commit 60a85cb5e49b48286ead97207a8fbda6b3bd39d2
author Nick Harper <nharper@chromium.org> Fri Sep 23 16:25:11 2016 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Oct 20 20:57:10 2016 +0000
tree b5f0a2e969bfbb98cae84514f15d510a1375ed44
parent 373a6a5a7d0b055f1bb4cfe7bb4254c49a28ab67

Implement ChannelID for TLS 1.3.

Channel ID for TLS 1.3 uses the same digest construction as
CertificateVerify. This message is signed with the Channel ID key and
put in the same handshake message (with the same format) as in TLS 1.2.

BUG=103

Change-Id: Ia5b2dffe5a39c39db0cecb0aa6bdc328e53accc2
Reviewed-on: https://boringssl-review.googlesource.com/11420
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls13_server.c

diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 2570069..e54abcf 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -43,6 +43,7 @@
   state_flush,
   state_process_client_certificate,
   state_process_client_certificate_verify,
+  state_process_channel_id,
   state_process_client_finished,
   state_send_new_session_ticket,
   state_flush_new_session_ticket,
@@ -476,7 +477,7 @@
     ssl->s3->new_session->verify_result = X509_V_OK;
 
     /* Skip this state. */
-    hs->state = state_process_client_finished;
+    hs->state = state_process_channel_id;
     return ssl_hs_ok;
   }
 
@@ -503,7 +504,7 @@
     SSL *ssl, SSL_HANDSHAKE *hs) {
   if (ssl->s3->new_session->peer == NULL) {
     /* Skip this state. */
-    hs->state = state_process_client_finished;
+    hs->state = state_process_channel_id;
     return ssl_hs_ok;
   }
 
@@ -513,6 +514,22 @@
     return 0;
   }
 
+  hs->state = state_process_channel_id;
+  return ssl_hs_read_message;
+}
+
+static enum ssl_hs_wait_t do_process_channel_id(SSL *ssl, SSL_HANDSHAKE *hs) {
+  if (!ssl->s3->tlsext_channel_id_valid) {
+    hs->state = state_process_client_finished;
+    return ssl_hs_ok;
+  }
+
+  if (!tls13_check_message_type(ssl, SSL3_MT_CHANNEL_ID) ||
+      !tls1_verify_channel_id(ssl) ||
+      !ssl->method->hash_current_message(ssl)) {
+    return ssl_hs_error;
+  }
+
   hs->state = state_process_client_finished;
   return ssl_hs_read_message;
 }
@@ -645,6 +662,9 @@
       case state_process_client_certificate_verify:
         ret = do_process_client_certificate_verify(ssl, hs);
         break;
+      case state_process_channel_id:
+        ret = do_process_channel_id(ssl, hs);
+        break;
       case state_process_client_finished:
         ret = do_process_client_finished(ssl, hs);
         break;