rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,970 Commits 46 Branches 72 Tags 34 MiB
Commit Graph

150 Commits

Author SHA1 Message Date
Jacob Rothstein d28be0f31d tls13: Immediate key update 2023-02-10 10:38:25 +01:00
Joseph Birr-Pixton d780790329 Allow configuring how many TLS1.3 tickets servers send 
This changes the default from 1 to 4 tickets.
 2023-01-24 13:53:34 +00:00
Joseph Birr-Pixton 39a26cdd47 Remove string content from `PeerIncompatibleError` 
This also:

- corrects use of hs::incompatible for client certificate verification
  failure.
- moves sni varying across hello retries to be a PeerMisbehaved, since
  that is explicitly disallowed by the standard.
 2023-01-23 15:16:31 +00:00
Joseph Birr-Pixton 88ea3966b7 Remove string content from `PeerMisbehavedError` 2023-01-23 15:16:31 +00:00
Dirkjan Ochtman 5bd3b9fad0 tls13: let key schedule prepare key update message 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman e12b8dc104 tls13: let key schedule update record layer state 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 961f71e650 tls13: let key schedule handle decrypter updates 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman be41ca54a9 tls13: let key schedule handle encrypter updates 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 849aff0034 tls13: store full cipher suites in key schedules 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman cb06cb2e08 tls13: deduplicate traffic secret derivation 2023-01-18 17:49:40 +01:00
Dirkjan Ochtman 1d314aad44 quic: take Side argument instead of bool 2023-01-15 16:27:26 +01:00
amos a981f0914e
extract_secrets feature for kTLS support (owned) (#1112) 2022-10-15 13:53:08 +02:00
Jacob Hoffman-Andrews 2854a0dbe2 Move some enums that are part of the public API. 
Move ProtocolVersion, CipherSuite, and SignatureScheme from src/msgs/enums.rs
to src/enums.rs
 2022-05-30 10:28:01 +02:00
Dirkjan Ochtman 2f154643e5 Revert #1016 (attach location context to corrupt message errors) 
This is a breaking change in the Error type.
 2022-05-18 09:52:33 +02:00
Dirkjan Ochtman 86f4695c8c Use original handshake encoding for transcript hash 
Stores the parsed data for a handshake message payload alongside
the encoded version to avoid having to re-encode the message when
updating the transcript hash. Also avoids encoding outgoing handshake
message payloads twice.
 2022-05-12 20:46:16 +02:00
ComplexSpaces c42c53e13d Attach location context to corrupt message errors 2022-03-31 10:23:46 +02:00
Brian Smith 5ed9ebcc39 Only set QUIC state when the connection is QUIC. 2022-02-19 08:15:21 +00:00
Benjamin Saunders 9bdddf919c Don't expect EndOfEarlyData from QUIC 2022-02-19 08:14:59 +00:00
Joseph Birr-Pixton 184b5090c2 Require 0.5RTT server data to be explicitly enabled 2022-02-05 15:56:59 +00:00
Brian Smith 6faedc11a6 TLS 1.3: Fix build warning with default feature set. 
After the most recent changes, `inappropriate_message` is only used
in server/tls13.rs if QUIC is enabled.
 2022-01-25 19:07:18 +00:00
Brian Smith daa0d73116 TLS 1.3: Improve error reporting for handshake message received during early data. 
Fixes #958.
 2022-01-25 18:11:08 +01:00
Brian Smith 8d76aa67a9 Style: Replace `ref payload` with more idiomatic uses. 
There are other places `ref` is used but I didn't change those.
 2022-01-23 23:31:06 +01:00
Brian Smith a39b34cfc7 Remove `check_message`. 2022-01-23 23:31:06 +01:00
Brian Smith f0e36082b6 Allow `inappropriate_handshake_message` to handle more cases. 
Allow `inappropriate_handshake_message` to handle cases where
non-handshake messages are also accepted. This simplifies more callers.

