Match ECDSA curve with hash in tests.

This is in preparation for TLS 1.3 enforcing curve matches in signature algorithms. Change-Id: I82c3a1862703a15e4e36ceb7ec40e27235b620c3 Reviewed-on: https://boringssl-review.googlesource.com/8699 Reviewed-by: David Benjamin <davidben@google.com>
author: David Benjamin <davidben@google.com> 2016-07-09 03:20:12 +0300
committer: David Benjamin <davidben@google.com> 2016-07-12 21:26:14 +0300
commit: 3386326d2b8253ca0b35458a1fce3b89deb4e4b2 (patch)
tree: b56391d2753323074ef46a9381be2391c107dac3
parent: 887c300e2518b96a1321bb3027749f416d4844ab (diff)
7 files changed, 157 insertions, 92 deletions
diff --git a/ssl/test/runner/ecdsa_cert.pem b/ssl/test/runner/ecdsa_p256_cert.pem
index 50bcbf5b..50bcbf5b 100644
--- a/ssl/test/runner/ecdsa_cert.pem
+++ b/ssl/test/runner/ecdsa_p256_cert.pem
diff --git a/ssl/test/runner/ecdsa_key.pem b/ssl/test/runner/ecdsa_p256_key.pem
index b9116f0c..b9116f0c 100644
--- a/ssl/test/runner/ecdsa_key.pem
+++ b/ssl/test/runner/ecdsa_p256_key.pem
diff --git a/ssl/test/runner/ecdsa_p384_cert.pem b/ssl/test/runner/ecdsa_p384_cert.pem
new file mode 100644
index 00000000..1fd3fec6
--- /dev/null
+++ b/ssl/test/runner/ecdsa_p384_cert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZTCCAeugAwIBAgIJAN+/LubpDwxNMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAeFw0xNjA3MDkwMDAxMzJaFw0xNjA4MDgwMDAxMzJaMEUxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQOdTJNqxiZ
++B68tCZV4GEJwDJ18jK9gFzvefcEAQluBijjrMjflL+RZAT64ExWzedRMp9PD9CW
+Tz9hG/Kz4q/l952YsIhy7LTGXzwy7549WUOi+N3aW8psDjtwzWNZXqWjgacwgaQw
+HQYDVR0OBBYEFKmYPjADcOlogOMU6D9wlftIWMj6MHUGA1UdIwRuMGyAFKmYPjAD
+cOlogOMU6D9wlftIWMj6oUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkA378u
+5ukPDE0wDAYDVR0TBAUwAwEB/zAJBgcqhkjOPQQBA2kAMGYCMQDTfL0OkRGnS5Ze
+tsxagAuZqM2Zyv5a2g7u6eFLCx2rpTuQndWOtEnmVo3wjTDtkDcCMQCg+05XSqEF
+cqxdXMZJMhqj2jS+tWucdgDstp/1KzJkbsupSjBzIycjVBKLdRwtNg8=
+-----END CERTIFICATE-----
diff --git a/ssl/test/runner/ecdsa_p384_key.pem b/ssl/test/runner/ecdsa_p384_key.pem
new file mode 100644
index 00000000..43b58a57
--- /dev/null
