Dirkjan Ochtman
0682bf4ed5
Add documentation about use of QUIC transport parameters
2021-04-17 22:30:41 +02:00
Dirkjan Ochtman
648e280309
Return error if QUIC params are missing
...
From draft-ietf-quic-tls-32#section-8.2:
The quic_transport_parameters extension is carried in the ClientHello
and the EncryptedExtensions messages during the handshake. Endpoints
MUST send the quic_transport_parameters extension; endpoints that
receive ClientHello or EncryptedExtensions messages without the
quic_transport_parameters extension MUST close the connection with an
error of type 0x16d (equivalent to a fatal TLS missing_extension
alert, see Section 4.8).
2021-04-17 22:30:41 +02:00
Dirkjan Ochtman
f91841b8f5
server: return error if SNI differs after retry
2021-04-17 10:40:42 +01:00
Dirkjan Ochtman
8fe0ac8161
server: simplify can_resume() interface
2021-04-17 10:40:42 +01:00
Dirkjan Ochtman
07af3053a3
server: rely on webpki for DNSName comparison
2021-04-17 10:40:42 +01:00
Dirkjan Ochtman
6ef287a36a
server: deduplicate resumption path code
2021-04-17 10:40:42 +01:00
Dirkjan Ochtman
78d0df798a
server: only generate new session ID when needed
2021-04-17 10:40:42 +01:00
Dirkjan Ochtman
2a86a98163
server: inline single-use save_sni() function
2021-04-17 10:40:42 +01:00
Dirkjan Ochtman
86325a5fdd
server: inline single-use set_sni() method
2021-04-17 10:40:42 +01:00
Brian Smith
53486225c5
TLS 1.2: Change expected result for InvalidECDHPoint-Server to match TLS 1.3
2021-04-17 10:35:31 +01:00
Brian Smith
5fc6a6c4e1
Change expected result for compressed points in TLS 1.2 to match TLS 1.3
2021-04-17 10:35:31 +01:00
Brian Smith
97f5d5d7be
TLS 1.2: Consolidate error reporting/alerting logic for key agreement failure.
2021-04-17 10:35:31 +01:00
Brian Smith
3351e39d51
TLS 1.2: Factor out common key exchange decoding logic and error reporting.
...
Move the TLS-1.2-specific key agreement logic out of the general-purpose `kx`
module and into a new `crate::tls12` module that can hold common logic for
clients and servers.
Ensure error reporting and alerting for key agreement decoding are handled
consistently between client and server by consolidating the common logic.
2021-04-17 10:35:31 +01:00
Brian Smith
c40cf29111
TLS 1.3 Server: Report more precise error when System RNG fails.
2021-04-17 10:35:31 +01:00
Brian Smith
d19a12f4a5
TLS 1.2 Server: Report correct error when RNG fails during key agreement.
2021-04-17 10:35:31 +01:00
Brian Smith
2a7c04a2d3
TLS 1.2 Client: Provide more accurate errors during key agreement failure.
2021-04-17 10:35:31 +01:00
Brian Smith
5f64b0e4f4
Key exchange: Don't panic on RNG failure.
2021-04-17 10:35:31 +01:00
Joseph Birr-Pixton
08ecd0ec66
Add 0.19.1 to mainline changelog
2021-04-17 08:47:38 +01:00
Dirkjan Ochtman
ebd7ec049c
kx: deduplicate ECDH params decoding
2021-04-16 21:37:02 +02:00
Brian Smith
e1a8b4da67
Implement an infallible version of `Payload::read()` to reduce unwraps.
2021-04-16 10:40:23 +02:00
Brian Smith
3f23f9a333
Use `unwrap_or(false)` instead of `or(Some(false)).unwrap()`.
2021-04-16 06:58:59 +02:00
Dirkjan Ochtman
ccc4f1011e
Privatize server types and functions
2021-04-16 06:35:59 +02:00
Robert Sayre
854c5c4a30
Invalid SessionID in ServerHelloPayload.
2021-04-15 10:12:54 +02:00
Joseph Birr-Pixton
cdf1dada21
Fix bogo_shim formatting
2021-04-11 17:38:49 +01:00
Joseph Birr-Pixton
cdb712b7a0
Support bogo read-with-unfinished-write
...
This enables some extra keyupdate tests
2021-04-11 17:38:12 +01:00
Joseph Birr-Pixton
b9a5a061b4
Move ActiveCertifiedKey to server::common
...
This is quite server-specific, and really is part of the
server handshake state.
2021-04-11 13:07:19 +01:00
Joseph Birr-Pixton
8db3cf6f33
Fix clippy lint
2021-04-11 12:58:47 +01:00
Joseph Birr-Pixton
f3a6580d39
Make client-cert use of CertifiedKey also immutable
2021-04-11 12:50:24 +01:00
Simon Menke
32919bd2e1
Explicitly encode that ActiveCertifiedKey lives on the stack
2021-04-11 12:09:47 +01:00
Simon Menke
24b47fcd2e
ResolvesServerCert::resolve now returns a Arc reference
2021-04-11 12:09:47 +01:00
Joseph Birr-Pixton
51961e1e53
Basic test for client 0rtt API
2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton
89e8588499
Add tests for custom server verifiers
...
Align errors for TLS1.2 and TLS1.3 if there are no overlapping signature
schemes.
2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton
199397250b
Remove meaningless flush() behaviour
...
This code never did anything; make flush_plaintext private.
2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton
d4ae8b1bd4
Move impl io::Read/io::Write into their own structs
...
These are returned via reader()/writer()
2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton
c94c223e4c
Rework std::io::Read usage
...
- Ok(0) (ie, EOF) is reserved for signalling a received close_notify.
- Err(ErrorKind::WouldBlock) happens when there are no bytes to read.
2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton
a1fb8686fb
Return peer closure status from process_new_packets
...
As well as plaintext and TLS buffer IO status. The former
is useful to ensure a close_notify doesn't overtake already-received
bytes. Both are useful to predict the buffer sizes that'll
be needed on the next read()/write_tls().
2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton
cf061493bf
Merge branch 'jbp-move-hs-data-into-states' into main
2021-04-11 10:12:54 +01:00
Dirkjan Ochtman
e7bda93212
server: make TLS 1.3 emit functions private
2021-04-11 09:54:11 +01:00
Dirkjan Ochtman
4a5932ef86
server: make TLS 1.2 emit functions private
2021-04-11 09:54:11 +01:00
Dirkjan Ochtman
3cf8d0fb34
server: handle ClientHello for 1.2 in tls12 module
2021-04-11 09:54:11 +01:00
Dirkjan Ochtman
dfbf93d4f3
server: inline trivial wrapper type ServerKXDetails
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
65a0421e77
server: inline trivial wrapper type ClientCertDetails
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
1a704f0f37
server: remove take_chain() method from ClientCertDetails
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
5b3976d319
server: thread hash_at_server_fin through states
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
d54180345d
server: move extra_exts from HandshakeDetails into states
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
1df2b80809
server: detach emit_finished_tls13() from CompleteClientHelloHandling
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
3874679035
server: detach emit_certificate_verify_tls13() from CompleteClientHelloHandling
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
f4dbd146ca
server: detach emit_certificate_tls13() from CompleteClientHelloHandling
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
b22f85a989
server: detach emit_certificate_req_tls13() from CompleteClientHelloHandling
2021-04-11 09:21:50 +01:00
Dirkjan Ochtman
6074f2b294
server: detach emit_encrypted_extensions() from CompleteClientHelloHandling
2021-04-11 09:21:50 +01:00