Merge b3db6bd into 2764264

Cargo.toml

@@ -59,3 +59,8 @@ path = "examples/tlsserver.rs"
 [[example]]
 name = "simpleclient"
 path = "examples/simpleclient.rs"
+
+[[example]]
+name = "simple_0rtt_client"
+path = "examples/simple_0rtt_client.rs"
+required-features = ["logging"]

bogo/config.json

@@ -78,7 +78,9 @@
     "SendHalfHelloRequest-*": "",
     "RetainOnlySHA256-*": "",
     "ExtendedMasterSecret-Renego-*": "",
-    "Draft-Downgrade-Server": "not implemented; TODO"
+    "Draft-Downgrade-Server": "not implemented; TODO",
+    "EarlyData-*ALPN*-*": "no alpn change in resumed sessions",
+    "*EarlyKeyingMaterial-Client-*": "early exporter NYI"
   },
   "ErrorMap": {
     ":HTTP_REQUEST:": ":GARBAGE:",
@@ -275,7 +277,11 @@
     "QUICTransportParams-Server-Rejected-TLS12": "missing peer quic transport params",
     "ExtendedMasterSecret-NoToYes-Client": ":PEER_MISBEHAVIOUR:",
     "ExtendedMasterSecret-YesToNo-Server": ":PEER_MISBEHAVIOUR:",
-    "ExtendedMasterSecret-YesToNo-Client": ":PEER_MISBEHAVIOUR:"
+    "ExtendedMasterSecret-YesToNo-Client": ":PEER_MISBEHAVIOUR:",
+    "ServerAcceptsEarlyDataOnHRR-Client-TLS13Draft23": ":PEER_MISBEHAVIOUR:",
+    "EarlyDataVersionDowngrade-Client-TLS13Draft23": ":WRONG_VERSION:",
+    "EarlyDataWithoutResume-Client-TLS13Draft23": ":PEER_MISBEHAVIOUR:",
+    "EarlyDataVersionDowngrade-Client-TLS13Draft23": ":PEER_MISBEHAVIOUR:"
   },
   "TestLocalErrorMap": {
     "SendServerHelloAsHelloRetryRequest": "remote error: error decoding message",

examples/internal/bogo_shim.rs

@@ -64,6 +64,12 @@ struct Options {
     read_size: usize,
     quic_transport_params: Vec<u8>,
     expect_quic_transport_params: Vec<u8>,
+    enable_early_data: bool,
+    expect_ticket_supports_early_data: bool,
+    expect_accept_early_data: bool,
+    expect_reject_early_data: bool,
+    queue_data_on_resume: bool,
+    expect_version: u16,
 }
 
 impl Options {
@@ -101,6 +107,12 @@ impl Options {
             read_size: 512,
             quic_transport_params: vec![],
             expect_quic_transport_params: vec![],
+            enable_early_data: false,
+            expect_ticket_supports_early_data: false,
+            expect_accept_early_data: false,
+            expect_reject_early_data: false,
+            queue_data_on_resume: false,
+            expect_version: 0,
         }
     }
 
@@ -111,7 +123,7 @@ impl Options {
 
     fn tls13_supported(&self) -> bool {
         self.support_tls13 && (self.version_allowed(ProtocolVersion::TLSv1_3) ||
-                               self.version_allowed(ProtocolVersion::Unknown(0x7f12)))
+                               self.version_allowed(ProtocolVersion::Unknown(0x7f17)))
     }
 
     fn tls12_supported(&self) -> bool {
@@ -368,6 +380,10 @@ fn make_client_cfg(opts: &Options) -> Arc<rustls::ClientConfig> {
         cfg.versions.push(ProtocolVersion::TLSv1_3);
     }
 
+    if opts.enable_early_data {
+        cfg.enable_early_data = true;
+    }
+
     Arc::new(cfg)
 }
 
@@ -396,6 +412,7 @@ fn handle_err(err: rustls::TLSError) -> ! {
             quit(":TLSV1_ALERT_RECORD_OVERFLOW:")
         }
         TLSError::AlertReceived(AlertDescription::HandshakeFailure) => quit(":HANDSHAKE_FAILURE:"),
+        TLSError::AlertReceived(AlertDescription::ProtocolVersion) => quit(":WRONG_VERSION:"),
         TLSError::CorruptMessagePayload(ContentType::Alert) => quit(":BAD_ALERT:"),
         TLSError::CorruptMessagePayload(ContentType::ChangeCipherSpec) => {
             quit(":BAD_CHANGE_CIPHER_SPEC:")
@@ -447,10 +464,9 @@ fn flush(sess: &mut Box<rustls::Session>, conn: &mut net::TcpStream) {
     conn.flush().unwrap();
 }
 
-fn exec(opts: &Options, sess: &mut Box<rustls::Session>) {
-    if opts.queue_data {
-        sess.write_all(b"hello world")
-            .unwrap();
+fn exec(opts: &Options, sess: &mut Box<rustls::Session>, count: usize) {
+    if opts.queue_data || (opts.queue_data_on_resume && count > 0) {
+        let _ = sess.write_all(b"hello");
     }
 
     let mut conn = net::TcpStream::connect(("localhost", opts.port)).expect("cannot connect");
@@ -500,6 +516,21 @@ fn exec(opts: &Options, sess: &mut Box<rustls::Session>) {
             sent_exporter = true;
         }
 