+++ b/ssl/test/runner/ecdsa_p384_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCVFIFNZ6y5EijVMUuDW+WJsQRAVxsZ+6ge1Nez2IoOr3+APs6+fj13
+0OJinFATXa2gBwYFK4EEACKhZANiAAQOdTJNqxiZ+B68tCZV4GEJwDJ18jK9gFzv
+efcEAQluBijjrMjflL+RZAT64ExWzedRMp9PD9CWTz9hG/Kz4q/l952YsIhy7LTG
+Xzwy7549WUOi+N3aW8psDjtwzWNZXqU=
+-----END EC PRIVATE KEY-----
diff --git a/ssl/test/runner/ecdsa_p521_cert.pem b/ssl/test/runner/ecdsa_p521_cert.pem
new file mode 100644
index 00000000..8b9a1e83
--- /dev/null
+++ b/ssl/test/runner/ecdsa_p521_cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAhGgAwIBAgIJAMZT7oSqTg/lMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAeFw0xNjA3MDkwMDAwNTBaFw0xNjA4MDgwMDAwNTBaMEUxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFD0TiZ
+InCoCYDI66FvoaZ0tniUhaNk2YnjEPikfmYHDwstbqkTEqnGAq3pKF2y/MHTBXFd
+E0KcFOPs5Ju8EgIcqwGvCkwHPmZtvvOrf+nJNHdm1gZfBUy09f3fVe/mHwfM2++H
+dz54nHKxtQqvdafhmMV77R/rBuI24MLKbMihxRgQKaOBpzCBpDAdBgNVHQ4EFgQU
+mLWm6ZtGfvih6iFx0+duYfHjGsYwdQYDVR0jBG4wbIAUmLWm6ZtGfvih6iFx0+du
+YfHjGsahSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw
+HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDGU+6Eqk4P5TAMBgNV
+HRMEBTADAQH/MAkGByqGSM49BAEDgYwAMIGIAkIBL/oEXMMQH9fefVd8onvgQbWI
+/CJXYE+kLO15gO8satasGutVpXtYGeP8gZeuHrq+jWxzj7dGM7YzkW0pAu+wOAkC
+QgFJSvKFcmbreLIjuwYik5aXeaUnTCvTQumG07cF0hZRgCf/kTxxmu2ffRoGCDTz
+XoPqlxwaO7K+gaAS//CvR0E3lw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/runner/ecdsa_p521_key.pem b/ssl/test/runner/ecdsa_p521_key.pem
new file mode 100644
index 00000000..c2e30b73
--- /dev/null
+++ b/ssl/test/runner/ecdsa_p521_key.pem
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHbAgEBBEFqpd7S4UQqO2MJSylA8Ufq/qbUuebEJY6t1Oz76JZ0u0k+NdmmujWj
+ULcP4thAhX+xitUap+r86ud8FQCvdawUnKAHBgUrgQQAI6GBiQOBhgAEAUPROJki
+cKgJgMjroW+hpnS2eJSFo2TZieMQ+KR+ZgcPCy1uqRMSqcYCrekoXbL8wdMFcV0T
+QpwU4+zkm7wSAhyrAa8KTAc+Zm2+86t/6ck0d2bWBl8FTLT1/d9V7+YfB8zb74d3
+PniccrG1Cq91p+GYxXvtH+sG4jbgwspsyKHFGBAp
+-----END EC PRIVATE KEY-----
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 03a0c584..3fcfadd5 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -57,18 +57,63 @@ var (
 	deterministic   = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
 )
 
+type testCert int
+
 const (
-	rsaCertificateFile   = "cert.pem"
-	ecdsaCertificateFile = "ecdsa_cert.pem"
+	testCertRSA testCert = iota
+	testCertECDSAP256
+	testCertECDSAP384
+	testCertECDSAP521
+)
+
+const (
+	rsaCertificateFile       = "cert.pem"
+	ecdsaP256CertificateFile = "ecdsa_p256_cert.pem"
+	ecdsaP384CertificateFile = "ecdsa_p384_cert.pem"
+	ecdsaP521CertificateFile = "ecdsa_p521_cert.pem"
 )
 
 const (
 	rsaKeyFile       = "key.pem"
-	ecdsaKeyFile     = "ecdsa_key.pem"
+	ecdsaP256KeyFile = "ecdsa_p256_key.pem"
+	ecdsaP384KeyFile = "ecdsa_p384_key.pem"
+	ecdsaP521KeyFile = "ecdsa_p521_key.pem"
 	channelIDKeyFile = "channel_id_key.pem"
 )
 
-var rsaCertificate, ecdsaCertificate Certificate
+var rsaCertificate, ecdsaP256Certificate, ecdsaP384Certificate, ecdsaP521Certificate Certificate
+
+var testCerts = []struct {
+	id                testCert
+	certFile, keyFile string
+	cert              *Certificate
+}{
+	{
+		id:       testCertRSA,
+		certFile: rsaCertificateFile,
+		keyFile:  rsaKeyFile,
+		cert:     &rsaCertificate,
+	},
+	{
+		id:       testCertECDSAP256,
+		certFile: ecdsaP256CertificateFile,
+		keyFile:  ecdsaP256KeyFile,
+		cert:     &ecdsaP256Certificate,
+	},
+	{
+		id:       testCertECDSAP384,
+		certFile: ecdsaP384CertificateFile,
+		keyFile:  ecdsaP384KeyFile,
+		cert:     &ecdsaP384Certificate,
+	},
+	{
+		id:       testCertECDSAP521,
+		certFile: ecdsaP521CertificateFile,
+		keyFile:  ecdsaP521KeyFile,
+		cert:     &ecdsaP521Certificate,
+	},
+}
+
 var channelIDKey *ecdsa.PrivateKey
 var channelIDBytes []byte
 
@@ -76,20 +121,15 @@ var testOCSPResponse = []byte{1, 2, 3, 4}
 var testSCTList = []byte{5, 6, 7, 8}
 
 func initCertificates() {
-	var err error
-	rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
-	if err != nil {
-		panic(err)
-	}
-	rsaCertificate.OCSPStaple = testOCSPResponse
-	rsaCertificate.SignedCertificateTimestampList = testSCTList
-
-	ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
-	if err != nil {
-		panic(err)
+	for i := range testCerts {
+		cert, err := LoadX509KeyPair(path.Join(*resourceDir, testCerts[i].certFile), path.Join(*resourceDir, testCerts[i].keyFile))
+		if err != nil {
+			panic(err)
+		}
+		cert.OCSPStaple = testOCSPResponse
+		cert.SignedCertificateTimestampList = testSCTList
+		*testCerts[i].cert = cert
 	}
-	ecdsaCertificate.OCSPStaple = testOCSPResponse
-	ecdsaCertificate.SignedCertificateTimestampList = testSCTList
 
 	channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
 	if err != nil {
@@ -112,16 +152,31 @@ func initCertificates() {
 	writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
 }
 
-var certificateOnce sync.Once
+func getRunnerCertificate(t testCert) Certificate {
+	for _, cert := range testCerts {
+		if cert.id == t {
+			return *cert.cert
+		}
+	}
+	panic("Unknown test certificate")
+}
 
-func getRSACertificate() Certificate {
-	certificateOnce.Do(initCertificates)
-	return rsaCertificate
+func getShimCertificate(t testCert) string {
+	for _, cert := range testCerts {
+		if cert.id == t {
+			return cert.certFile
+		}
+	}
+	panic("Unknown test certificate")
 }
 
-func getECDSACertificate() Certificate {
-	certificateOnce.Do(initCertificates)
-	return ecdsaCertificate
+func getShimKey(t testCert) string {
+	for _, cert := range testCerts {
+		if cert.id == t {
+			return cert.keyFile
+		}
+	}
+	panic("Unknown test certificate")
 }
 
 type testType int
@@ -143,46 +198,6 @@ const (
 	npn  = 2
 )
 
