Skip to content

[ech] rewrite ESNI to ECH draft 15 #437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kazuho merged 110 commits into from
Dec 7, 2022
Merged

[ech] rewrite ESNI to ECH draft 15 #437

Changes from 1 commit
Commits
Show all changes
110 commits
Select commit Hold shift + click to select a range
e638cc7
Merge branch 'kazuho/hpke' into kazuho/ech
kazuho Nov 8, 2022
9a31fde
remove ESNI stuff
kazuho Nov 7, 2022
22013e4
be certain `tls` is immutable when decoding CH
kazuho Nov 8, 2022
1e3b900
Merge branch 'kazuho/hpke' into kazuho/ech
kazuho Nov 15, 2022
af8deb6
Merge branch 'kazuho/hpke' into kazuho/ech
kazuho Nov 15, 2022
8514d77
encode CH without touching `ptls_t` directly, decode ECHConfigList
kazuho Nov 16, 2022
d91e865
send ech extension / send fake psk in outer
kazuho Nov 16, 2022
b53ad77
emit ECH
kazuho Nov 16, 2022
d872a7d
Merge branch 'kazuho/hpke' into kazuho/ech
kazuho Nov 17, 2022
b1eaf7c
it works (for the most straight-forward case)
kazuho Nov 16, 2022
15dba60
Merge branch 'master' into kazuho/ech
kazuho Nov 17, 2022
16afb15
signal if ech is used
kazuho Nov 17, 2022
5fdebbf
remove esni command line tool
kazuho Nov 17, 2022
5c412b9
[cli] -E and -K options to handle ECH (it works)
kazuho Nov 17, 2022
c06805b
check existence of the extension (and the error code)
kazuho Nov 17, 2022
400ed9e
Update include/picotls.h
kazuho Nov 17, 2022
1cefe7b
`ech` will always be non-NULL with modes other than INNER
kazuho Nov 18, 2022
36f855e
less magic numbers
kazuho Nov 18, 2022
9468610
add and recognize padding
kazuho Nov 18, 2022
b851be2
restore msghash_off, it points mid-message when resuming
kazuho Nov 18, 2022
d410403
emit and check ECH accept confirmation hash
kazuho Nov 18, 2022
3fc88d0
Merge branch 'master' into kazuho/ech
kazuho Nov 18, 2022
c7fc502
run two hashes for CHInner and CHOuter, choose the right one
kazuho Nov 18, 2022
636a724
refactor as a preparation
kazuho Nov 18, 2022
3f942d8
generate HRR.ECH (and we can roll the key schedule when sending state…
kazuho Nov 18, 2022
f77c13f
"confirm" implies acceptance
kazuho Nov 18, 2022
2c6f84c
[ECH] handle HRR correctly
kazuho Nov 19, 2022
c417915
check ECH.type always (as well as concentrating the logic)
kazuho Nov 21, 2022
c9b6b9b
ServerHello.ECH can exist unless when the server responds to inner CH
kazuho Nov 21, 2022
459e998
add I/F to obtain the type of the handshake
kazuho Nov 22, 2022
6705508
fix the encoded order
kazuho Nov 22, 2022
d6cdb2c
HKDF-Expand-Label being used is that of RFC 8446, hence uses the "tls…
kazuho Nov 22, 2022
8310c09
use const-time op
kazuho Nov 22, 2022
828eefc
key-schedule uses the transcript with confirmation hash
kazuho Nov 22, 2022
a9ac007
Merge branch 'master' into kazuho/ech
kazuho Nov 22, 2022
df0891d
CHinner MUST NOT offer tls 1.2 or below
kazuho Nov 22, 2022
d7d4c46
[ECH] test variations, e.g., retry
kazuho Nov 24, 2022
71479e4
use wrapper function so as to not miss setting fields
kazuho Nov 24, 2022
205e194
we can say that ECH is used whenever ECH AEAD context is available
kazuho Nov 24, 2022
c0f58ca
ciphers given significance, as it is the only attribute used on both …
kazuho Nov 24, 2022
f63838e
test configuration mismatch
kazuho Nov 24, 2022
c385e1f
send / receive retry_configs
kazuho Nov 24, 2022
ba1baf3
add FIXME
kazuho Nov 24, 2022
bddb83a
oops
kazuho Nov 24, 2022
6068d6f
[ECH] do not touch key_schedule when determining acceptance
kazuho Nov 24, 2022
36a6c79
remove ESNI stuff
kazuho Nov 24, 2022
4cfcc64
replay entire ECH extension when ECH is rejected via HRR
kazuho Nov 24, 2022
6d193a0
upon ech config mismatch, report retry_config to the application iff …
kazuho Nov 24, 2022
5875465
split ECH config applicability testing (ignore upon failure) vs. ECH …
kazuho Nov 24, 2022
c461703
send ECH_REQUIRED alert if rejected, saving retry_configs correctly
kazuho Nov 25, 2022
9edab68
it's a MISmatch
kazuho Nov 25, 2022
e2e6dc2
p256 might be the only algorithm that we support
kazuho Nov 25, 2022
9669e49
dispose state when AEAD decryption fails, otherwise `ptls_is_ech_hand…
kazuho Nov 25, 2022
2ea2080
clarify the contract
kazuho Nov 25, 2022
50c428c
make it simple
kazuho Nov 25, 2022
54d10fa
consistent naming convention
kazuho Nov 25, 2022
7f59712
add comment
kazuho Nov 25, 2022
5038530
better to rename "select_one" now that we have `select_outer` that se…