I intentionally didn't try to simplify `check_message` because my next
set of commits would remove it.
 2022-01-23 23:31:06 +01:00
Brian Smith e3fba94139 Simplify `inappropriate[_handshake]_message`. 2022-01-23 23:31:06 +01:00
Joseph Birr-Pixton fc5488378e Refuse early_data if resumption data is not fresh 
At the same time, support the -resumption-delay flag in bogo_shim.
This is achieved by editing the session data as it is persisted.
This also enables bogo tests that we respect TLS1.2 ticket lifetimes.
 2022-01-15 12:12:16 +00:00
Joseph Birr-Pixton 082362de63 Make ServerSessionValue record its time of creation 2022-01-15 12:12:16 +00:00
Joseph Birr-Pixton a80da9967b Test 0-RTT 
This has some api tests, but mainly enables bogo tests.

In passing, ensure TLS1.3 NewSessionTicket checks for duplicated
extensions.
 2022-01-15 12:12:16 +00:00
Joseph Birr-Pixton 725870a480 Enable server support for 0-RTT data 
This previously existed, but only for QUIC.

There are some unfortunate shortcomings with the protocol design here:

Because the client must send 0-RTT data whether or not the server
accepts it or even the client hello, there must be several
disjoint methods for identifying and skipping these messages.  One
of these is in the record_layer.rs, and works by trial decryption.
Another happens if the server rejects the client's hello altogether,
and skips encrypted messages between the two client hellos.

The amount of data to skip is limited but -- because the design
appears to be defective -- the quantity is expressed (in
`max_early_data_size` provided with a ticket) in units of plaintext
bytes, but skipping data requires it in units of padded, tagged
ciphertext bytes.  The server cannot compute one from the other,
so we're interpretting `max_early_data_size` as both at the same time.
 2022-01-15 12:12:16 +00:00
Joseph Birr-Pixton 7c30826398 Support 0.5RTT server->client traffic 
This means the server can send application data in its first
flight.  We only do this, though, if no client auth is in play
(as otherwise we'd be sending data to an unauthenticated peer,
and that would be exceedingly bad.)

This is useful for server-speaks-first protocols, as well as
replying to a 0-RTT request in a client-speaks-first one.

In terms of code changes, this splits start_traffic() into
start_incoming_traffic() and start_outgoing_traffic().
 2022-01-15 12:12:16 +00:00
Dirkjan Ochtman 73c32dd73c Avoid copying key agreement key material 2021-12-28 08:50:45 +01:00
Dirkjan Ochtman aa901bd1a0 key_schedule: redefine key schedule state machine 2021-12-28 08:50:45 +01:00
Dirkjan Ochtman 901770aae0 server: split handling of key exchange 2021-12-28 08:50:45 +01:00
Dirkjan Ochtman f7a94585d7 Fix clippy suggestions for 1.57 2021-12-13 09:59:53 +00:00
Dirkjan Ochtman 919cf824dd Deduplicate work in ClientHello handling 2021-09-12 22:27:28 +02:00
Dirkjan Ochtman 8cfbd828cf Remove SNI argument from ClientCertVerifier methods 2021-09-12 22:27:28 +02:00
Dirkjan Ochtman 3a2acdf7a0 Store peer certificates in CommonState 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 1bd9c81403 Move state and data into ConnectionCommon 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman a055bd3801 Use a single State trait across client/server 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 258fcf29c8 Split CommonState type out of ConnectionCommon 
This represents the state that state machine `State` implementers
can manipulate. As such, we want the lifetime of references to
`CommonState` to be outlived by the `ConnectionCommon`'s handshake
joiner and deframer.
 2021-08-08 14:53:16 +02:00
Dirkjan Ochtman 76363982f1 quic: make Secrets fields private 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman d5b604be5b quic: let Secrets keep track of side 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 713ab9eeb5 quic: keep track of cipher suite inside Secrets 2021-08-03 20:03:30 +02:00
Dirkjan Ochtman 94ae7daaef tls13: move setup of encrypters/decrypters into Tls13CipherSuite method 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman b18cca6148 Move suite types and instances into respective version modules 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman 5ce8ae605f Move key_schedule module into tls13 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman 75752c0c63 Move TLS 1.3 items from cipher into new tls13 module 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman f35a22f7a3 Make TLS 1.2 optional 2021-07-31 13:55:56 +02:00
Dirkjan Ochtman 9ff273d2c4 Remove remaining get_ prefixes from public API 2021-07-04 09:12:02 +01:00
Joseph Birr-Pixton 522ac1af88 Use DnsName type in client auth trait 2021-06-20 17:03:42 +01:00