Send ECH acceptance signal from backend server.
This CL implements the backend server behavior described in Section 7.2
of draft-ietf-tls-esni-09.
Bug: 275
Change-Id: I2e162673ce564db0cb75fc9b71ef11ed15037f4b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43924
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 7ec61fd..ce1a7a6 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -739,6 +739,33 @@
return true;
}
+static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
+ CBS *contents) {
+ if (contents != nullptr) {
+ hs->ech_present = true;
+ return true;
+ }
+ return true;
+}
+
+static bool ext_ech_is_inner_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
+ return true;
+}
+
+static bool ext_ech_is_inner_parse_clienthello(SSL_HANDSHAKE *hs,
+ uint8_t *out_alert,
+ CBS *contents) {
+ if (contents == nullptr) {
+ return true;
+ }
+ if (CBS_len(contents) > 0) {
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
+ return false;
+ }
+ hs->ech_is_inner_present = true;
+ return true;
+}
+
// Renegotiation indication.
//
@@ -2435,7 +2462,8 @@
return true;
}
-bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
+bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out,
+ bool dry_run) {
uint16_t group_id;
CBB kse_bytes, public_key;
if (!tls1_get_shared_group(hs, &group_id) ||
@@ -2448,10 +2476,10 @@
!CBB_flush(out)) {
return false;
}
-
- hs->ecdh_public_key.Reset();
-
- hs->new_session->group_id = group_id;
+ if (!dry_run) {
+ hs->ecdh_public_key.Reset();
+ hs->new_session->group_id = group_id;
+ }
return true;
}
@@ -3128,7 +3156,15 @@
NULL,
ext_ech_add_clienthello,
ext_ech_parse_serverhello,
- ignore_parse_clienthello,
+ ext_ech_parse_clienthello,
+ dont_add_serverhello,
+ },
+ {
+ TLSEXT_TYPE_ech_is_inner,
+ NULL,
+ ext_ech_is_inner_add_clienthello,
+ forbid_parse_serverhello,
+ ext_ech_is_inner_parse_clienthello,
dont_add_serverhello,
},
{
