From 9d0819b27ca248f9949e7cf6bf7cb9fe7cf574e8 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 28 Apr 2021 01:37:09 -0400
Subject: crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.

This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.

This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.

Notable test changes:

  - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
    right certificate regardless of CipherSuite ordering, which is now
    completely ignored, as tested by TestCipherSuitePreference. Removed.

  - The openssl command of TestHandshakeServerExportKeyingMaterial was
    broken for TLS 1.0 in CL 262857, but its golden file was not
    regenerated, so the test kept passing. It now broke because the
    selected suite from the ones in the golden file changed.

  - In TestAESCipherReordering, "server strongly prefers AES-GCM" is
    removed because there is no way for a server to express a strong
    preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
    switched to ChaCha20 when the server lacks AES hardware; and finally
    "client supports multiple AES-GCM" changed to always prefer AES-128
    per the universal preference list.

    * this is going back on an explicit decision from CL 262857, and
      while that client order is weird and does suggest a strong dislike
      for ChaCha20, we have a strong dislike for software AES, so it
      didn't feel worth making the logic more complex

  - All Client-* golden files had to be regenerated because the
    ClientHello cipher suites have changed.
    (Even when Config.CipherSuites was limited to one suite, the TLS 1.3
    default order changed.)

Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)

Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
---
 .../tls/testdata/Client-TLSv12-ClientCert-RSA-RSA  | 82 +++++++++++-----------
 1 file changed, 41 insertions(+), 41 deletions(-)

(limited to 'src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA')

diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
index cdc71041fb..cbc4bcc311 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
@@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 f3 28 ca c9 ac  |....Y...U...(...|
-00000010  29 bb 15 80 56 d2 37 09  fa 7d 23 04 d4 79 e7 1d  |)...V.7..}#..y..|
-00000020  bb 4e c5 60 c8 44 39 02  6a e9 e0 20 b5 ae 39 87  |.N.`.D9.j.. ..9.|
-00000030  4e 24 2f 33 02 fe 72 d6  2a 4d 0c 8c da 36 7b 28  |N$/3..r.*M...6{(|
-00000040  3c 06 aa b2 60 68 91 7a  ae d8 7b e2 c0 2f 00 00  |<...`h.z..{../..|
+00000000  16 03 03 00 59 02 00 00  55 03 03 b6 96 f2 bc ed  |....Y...U.......|
+00000010  1b 14 73 de 12 10 cc e9  4d f2 c7 8b 46 d8 63 55  |..s.....M...F.cU|
+00000020  8f 04 33 ec 89 b5 70 93  01 1c f2 20 72 82 e1 16  |..3...p.... r...|
+00000030  9c 0e 70 25 84 2c 09 a6  4f 19 c0 ed 44 d6 98 13  |..p%.,..O...D...|
+00000040  97 f6 19 08 d4 b6 d3 ad  82 96 ef db c0 2f 00 00  |............./..|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@@ -60,17 +60,17 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 d4 df 5d 10 ee ba a6  |........ ..]....|
-000002d0  51 d7 1b fb bf ed bc d6  b9 34 44 e7 af 23 0e 9b  |Q........4D..#..|
-000002e0  45 af ba 7a 89 63 03 a9  4c 08 04 00 80 30 2c 0f  |E..z.c..L....0,.|
-000002f0  2e d9 e4 1d c2 90 01 1c  cc cf d4 fe 06 6d c3 aa  |.............m..|
-00000300  59 d9 d9 bc 16 2f 2c b1  be 90 a3 93 a7 be bc 4d  |Y..../,........M|
-00000310  d8 f4 ac 21 36 59 a8 21  94 ef d3 c4 53 14 34 18  |...!6Y.!....S.4.|
-00000320  c9 10 d5 77 fd 1e ad 15  0f 23 d7 73 90 7a c0 7b  |...w.....#.s.z.{|
-00000330  b3 b2 e2 df 15 42 35 ce  38 05 52 02 77 b7 b2 2b  |.....B5.8.R.w..+|
-00000340  6b 88 6a ce d4 20 99 9d  e4 fe e8 38 1e 01 b7 78  |k.j.. .....8...x|
-00000350  3c ea ac 8e ef 2f 7e e8  22 08 78 42 b7 db 84 80  |<..../~.".xB....|
-00000360  8c 61 8a c5 cc d7 1f 6a  8d 5c 1d 2d 0d 16 03 03  |.a.....j.\.-....|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 21 1b d1 91 16 9c c1  |........ !......|
+000002d0  51 52 39 07 6b 6d ab 07  28 f7 d0 ae 02 13 5e 73  |QR9.km..(.....^s|
+000002e0  5b 51 30 96 27 57 56 e5  37 08 04 00 80 6a 13 82  |[Q0.'WV.7....j..|
+000002f0  97 81 ea 32 51 cb cb 8e  3b ee e5 dd 4f 80 20 50  |...2Q...;...O. P|
+00000300  c9 f0 19 9b d5 1b ae 21  f7 e6 24 4e a3 22 ec b9  |.......!..$N."..|
+00000310  25 6e 77 19 12 08 16 8a  c7 c1 db 29 e9 be 05 55  |%nw........)...U|
+00000320  09 c1 6e 44 c3 d7 bd 18  80 c8 1f 42 53 3b e6 09  |..nD.......BS;..|
+00000330  00 29 20 c4 94 04 97 6f  f7 e6 f4 3b 66 77 2f e5  |.) ....o...;fw/.|
+00000340  de 96 6f c3 67 c5 ce 4b  5e 4b 0e 90 02 fc 32 7f  |..o.g..K^K....2.|
+00000350  71 f4 63 76 37 57 75 30  fb 1b f5 99 98 5f c3 b1  |q.cv7Wu0....._..|
+00000360  fb e3 76 ad 8e 2f 7a 72  86 ed 34 18 98 16 03 03  |..v../zr..4.....|
 00000370  00 3a 0d 00 00 36 03 01  02 40 00 2e 04 03 05 03  |.:...6...@......|
 00000380  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000390  08 06 04 01 05 01 06 01  03 03 02 03 03 01 02 01  |................|
@@ -112,26 +112,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 b8 96 b3 c8 66 a9 fb  |.............f..|
-00000240  da 1b 82 65 9d 57 e5 e5  e5 60 c9 43 df 6e 99 53  |...e.W...`.C.n.S|
-00000250  45 95 b8 58 d1 19 05 50  e1 a7 3c e8 07 ad 57 09  |E..X...P..<...W.|
-00000260  9c 95 13 ea 80 24 53 56  b1 13 2d 59 9d e9 60 0f  |.....$SV..-Y..`.|
-00000270  75 97 d3 4f 82 3a b5 41  3e 90 75 ea 28 97 00 e7  |u..O.:.A>.u.(...|
-00000280  74 c9 04 1d d0 16 ba 40  75 9c ae a0 bd 00 b1 a9  |t......@u.......|
-00000290  86 d5 1a f2 30 45 72 99  ea b2 eb 61 b1 63 72 c5  |....0Er....a.cr.|
-000002a0  ad b1 60 a8 fa bd 95 95  17 03 4c 8e 87 4b 44 e5  |..`.......L..KD.|
-000002b0  ec f3 e0 48 33 b8 a9 74  78 14 03 03 00 01 01 16  |...H3..tx.......|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 e6 a6 db ee  |...(............|
-000002d0  7d fb 48 9f 81 a6 78 6a  db a1 9a bb c8 da 7b b2  |}.H...xj......{.|
-000002e0  6a 01 66 fb 85 a7 2f 35  40 77 b6 b2              |j.f.../5@w..|
+00000230  88 0f 00 00 84 08 04 00  80 90 53 1e fc 7c 63 b0  |..........S..|c.|
+00000240  98 c5 19 40 fb 4f cf c3  53 51 81 68 54 c7 49 38  |...@.O..SQ.hT.I8|
+00000250  0c 41 f0 12 7d a6 e4 8a  4e 77 97 49 5a 07 7d 30  |.A..}...Nw.IZ.}0|
+00000260  fa df 77 2f 51 cf 37 65  07 0b 2c 91 15 43 1d c9  |..w/Q.7e..,..C..|
+00000270  69 46 e2 26 66 72 98 ec  62 1a 22 ae e8 3e 3a 28  |iF.&fr..b."..>:(|
+00000280  17 83 b9 74 57 59 a2 ec  31 95 17 1f c3 ec 9a 01  |...tWY..1.......|
+00000290  f2 d4 07 d5 ee d5 0e f2  f4 75 3b d6 b8 df aa ad  |.........u;.....|
+000002a0  0b 87 37 30 43 7e c1 b1  e1 0d 7e 90 3d 87 9d 93  |..70C~....~.=...|
+000002b0  d7 06 57 18 5c 12 c2 32  0d 14 03 03 00 01 01 16  |..W.\..2........|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 ff 2a ae f8  |...(.........*..|
+000002d0  c9 1c bd 3f 62 0e 68 42  e7 96 ec ee c0 fa 71 34  |...?b.hB......q4|
+000002e0  f1 e2 67 76 82 cf c3 2a  fb b2 5a c1              |..gv...*..Z.|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 b3 9c 30 b6 a2  |..........(..0..|
-00000010  cb cf 75 38 10 e7 80 39  0e 87 39 9c d9 da 2c 53  |..u8...9..9...,S|
-00000020  1a 64 2d 33 ff 21 25 e9  3c f2 ec 6d a4 59 f4 30  |.d-3.!%.<..m.Y.0|
-00000030  ea 41 24                                          |.A$|
+00000000  14 03 03 00 01 01 16 03  03 00 28 da 70 e7 aa 1b  |..........(.p...|
+00000010  6c 66 cb 9b 07 d9 4e 87  6f 87 60 fb 46 f5 e9 33  |lf....N.o.`.F..3|
+00000020  48 59 ff 3e b5 bf 0b 0c  b2 39 79 64 f6 3c 2e 95  |HY.>.....9yd.<..|
+00000030  04 51 87                                          |.Q.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 65 72 8f  |.............er.|
-00000010  4a 5f 08 c1 f9 37 5d 30  bc c6 e6 5f a8 23 35 69  |J_...7]0..._.#5i|
-00000020  d3 3c 7a 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.<z.............|
-00000030  b0 48 2e 2e ed 4d 9c db  3a fc ff e6 57 83 fc 90  |.H...M..:...W...|
-00000040  aa 78                                             |.x|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 21 29 d2  |.............!).|
+00000010  27 05 2d b4 a2 bf ea f2  96 8a 61 c9 91 75 9f 0f  |'.-.......a..u..|
+00000020  50 4a 76 15 03 03 00 1a  00 00 00 00 00 00 00 02  |PJv.............|
+00000030  a9 40 eb 86 b2 f0 85 a2  75 bc 4e 09 8c c9 ca 31  |.@......u.N....1|
+00000040  e5 49                                             |.I|
-- 
cgit v1.3