-version tls1.3 \
-    -tls13-variant draft28 \
     -accept 2443 -loop -www 2>&1 &
 
 # Require client authentication (with ECDSA)
 bssl server \
     -key ecdsa.pem \
     -min-version tls1.2 -max-version tls1.3 \
-    -tls13-variant draft28 \
     -accept 6443 -loop -www \
     -require-any-client-cert -debug 2>&1 &
 
diff --git a/_dev/interop_test_runner b/_dev/interop_test_runner
index d2ab0c4..e8a44d1 100755
--- a/_dev/interop_test_runner
+++ b/_dev/interop_test_runner
@@ -10,7 +10,7 @@ import time
 # Checks if TLS 1.3 was negotiated
 RE_PATTERN_HELLO_TLS_13_NORESUME = "^.*Hello TLS 1.3 \(draft .*\) _o/$|^.*Hello TLS 1.3 _o/$"
 # Checks if TLS 1.3 was resumed
-RE_PATTERN_HELLO_TLS_13_RESUME   = "Hello TLS 1.3 \(draft .*\) \[resumed\] _o/"
+RE_PATTERN_HELLO_TLS_13_RESUME   = "Hello TLS 1.3 \[resumed\] _o/"
 # Checks if 0-RTT was used and NOT confirmed
 RE_PATTERN_HELLO_0RTT            = "^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT\] _o/$"
 # Checks if 0-RTT was used and confirmed
@@ -48,7 +48,7 @@ class RegexSelfTest(unittest.TestCase):
     LINE_HELLO_TLS      ="\nsomestuff\nHello TLS 1.3 _o/\nsomestuff"
     LINE_HELLO_DRAFT_TLS="\nsomestuff\nHello TLS 1.3 (draft 23) _o/\nsomestuff"
 
-    LINE_HELLO_RESUMED  ="\nsomestuff\nHello TLS 1.3 (draft 23) [resumed] _o/\nsomestuff"
+    LINE_HELLO_RESUMED  ="\nsomestuff\nHello TLS 1.3 [resumed] _o/\nsomestuff"
     LINE_HELLO_MIXED    ="\nsomestuff\nHello TLS 1.3 (draft 23) _o/\nHello TLS 1.3 (draft 23) [resumed] _o/\nsomestuff"
     LINE_HELLO_TLS_12   ="\nsomestuff\nHello TLS 1.2 (draft 23) [resumed] _o/\nsomestuff"
     LINE_HELLO_TLS_13_0RTT="\nsomestuff\nHello TLS 1.3 (draft 23) [resumed] [0-RTT] _o/\nsomestuff"
diff --git a/_dev/tris-localserver/server.go b/_dev/tris-localserver/server.go
index f318a05..808ad2d 100644
--- a/_dev/tris-localserver/server.go
+++ b/_dev/tris-localserver/server.go
@@ -32,11 +32,10 @@ type server struct {
 }
 
 var tlsVersionToName = map[uint16]string{
-	tls.VersionTLS10:        "1.0",
-	tls.VersionTLS11:        "1.1",
-	tls.VersionTLS12:        "1.2",
-	tls.VersionTLS13:        "1.3",
-	tls.VersionTLS13Draft28: "1.3 (draft 28)",
+	tls.VersionTLS10: "1.0",
+	tls.VersionTLS11: "1.1",
+	tls.VersionTLS12: "1.2",
+	tls.VersionTLS13: "1.3",
 }
 
 func NewServer() *server {
diff --git a/_dev/tris-testclient/client.go b/_dev/tris-testclient/client.go
index e28eef3..21c22b4 100644
--- a/_dev/tris-testclient/client.go
+++ b/_dev/tris-testclient/client.go
@@ -12,11 +12,10 @@ import (
 )
 
 var tlsVersionToName = map[uint16]string{
-	tls.VersionTLS10:        "1.0",
-	tls.VersionTLS11:        "1.1",
-	tls.VersionTLS12:        "1.2",
-	tls.VersionTLS13:        "1.3",
-	tls.VersionTLS13Draft28: "1.3 (draft 28)",
+	tls.VersionTLS10: "1.0",
+	tls.VersionTLS11: "1.1",
+	tls.VersionTLS12: "1.2",
+	tls.VersionTLS13: "1.3",
 }
 
 var cipherSuiteIdToName = map[uint16]string{
diff --git a/_dev/tstclnt/Dockerfile b/_dev/tstclnt/Dockerfile
index 3fb9aff..e51e724 100644
--- a/_dev/tstclnt/Dockerfile
+++ b/_dev/tstclnt/Dockerfile
@@ -27,7 +27,7 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
 # ARG REVISION=16c622c9e1cc
 
