Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

key_update API and automatic key refreshing #2003

Merged
merged 14 commits into from
Jun 21, 2024
Merged

key_update API and automatic key refreshing #2003

merged 14 commits into from
Jun 21, 2024

Conversation

ctz
Copy link
Member

@ctz ctz commented Jun 12, 2024
edited
Loading

This PR:

  • adds a new public API for sending TLS1.3 key_update requests. This is available in both the unbuffered and classic APIs.
  • automatically sends TLS1.3 key_update requests when our encryption key approaches "exhaustion" due to the birthday bound1

fixes #946
fixes #755

Footnotes

  1. Note: as before, we track this with the sequence number rather than counting blocks, so sending small messages underestimates the limit significantly. This errs on the side of safety: (for AES-GCM suites) we update keys each 16 million messages whether that represents 16MB or 256GB of data transfer.

@codecov Codecov
Copy link

codecov bot commented Jun 12, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 97.67442% with 4 lines in your changes missing coverage. Please review.

Project coverage is 94.23%. Comparing base (9dfbc8e) to head (86010c9).

Files Patch % Lines
rustls/src/common_state.rs 97.22% 2 Missing ⚠️
rustls/src/conn.rs 97.29% 1 Missing ⚠️
rustls/src/record_layer.rs 95.65% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2003      +/-   ##
==========================================
+ Coverage   94.18%   94.23%   +0.05%     
==========================================
  Files          97       97              
  Lines       21640    21729      +89     
==========================================
+ Hits        20382    20477      +95     
+ Misses       1258     1252       -6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rustls-benchmarking Rustls Benchmarking
Copy link

rustls-benchmarking bot commented Jun 12, 2024
edited
Loading

Benchmark results

Instruction counts

Significant differences

⚠️ There are significant instruction count differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_session_id_ring_1.2_rsa_aes_server 4247388 4238579 -8809 (-0.21%) 0.20%

