New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session resumption #427
Session resumption #427
Conversation
d36c634
to
195afa0
Compare
there is a method to get the last message of a given type so use it
as we keep the list of exchanged messages in session resumption, the test unnecessairly triggers in session resumption move the responsibility to expect just one SH and HRR message to the person writing test case
to actually use the ticket, we need to know how old it is, so save the time it was received
as we don't know the identity of the ticket that will be provided by server when the conversation is set up, we need to have a dynamic method that uses current connection state to create the PSK extension also, as the ticket may be used for 0-rtt data, it needs to be placed first for the 0-rtt data to be readable (not used now, as 0-rtt is not supported, but will be needed in the future)
the return value is an actual extension, the generators are defined in methods below
195afa0
to
391551c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Except for the (probably) bogus imports in the test script, the changes look good for me.
|
||
from tlsfuzzer.runner import Runner | ||
from tlsfuzzer.messages import Connect, ClientHelloGenerator, \ | ||
ClientKeyExchangeGenerator, ChangeCipherSpecGenerator, \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I see right, the ChangeCipherSpecGenerator
is unused in this file
from tlslite.constants import CipherSuite, AlertLevel, AlertDescription, \ | ||
TLS_1_3_DRAFT, GroupName, ExtensionType, SignatureScheme, \ | ||
PskKeyExchangeMode | ||
from tlslite.keyexchange import ECDHKeyExchange |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ECDHKeyExchange
is not use din the code either.
from tlslite.keyexchange import ECDHKeyExchange | ||
from tlsfuzzer.utils.lists import natural_sort_keys | ||
from tlsfuzzer.utils.ordered_dict import OrderedDict | ||
from tlslite.extensions import KeyShareEntry, ClientKeyShareExtension, \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unused KeyShareEntry
.
as the ExpectServerHello doesn't explicitly reset the keys, but uses them if they are, or uses protocol specified defaults, if they aren't there, the calculated keys can be wrong in case the resumption failed or when connection switched from psk_ke to psk_dhe_ke
391551c
to
697ced2
Compare
@Jakuje imports fixed |
I am not sure if the travis failure is related to the change or not (on specific python versions), but if not, I will add my ack. |
both failures were unrelated; |
Thanks for the review! |
Description
Implement support for session resumption in TLS 1.3
Motivation and Context
fixes #184
Checklist
tlslite-ng.json
andtlslite-ng-random-subset.json
This change is