-type testCert int
-
-const (
-	testCertRSA testCert = iota
-	testCertECDSA
-)
-
-func getRunnerCertificate(t testCert) Certificate {
-	switch t {
-	case testCertRSA:
-		return getRSACertificate()
-	case testCertECDSA:
-		return getECDSACertificate()
-	default:
-		panic("Unknown test certificate")
-	}
-}
-
-func getShimCertificate(t testCert) string {
-	switch t {
-	case testCertRSA:
-		return rsaCertificateFile
-	case testCertECDSA:
-		return ecdsaCertificateFile
-	default:
-		panic("Unknown test certificate")
-	}
-}
-
-func getShimKey(t testCert) string {
-	switch t {
-	case testCertRSA:
-		return rsaKeyFile
-	case testCertECDSA:
-		return ecdsaKeyFile
-	default:
-		panic("Unknown test certificate")
-	}
-}
-
 type testCase struct {
 	testType      testType
 	protocol      protocol
@@ -789,7 +804,7 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
 	}
 	if test.testType == clientTest {
 		if len(config.Certificates) == 0 {
-			config.Certificates = []Certificate{getRSACertificate()}
+			config.Certificates = []Certificate{rsaCertificate}
 		}
 	} else {
 		// Supply a ServerName to ensure a constant session cache key,
@@ -819,7 +834,7 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
 				resumeConfig.ServerName = config.ServerName
 			}
 			if len(resumeConfig.Certificates) == 0 {
-				resumeConfig.Certificates = []Certificate{getRSACertificate()}
+				resumeConfig.Certificates = []Certificate{rsaCertificate}
 			}
 			if test.newSessionsOnResume {
 				if !test.noSessionCache {
@@ -1025,7 +1040,7 @@ func addBasicTests() {
 				Bugs: ProtocolBugs{
 					InvalidSKXSignature: true,
 				},
-				Certificates: []Certificate{getECDSACertificate()},
+				Certificates: []Certificate{ecdsaP256Certificate},
 			},
 			shouldFail:    true,
 			expectedError: ":BAD_SIGNATURE:",
@@ -1039,7 +1054,7 @@ func addBasicTests() {
 				Bugs: ProtocolBugs{
 					InvalidCertVerifySignature: true,
 				},
-				Certificates: []Certificate{getRSACertificate()},
+				Certificates: []Certificate{rsaCertificate},
 			},
 			shouldFail:    true,
 			expectedError: ":BAD_SIGNATURE:",
@@ -1054,7 +1069,7 @@ func addBasicTests() {
 				Bugs: ProtocolBugs{
 					InvalidCertVerifySignature: true,
 				},
-				Certificates: []Certificate{getECDSACertificate()},
+				Certificates: []Certificate{ecdsaP256Certificate},
 			},
 			shouldFail:    true,
 			expectedError: ":BAD_SIGNATURE:",
@@ -1360,7 +1375,7 @@ func addBasicTests() {
 				// TODO(davidben): Add a TLS 1.3 version of this test.
 				MaxVersion:   VersionTLS12,
 				CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
-				Certificates: []Certificate{getECDSACertificate()},
+				Certificates: []Certificate{ecdsaP256Certificate},
 				Bugs: ProtocolBugs{
 					SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 				},
@@ -1374,7 +1389,7 @@ func addBasicTests() {
 				// TODO(davidben): Add a TLS 1.3 version of this test.
 				MaxVersion:   VersionTLS12,
 				CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
-				Certificates: []Certificate{getRSACertificate()},
+				Certificates: []Certificate{rsaCertificate},
 				Bugs: ProtocolBugs{
 					SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 				},
@@ -2075,11 +2090,11 @@ func addCipherSuiteTests() {
 		var certFile string
 		var keyFile string
 		if hasComponent(suite.name, "ECDSA") {
-			cert = getECDSACertificate()
-			certFile = ecdsaCertificateFile
-			keyFile = ecdsaKeyFile
+			cert = ecdsaP256Certificate
+			certFile = ecdsaP256CertificateFile
+			keyFile = ecdsaP256KeyFile
 		} else {
-			cert = getRSACertificate()
+			cert = rsaCertificate
 			certFile = rsaCertificateFile
 			keyFile = rsaKeyFile
 		}
@@ -2383,7 +2398,7 @@ func addBadECDSASignatureTests() {
 				name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
 				config: Config{
 					CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
-					Certificates: []Certificate{getECDSACertificate()},
+					Certificates: []Certificate{ecdsaP256Certificate},
 					Bugs: ProtocolBugs{
 						BadECDSAR: badR,
 						BadECDSAS: badS,
@@ -2513,7 +2528,7 @@ func addClientAuthTests() {
 				config: Config{
 					MinVersion:   ver.version,
 					MaxVersion:   ver.version,
-					Certificates: []Certificate{ecdsaCertificate},
+					Certificates: []Certificate{ecdsaP256Certificate},
 				},
 				flags: []string{"-require-any-client-certificate"},
 			})
@@ -2527,8 +2542,8 @@ func addClientAuthTests() {
 					ClientCAs:  certPool,
 				},
 				flags: []string{
-					"-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
-					"-key-file", path.Join(*resourceDir, ecdsaKeyFile),
+					"-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
+					"-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
 				},
 			})
 		}
@@ -2931,8 +2946,8 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
 			ClientAuth: RequireAnyClientCert,
 		},
 		flags: []string{
-			"-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
-			"-key-file", path.Join(*resourceDir, ecdsaKeyFile),
+			"-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
+			"-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
 		},
 	})
 	tests = append(tests, testCase{
@@ -3002,8 +3017,8 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
 			CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
 		},
 		flags: []string{
-			"-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
-			"-key-file", path.Join(*resourceDir, ecdsaKeyFile),
+			"-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
+			"-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
 		},
 	})
 