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server 3923033 3986109 63076 (1.61%) 5.45%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server 4411130 4454573 43443 (0.98%) 2.91%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server 13394305 13332411 -61894 (-0.46%) 0.83%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 8709624 8685351 -24273 (-0.28%) 1.11%
handshake_tickets_ring_1.2_rsa_aes_server 4680795 4672038 -8757 (-0.19%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server 33181933 33135468 -46465 (-0.14%) 0.57%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server 13765536 13784501 18965 (0.14%) 0.89%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 8705677 8693716 -11961 (-0.14%) 1.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client 30617236 30658564 41328 (0.13%) 0.39%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server 32902421 32936350 33929 (0.10%) 0.58%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 58242908 58292837 49929 (0.09%) 0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client 4317929 4314394 -3535 (-0.08%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server 32919356 32944945 25589 (0.08%) 0.42%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server 13781015 13791253 10238 (0.07%) 1.03%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server 33192927 33216344 23417 (0.07%) 0.60%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server 46430095 46461393 31298 (0.07%) 0.39%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client 30836171 30856328 20157 (0.07%) 0.46%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client 30827018 30844732 17714 (0.06%) 0.41%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client 3990657 3988630 -2027 (-0.05%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server 32900768 32885329 -15439 (-0.05%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server 33204248 33189137 -15111 (-0.05%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server 33180403 33165336 -15067 (-0.05%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server 32901696 32886785 -14911 (-0.05%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server 32942159 32927286 -14873 (-0.05%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server 32940943 32926445 -14498 (-0.04%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server 33204371 33190096 -14275 (-0.04%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server 33179124 33164868 -14256 (-0.04%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_server 46450972 46469550 18578 (0.04%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_client 4524957 4523159 -1798 (-0.04%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server 46442820 46461119 18299 (0.04%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_server 46357216 46375159 17943 (0.04%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server 46444206 46457906 13700 (0.03%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client 30664077 30671591 7514 (0.02%) 0.39%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server 80510839 80529675 18836 (0.02%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_server 43346674 43336665 -10009 (-0.02%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_server 43730153 43720128 -10025 (-0.02%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server 80519980 80538138 18158 (0.02%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_server 43655255 43645586 -9669 (-0.02%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client 3917340 3918158 818 (0.02%) 0.42%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server 80627273 80610563 -16710 (-0.02%) 0.22%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server 2132438 2132877 439 (0.02%) 0.76%
handshake_session_id_ring_1.2_rsa_aes_client 4254994 4254168 -826 (-0.02%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server 43656375 43647990 -8385 (-0.02%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client 2233306 2233728 422 (0.02%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server 43349404 43341230 -8174 (-0.02%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server 43732679 43724579 -8100 (-0.02%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server 43449849 43441942 -7907 (-0.02%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 1911336 1910991 -345 (-0.02%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_server 43447240 43439565 -7675 (-0.02%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server 43449239 43441647 -7592 (-0.02%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server 43348107 43340745 -7362 (-0.02%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server 80512336 80525651 13315 (0.02%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client 30634441 30629394 -5047 (-0.02%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server 43737053 43729987 -7066 (-0.02%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 92718047 92731795 13748 (0.01%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client 2956051 2956427 376 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client 30863914 30860038 -3876 (-0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server 43658044 43652604 -5440 (-0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client 30840114 30836359 -3755 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 3384493 3384092 -401 (-0.01%) 0.25%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 1914311 1914089 -222 (-0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client 30822125 30818614 -3511 (-0.01%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server 46456300 46461542 5242 (0.01%) 0.40%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client 30658862 30655464 -3398 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server 2130260 2130472 212 (0.01%) 0.86%
transfer_no_resume_ring_1.3_ecdsap256_aes_client 58322840 58317160 -5680 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 3381583 3381895 312 (0.01%) 0.26%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client 92655191 92647190 -8001 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_client 3915519 3915854 335 (0.01%) 0.36%
handshake_no_resume_ring_1.2_rsa_aes_client 2853151 2853385 234 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client 41880760 41877629 -3131 (-0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client 30619381 30617108 -2273 (-0.01%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_client 2950321 2950538 217 (0.01%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 58259750 58255470 -4280 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 4288417 4288105 -312 (-0.01%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_client 41812867 41810077 -2790 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client 2015923 2016053 130 (0.01%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_client 41894064 41891371 -2693 (-0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client 2226233 2226367 134 (0.01%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_client 42013346 42011162 -2184 (-0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client 41799136 41796993 -2143 (-0.01%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_client 42081978 42080037 -1941 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client 42063512 42061764 -1748 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client 41875158 41873515 -1643 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client 68660213 68657665 -2548 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 46433785 46432169 -1616 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client 41794786 41793338 -1448 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client 58262976 58260970 -2006 (-0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_client 58198132 58200035 1903 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 46432466 46430948 -1518 (-0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 4291346 4291217 -129 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client 41994466 41993234 -1232 (-0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_server 11987812 11988133 321 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 80612427 80610302 -2125 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 80613373 80611330 -2043 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server 13738663 13738958 295 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client 58315709 58314479 -1230 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client 30642855 30642222 -633 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client 92719968 92718197 -1771 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_client 58319076 58318049 -1027 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client 92651938 92650557 -1381 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client 92647736 92646365 -1371 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client 35472846 35473333 487 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 92716760 92715585 -1175 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_server 12176712 12176599 -113 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server 12182489 12182595 106 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client 42071412 42071762 350 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client 30842202 30842407 205 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client 35475020 35475217 197 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client 42000407 42000255 -152 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server 13740927 13740904 -23 (-0.00%) 0.20%

Wall-time

Significant differences

⚠️ There are significant wall-time differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_session_id_aws_lc_rs_1.2_rsa_aes 2.09 ms 2.04 ms ✅ -0.05 ms (-2.19%) 1.35%
handshake_tickets_aws_lc_rs_1.2_rsa_aes 2.25 ms 2.21 ms ✅ -0.05 ms (-2.13%) 1.00%

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_no_resume_aws_lc_rs_1.3_rsa_aes 1.44 ms 1.41 ms -0.03 ms (-2.05%) 2.78%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes 1.38 ms 1.36 ms -0.03 ms (-1.98%) 2.06%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha 1.43 ms 1.40 ms -0.03 ms (-1.97%) 3.03%
handshake_session_id_aws_lc_rs_1.3_rsa_aes 6.36 ms 6.30 ms -0.06 ms (-0.88%) 1.60%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes 5.45 ms 5.41 ms -0.05 ms (-0.86%) 3.99%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes 5.46 ms 5.42 ms -0.05 ms (-0.84%) 4.30%
handshake_session_id_ring_1.2_rsa_aes 1.56 ms 1.55 ms -0.01 ms (-0.78%) 1.00%
handshake_tickets_ring_1.2_rsa_aes 1.65 ms 1.64 ms -0.01 ms (-0.77%) 1.10%
handshake_tickets_aws_lc_rs_1.3_rsa_aes 6.37 ms 6.32 ms -0.05 ms (-0.72%) 1.73%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes 4.50 ms 4.47 ms -0.03 ms (-0.62%) 5.46%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha 6.33 ms 6.29 ms -0.04 ms (-0.62%) 1.46%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha 6.36 ms 6.33 ms -0.04 ms (-0.56%) 1.50%
transfer_no_resume_ring_1.3_ecdsap256_aes 6.33 ms 6.30 ms -0.04 ms (-0.56%) 3.38%
transfer_no_resume_ring_1.3_rsa_aes 6.81 ms 6.78 ms -0.03 ms (-0.46%) 3.17%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes 5.38 ms 5.35 ms -0.02 ms (-0.44%) 1.71%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes 5.22 ms 5.19 ms -0.02 ms (-0.43%) 4.42%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes 6.09 ms 6.07 ms -0.02 ms (-0.40%) 1.59%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes 479.06 µs 477.26 µs -1.80 µs (-0.38%) 2.74%
handshake_session_id_ring_1.3_rsa_aes 7.25 ms 7.23 ms -0.03 ms (-0.37%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha 13.93 ms 13.88 ms -0.05 ms (-0.37%) 1.77%
transfer_no_resume_ring_1.3_ecdsap384_aes 9.43 ms 9.39 ms -0.03 ms (-0.36%) 2.26%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 478.28 µs 476.79 µs -1.50 µs (-0.31%) 2.81%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes 5.39 ms 5.38 ms -0.02 ms (-0.31%) 2.19%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 12.97 ms 12.93 ms -0.04 ms (-0.30%) 1.74%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha 5.36 ms 5.34 ms -0.01 ms (-0.28%) 1.48%
handshake_session_id_ring_1.3_rsa_chacha 7.21 ms 7.19 ms -0.02 ms (-0.27%) 1.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes 6.11 ms 6.09 ms -0.02 ms (-0.26%) 2.07%
handshake_no_resume_ring_1.3_ecdsap256_chacha 504.40 µs 503.08 µs -1.32 µs (-0.26%) 2.30%
handshake_tickets_ring_1.3_rsa_aes 7.28 ms 7.26 ms -0.02 ms (-0.26%) 1.00%
transfer_no_resume_ring_1.3_ecdsap256_chacha 12.97 ms 12.94 ms -0.03 ms (-0.26%) 1.66%
handshake_tickets_ring_1.3_rsa_chacha 7.23 ms 7.21 ms -0.02 ms (-0.25%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 13.68 ms 13.64 ms -0.03 ms (-0.24%) 1.68%
handshake_session_id_ring_1.3_ecdsap256_aes 6.76 ms 6.75 ms -0.02 ms (-0.24%) 1.00%
handshake_session_id_ring_1.3_ecdsap384_aes 9.85 ms 9.82 ms -0.02 ms (-0.23%) 1.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha 5.39 ms 5.38 ms -0.01 ms (-0.22%) 2.06%
transfer_no_resume_ring_1.3_ecdsap384_chacha 16.07 ms 16.04 ms -0.03 ms (-0.20%) 1.27%
handshake_session_id_ring_1.3_ecdsap256_chacha 6.72 ms 6.71 ms -0.01 ms (-0.19%) 1.00%
handshake_session_id_ring_1.3_ecdsap384_chacha 9.81 ms 9.79 ms -0.02 ms (-0.19%) 1.00%
handshake_tickets_ring_1.3_ecdsap256_chacha 6.75 ms 6.74 ms -0.01 ms (-0.18%) 1.00%
handshake_no_resume_ring_1.2_rsa_aes 978.32 µs 976.52 µs -1.80 µs (-0.18%) 1.13%
handshake_no_resume_ring_1.3_ecdsap256_aes 506.13 µs 505.27 µs -0.85 µs (-0.17%) 2.61%
handshake_tickets_ring_1.3_ecdsap384_chacha 9.84 ms 9.82 ms -0.02 ms (-0.17%) 1.00%
transfer_no_resume_ring_1.3_rsa_chacha 13.46 ms 13.44 ms -0.02 ms (-0.16%) 1.55%
handshake_no_resume_ring_1.3_rsa_aes 988.78 µs 987.20 µs -1.58 µs (-0.16%) 1.12%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes 1.19 ms 1.19 ms -0.00 ms (-0.16%) 1.00%
handshake_tickets_ring_1.3_ecdsap384_aes 9.88 ms 9.86 ms -0.02 ms (-0.16%) 1.00%
handshake_no_resume_ring_1.3_rsa_chacha 988.56 µs 987.30 µs -1.26 µs (-0.13%) 1.07%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha 6.09 ms 6.09 ms -0.01 ms (-0.13%) 1.57%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha 6.05 ms 6.05 ms -0.01 ms (-0.11%) 1.58%
handshake_tickets_ring_1.3_ecdsap256_aes 6.79 ms 6.78 ms -0.01 ms (-0.08%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 1.18 ms 1.18 ms 0.00 ms (0.05%) 1.29%
transfer_no_resume_ring_1.2_rsa_aes 6.73 ms 6.73 ms -0.00 ms (-0.04%) 3.31%
handshake_no_resume_ring_1.3_ecdsap384_aes 3.60 ms 3.60 ms -0.00 ms (-0.04%) 1.00%
handshake_no_resume_ring_1.3_ecdsap384_chacha 3.60 ms 3.60 ms -0.00 ms (-0.03%) 1.00%

