commit 5b9860827f46c2cf5b620fefb3cda35f6c28318a
author Steven Valdez <svaldez@google.com> Thu Sep 01 12:29:49 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Oct 06 14:36:12 2016 +0000
tree cea96ea91c9e20066068ba87e6a6484647703f11
parent 5ecb88b95b7930c7b83f26a76ed13aeeb71de88a

Updating NewSessionTicket message and updating PSK to Draft 15.

BUG=77

Change-Id: Id8c45e98c4c22cdd437cbba1e9375239e123b261
Reviewed-on: https://boringssl-review.googlesource.com/10763
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/runner/conn.go

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 1fd0200..84e1eb8 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -1402,6 +1402,23 @@
 				return nil
 			}
 
+			var foundKE, foundAuth bool
+			for _, mode := range newSessionTicket.keModes {
+				if mode == pskDHEKEMode {
+					foundKE = true
+				}
+			}
+			for _, mode := range newSessionTicket.authModes {
+				if mode == pskAuthMode {
+					foundAuth = true
+				}
+			}
+
+			// Ignore the ticket if the server preferences do not match a mode we implement.
+			if !foundKE || !foundAuth {
+				return nil
+			}
+
 			session := &ClientSessionState{
 				sessionTicket:      newSessionTicket.ticket,
 				vers:               c.vers,
@@ -1412,8 +1429,6 @@
 				ocspResponse:       c.ocspResponse,
 				ticketCreationTime: c.config.time(),
 				ticketExpiration:   c.config.time().Add(time.Duration(newSessionTicket.ticketLifetime) * time.Second),
-				ticketFlags:        newSessionTicket.ticketFlags,
-				ticketAgeAdd:       newSessionTicket.ticketAgeAdd,
 			}
 
 			cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
@@ -1693,17 +1708,19 @@
 		peerCertificatesRaw = append(peerCertificatesRaw, cert.Raw)
 	}
 
-	var ageAdd uint32
-	if err := binary.Read(c.config.rand(), binary.LittleEndian, &ageAdd); err != nil {
-		return err
-	}
-
 	// TODO(davidben): Allow configuring these values.
 	m := &newSessionTicketMsg{
 		version:        c.vers,
 		ticketLifetime: uint32(24 * time.Hour / time.Second),
-		ticketFlags:    ticketAllowDHEResumption | ticketAllowPSKResumption,
-		ticketAgeAdd:   ageAdd,
+		keModes:        []byte{pskDHEKEMode},
+		authModes:      []byte{pskAuthMode},
+	}
+
+	if len(c.config.Bugs.SendPSKKeyExchangeModes) != 0 {
+		m.keModes = c.config.Bugs.SendPSKKeyExchangeModes
+	}
+	if len(c.config.Bugs.SendPSKAuthModes) != 0 {
+		m.authModes = c.config.Bugs.SendPSKAuthModes
 	}
 
 	state := sessionState{
@@ -1713,8 +1730,6 @@
 		certificates:       peerCertificatesRaw,
 		ticketCreationTime: c.config.time(),
 		ticketExpiration:   c.config.time().Add(time.Duration(m.ticketLifetime) * time.Second),
-		ticketFlags:        m.ticketFlags,
-		ticketAgeAdd:       ageAdd,
 	}
 
 	if !c.config.Bugs.SendEmptySessionTicket {