-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding states and parameters for TLS 1.3 #280
Changes from 10 commits
158328f
f565099
0962a6a
20c1259
030ed58
66e6859
8465ab4
4c686f1
d77e809
0a05f3e
2c4a609
de9ae0f
f203f2f
edb60db
4096e51
2ee7127
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,7 @@ module Network.TLS.Parameters | |
, GroupUsage(..) | ||
, CertificateUsage(..) | ||
, CertificateRejectReason(..) | ||
, EarlyData(..) | ||
) where | ||
|
||
import Network.TLS.Extension | ||
|
@@ -194,14 +195,23 @@ data Supported = Supported | |
-- enough until 2030. Both curves are fast because their | ||
-- backends are written in C. | ||
, supportedGroups :: [Group] | ||
, supportedEarlyData :: EarlyData | ||
} deriving (Show,Eq) | ||
|
||
data EarlyData = NoEarlyData | ||
| AcceptEarlyData Word32 | ||
| SendEarlyData ByteString | ||
deriving (Eq, Show) | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This should be documented. I'm not sure to understand what the Word32 is for. If it's a length, then Int would be easier to use on external APIs. Also then I don't see difference between There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OK but if type is different for client and server, maybe this should be moved out of Supported to ClientParams / ServerParams directly. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
It it worth doing? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes that looks useful. Because it would allow to track how much 0RTT data has been received and how much left is allowed. Maybe inside the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Using |
||
defaultSupported :: Supported | ||
defaultSupported = Supported | ||
{ supportedVersions = [TLS12,TLS11,TLS10] | ||
, supportedCiphers = [] | ||
, supportedCompressions = [nullCompression] | ||
, supportedHashSignatures = [ (Struct.HashSHA512, SignatureRSA) | ||
, supportedHashSignatures = [ (HashIntrinsic, SignatureRSApssRSAeSHA256) | ||
, (HashIntrinsic, SignatureRSApssRSAeSHA384) | ||
, (HashIntrinsic, SignatureRSApssRSAeSHA512) | ||
, (Struct.HashSHA512, SignatureRSA) | ||
, (Struct.HashSHA512, SignatureECDSA) | ||
, (Struct.HashSHA384, SignatureRSA) | ||
, (Struct.HashSHA384, SignatureECDSA) | ||
|
@@ -216,6 +226,7 @@ defaultSupported = Supported | |
, supportedFallbackScsv = True | ||
, supportedEmptyPacket = True | ||
, supportedGroups = [X25519,P256,P384,P521] | ||
, supportedEarlyData = AcceptEarlyData 0 | ||
} | ||
|
||
instance Default Supported where | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does that mean sendData and recvData are possible in all 3 other states?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For TLS 1.2 or earlier and clients of TLS 1.3, only
Established
andNotEstablished
are used.For servers of TLS 1.3,
sendData
can be used only onEstablished
.recvData
can be used on eitherEstablished
orEarlyDataAllowed
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you are concerned about this, let's come back to this issue after the entire merge process is finished.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can see the coming patches on https://github.com/kazu-yamamoto/hs-tls/tree/work13
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK we can see checkValid later.