 # Latest
-ARG REVISION=09ab3310e710
+ARG REVISION=ee357b00f2e6
 
 RUN cd nss && hg pull
 RUN cd nss && hg checkout -C $REVISION
diff --git a/common.go b/common.go
index 9b37fa4..3a6cffc 100644
--- a/common.go
+++ b/common.go
@@ -22,12 +22,11 @@ import (
 )
 
 const (
-	VersionSSL30        = 0x0300
-	VersionTLS10        = 0x0301
-	VersionTLS11        = 0x0302
-	VersionTLS12        = 0x0303
-	VersionTLS13        = 0x0304
-	VersionTLS13Draft28 = 0x7f00 | 28
+	VersionSSL30 = 0x0300
+	VersionTLS10 = 0x0301
+	VersionTLS11 = 0x0302
+	VersionTLS12 = 0x0303
+	VersionTLS13 = 0x0304
 )
 
 const (
@@ -38,7 +37,7 @@ const (
 	maxWarnAlertCount = 5            // maximum number of consecutive warning alerts
 
 	minVersion = VersionTLS12
-	maxVersion = VersionTLS13Draft28
+	maxVersion = VersionTLS13
 )
 
 // TLS record types.
@@ -888,12 +887,6 @@ func (c *Config) pickVersion(peerSupportedVersions []uint16) (uint16, bool) {
 // configSuppVersArray is the backing array of Config.getSupportedVersions
 var configSuppVersArray = [...]uint16{VersionTLS13, VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30}
 
-// tls13DraftSuppVersArray is the backing array of Config.getSupportedVersions
-// with TLS 1.3 draft versions included.
-//
-// TODO: remove once TLS 1.3 is finalised.
-var tls13DraftSuppVersArray = [...]uint16{VersionTLS13Draft28, VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30}
-
 // getSupportedVersions returns the protocol versions that are supported by the
 // current configuration.
 func (c *Config) getSupportedVersions() []uint16 {
@@ -909,10 +902,6 @@ func (c *Config) getSupportedVersions() []uint16 {
 	if maxVersion < minVersion {
 		return nil
 	}
-	// TODO: remove once TLS 1.3 is finalised.
-	if maxVersion == VersionTLS13 {
-		return tls13DraftSuppVersArray[:len(tls13DraftSuppVersArray)-int(minVersion-VersionSSL30)]
-	}
 	return configSuppVersArray[VersionTLS13-maxVersion : VersionTLS13-minVersion+1]
 }
 
diff --git a/example_test.go b/example_test.go
index 28ec3f0..5dc97de 100644
--- a/example_test.go
+++ b/example_test.go
@@ -155,8 +155,8 @@ func ExampleConfig_keyLogWriter_TLS13() {
 	// preferences.
 
 	// Output:
-	// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 16ca97d21087a14d406b2601b4713dd82b156cc01d54665baaa4bdb62b72b9a4
-	// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 102c68d960da4f5e2b76a99636ac07bb5774e43b8ce8c14aa4dfd9bf54d11754
-	// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 f3208d533bb885f32f52142acb484eed104739970c2f426e72a1ee31f6d28650
-	// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 70de6b1936df7db171c02f9cfdb04dfa9405a891c959beb15b86f26b2057ba23
+	// CLIENT_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 b946c84f46f53bd410368a1fd7d53873e74bedd53b4b1a4b125be40c8b0510a1
+	// SERVER_HANDSHAKE_TRAFFIC_SECRET 0000000000000000000000000000000000000000000000000000000000000000 b6c44e95e34cb2616ff2e9a1163577aa1aa5cb3af8df16d0fdbbbaf15f415c8e
+	// SERVER_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 cbecc42509a124ae517f6c9aaae1961d755ab4268548b40b0c7840a9643240e8
+	// CLIENT_TRAFFIC_SECRET_0 0000000000000000000000000000000000000000000000000000000000000000 8f6dd1476706ea8147d829347937694496a7d62d6d01de0a1b4820140d01cad0
 }
diff --git a/subcerts_test.go b/subcerts_test.go
index af25bae..08ac2be 100644
--- a/subcerts_test.go
+++ b/subcerts_test.go
@@ -69,61 +69,6 @@ type dcTestDC struct {
 	PrivateKey []byte
 }
 
