Google Git
Sign in
boringssl/boringssl/0653147485a047a2e5a201b17a072d431e6efb9d^!/.
commit
0653147485a047a2e5a201b17a072d431e6efb9d
[log]
author
David Benjamin <davidben@google.com>
Fri Feb 19 18:37:32 2021 -0500
committer
Adam Langley <agl@google.com>
Tue Feb 23 21:47:22 2021 +0000
tree
3ded88d0e439ea46a75794f6f76364af91d2c603
parent
8640b412d9d4f7d03f6f5fa647dc74eea25ef99f [diff]
runner: Rename 'masterSecret' on session objects to plain 'secret'.

This mirrors a change on the C side. Sessions may store the master
secret (main secret as of draft-ietf-tls-rfc8446bis-01) in TLS 1.2 or
the resumption PSK in TLS 1.3, so giving it any description other than
plain 'secret' isn't even accurate.

(Doing this separately from the rfc8446bis names since it's a bit less
mechanical.)

Change-Id: Iaf2b72fe298f17eeb4f4957cfd78b0015c3a9d89
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45824
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 733debd..f209f4a 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -289,7 +289,7 @@
 	vers                     uint16              // SSL/TLS version negotiated for the session
 	wireVersion              uint16              // Wire SSL/TLS version negotiated for the session
 	cipherSuite              uint16              // Ciphersuite negotiated for the session
-	masterSecret             []byte              // MasterSecret generated by client on a full handshake
+	secret                   []byte              // Secret associated with the session
 	handshakeHash            []byte              // Handshake hash for Channel ID purposes.
 	serverCertificates       []*x509.Certificate // Certificate chain presented by the server
 	extendedMasterSecret     bool                // Whether an extended master secret was used to generate the session

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index d699938..55a2ad2 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -1624,7 +1624,7 @@
 		vers:                     c.vers,
 		wireVersion:              c.wireVersion,
 		cipherSuite:              cipherSuite.id,
-		masterSecret:             c.resumptionSecret,
+		secret:                   deriveSessionPSK(cipherSuite, c.wireVersion, c.resumptionSecret, newSessionTicket.ticketNonce),
 		serverCertificates:       c.peerCertificates,
 		sctList:                  c.sctList,
 		ocspResponse:             c.ocspResponse,
@@ -1638,8 +1638,6 @@
 		peerApplicationSettings:  c.peerApplicationSettings,
 	}
 
-	session.masterSecret = deriveSessionPSK(cipherSuite, c.wireVersion, c.resumptionSecret, newSessionTicket.ticketNonce)
-
 	cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
 	_, ok := c.config.ClientSessionCache.Get(cacheKey)
 	if !ok || !c.config.Bugs.UseFirstSessionTicket {
@@ -2027,7 +2025,7 @@
 	state := sessionState{
 		vers:                     c.vers,
 		cipherSuite:              c.cipherSuite.id,
-		masterSecret:             deriveSessionPSK(c.cipherSuite, c.wireVersion, c.resumptionSecret, nonce),
+		secret:                   deriveSessionPSK(c.cipherSuite, c.wireVersion, c.resumptionSecret, nonce),
 		certificates:             peerCertificatesRaw,
 		ticketCreationTime:       c.config.time(),
 		ticketExpiration:         c.config.time().Add(time.Duration(m.ticketLifetime) * time.Second),

diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 586cbe5..efb8a18 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go

@@ -472,7 +472,7 @@
 			if session.vers < VersionTLS13 {
 				version = VersionTLS13
 			}
-			generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config)
+			generatePSKBinders(version, hello, pskCipherSuite, session.secret, []byte{}, []byte{}, c.config)
 		}
 		if c.config.Bugs.SendClientHelloWithFixes != nil {
 			helloBytes, err = fixClientHellos(hello, c.config.Bugs.SendClientHelloWithFixes)
@@ -514,7 +514,7 @@
 	// Derive early write keys and set Conn state to allow early writes.
 	if sendEarlyData {
 		finishedHash := newFinishedHash(session.wireVersion, c.isDTLS, pskCipherSuite)
-		finishedHash.addEntropy(session.masterSecret)
+		finishedHash.addEntropy(session.secret)
 		finishedHash.Write(helloBytes)
 
 		if !c.config.Bugs.SkipChangeCipherSpec {
@@ -657,7 +657,7 @@
 		hello.raw = nil
 
 		if len(hello.pskIdentities) > 0 {
-			generatePSKBinders(c.wireVersion, hello, pskCipherSuite, session.masterSecret, helloBytes, helloRetryRequest.marshal(), c.config)
+			generatePSKBinders(c.wireVersion, hello, pskCipherSuite, session.secret, helloBytes, helloRetryRequest.marshal(), c.config)
 		}
 		secondHelloBytes = hello.marshal()
 		secondHelloBytesToWrite := secondHelloBytes
@@ -879,7 +879,7 @@
 			c.sendAlert(alertHandshakeFailure)
 			return errors.New("tls: server resumed an invalid session for the cipher suite")
 		}
-		hs.finishedHash.addEntropy(hs.session.masterSecret)
+		hs.finishedHash.addEntropy(hs.session.secret)
 		c.didResume = true
 	} else {
 		hs.finishedHash.addEntropy(zeroSecret)
@@ -1834,7 +1834,7 @@
 		}
 
