runner: Store a cipherSuite in ClientSessionState.
This avoids looking up and passing around the cipherSuite object
everywhere. We don't serialize ClientSessionState and, if we did, we can
simply do the lookup at parsing time.
Change-Id: Ice06e4da6b23ff32988597100e8aaa11b82f23ad
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46565
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 34f0fd1..8cc59d4 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -288,7 +288,7 @@
sessionTicket []uint8 // Encrypted ticket used for session resumption with server
vers uint16 // SSL/TLS version negotiated for the session
wireVersion uint16 // Wire SSL/TLS version negotiated for the session
- cipherSuite uint16 // Ciphersuite negotiated for the session
+ cipherSuite *cipherSuite // Ciphersuite negotiated for the session
secret []byte // Secret associated with the session
handshakeHash []byte // Handshake hash for Channel ID purposes.
serverCertificates []*x509.Certificate // Certificate chain presented by the server
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 55a2ad2..3b1b7f4 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -1623,7 +1623,7 @@
sessionTicket: newSessionTicket.ticket,
vers: c.vers,
wireVersion: c.wireVersion,
- cipherSuite: cipherSuite.id,
+ cipherSuite: cipherSuite,
secret: deriveSessionPSK(cipherSuite, c.wireVersion, c.resumptionSecret, newSessionTicket.ticketNonce),
serverCertificates: c.peerCertificates,
sctList: c.sctList,
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 2701fd0..fe0d1e7 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -338,7 +338,7 @@
cipherSuiteOk := false
if candidateSession.vers <= VersionTLS12 {
for _, id := range hello.cipherSuites {
- if id == candidateSession.cipherSuite {
+ if id == candidateSession.cipherSuite.id {
cipherSuiteOk = true
break
}
@@ -357,7 +357,6 @@
}
}
- var pskCipherSuite *cipherSuite
if session != nil && c.config.time().Before(session.ticketExpiration) {
ticket := session.sessionTicket
if c.config.Bugs.FilterTicket != nil && len(ticket) > 0 {
@@ -372,10 +371,6 @@
}
if session.vers >= VersionTLS13 || c.config.Bugs.SendBothTickets {
- pskCipherSuite = cipherSuiteFromID(session.cipherSuite)
- if pskCipherSuite == nil {
- return errors.New("tls: client session cache has invalid cipher suite")
- }
// TODO(nharper): Support sending more
// than one PSK identity.
ticketAge := uint32(c.config.time().Sub(session.ticketCreationTime) / time.Millisecond)
@@ -472,7 +467,7 @@
if session.vers < VersionTLS13 {
version = VersionTLS13
}
- generatePSKBinders(version, hello, pskCipherSuite, session.secret, []byte{}, []byte{}, c.config)
+ generatePSKBinders(version, hello, session, []byte{}, []byte{}, c.config)
}
if c.config.Bugs.SendClientHelloWithFixes != nil {
helloBytes, err = fixClientHellos(hello, c.config.Bugs.SendClientHelloWithFixes)
@@ -513,7 +508,7 @@
// Derive early write keys and set Conn state to allow early writes.
if sendEarlyData {
- finishedHash := newFinishedHash(session.wireVersion, c.isDTLS, pskCipherSuite)
+ finishedHash := newFinishedHash(session.wireVersion, c.isDTLS, session.cipherSuite)
finishedHash.addEntropy(session.secret)
finishedHash.Write(helloBytes)
@@ -528,7 +523,7 @@
earlyTrafficSecret := finishedHash.deriveSecret(earlyTrafficLabel)
c.earlyExporterSecret = finishedHash.deriveSecret(earlyExporterLabel)
- c.useOutTrafficSecret(encryptionEarlyData, session.wireVersion, pskCipherSuite, earlyTrafficSecret)
+ c.useOutTrafficSecret(encryptionEarlyData, session.wireVersion, session.cipherSuite, earlyTrafficSecret)
for _, earlyData := range c.config.Bugs.SendEarlyData {
if _, err := c.writeRecord(recordTypeApplicationData, earlyData); err != nil {
return err
@@ -657,7 +652,7 @@
hello.raw = nil
if len(hello.pskIdentities) > 0 {
- generatePSKBinders(c.wireVersion, hello, pskCipherSuite, session.secret, helloBytes, helloRetryRequest.marshal(), c.config)
+ generatePSKBinders(c.wireVersion, hello, session, helloBytes, helloRetryRequest.marshal(), c.config)
}
secondHelloBytes = hello.marshal()
secondHelloBytesToWrite := secondHelloBytes
@@ -874,8 +869,7 @@
c.sendAlert(alertUnknownPSKIdentity)
return errors.New("tls: server sent unknown PSK identity")
}
- sessionCipher := cipherSuiteFromID(hs.session.cipherSuite)
- if sessionCipher == nil || sessionCipher.hash() != hs.suite.hash() {
+ if hs.session.cipherSuite.hash() != hs.suite.hash() {
c.sendAlert(alertHandshakeFailure)
return errors.New("tls: server resumed an invalid session for the cipher suite")
}
@@ -1890,7 +1884,7 @@
session := &ClientSessionState{
vers: c.vers,
wireVersion: c.wireVersion,
- cipherSuite: hs.suite.id,
+ cipherSuite: hs.suite,
secret: hs.masterSecret,
handshakeHash: hs.finishedHash.Sum(),
serverCertificates: c.peerCertificates,
@@ -2115,9 +2109,9 @@
copy(b[len(b)-len(xb):], xb)
}
-func generatePSKBinders(version uint16, hello *clientHelloMsg, pskCipherSuite *cipherSuite, psk, firstClientHello, helloRetryRequest []byte, config *Config) {
+func generatePSKBinders(version uint16, hello *clientHelloMsg, session *ClientSessionState, firstClientHello, helloRetryRequest []byte, config *Config) {
maybeCorruptBinder := !config.Bugs.OnlyCorruptSecondPSKBinder || len(firstClientHello) > 0
- binderLen := pskCipherSuite.hash().Size()
+ binderLen := session.cipherSuite.hash().Size()
numBinders := 1
if maybeCorruptBinder {
if config.Bugs.SendNoPSKBinder {
@@ -2147,7 +2141,7 @@
helloBytes := hello.marshal()
binderSize := len(hello.pskBinders)*(binderLen+1) + 2
truncatedHello := helloBytes[:len(helloBytes)-binderSize]
- binder := computePSKBinder(psk, version, resumptionPSKBinderLabel, pskCipherSuite, firstClientHello, helloRetryRequest, truncatedHello)
+ binder := computePSKBinder(session.secret, version, resumptionPSKBinderLabel, session.cipherSuite, firstClientHello, helloRetryRequest, truncatedHello)
if maybeCorruptBinder {
if config.Bugs.SendShortPSKBinder {
binder = binder[:binderLen]