-// Test data used for testing the TLS handshake with the delegated credential
-// extension. The PEM block encodes a DER encoded slice of dcTestDCs.
-
-// Use with maxVersion == VersionTLS13Draft28.
-//
-// TODO(henrydcase): Remove this when we drop support for draft28.
-const DcTestDataDraft28PEM = `-----BEGIN DC TEST DATA-----
-MIIIQjCCAUETCXRsczEzcDI1NgICfxwCAgQDBIGwAAk6gAQDfxwAAFswWTATBgcq
-hkjOPQIBBggqhkjOPQMBBwNCAASfXv9/jTDWOG9nwKmIN1GrFqF0p0frgMl6rxvy
-fu/58dkS0ZduzOUBG7qHsu+jHE8T29jH8SCH4Otl+3abna8IBAMARjBEAiAtDM7j
-w0bNce3QrVupL3wh5CUhIsTAwoYuWLls+1U8mwIgb/MHyZbcA7tALI0mNIJ1WRwy
-V7tByFYV21ataGTa+6UEeTB3AgEBBCDXxru/xm8LfdX+VVZBhBrb4kYrtVU28SNe
-q4TcMhvxUKAKBggqhkjOPQMBB6FEA0IABJ9e/3+NMNY4b2fAqYg3UasWoXSnR+uA
-yXqvG/J+7/nx2RLRl27M5QEbuoey76McTxPb2MfxIIfg62X7dpudrwgwggHsEwl0
-bHMxM3A1MjECAn8cAgIGAwSB9AAJOoAGA38cAACeMIGbMBAGByqGSM49AgEGBSuB
-BAAjA4GGAAQBPRyZBgt3gNeSrgvhCGfzRJL7YH2nRdWZsi5ot+pDppu7GWwG2Bh7
-Q8kurueZfyveEwQFnKOqUnqN/lXNxQuGAdcA3wg+Apb/ZjV+wQlaZjRFqCKWsp6A
-gFMPvab6nykiIrDxoJMtmk1+GW/YapaCwMiyBH6VRhqxQpEhR2ZXyXkqZ6EEAwBH
-MEUCIQDQgYRL6lqn+M/fTlPsXilqjwxF0x8TyDRYGd1tsg4wdAIgTvXu8lpzD2t4
-vEqSKLRPA75HAU+ui1q4V8Hpudp7DkUEgd8wgdwCAQEEQgF3/A259KQTc+cw4ClJ
-pCnTXC9G2Fh5VULrAn3tFIpnzJ4VQun3UgkoPpeUSBdny9Kbd2DbfuFVd5YvNG2i
-HPxVBKAHBgUrgQQAI6GBiQOBhgAEAT0cmQYLd4DXkq4L4Qhn80SS+2B9p0XVmbIu
-aLfqQ6abuxlsBtgYe0PJLq7nmX8r3hMEBZyjqlJ6jf5VzcULhgHXAN8IPgKW/2Y1
-fsEJWmY0RagilrKegIBTD72m+p8pIiKw8aCTLZpNfhlv2GqWgsDIsgR+lUYasUKR
-IUdmV8l5KmehMIIBQRMHYmFkdmVycwIDAP8AAgIEAwSBsQAJOoAEA/8AAABbMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESs4ZQnHHAPPHaA3uxyMAw91T4ajlJvL2
-BAtP6XYpo9j+QWBtsFpwNRY85acAQJ9+7y1nbCHjn0UwB8Hi8P9pdQQDAEcwRQIg
-YJUpZPXZFbxyXDj/QYqvGlu4veHQJOaT0PL1rx6R/2gCIQC1qAAkNe5lz8W1M97t
-QXwxYRWgt8GLdBqp72EduVHtMgR5MHcCAQEEINU81qgDRzEPrx2YxJNBt7quCeA8
-VZV9efsB7R7sxkwXoAoGCCqGSM49AwEHoUQDQgAESs4ZQnHHAPPHaA3uxyMAw91T
-4ajlJvL2BAtP6XYpo9j+QWBtsFpwNRY85acAQJ9+7y1nbCHjn0UwB8Hi8P9pdTCC
-AT8TBmJhZGtleQICfxwCAgQDBIGxAAk6gAQDfxwAAFswWTATBgcqhkjOPQIBBggq
