Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extended Master Secret #406

Merged
merged 12 commits into from
Dec 4, 2019
Merged

Extended Master Secret #406

merged 12 commits into from
Dec 4, 2019

Conversation

ocheron
Copy link
Contributor

@ocheron ocheron commented Dec 1, 2019

Adds RFC 7627, which is a prerequisite for EKM and Token Binding before TLS 1.3.

For this I add an extensible list of flags to SessionData. Encrypted SNI would benefit from this too. It modifies the API but I think we should try this change in a minor version (not sure many people really depend on SessionData, but what is clear is that major versions tend to be blocked for months in stackage).

@ocheron
Defer call to setMasterSecretFromPre
1d3fa06 
With "extended_master_secret" extension, the master secret is derived
from all handshake messages up to CKX.  We need to process this
handshake message before calling setMasterSecretFromPre, so this
call is moved a few steps later.
@ocheron
Define ExtendedMasterSecret
a418016
@ocheron
Function and state to use Extended Master Secret
3202db4
@ocheron
Report EMS status in Information
ec5ecff
@ocheron
Session flag for Extended Master Secret
9edcdd4
@ocheron
Remove unneeded export
34b5600
@ocheron
Add parameter for EMS
995015c
@ocheron
Client/server behavior for EMS
f4e1859
@ocheron
Test Extended Master Secret
bf89762
@ocheron
Offer to resume non-EMS sessions
f7c975f 
RFC 7627 section 3 specifies that a client should not offer to resume
a session without EMS, however this breaks session resumption with
non-EMS servers.  The commit relaxes this constraint when EMS is
allowed and enforces it only when EMS is required.
@ocheron
Use new version in tls-debug
4cf19e3
@ocheron
Do not retain HState and update README
248e474
@kazu-yamamoto kazu-yamamoto self-requested a review December 2, 2019 08:05
@kazu-yamamoto kazu-yamamoto self-assigned this Dec 2, 2019
kazu-yamamoto
kazu-yamamoto approved these changes Dec 4, 2019
View reviewed changes
Copy link
Collaborator

@kazu-yamamoto kazu-yamamoto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent!

kazu-yamamoto added a commit to kazu-yamamoto/hs-tls that referenced this pull request Dec 4, 2019
@kazu-yamamoto
Merge PR haskell-tls#406
2576178
@kazu-yamamoto kazu-yamamoto merged commit 248e474 into haskell-tls:master Dec 4, 2019
@ocheron
Copy link
Contributor Author

ocheron commented Dec 8, 2019

Thank you for your review.
The good surprise was that very little was needed for the actual crypto change.
As often, the main part is negotiation and testability.

@ocheron ocheron deleted the extended-master branch December 8, 2019 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kazu-yamamoto kazu-yamamoto kazu-yamamoto approved these changes

Assignees

@kazu-yamamoto kazu-yamamoto

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ocheron @kazu-yamamoto