Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Post-handshake authentication #366

Merged
merged 14 commits into from
Jun 25, 2019
Merged

Post-handshake authentication #366

merged 14 commits into from
Jun 25, 2019

Conversation

ocheron
Copy link
Contributor

@ocheron ocheron commented Jun 23, 2019

Adds basic client/server support for PHA.

Primary goal is to have client support for scenarios where this is needed by the server. The extension is sent unconditionnally since it is not any different than a renegotiation handshake before TLS13, which is always possible. Existing configuration and hooks about client authentication will apply, so this should minimize impact of enabling TLS13.

Ability for a server to request authentication is also added, with design similar to key update. i.e. the API does nothing before TLS13, and does not try to trigger a renegotiation instead.

Internally the existing client-certificate code is reused, with handshake state being reverted at specific locations. The reasons for reverts are:

  • successive post-handshake authentications don't cumulate in the transcript
  • in case of several authentication requests in parallel, the client decides which one to honour first and the server can't anticipate any transcript update
  • the server may request authentication before receiving client Finished13, so CertRequest13 is appended to the correct transcript only when receiving the matching Certificate13

As consequence, state modifications are not preserved after completion of the authentication sequence, but this is similar to what handshakeTerminate does before TLS13.

@ocheron ocheron added the TLS1.3 label Jun 23, 2019
@kazu-yamamoto kazu-yamamoto self-requested a review June 24, 2019 05:08
kazu-yamamoto
kazu-yamamoto reviewed Jun 24, 2019
View reviewed changes
core/Network/TLS/Extension.hs
instance Extension PostHandshakeAuth where
extensionID _ = extensionID_PostHandshakeAuth
extensionEncode _ = B.empty
extensionDecode MsgTClientHello = runGetMaybe (pure PostHandshakeAuth)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that return is safer than pure from the backward compatibility point of view.

@kazu-yamamoto
Copy link
Collaborator

Except pure, this PR looks good to me.

kazu-yamamoto added a commit to kazu-yamamoto/hs-tls that referenced this pull request Jun 25, 2019
@kazu-yamamoto
Merge PR haskell-tls#366.
2bcd6eb
@kazu-yamamoto kazu-yamamoto merged commit 7d642d5 into haskell-tls:master Jun 25, 2019
@kazu-yamamoto
Copy link
Collaborator

I changed pure to return and merged this PR.

@ocheron ocheron deleted the post-hs-auth branch June 29, 2019 05:23
@ocheron
Copy link
Contributor Author

ocheron commented Jun 29, 2019

Thanks. More a style issue than compatibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kazu-yamamoto kazu-yamamoto kazu-yamamoto left review comments

Assignees
No one assigned
Labels
TLS1.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ocheron @kazu-yamamoto