-hkjOPQMBBwNCAAQnV8i/4ZrWoZG0nGDy6xsYzCV10FwaCbrvejTxcltSoCJ8HfPT
-u9FhOlHllmVyp/qCdB0ILsSlYDEFG9yzV/kGBAMARzBFAiBw3YabIamIHJAKmUcE
-+AZNsvBPuuYeKGCQ9N5n4/1hpwIhAJ07IU/p4+Nl24u4IneM9Fq5lL4YugiSAtDy
-/pWeCL0XBHkwdwIBAQQgOR6w5qkUyavY92PuOBXslfxJgfS8RUaAImqAlWhniKug
-CgYIKoZIzj0DAQehRANCAARH0kbf92XgJ5Mop4Spbpp3bjwzQw7Pg6T9vQH0q8Hy
-CTG65vcmu2whOu+0nR3eJg7rt9BhcHredcOoUhGbgqbRMIIBPhMGYmFkc2lnAgJ/
-HAICBAMEgbAACTqABAN/HAAAWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBlb
-oANTnMd8jcnuzyCv+I+l51tqVog0wagYMo6L7A2RlTqgTYaz0p7mH3wsHfsv/Py8
-Scv5o7vp/MIQjEbeg8wEAwBGMEQCIDozxK17n3gytnV9h6X9BKz5GsxBgr9+Ympe
-9XXppP57AiAPks17U0EhoIhSk6dhmVpgjkoHt9jxn1xYIwJxceGWywR5MHcCAQEE
-IH7GjuBRPz5WvrYrmD6dlCHX5Fda2C7faa+f0mmjkOfvoAoGCCqGSM49AwEHoUQD
-QgAEGVugA1Ocx3yNye7PIK/4j6XnW2pWiDTBqBgyjovsDZGVOqBNhrPSnuYffCwd
-+y/8/LxJy/mju+n8whCMRt6DzDCCAT8TBXRsczEyAgIDAwICBAMEgbIACTqABAMD
-AwAAWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFbRSfoqtGJdMb7NP3hENn6A
-b8tzLgr8Cj77JSoSVloy/+XOa+wz1OhEzA2b54WkEhVQor+RAT688z7UwEXFwWsE
-AwBIMEYCIQCdahwKMP01K5rvn3IU7JQElg1TjnGw1vZk7zsjg1B0gQIhAMLlhfUA
-Zd/eyMHutw9HfBOWX7rlcKN12RwtGuNXvZ1BBHkwdwIBAQQgSSNaIBwdPWauUSKg
-LN73E41eUQrWung1lwgTQWV1AhqgCgYIKoZIzj0DAQehRANCAARW0Un6KrRiXTG+
-zT94RDZ+gG/Lcy4K/Ao++yUqElZaMv/lzmvsM9ToRMwNm+eFpBIVUKK/kQE+vPM+
-1MBFxcFr
------END DC TEST DATA-----
-`
-
 // Use with maxVersion == VersionTLS13.
 const DcTestDataTLS13PEM = `-----BEGIN DC TEST DATA-----
 MIIIQzCCAUMTCXRsczEzcDI1NgICAwQCAgQDBIGyAAk6gAQDAwQAAFswWTATBgcq
@@ -222,14 +167,11 @@ var dcTestNow time.Time
 func init() {
 	// Load the DC test data.
 	var testData []byte
-	switch maxVersion {
-	case VersionTLS13Draft28:
-		testData = []byte(DcTestDataDraft28PEM)
-	case 0x0304: // TODO(henrydcase): Fix once the final version is implemented
-		testData = []byte(DcTestDataTLS13PEM)
-	default:
+	if maxVersion != 0x0304 {
 		panic(fmt.Errorf("no test data for version %04x", maxVersion))
 	}
+	testData = []byte(DcTestDataTLS13PEM)
+
 	err := dcLoadTestData(testData, &dcTestDCs)
 	if err != nil {
 		panic(err)