Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement client support for TLS 1.3 0-RTT #185

Closed
wants to merge 9 commits into from
Closed

Implement client support for TLS 1.3 0-RTT #185

wants to merge 9 commits into from

Conversation

ymjing
Copy link

@ymjing ymjing commented Jul 19, 2018

Here's my take at implementing TLS 1.3 0-RTT for resumed client sessions. It passes BOGO and works with Cloudflare's TLS 1.3 0-RTT implementation.

Both Issue #84 and the TLS 1.3 draft discuss about the risk of using 0-rtt data. So 0-RTT is by default disabled. A user who wishes to send 0-RTT data to HAProxy or Cloudflare should set ClientConfig.enable_early_data and call ClientSession::write_all() before the handshake starts.

Two new Session APIs, is_in_early_data and is_early_data_accepted are added. is_in_early_data returns true if any early data is in flight or ready to be sent. This implies a handshake is in process and is_handshaking() must be true. is_early_data_accepted returns true if the server has processed the 0-RTT data and the client has sent EndOfEarlyData. This API should be called after the handshake is completed.

A max_early_data_size field is added to persist::ClientSessionValue to indicate the maximum bytes of plaintext that can be sent as early data. This limit is enforced in Session::send_plain().

The following BOGO test cases are turned on and passed.
PASSED (TLS13-SendTicketEarlyDataInfo)
PASSED (TLS13-SendTicketEarlyDataInfo-Disabled)
PASSED (TLS13-EarlyData-TooMuchData-Client-Sync)
PASSED (TLS13-EarlyData-TooMuchData-Client-Sync-ImplicitHandshake)
PASSED (TLS13-EarlyData-TooMuchData-Client-Sync-SplitHandshakeRecords)
PASSED (TLS13-EarlyData-TooMuchData-Client-Sync-PackHandshake)
PASSED (TLS13-EarlyData-TooMuchData-Client-Async)
PASSED (TLS13-EarlyData-TooMuchData-Client-Async-ImplicitHandshake)
PASSED (TLS13-EarlyData-TooMuchData-Client-Async-SplitHandshakeRecords)
PASSED (TLS13-EarlyData-TooMuchData-Client-Async-PackHandshake)
PASSED (EarlyData-Client-TLS13Draft23)
PASSED (EarlyData-Reject-Client-TLS13Draft23)
PASSED (EarlyData-HRR-Client-TLS13Draft23)
PASSED (EarlyDataWithoutResume-Client-TLS13Draft23)
PASSED (EarlyDataVersionDowngrade-Client-TLS13Draft23)
PASSED (ServerAcceptsEarlyDataOnHRR-Client-TLS13Draft23)
PASSED (EarlyData-Client-VersionAPI-TLS13Draft23)
PASSED (EarlyData-Client-BadFinished-TLS13Draft23)

@coveralls
Copy link

coveralls commented Jul 19, 2018
edited
Loading

Coverage Status

Coverage decreased (-0.2%) to 96.813% when pulling 1255a25 on mesalock-linux:tls13_0rtt_client into 2764264 on ctz:master.

@ctz
Copy link
Member

ctz commented Jul 22, 2018

Thanks, this is great work!

I'd like to keep the early and main application data streams separate though. I'll experiment with some alternative APIs and report back on this PR.

@ctz
Provide a separate stream for 0rtt client data
1255a25 
This adds:

- ClientSession::early_data() which may return a WriteEarlyData
  if early data is possible with the server.  WriteEarlyData
  implements io::Write and also tells how many bytes can be
  written.
- ClientSession::is_early_data_accepted which returns true if
  early data was signalled as accepted by the server.

Update the 0rtt example with some docs for this.
@ctz
Copy link
Member

ctz commented Jul 28, 2018

I've pushed a commit which uses your work and presents a slightly different API. Could you review it and make sure it meets your requirements?

@ymjing
Copy link
Author

ymjing commented Jul 31, 2018

@ctz The new API looks good to me. In particular I like the new EarlyDataState enum and ClientSessionImpl::write_early_data().

@ctz
Copy link
Member

ctz commented Jul 31, 2018

Thanks. This has been merged now.

@ctz ctz closed this Jul 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ymjing @coveralls @ctz