add TLS 1.3 PSK support #2424
add TLS 1.3 PSK support #2424
Conversation
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
|
Can you fix up CI? Let's drop the separate examples for now. |
Sure thing. I fixed bogo locally, just haven't pushed it yet. For semver should I bump the version in the cargo manifest?
👍 |
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
|
@djc okay, I've verified that bogo passes locally. For some reason |
|
I don't think we're in a state where we want to merge semver-incompatible changes. As such:
|
There was a problem hiding this comment.
Okay, that is a lot of stuff...
I think this needs a bunch of work to clean it up. There should be a clean commit history (potentially as separate PRs so we can merge some of it sooner). I also think there should be a bunch of refactoring here so that the PSK/resumption code is more isolated from the rest of the handshake.
| preshared_keys: Arc::new(handy::NoPresharedKeys), | ||
| psk_kex_modes: vec![PskKexMode::PskWithDhe], |
There was a problem hiding this comment.
Suggest grouping these in a struct together. Aren't there any interactions between these values in terms of expected behavior?
| /// To help prevent adversaries from discovering identities | ||
| /// supported by the server, identity comparisons should be | ||
| /// performed in constant time. | ||
| fn load_psk(&self, identity: &[u8]) -> Option<Arc<PresharedKey>>; |
There was a problem hiding this comment.
If we need constant-time here, suggest we change the API so that rustls itself handles the identity comparison.
There was a problem hiding this comment.
PSK identities are not secret (they're in the unencrypted portion of the handshake), so a constant time comparison isn't an absolute necessity. However, constant time comparisons help prevent clients from enumerating the identities that the server supports. I originally wanted rustls to handle the identity comparison, but I couldn't come up with a suitable API that still allowed users to implement their own PSK database.
This is probably fine since rustls doesn't make any important decisions with |
Let me know if you'd like me to roll up the commit history. I typically wait to squash commits before committing so it doesn't disrupt code review. Let me know which parts you'd like moved to separate PRs, if any. I tried to make this PR as minimal as possible, but some refactoring (particularly of resumption handling) was necessary, otherwise the code would've been terribly difficult to follow, which is unacceptable for security critical code. |
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
For rustls#2424 Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2424 +/- ##
==========================================
- Coverage 95.96% 95.62% -0.34%
==========================================
Files 94 94
Lines 22634 23349 +715
==========================================
+ Hits 21721 22328 +607
- Misses 913 1021 +108 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
For rustls#2424 Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
For rustls#2424 Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
For rustls#2424 Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
For #2424 Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
For #2424 Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
Signed-off-by: Eric Lagergren <elagergren@spideroak.com>
I think using
We typically work with smallish commits that each compile and can pass CI (though we don't usually test whether exactly each commit does). I suggest you break this up into smaller pieces, especially by (1) splitting refactoring into separate commits, (2) splitting client from server. Also try to minimize unrelated changes (like renaming This is a pretty large amount of code to review. Maybe your organization could consider sponsoring the integration effort? |
What would this cost/involve? |
Send me an email? You can trivially find my address from my homepage. Feel free to include a proposal for what you would consider reasonable. |
Initial AQC implementation - Binds QUIC server to a network address - Binds QUIC client to 0.0.0.0:0 (this should be configurable in the future) - Fetches the AQC PSK from the daemon via the encrypted tarpc IPC - Integrates with rustls w/ PSK support based on this PR (rustls/rustls#2424) - Initializes the QUIC server with a PSK keystore - Adds AQC PSKs to the key store when AQC channels are created or received. - Creates bidirectional and unidirectional AQC channels. - Supports creating new QUIC streams on existing AQC channels. - Supports sending/receiving data via AQC QUIC data streams. - Adds AQC example to Rust example application. TODO: - Removal of test certs once rustls is updated to no longer require the server to be initialized with a cert when using PSKs. - Make QUIC client address configurable - More robust testing (e.g. multiple peers creating/deleting channels and sending/receiving in parallel) - And additional cleanup, see #214 (comment) --------- Co-authored-by: Nikki <npoelma@spideroak.com> Co-authored-by: gknopf <gknopf@spideroak.com> Co-authored-by: Declan Johnson <102169329+djohnson-spideroak@users.noreply.github.com> Co-authored-by: Jonathan Dygert <jdygert@spideroak.com>
|
Going to close this for now, pending future work on PSK support. |
This PR adds TLS 1.3 PSK support.
Fixes #174