@@ -4660,13 +4675,11 @@ var testSignatureAlgorithms = []struct {
 	{"RSA-PKCS1-SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
 	{"RSA-PKCS1-SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
 	{"RSA-PKCS1-SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
-	{"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSA},
-	// TODO(davidben): These signature algorithms are paired with a curve in
-	// TLS 1.3. Test that, in TLS 1.3, the curves must match and, in TLS
-	// 1.2, mismatches are tolerated.
-	{"ECDSA-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSA},
-	{"ECDSA-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSA},
-	{"ECDSA-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSA},
+	{"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSAP256},
+	// TODO(davidben): Enforce curve matching in TLS 1.3 and test.
+	{"ECDSA-P256-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP256},
+	{"ECDSA-P384-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSAP384},
+	{"ECDSA-P521-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSAP521},
 }
 
 const fakeSigAlg1 signatureAlgorithm = 0x2a01
@@ -4695,6 +4708,7 @@ func addSignatureAlgorithmTests() {
 			flags: []string{
 				"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
 				"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
+				"-enable-all-curves",
 			},
 			expectedPeerSignatureAlgorithm: alg.id,
 		})
@@ -4716,6 +4730,7 @@ func addSignatureAlgorithmTests() {
 				// configure a matching server certificate too.
 				"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
 				"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
+				"-enable-all-curves",
 			},
 		})
 
@@ -4737,6 +4752,7 @@ func addSignatureAlgorithmTests() {
 			flags: []string{
 				"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
 				"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
+				"-enable-all-curves",
 			},
 			expectedPeerSignatureAlgorithm: alg.id,
 		})
@@ -4754,7 +4770,10 @@ func addSignatureAlgorithmTests() {
 					alg.id,
 				},
 			},
-			flags: []string{"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id))},
+			flags: []string{
+				"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
+				"-enable-all-curves",
+			},
 		})
 	}
 
@@ -5030,7 +5049,7 @@ func addSignatureAlgorithmTests() {
 		config: Config{
 			MaxVersion:   VersionTLS12,
 			CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
-			Certificates: []Certificate{getECDSACertificate()},
+			Certificates: []Certificate{ecdsaP256Certificate},
 		},
 		flags:         []string{"-p384-only"},
 		shouldFail:    true,
@@ -6064,6 +6083,7 @@ func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total i
 func main() {
 	flag.Parse()
 	*resourceDir = path.Clean(*resourceDir)
+	initCertificates()
 
 	addBasicTests()
 	addCipherSuiteTests()
author	David Benjamin <davidben@google.com>	2016-07-09 03:20:12 +0300
committer	David Benjamin <davidben@google.com>	2016-07-12 21:26:14 +0300
commit	3386326d2b8253ca0b35458a1fce3b89deb4e4b2 (patch)
tree	b56391d2753323074ef46a9381be2391c107dac3
parent	887c300e2518b96a1321bb3027749f416d4844ab (diff)