Issue #1338 - Part 2: Update NSS to 3.48-RTM

author: wolfbeast <mcwerewolf@wolfbeast.com> 2020-01-02 21:06:40 +0100
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2020-01-02 21:06:40 +0100
commit: f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch)
tree: 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/gtests/ssl_gtest/tls_agent.h
parent: f7d30133221896638f7bf4f66c504255c4b14f48 (diff)
download: UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip
1 files changed, 36 insertions, 5 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h
index 020221868..4b6cce8e0 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.h
+++ b/security/nss/gtests/ssl_gtest/tls_agent.h
@@ -76,6 +76,8 @@ class TlsAgent : public PollTarget {
   static const std::string kServerEcdhEcdsa;
   static const std::string kServerEcdhRsa;
   static const std::string kServerDsa;
+  static const std::string kDelegatorEcdsa256;  // draft-ietf-tls-subcerts
+  static const std::string kDelegatorRsae2048;  // draft-ietf-tls-subcerts
 
   TlsAgent(const std::string& name, Role role, SSLProtocolVariant variant);
   virtual ~TlsAgent();
@@ -108,9 +110,32 @@ class TlsAgent : public PollTarget {
   void PrepareForRenegotiate();
   // Prepares for renegotiation, then actually triggers it.
   void StartRenegotiate();
+  void SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx);
+
   static bool LoadCertificate(const std::string& name,
                               ScopedCERTCertificate* cert,
                               ScopedSECKEYPrivateKey* priv);
+  static bool LoadKeyPairFromCert(const std::string& name,
+                                  ScopedSECKEYPublicKey* pub,
+                                  ScopedSECKEYPrivateKey* priv);
+
+  // Delegated credentials.
+  //
+  // Generate a delegated credential and sign it using the certificate
+  // associated with |name|.
+  static void DelegateCredential(const std::string& name,
+                                 const ScopedSECKEYPublicKey& dcPub,
+                                 SSLSignatureScheme dcCertVerifyAlg,
+                                 PRUint32 dcValidFor, PRTime now, SECItem* dc);
+  // Indicate support for the delegated credentials extension.
+  void EnableDelegatedCredentials();
+  // Generate and configure a delegated credential to use in the handshake with
+  // clients that support this extension..
+  void AddDelegatedCredential(const std::string& dc_name,
+                              SSLSignatureScheme dcCertVerifyAlg,
+                              PRUint32 dcValidFor, PRTime now);
+  void UpdatePreliminaryChannelInfo();
+
   bool ConfigServerCert(const std::string& name, bool updateKeyBits = false,
                         const SSLExtraServerCertData* serverCertData = nullptr);
   bool ConfigServerCertWithChain(const std::string& name);
@@ -139,6 +164,7 @@ class TlsAgent : public PollTarget {
                  const std::string& expected = "") const;
   void EnableSrtp();
   void CheckSrtp() const;
+  void CheckEpochs(uint16_t expected_read, uint16_t expected_write) const;
   void CheckErrorCode(int32_t expected) const;
   void WaitForErrorCode(int32_t expected, uint32_t delay) const;
   // Send data on the socket, encrypting it.
@@ -199,16 +225,20 @@ class TlsAgent : public PollTarget {
   PRFileDesc* ssl_fd() const { return ssl_fd_.get(); }
   std::shared_ptr<DummyPrSocket>& adapter() { return adapter_; }
 
+  const SSLChannelInfo& info() const {
+    EXPECT_EQ(STATE_CONNECTED, state_);
+    return info_;
+  }
+
+  const SSLPreliminaryChannelInfo& pre_info() const { return pre_info_; }
+
   bool is_compressed() const {
-    return info_.compressionMethod != ssl_compression_null;
+    return info().compressionMethod != ssl_compression_null;
   }
   uint16_t server_key_bits() const { return server_key_bits_; }
   uint16_t min_version() const { return vrange_.min; }
   uint16_t max_version() const { return vrange_.max; }
-  uint16_t version() const {
-    EXPECT_EQ(STATE_CONNECTED, state_);
-    return info_.protocolVersion;
-  }
+  uint16_t version() const { return info().protocolVersion; }
 
   bool cipher_suite(uint16_t* suite) const {
     if (state_ != STATE_CONNECTED) return false;
@@ -399,6 +429,7 @@ class TlsAgent : public PollTarget {
   bool handshake_callback_called_;
   bool resumption_callback_called_;
   SSLChannelInfo info_;
+  SSLPreliminaryChannelInfo pre_info_;
   SSLCipherSuiteInfo csinfo_;
   SSLVersionRange vrange_;
   PRErrorCode error_code_;
author	wolfbeast <mcwerewolf@wolfbeast.com>	2020-01-02 21:06:40 +0100
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2020-01-02 21:06:40 +0100
commit	f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch)
tree	211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/gtests/ssl_gtest/tls_agent.h
parent	f7d30133221896638f7bf4f66c504255c4b14f48 (diff)
download	UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip