Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0rtt garbage resumption #423

Merged
merged 6 commits into from Jul 23, 2018
Merged

0rtt garbage resumption #423

merged 6 commits into from Jul 23, 2018

Conversation

tomato42
Copy link
Member

@tomato42 tomato42 commented Jul 4, 2018
edited

Description

test if server is 0-RTT resumption tolerant, even if it does not support 0-RTT (section 4.2.10 of draft-28)

Motivation and Context

server can turn 0-rtt support at-will, but client will not know when server does it, so the server needs to be able to process 0-rtt handshake always

fixes #422
blocked on tlsfuzzer/tlslite-ng#290

Checklist

  • I have read the CONTRIBUTING.md document and my PR follows change requirements therein
  • the changes are also reflected in documentation and code comments
  • all new and existing tests pass (see Travis CI results)
  • test script checklist was followed for new scripts
  • new test script added to tlslite-ng.json and tlslite-ng-random-subset.json
  • new and modified scripts were ran against popular TLS implementations:
    • OpenSSL
    • NSS
    • GnuTLS
  • required version of tlslite-ng updated in requirements.txt and README.md
  • 0-RTT and Change Cipher Spec? discuss if the client should send CCS before early_data

This change is Reviewable

@tomato42 tomato42 added the new test script will require creation of a new connection script label Jul 4, 2018
@tomato42 tomato42 self-assigned this Jul 4, 2018
@tomato42 tomato42 mentioned this pull request Jul 17, 2018
Merged
@tomato42 tomato42 force-pushed the 0rtt-garbage-resumption branch 2 times, most recently from 7e58104 to 5b10e9d Compare July 18, 2018 10:51
@tomato42 tomato42 mentioned this pull request Jul 18, 2018
Open
@tomato42 tomato42 force-pushed the 0rtt-garbage-resumption branch 2 times, most recently from 73d15cd to cbf2e72 Compare July 19, 2018 16:57
@tomato42
add support for changing record version in middle of connection
6d2878f 
up till now, the only way to change the record version, was to pass
it as a parameter to Connect() class, this extends the abilities
to allow changing it in the middle of connection negotiation

necessary for sending fake 0-RTT data
@tomato42
testing for 0-RTT tolerance on server
c17750f 
even if server does not support the 0-RTT negotiation, the client may
have previously connected to a server that did support it and provided
the client with a ticket that allowed it.

This simulates a resumption from such past session with use of 0-RTT.
@tomato42
sending fake CCS messages from client
71f47f9 
in TLS 1.3, the CCS does not change the encryption status of the
record layer, so allow skipping that part
@tomato42
test 0-rtt together with HRR and CCS
2453c97
@tomato42 tomato42 requested a review from nmav July 20, 2018 12:11
nmav
nmav reviewed Jul 23, 2018
View reviewed changes
scripts/test-tls13-0rtt-garbage.py Outdated
node = node.add_child(ExpectServerHelloDone())
# section D.3 of draft 28 states that client that receives TLS 1.2
# ServerHello as a reply to 0-RTT Client Hello MUST fail a connection
# consequently, it server does not need to be able to ignore early data
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: it server

nmav
nmav reviewed Jul 23, 2018
View reviewed changes
scripts/test-tls13-0rtt-garbage.py
node = node.add_child(ExpectServerHello(version=(3, 3)))
node = node.add_child(ExpectCertificate())
node = node.add_child(ExpectServerHelloDone())
# section D.3 of draft 28 states that client that receives TLS 1.2
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this assume that TLS1.4 will not support 1-rtt? Maybe use a much larger version?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when TLS 1.4 comes, the test cases will have to be updated, just like they had/have to be updated with TLS 1.3 introduction

the point is to test that if TLS 1.4 comes and includes 1-rtt, that the server will still handle TLS 1.4 clients correctly

@tomato42
Copy link
Member Author

@nmav typo fixed

@tomato42 tomato42 merged commit 5514813 into master Jul 23, 2018
tomato42 added a commit that referenced this pull request Jul 23, 2018
@tomato42
Merge pull request #426 and #423
97266fc 
Merge pull request #426 from tomato42/no-external-3des
remove external 3DES implementations from CI

Merge pull request #423 from tomato42/0rtt-garbage-resumption
0rtt garbage resumption
@tomato42 tomato42 deleted the 0rtt-garbage-resumption branch July 23, 2018 15:18
@tomato42
Copy link
Member Author

Thanks for review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nmav nmav nmav approved these changes

Assignees

@tomato42 tomato42

Labels
new test script will require creation of a new connection script
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

garbage 0-RTT handshake
2 participants
@tomato42 @nmav