Session resumption #427
Merged
Session resumption #427
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomato42
force-pushed
the
session-resumption
branch
2 times, most recently
from
d36c634
to
195afa0
Compare
tomato42
added
the
new test script
there is a method to get the last message of a given type so use it
as we keep the list of exchanged messages in session resumption, the test unnecessairly triggers in session resumption move the responsibility to expect just one SH and HRR message to the person writing test case
to actually use the ticket, we need to know how old it is, so save the time it was received
as we don't know the identity of the ticket that will be provided by server when the conversation is set up, we need to have a dynamic method that uses current connection state to create the PSK extension also, as the ticket may be used for 0-rtt data, it needs to be placed first for the 0-rtt data to be readable (not used now, as 0-rtt is not supported, but will be needed in the future)
the return value is an actual extension, the generators are defined in methods below
tomato42
force-pushed
the
session-resumption
branch
from
195afa0
to
391551c
Compare
Jakuje
previously approved these changes
Jul 25, 2018
|
|
||
| from tlsfuzzer.runner import Runner | ||
| from tlsfuzzer.messages import Connect, ClientHelloGenerator, \ | ||
| ClientKeyExchangeGenerator, ChangeCipherSpecGenerator, \ |
There was a problem hiding this comment.
If I see right, the ChangeCipherSpecGenerator is unused in this file
| from tlslite.constants import CipherSuite, AlertLevel, AlertDescription, \ | ||
| TLS_1_3_DRAFT, GroupName, ExtensionType, SignatureScheme, \ | ||
| PskKeyExchangeMode | ||
| from tlslite.keyexchange import ECDHKeyExchange |
There was a problem hiding this comment.
ECDHKeyExchange is not use din the code either.
| from tlslite.keyexchange import ECDHKeyExchange | ||
| from tlsfuzzer.utils.lists import natural_sort_keys | ||
| from tlsfuzzer.utils.ordered_dict import OrderedDict | ||
| from tlslite.extensions import KeyShareEntry, ClientKeyShareExtension, \ |
as the ExpectServerHello doesn't explicitly reset the keys, but uses them if they are, or uses protocol specified defaults, if they aren't there, the calculated keys can be wrong in case the resumption failed or when connection switched from psk_ke to psk_dhe_ke
tomato42
force-pushed
the
session-resumption
branch
from
391551c
to
697ced2
Compare
|
@Jakuje imports fixed |
|
I am not sure if the travis failure is related to the change or not (on specific python versions), but if not, I will add my ack. |
|
both failures were unrelated; |
Jakuje
approved these changes
Jul 25, 2018
|
Thanks for the review! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Implement support for session resumption in TLS 1.3
Motivation and Context
fixes #184
Checklist
tlslite-ng.jsonandtlslite-ng-random-subset.jsonThis change is