 		// Restore masterSecret and peerCerts from previous state
-		hs.masterSecret = hs.session.masterSecret
+		hs.masterSecret = hs.session.secret
 		c.peerCertificates = hs.session.serverCertificates
 		c.extendedMasterSecret = hs.session.extendedMasterSecret
 		c.sctList = hs.session.sctList
@@ -1891,7 +1891,7 @@
 		vers:               c.vers,
 		wireVersion:        c.wireVersion,
 		cipherSuite:        hs.suite.id,
-		masterSecret:       hs.masterSecret,
+		secret:             hs.masterSecret,
 		handshakeHash:      hs.finishedHash.Sum(),
 		serverCertificates: c.peerCertificates,
 		sctList:            c.sctList,

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 35e9933..907ea6f 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -534,7 +534,7 @@
 
 	// Resolve PSK and compute the early secret.
 	if hs.sessionState != nil {
-		hs.finishedHash.addEntropy(hs.sessionState.masterSecret)
+		hs.finishedHash.addEntropy(hs.sessionState.secret)
 	} else {
 		hs.finishedHash.addEntropy(hs.finishedHash.zeroSecret())
 	}
@@ -1639,7 +1639,7 @@
 		}
 	}
 
-	hs.masterSecret = hs.sessionState.masterSecret
+	hs.masterSecret = hs.sessionState.secret
 	c.extendedMasterSecret = hs.sessionState.extendedMasterSecret
 
 	return nil
@@ -2007,7 +2007,7 @@
 	state := sessionState{
 		vers:          c.vers,
 		cipherSuite:   hs.suite.id,
-		masterSecret:  hs.masterSecret,
+		secret:        hs.masterSecret,
 		certificates:  hs.certsFromClient,
 		handshakeHash: hs.finishedHash.Sum(),
 	}
@@ -2279,7 +2279,7 @@
 		return errors.New("tls: Unknown cipher suite for PSK in session")
 	}
 
-	binder := computePSKBinder(sessionState.masterSecret, version, resumptionPSKBinderLabel, pskCipherSuite, firstClientHello, helloRetryRequest, truncatedHello)
+	binder := computePSKBinder(sessionState.secret, version, resumptionPSKBinderLabel, pskCipherSuite, firstClientHello, helloRetryRequest, truncatedHello)
 	if !bytes.Equal(binder, binderToVerify) {
 		return errors.New("tls: PSK binder does not verify")
 	}

diff --git a/ssl/test/runner/ticket.go b/ssl/test/runner/ticket.go
index f5163e1..347edb5 100644
--- a/ssl/test/runner/ticket.go
+++ b/ssl/test/runner/ticket.go

@@ -20,7 +20,7 @@
 type sessionState struct {
 	vers                     uint16
 	cipherSuite              uint16
-	masterSecret             []byte
+	secret                   []byte
 	handshakeHash            []byte
 	certificates             [][]byte
 	extendedMasterSecret     bool
@@ -38,8 +38,8 @@
 	msg := newByteBuilder()
 	msg.addU16(s.vers)
 	msg.addU16(s.cipherSuite)
-	masterSecret := msg.addU16LengthPrefixed()
-	masterSecret.addBytes(s.masterSecret)
+	secret := msg.addU16LengthPrefixed()
+	secret.addBytes(s.secret)
 	handshakeHash := msg.addU16LengthPrefixed()
 	handshakeHash.addBytes(s.handshakeHash)
 	msg.addU16(uint16(len(s.certificates)))
@@ -96,7 +96,7 @@
 	var numCerts uint16
 	if !reader.readU16(&s.vers) ||
 		!reader.readU16(&s.cipherSuite) ||
-		!reader.readU16LengthPrefixedBytes(&s.masterSecret) ||
+		!reader.readU16LengthPrefixedBytes(&s.secret) ||
 		!reader.readU16LengthPrefixedBytes(&s.handshakeHash) ||
 		!reader.readU16(&numCerts) {
 		return false