+        if opts.enable_early_data && !sess.is_handshaking() && count > 0 {
+            if opts.expect_accept_early_data && !sess.is_early_data_accepted() {
+                quit_err("Early data was not accepted, but we expect the opposite");
+            } else if opts.expect_reject_early_data && sess.is_early_data_accepted() {
+                quit_err("Early data was accepted, but we expect the opposite");
+            }
+            if opts.expect_version == 0x0304 {
+                match sess.get_protocol_version() {
+                    Some(ProtocolVersion::TLSv1_3) |
+                    Some(ProtocolVersion::Unknown(0x7f17)) => (),
+                    _ => quit_err("wrong protocol version"),
+                }
+            }
+        }
+
         if !sess.is_handshaking() &&
             !opts.expect_quic_transport_params.is_empty() {
             let their_transport_params = sess.get_quic_transport_parameters()
@@ -602,6 +633,9 @@ fn main() {
             "-expect-peer-signature-algorithm" |
             "-expect-advertised-alpn" |
             "-expect-alpn" |
+            "-on-initial-expect-alpn" |
+            "-on-resume-expect-alpn" |
+            "-on-retry-expect-alpn" |
             "-expect-server-name" |
             "-expect-ocsp-response" |
             "-expect-signed-cert-timestamps" |
@@ -684,6 +718,25 @@ fn main() {
             "-enable-signed-cert-timestamps" => {
                 opts.send_sct = true;
             }
+            "-enable-early-data" |
+            "-on-resume-enable-early-data" => {
+                opts.enable_early_data = true;
+            }
+            "-on-resume-shim-writes-first" => {
+                opts.queue_data_on_resume = true;
+            }
+            "-expect-ticket-supports-early-data" => {
+                opts.expect_ticket_supports_early_data = true;
+            }
+            "-expect-accept-early-data" => {
+                opts.expect_accept_early_data = true;
+            }
+            "-expect-reject-early-data" => {
+                opts.expect_reject_early_data = true;
+            }
+            "-expect-version" => {
+                opts.expect_version = args.remove(0).parse::<u16>().unwrap();
+            }
 
             // defaults:
             "-enable-all-curves" |
@@ -734,7 +787,6 @@ fn main() {
             "-enable-channel-id" |
             "-resumption-delay" |
             "-expect-early-data-info" |
-            "-enable-early-data" |
             "-expect-cipher-aes" |
             "-retain-only-sha256-client-cert-initial" |
             "-use-client-ca-list" |
@@ -747,9 +799,10 @@ fn main() {
             "-handshake-twice" |
             "-verify-prefs" |
             "-no-op-extra-handshake" |
-            "-on-resume-enable-early-data" |
             "-read-with-unfinished-write" |
-            "-expect-peer-cert-file" => {
+            "-on-resume-read-with-unfinished-write" |
+            "-expect-peer-cert-file" |
+            "-on-initial-expect-peer-cert-file" => {
                 println!("NYI option {:?}", arg);
                 process::exit(BOGO_NACK);
             }
@@ -761,6 +814,11 @@ fn main() {
         }
     }
 
+    if opts.enable_early_data && opts.server {
+        println!("For now we only test client-side early data");
+        process::exit(BOGO_NACK);
+    }
+
     println!("opts {:?}", opts);
 
     let server_cfg = if opts.server {
@@ -799,8 +857,8 @@ fn main() {
         }
     };
 
-    for _ in 0..opts.resumes + 1 {
+    for i in 0..opts.resumes + 1 {
         let mut sess = make_session();
-        exec(&opts, &mut sess);
+        exec(&opts, &mut sess, i);
     }
 }

examples/simple_0rtt_client.rs

@@ -0,0 +1,42 @@
+use std::sync::Arc;
+
+use std::io::{stdout, Read, Write};
+use std::net::TcpStream;
+
+extern crate rustls;
+extern crate webpki;
+extern crate webpki_roots;
+extern crate env_logger;
+
+fn start_session(config: &Arc<rustls::ClientConfig>, domain_name: &str) {
+    let dns_name = webpki::DNSNameRef::try_from_ascii_str(domain_name).unwrap();
+    let mut sess = rustls::ClientSession::new(config, dns_name);
+    let mut sock = TcpStream::connect(format!("{}:443", domain_name)).unwrap();
+    sock.set_nodelay(true).unwrap();
+    let mut stream = rustls::Stream::new(&mut sess, &mut sock);
+    let request = format!(
+        "GET / HTTP/1.1\r\n\
+         Host: {}\r\n\
+         Connection: close\r\n\
+         Accept-Encoding: identity\r\n\
+         \r\n",
+        domain_name
+    );
+
+    stream.write_all(request.as_bytes()).unwrap();
+    let mut plaintext = Vec::new();
+    stream.read_to_end(&mut plaintext).unwrap();
+    stdout().write_all(&plaintext).unwrap();
+}
+
+fn main() {
+    env_logger::init();
+    let mut config = rustls::ClientConfig::new();
+    config.enable_early_data = true;
+    config
+        .root_store
+        .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+    let config = Arc::new(config);
+    start_session(&config, "mesalink.io");
+    start_session(&config, "mesalink.io");
+}

src/client/common.rs

@@ -52,6 +52,7 @@ impl ServerKXDetails {
 pub struct HandshakeDetails {
     pub transcript: hash_hs::HandshakeHash,
     pub resuming_session: Option<persist::ClientSessionValue>,
+    pub hash_at_client_recvd_server_hello: Vec<u8>,
     pub randoms: SessionRandoms,
     pub using_ems: bool,
     pub session_id: SessionID,
@@ -64,6 +65,7 @@ impl HandshakeDetails {
     pub fn new(host_name: webpki::DNSName, extra_exts: Vec<ClientExtension>) -> HandshakeDetails {
         HandshakeDetails {
             transcript: hash_hs::HandshakeHash::new(),
+            hash_at_client_recvd_server_hello: Vec::new(),
             resuming_session: None,
             randoms: SessionRandoms::for_client(),
             using_ems: false,