Add missing tests for the Channel ID / 0-RTT interaction.
Clients or servers enabling both should not stop functioning.
Change-Id: I5cca09f8adfc8ff56b8943123847bbdaf8885cf4
Reviewed-on: https://boringssl-review.googlesource.com/14485
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index a6d08ef..8444c21 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -10295,10 +10295,11 @@
},
})
- // Test that we fail on early data with Channel ID.
+ // Test that the client offering 0-RTT and Channel ID forbids the server
+ // from accepting both.
testCases = append(testCases, testCase{
testType: clientTest,
- name: "TLS13-EarlyData-ChannelID-Client",
+ name: "TLS13-EarlyDataChannelID-AcceptBoth-Client",
config: Config{
MaxVersion: VersionTLS13,
MaxEarlyDataSize: 16384,
@@ -10315,14 +10316,57 @@
},
})
+ // Test that the client offering Channel ID and 0-RTT allows the server
+ // to decline 0-RTT.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TLS13-EarlyDataChannelID-AcceptChannelID-Client",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ RequestChannelID: true,
+ Bugs: ProtocolBugs{
+ AlwaysRejectEarlyData: true,
+ },
+ },
+ resumeSession: true,
+ expectChannelID: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-early-data-info",
+ "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
+ "-expect-reject-early-data",
+ },
+ })
+
+ // Test that the client offering Channel ID and 0-RTT allows the server
+ // to decline Channel ID.
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TLS13-EarlyDataChannelID-AcceptEarlyData-Client",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MaxEarlyDataSize: 16384,
+ },
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-early-data-info",
+ "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
+ "-expect-accept-early-data",
+ },
+ })
+
+ // Test that the server supporting Channel ID and 0-RTT declines 0-RTT
+ // if it would negotiate Channel ID.
testCases = append(testCases, testCase{
testType: serverTest,
- name: "TLS13-EarlyData-ChannelID-Server",
+ name: "TLS13-EarlyDataChannelID-OfferBoth-Server",
config: Config{
MaxVersion: VersionTLS13,
ChannelID: channelIDKey,
Bugs: ProtocolBugs{
- SendEarlyData: [][]byte{{}},
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
ExpectEarlyDataAccepted: false,
},
},
@@ -10336,6 +10380,28 @@
},
})
+ // Test that the server supporting Channel ID and 0-RTT accepts 0-RTT
+ // if not offered Channel ID.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "TLS13-EarlyDataChannelID-OfferEarlyData-Server",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
+ },
+ },
+ resumeSession: true,
+ expectChannelID: false,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ "-enable-channel-id",
+ },
+ })
+
// Test that the server rejects 0-RTT streams without end_of_early_data.
// The subsequent records should fail to decrypt.
testCases = append(testCases, testCase{
