Encrypted client hello configuration messages and serialization #1568
Commits on Nov 6, 2023
-
msgs: add ECH config messages and parsing
This commit breaks out representation of Encrypted Client Hello (ECH) configuration from overall support for the feature. This code is relatively isolated and so can be added without much impact to the rest of the codebase. It does _not_ provide any actual ECH support. The code is almost entirely derived from earlier WIP branches adding ECH support, updated for the current Rustls codebase, and spot checked against the current most ECH draft at the time of writing (draft-17). HPKE references are also updated to use the published RFC (RFC 9180). Notable updates from the WIP version: * adapting to the `Codec` return type change. * adapting to the enum builder changes. * adapting to the server name changes. * adapting to `TlsListElement` trait. * adapting HPKE registry refs to use the RFC instead of an earlier draft. * adding `Hpke` prefix to enums to clarify their purpose. * adapting base64 usage to avoid deprecated fns. * reworking unit tests for de-duplication, adding another encoded test case, adding more asserts for decoded content. * fixing `clippy::use_self` finding. * Changing `default` fn on `HpkeSymmetricCipherSuite` to be an impl of `Default`. * Updating trust-dns-resolver code to use latest hickory-resolver. * Pulling out ECH config fetch + deserialize from ECH example program to a connect-tests unit test.
-
connect-tests: add EchConfig fetch tests
This commit adds a new `connect-tests/tests/ech.rs` module that performs a DNS over HTTPS lookup for HTTPS type records, finding `EchConfig`s and testing we can deserialize the raw form into the Rustls representation without error. Presently it tests against: * `crypto.cloudflare.com` * `defo.ie` * `tls-ech.dev` Since these are network based tests they need to live in `connect-tests` to avoid flakyness during normal CI runs. In previous WIP branches this was done as part of an overall end-to-end example of using ECH, but we can test this in isolation ahead of having full ECH support.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.