commit d30a990850457657e3209cb0c27fbe89b3df7ad2
author David Benjamin <davidben@chromium.org> Sun Aug 24 01:44:23 2014 -0400
committer Adam Langley <agl@google.com> Mon Aug 25 22:48:18 2014 +0000
tree 8b87f1bcfc4424054d7f89178b28d5651fab208c
parent f9b96fa4935e16ae4e44507606f612cf6d0054c9

Implement TLS Channel ID in runner.go

Change-Id: Ia349c7a7cdcfd49965cd0c4d6cf81a76fbffb696
Reviewed-on: https://boringssl-review.googlesource.com/1604
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/prf.go

diff --git a/ssl/test/runner/prf.go b/ssl/test/runner/prf.go
index 991196f..55a3614 100644
--- a/ssl/test/runner/prf.go
+++ b/ssl/test/runner/prf.go
@@ -120,6 +120,8 @@
 var keyExpansionLabel = []byte("key expansion")
 var clientFinishedLabel = []byte("client finished")
 var serverFinishedLabel = []byte("server finished")
+var channelIDLabel = []byte("TLS Channel ID signature\x00")
+var channelIDResumeLabel = []byte("Resumption\x00")
 
 func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) {
 	switch version {
@@ -321,3 +323,17 @@
 	digest = h.server.Sum(digest)
 	return digest, crypto.MD5SHA1, nil
 }
+
+// hashForChannelID returns the hash to be signed for TLS Channel
+// ID. If a resumption, resumeHash has the previous handshake
+// hash. Otherwise, it is nil.
+func (h finishedHash) hashForChannelID(resumeHash []byte) []byte {
+	hash := sha256.New()
+	hash.Write(channelIDLabel)
+	if resumeHash != nil {
+		hash.Write(channelIDResumeLabel)
+		hash.Write(resumeHash)
+	}
+	hash.Write(h.server.Sum(nil))
+	return hash.Sum(nil)
+}