[TLS 1.3] Signature_Scheme Class#2958
Closed
hrantzsch wants to merge 7 commits intorandombit:dev/tls-13from
Closed
[TLS 1.3] Signature_Scheme Class#2958hrantzsch wants to merge 7 commits intorandombit:dev/tls-13from
hrantzsch wants to merge 7 commits intorandombit:dev/tls-13from
Conversation
* replace handshake protocol internals
Add TLS 1.3 specific Handshake_Layer, Handshake_State,
Handshake_Transitions, Transcript_Hash to replace
functionality of TLS 1.2 Handshake_State.
Related refactorings and module rearrangements.
* handling of Hello Retry Request
* handling alerts
* ensure handshake messages are not interleaved
* implement Exporters (RFC8446 7.5)
* Implement middlebox compatibility mode (RFC 8446 Appendix D.4)
* handle protocol version downgrade
* Post-Handshake-Message Key_Update
* OCSP stapling
* update of traffic secrets via a user-facing API
* Record_Size_Limit extension for TLS 1.3
* BoGo Tests integration/fixes for TLS 1.3
... we rebased the changes in jack/runner-20210401 to the current boringssl origin master (currently on reneme/boringssl)
... tests that are not applicable (yet) were disabled
* prepend dummy ccs record for any second flight
* too large decrypted plaintext
* client hello version when renegotiating 1.2
* don't try 1.3 if we have a 1.2 session to resume
* server selected version handling
* ALPN handling in TLS 1.3
* segfault on empty certificate
* user_canceled should be ignored
* handle record padding
* detect session ID downgrade attack
* illegal compression method shall be 'decode error'
* add missing check for unusable cipher suites
* less scrutiny when checking version of initial rcv'd record
* memory reservations for large records
* detect unexpected extensions in EE
* allow for better validation of OCSP responses
* check for forbidden extensions in EE msg
* validate allowed extensions in cert msg
* empty Encrypted Extensions are not allowed
* more explicit validation of Hello Retry Request
* check signature algo in certificate
* certificate constraint checking too loose
* validate handshake type byte
* refuse unprotected traffic after kex
* detect bad alerts
* support ALPN in TLS 1.3
* allow 1.2 warning alerts in 1.3
Co-authored-by: René Meusel <rene.meusel@nexenio.com>
Co-authored-by: René Meusel <rene.meusel@nexenio.com>
hrantzsch
commented
Apr 14, 2022
3466d99 to
6c21d36
Compare
hrantzsch
commented
Apr 14, 2022
6c21d36 to
a907927
Compare
Note that this affects the public API of TLS::Policy and Signature_Scheme Co-authored-by: René Meusel <rene.meusel@nexenio.com>
a907927 to
28a31c8
Compare
randombit
reviewed
Apr 15, 2022
Owner
randombit
left a comment
There was a problem hiding this comment.
This looks great. In the last years I've often bemoaned that C++ does not have Rust-style enums which allow you to attach functions, but this is a nice approach to getting that behavior.
A few minor comments but overall 👍
Collaborator
|
Please don't merge this yet. While finishing up the client authentication code I made a few adaptions to the API of |
|
This pull request introduces 1 alert when merging e97ee42 into 8976bf2 - view on LGTM.com new alerts:
|
reneme
reviewed
Apr 19, 2022
9af0d3b to
a576ca3
Compare
Collaborator
|
Closed in favour of #2968 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a class for signature schemes, replacing the existing
Signature_Schemeenum and the free-standing functions around it (signature_algorithm_of_scheme,hash_function_of_scheme, etc).Previously, it was not clear whether these functions would throw if an invalid or unknown scheme was provided. This has been changed: the member functions never throw. Rather,
Signature_Scheme::is_availableshould be used to check if a scheme can be used (is implemented).We intend to extend this class with higher level predicates, such as
bool is_allowed_for(TLS::Version), or similar.Note that this affects the public API of TLS::Policy and Signature_Scheme. Users can still create schemes as, e.g.,
Botan::TLS::Signature_Scheme::ECDSA_SHA256, because the enum class moved into the actual class (but is no longer an enum class).