Key update #290
Key update #290
Conversation
|
Ping @ocheron |
|
@ocheron Any show-stoppers for this PR? |
|
Only lack of time. I hope to complete review before end of week. |
| tls13 <- tls13orLater ctx | ||
| when tls13 $ do | ||
| sendPacket13 ctx $ Handshake13 [KeyUpdate13 UpdateRequested] | ||
| keyUpdate ctx getTxState setTxState |
There was a problem hiding this comment.
About this API, should we allow the caller to update direction Tx only?
Also it could return indication to the caller whether the call was ignored or not (flag tls13).
There was a problem hiding this comment.
In TLS 1.3 specification, both Tx and Rx are updated. There is no way to do update one direction only.
There was a problem hiding this comment.
Done. updateKey :: Context -> IO Bool
There was a problem hiding this comment.
About Tx/Rx, this is not my understanding. What happens if Alice sends "update_not_requested" to Bob? Update of traffic key Alice -> Bob only.
One use case for key update is to avoid reaching traffic limits of nonce-based cipher modes. The amount of traffic in both directions is not necessarily balanced.
There was a problem hiding this comment.
Good point. I added the check.
|
@ocheron Ready for merging? |
|
To make my job easier, I merge this PR now. |
|
Rebased and merged. Thank you for reviewing! |
Opened #311. |
This implements key update for TLS 1.3.
A new API
updateKeyis added.