Additional information

Historical results

Checkout details:

cpu
cpu reviewed Jun 12, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments from an early review pass. Looks solid!

rustls/src/common_state.rs Show resolved Hide resolved
rustls/src/client/tls13.rs Outdated Show resolved Hide resolved
rustls/src/conn.rs Show resolved Hide resolved
rustls/src/record_layer.rs Show resolved Hide resolved
rustls/src/record_layer.rs Outdated Show resolved Hide resolved
rustls/src/record_layer.rs Outdated Show resolved Hide resolved
rustls/src/conn.rs Outdated Show resolved Hide resolved
rustls/tests/api.rs Outdated Show resolved Hide resolved
rustls/tests/common/mod.rs Outdated Show resolved Hide resolved
rustls/tests/api.rs Outdated Show resolved Hide resolved
@ctz ctz force-pushed the jbp-key-update-request branch 6 times, most recently from d11169e to 5173e7f Compare June 18, 2024 15:52
@ctz ctz marked this pull request as ready for review June 18, 2024 16:16
@ctz
Copy link
Member Author

ctz commented Jun 18, 2024

This is ready, I think. I have hoisted the more incidental changes to the top of the PR.

cpu
cpu approved these changes Jun 19, 2024
View reviewed changes
rustls/src/common_state.rs Show resolved Hide resolved
rustls/src/common_state.rs Show resolved Hide resolved
ctz added 6 commits June 20, 2024 09:21
@ctz
Fit received_middlebox_ccs into TemperCounters type
5cadda3
@ctz
Correct out-of-order key_update responses
ae5019a 
a2fd30c introduced `queued_key_update_message` which logically contains
an encryption of a key_update response.  Because it is encrypted, it must
be disbursed _before_ any further encryptions.

This didn't happen, for example in this sequence of events:

- we receive a key_update with UpdateRequested, and fill in
  `queued_key_update_message`,
- we send any other non-ApplicationData message, adding it to
  `sendable_tls`,
- we send some ApplicationData, moving `queued_key_update_message` into
  `sendable_tls`

This leads to `sendable_tls` containing out-of-order messages,
that the peer will fail to decrypt.
@ctz
Add refresh_traffic_keys() function
6cf6ca3
@ctz
bogo: support all KeyUpdate tests
a91dd68
@ctz
Replace record_layer API for encryption sequence exhaustion
a91f573 
This removes `encrypt_exhausted`, `wants_close_before_encrypt` and
`remaining_write_seq` and unifies those into one API.

