packages feed

tls 2.0.4 → 2.0.5

raw patch · 5 files changed

+39/−16 lines, 5 filesdep ~crypton

Dependency ranges changed: crypton

Files

CHANGELOG.md view
@@ -1,3 +1,9 @@+## Version 2.0.5++* Fixing handshake13_0rtt_fallback+* Client checks if the group of PSK is contained in Supported_Groups.+* HRR is not allowed for 0-RTT.+ ## Version 2.0.4  * More fix for 0-RTT when application data is available while receiving CF.
Network/TLS/Core.hs view
@@ -44,6 +44,7 @@ import Network.TLS.Handshake.Common import Network.TLS.Handshake.Common13 import Network.TLS.Handshake.Process+import Network.TLS.Handshake.Random import Network.TLS.Handshake.State import Network.TLS.Handshake.State13 import Network.TLS.IO@@ -88,7 +89,8 @@ getRTT :: Context -> IO Int getRTT ctx = do     rtt <- tls13stRTT <$> getTLS13State ctx-    return (fromIntegral rtt * rttFactor * 1000) -- ms to us+    let rtt' = max (fromIntegral rtt) 10+    return (rtt' * rttFactor * 1000) -- ms to us  -- | notify the context that this side wants to close connection. -- this is important that it is called before closing the handle, otherwise@@ -348,6 +350,14 @@     loopHandshake13 (h@Certificate13{} : hs) =         postHandshakeAuthWith ctx h >> loopHandshake13 hs     loopHandshake13 (h : hs) = do+        rtt0 <- tls13st0RTT <$> getTLS13State ctx+        when rtt0 $ case h of+            ServerHello13 srand _ _ _ ->+                when (isHelloRetryRequest srand) $ do+                    clearTxRecordState ctx+                    let reason = "HRR is not allowed for 0-RTT"+                     in terminate13 ctx (Error_Misc reason) AlertLevel_Fatal UnexpectedMessage reason+            _ -> return ()         cont <- popAction ctx h hs         when cont $ loopHandshake13 hs 
Network/TLS/Handshake/Client.hs view
@@ -36,14 +36,17 @@ -- client part of handshake. send a bunch of handshake of client -- values intertwined with response from the server. handshakeClient :: ClientParams -> Context -> IO ()-handshakeClient cparams ctx = handshake cparams ctx groups Nothing+handshakeClient cparams ctx = do+    groups <- case clientWantSessionResume cparams of+        Nothing -> return groupsSupported+        Just (_, sdata) -> case sessionGroup sdata of+            Nothing -> return [] -- TLS 1.2 or earlier+            Just grp+                | grp `elem` groupsSupported -> return $ grp : filter (/= grp) groupsSupported+                | otherwise -> throwCore $ Error_Misc "groupsSupported is incorrect"+    handshake cparams ctx groups Nothing   where     groupsSupported = supportedGroups (ctxSupported ctx)-    groups = case clientWantSessionResume cparams of-        Nothing -> groupsSupported-        Just (_, sdata) -> case sessionGroup sdata of-            Nothing -> [] -- TLS 1.2 or earlier-            Just grp -> grp : filter (/= grp) groupsSupported  -- https://tools.ietf.org/html/rfc8446#section-4.1.2 says: -- "The client will also send a
test/HandshakeSpec.hs view
@@ -865,7 +865,6 @@  handshake13_0rtt_fallback :: CSP13 -> IO () handshake13_0rtt_fallback (CSP13 (cli, srv)) = do-    maxEarlyDataSize <- generate $ choose (0, 512)     group0 <- generate $ elements [P256, X25519]     let cliSupported =             def@@ -877,21 +876,21 @@                 { supportedCiphers = [cipher_TLS13_AES128GCM_SHA256]                 , supportedGroups = [group0]                 }-        params0 =+        params =             ( cli{clientSupported = cliSupported}             , srv                 { serverSupported = svrSupported-                , serverEarlyDataSize = maxEarlyDataSize+                , serverEarlyDataSize = 1024                 }             )      sessionRefs <- twoSessionRefs     let sessionManagers = twoSessionManagers sessionRefs -    let params = setPairParamsSessionManagers sessionManagers params0+    let params0 = setPairParamsSessionManagers sessionManagers params      let mode = if group0 == P256 then FullHandshake else HelloRetryRequest-    runTLSSimple13 params mode+    runTLSSimple13 params0 mode      -- and resume     mSessionParams <- readClientSessionRef sessionRefs@@ -900,7 +899,7 @@         Just sessionParams -> do             earlyData <- B.pack <$> generate (someWords8 256)             group1 <- generate $ elements [P256, X25519]-            let (pc, ps) = setPairParamsSessionResuming sessionParams params+            let (pc, ps) = setPairParamsSessionResuming sessionParams params0                 svrSupported1 =                     def                         { supportedCiphers = [cipher_TLS13_AES128GCM_SHA256]@@ -913,9 +912,14 @@                         , serverSupported = svrSupported1                         }                     )--            if group1 == group0+            -- C: [P256, X25519]+            -- S: [group0]+            -- C: [P256, X25519]+            -- S: [group1]+            if group0 == group1+                -- 0-RTT is not allowed, so fallback to PreSharedKey                 then runTLS0RTT params1 PreSharedKey earlyData+                -- HRR but not allowed for 0-RTT                 else runTLSFailure params1 (tlsClient earlyData) tlsServer   where     tlsClient earlyData ctx = do
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version:      >=1.10 name:               tls-version:            2.0.4+version:            2.0.5 license:            BSD3 license-file:       LICENSE copyright:          Vincent Hanquez <vincent@snarc.org>