kazuho Nov 25, 2022
3f07e64
move the condition out, add comment
kazuho Nov 25, 2022
697e7b4
unless the client offered ECH, reject EE.ECH
kazuho Nov 25, 2022
6ff7ee6
outer- and inner-random have to be identical unless ECH is used
kazuho Nov 25, 2022
909d974
retain innerCH.random separately
kazuho Nov 25, 2022
1672380
[ECH] add I/F to obtain kem/cipher being used
kazuho Nov 25, 2022
a91ae5f
send retry_config only when we are capable of accepting ECH
kazuho Nov 25, 2022
37d4c33
in PSK mode, CertificateRequest is rejected by the state machine (and…
kazuho Nov 28, 2022
1c7b115
clang-format
kazuho Nov 28, 2022
761cc03
add note that we are not following the spec
kazuho Nov 28, 2022
c58adc7
do not use ECH even when config is provided, unless server name is a …
kazuho Nov 28, 2022
92479ba
merge the struct
kazuho Nov 28, 2022
054db85
pass server-name as argument as it can be ECH.public_name
kazuho Nov 28, 2022
a6672c0
public_name is at least one byte
kazuho Nov 28, 2022
04b67ad
report error code
kazuho Nov 28, 2022
89779c4
create helper
kazuho Nov 28, 2022
9a95d7f
enc is at least one byte
kazuho Nov 28, 2022
4e01405
Merge branch 'master' into kazuho/ech
kazuho Nov 28, 2022
486e6f6
use `ptls_decode8`
kazuho Nov 28, 2022
3ad9194
ignore ECHConfig that have IP address as public name
kazuho Nov 28, 2022
65f4c7a
oops
kazuho Nov 28, 2022
901be76
payload is at least one byte
kazuho Nov 28, 2022
449bbec
reorder and clarify the logic
kazuho Nov 28, 2022
a374e42
rely on the decode function
kazuho Nov 28, 2022
cd4aaa4
use constant, state check in `decode_server_hello`
kazuho Nov 28, 2022
7208a7e
Merge branch 'master' into kazuho/ech
kazuho Nov 29, 2022
cab1a37
add new extensions to the table, rely on that
kazuho Nov 29, 2022
6648158
dispose of ECH AEAD context during handshake, decryption failure of i…
kazuho Nov 29, 2022
5aa73f3
use the existing function to discard ECH state after Hello exchange
kazuho Nov 29, 2022
e3666d4
track known extensions rather than the smallest 64 (otherwise we cann…
kazuho Nov 29, 2022
89cfbe2
Merge branch 'master' into kazuho/ech
kazuho Nov 29, 2022
80e1c4f
clear remaining ECH state even when HRR is used
kazuho Nov 29, 2022
21cf7c2
when ECH exchange is complete reduce the number of hashes too
kazuho Nov 29, 2022
48c7a92
no need to write after duplicate
kazuho Nov 29, 2022
f0360b4
add test for rebuilding inner CH
kazuho Nov 29, 2022
a3cfa2f
rebuild error is ILLEGAL_PARAMETER
kazuho Nov 29, 2022
df35659
encrypted_client_hello extension cannot be referred to by ech_outer_e…
kazuho Nov 29, 2022
c6d52f3
Merge branch 'master' into kazuho/ech
kazuho Dec 2, 2022
e8fe79e
Merge branch 'master' into kazuho/ech
kazuho Dec 4, 2022
7470a50
[msvc] remove picotls-esni
huitema Dec 4, 2022
398d39c
explicit cast to suppress warning
huitema Dec 4, 2022
5bbd77b
fix stuff that MSVC does not like
huitema Dec 4, 2022
ae30a2c
use sprintf instead
kazuho Dec 4, 2022
bf81477
use bogus blob rather than adding one byte to only one of the variabl…
kazuho Dec 4, 2022
8758ee3
Merge branch 'kazuho/ech-msvc' into kazuho/ech (reorganize & merge #449)
kazuho Dec 4, 2022
62c4bca
Merge branch 'master' into kazuho/ech
kazuho Dec 5, 2022
04dfe46
reflect the fact that the supported set of HPKE cipher-suites can be …
kazuho Dec 5, 2022
347a32e
add API for encoding ECHConfig
kazuho Dec 5, 2022
e6d9bd0
turn `-E` into a read-write file so that it can be used for storing r…
kazuho Dec 7, 2022
113fb5d
length of public_name field is 1-byte
kazuho Dec 7, 2022
8641129
immedaetly send alert and exit when ECH_REQUIRED is generated
kazuho Dec 7, 2022
8755654
send ECH_REQUIRED alert after Finished, as the draft suggests
kazuho Dec 7, 2022
444b745
update expected behavior following the change in the previous commit
kazuho Dec 7, 2022
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
enc is at least one byte
  • Loading branch information
@kazuho
kazuho committed Nov 28, 2022
commit 9a95d7fab76b59d6e560cd1751d1fcfea19dc799
4 changes: 4 additions & 0 deletions lib/picotls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1022,6 +1022,10 @@ static int decode_one_ech_config(ptls_hpke_kem_t **kems, ptls_hpke_cipher_suite_
}
}
ptls_decode_open_block(*src, end, 2, {
if (*src == end) {
ret = PTLS_ALERT_DECODE_ERROR;
goto Exit;
}
decoded->public_key = ptls_iovec_init(*src, end - *src);
*src = end;
});
Expand Down