The single API is shared between the unbuffered and buffered
code to avoid these falling out of line.
@ctz
Obtain encryption sequence limit from suite
d86bd5a 
Limited by SEQ_SOFT_LIMIT for suites that have no limit.
ctz added 8 commits June 20, 2024 09:41
@ctz
Send key_update request when encrypter exhausted
0bae3af
@ctz
Correct confidentiality_limit for TCP-TLS
08b9724 
These were copies of the QUIC values, which made them pessimistic
(QUIC's largest message is 2 ** 16, TCP-TLS is 2 ** 14).  Double
them.

Add documentation & references of how these are calculated.
@ctz
write_fragments: output sendable_tls as prefix
f93ea6b 
Overwhelmingly `sendable_tls` is empty in this code path,
but when it is not (eg, an alert or other post-handshake handshake
message), it _must_ be included before further encryptions
are performed.

Once that is achieved, we can eliminate the special handling
of `queued_key_update_message` in `write_plaintext`.
@ctz
eager_send_close_notify: reuse send_close_notify
5f309aa 
Ensures unbuffered API respects the 7d4e809 fix.
@ctz
unbuffered: add WriteTraffic::refresh_traffic_keys()
821d633
@ctz
unbuffered: test automatic key refresh
4d8a501
@ctz
Test and fix TLS1.2 closure on key exhaustion
9d64f9c 
This was previously untested and... didn't work very well.

First, sending a close_notify when `send_single_fragment` refuses
to send anything further is not fruitful.  Exempt alerts from that
(they have very little secret content, and we send few if any on a
given connection, so cannot meaningfully contribute to reaching
the key's birthday bound.)

Second, `send_close_notify` when `send_single_fragment` will
itself call `send_close_notify` does not terminate.  Use the existing
`send_close_notify` idempotency to prevent this.

Finally, add an error-level log to this code path.  It is uncommon,
and fatal to the connection.
@ctz
unbuffered: test and fix TLS1.2 closure on key exhaustion
86010c9 
Calling `eager_send_close_notify` here was wrong, as it is
impossible to communicate to the caller that a message has
been written to `outgoing_tls` (via its length), _and_
return the error.

Instead, use `send_close_notify` which pends data to be
sent on the next `EncodeTlsData` state.
@ctz ctz added this pull request to the merge queue Jun 21, 2024
Merged via the queue into main with commit 8a8023a Jun 21, 2024
46 checks passed
@ctz ctz deleted the jbp-key-update-request branch June 21, 2024 12:33
djc
djc reviewed Jun 21, 2024
View reviewed changes
Copy link
Member

@djc djc left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the slow review -- had just started before you added this to the merge queue.

rustls/src/msgs/handshake.rs Show resolved Hide resolved
rustls/src/client/tls13.rs
@@ -1554,6 +1554,14 @@ impl State<ClientConnectionData> for ExpectTraffic {
Ok(self)
}

fn send_key_update_request(&mut self, common: &mut CommonState) -> Result<(), Error> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we deduplicate more of this logic across client/server, maybe by moving it into a method on CommonState?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have done this, though it's quite minor -- I would very much like to avoid any dependency from common_state to tls13::key_schedule.

rustls/src/record_layer.rs Outdated Show resolved Hide resolved
rustls/src/common_state.rs
.record_layer
.pre_encrypt_action(f as u64)
{
record_layer::PreEncryptAction::Nothing => {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: maybe import record_layer::PreEncryptAction.

rustls/src/common_state.rs Show resolved Hide resolved
rustls/src/record_layer.rs
///
/// If that is not possible (for example, the connection is TLS1.2), a `close_notify`
/// alert should be sent instead.
RefreshOrClose,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd have pulled this back into the originating commit.

rustls/src/common_state.rs Show resolved Hide resolved
rustls/src/common_state.rs Show resolved Hide resolved
rustls/src/common_state.rs Show resolved Hide resolved
@ctz ctz mentioned this pull request Jun 21, 2024
Merged
@ctz
Copy link
Member Author

ctz commented Jun 21, 2024

Sorry for the slow review -- had just started before you added this to the merge queue.

Sorry about that -- see #2016 for follow-up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc left review comments

@cpu cpu cpu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@ctz @djc @cpu