tls 2.0.4 → 2.0.5
raw patch · 5 files changed
+39/−16 lines, 5 filesdep ~crypton
Dependency ranges changed: crypton
Files
- CHANGELOG.md +6/−0
- Network/TLS/Core.hs +11/−1
- Network/TLS/Handshake/Client.hs +9/−6
- test/HandshakeSpec.hs +12/−8
- tls.cabal +1/−1
CHANGELOG.md view
@@ -1,3 +1,9 @@+## Version 2.0.5++* Fixing handshake13_0rtt_fallback+* Client checks if the group of PSK is contained in Supported_Groups.+* HRR is not allowed for 0-RTT.+ ## Version 2.0.4 * More fix for 0-RTT when application data is available while receiving CF.
Network/TLS/Core.hs view
@@ -44,6 +44,7 @@ import Network.TLS.Handshake.Common import Network.TLS.Handshake.Common13 import Network.TLS.Handshake.Process+import Network.TLS.Handshake.Random import Network.TLS.Handshake.State import Network.TLS.Handshake.State13 import Network.TLS.IO@@ -88,7 +89,8 @@ getRTT :: Context -> IO Int getRTT ctx = do rtt <- tls13stRTT <$> getTLS13State ctx- return (fromIntegral rtt * rttFactor * 1000) -- ms to us+ let rtt' = max (fromIntegral rtt) 10+ return (rtt' * rttFactor * 1000) -- ms to us -- | notify the context that this side wants to close connection. -- this is important that it is called before closing the handle, otherwise@@ -348,6 +350,14 @@ loopHandshake13 (h@Certificate13{} : hs) = postHandshakeAuthWith ctx h >> loopHandshake13 hs loopHandshake13 (h : hs) = do+ rtt0 <- tls13st0RTT <$> getTLS13State ctx+ when rtt0 $ case h of+ ServerHello13 srand _ _ _ ->+ when (isHelloRetryRequest srand) $ do+ clearTxRecordState ctx+ let reason = "HRR is not allowed for 0-RTT"+ in terminate13 ctx (Error_Misc reason) AlertLevel_Fatal UnexpectedMessage reason+ _ -> return () cont <- popAction ctx h hs when cont $ loopHandshake13 hs
Network/TLS/Handshake/Client.hs view
@@ -36,14 +36,17 @@ -- client part of handshake. send a bunch of handshake of client -- values intertwined with response from the server. handshakeClient :: ClientParams -> Context -> IO ()-handshakeClient cparams ctx = handshake cparams ctx groups Nothing+handshakeClient cparams ctx = do+ groups <- case clientWantSessionResume cparams of+ Nothing -> return groupsSupported+ Just (_, sdata) -> case sessionGroup sdata of+ Nothing -> return [] -- TLS 1.2 or earlier+ Just grp+ | grp `elem` groupsSupported -> return $ grp : filter (/= grp) groupsSupported+ | otherwise -> throwCore $ Error_Misc "groupsSupported is incorrect"+ handshake cparams ctx groups Nothing where groupsSupported = supportedGroups (ctxSupported ctx)- groups = case clientWantSessionResume cparams of- Nothing -> groupsSupported- Just (_, sdata) -> case sessionGroup sdata of- Nothing -> [] -- TLS 1.2 or earlier- Just grp -> grp : filter (/= grp) groupsSupported -- https://tools.ietf.org/html/rfc8446#section-4.1.2 says: -- "The client will also send a
test/HandshakeSpec.hs view
@@ -865,7 +865,6 @@ handshake13_0rtt_fallback :: CSP13 -> IO () handshake13_0rtt_fallback (CSP13 (cli, srv)) = do- maxEarlyDataSize <- generate $ choose (0, 512) group0 <- generate $ elements [P256, X25519] let cliSupported = def@@ -877,21 +876,21 @@ { supportedCiphers = [cipher_TLS13_AES128GCM_SHA256] , supportedGroups = [group0] }- params0 =+ params = ( cli{clientSupported = cliSupported} , srv { serverSupported = svrSupported- , serverEarlyDataSize = maxEarlyDataSize+ , serverEarlyDataSize = 1024 } ) sessionRefs <- twoSessionRefs let sessionManagers = twoSessionManagers sessionRefs - let params = setPairParamsSessionManagers sessionManagers params0+ let params0 = setPairParamsSessionManagers sessionManagers params let mode = if group0 == P256 then FullHandshake else HelloRetryRequest- runTLSSimple13 params mode+ runTLSSimple13 params0 mode -- and resume mSessionParams <- readClientSessionRef sessionRefs@@ -900,7 +899,7 @@ Just sessionParams -> do earlyData <- B.pack <$> generate (someWords8 256) group1 <- generate $ elements [P256, X25519]- let (pc, ps) = setPairParamsSessionResuming sessionParams params+ let (pc, ps) = setPairParamsSessionResuming sessionParams params0 svrSupported1 = def { supportedCiphers = [cipher_TLS13_AES128GCM_SHA256]@@ -913,9 +912,14 @@ , serverSupported = svrSupported1 } )-- if group1 == group0+ -- C: [P256, X25519]+ -- S: [group0]+ -- C: [P256, X25519]+ -- S: [group1]+ if group0 == group1+ -- 0-RTT is not allowed, so fallback to PreSharedKey then runTLS0RTT params1 PreSharedKey earlyData+ -- HRR but not allowed for 0-RTT else runTLSFailure params1 (tlsClient earlyData) tlsServer where tlsClient earlyData ctx = do
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: tls-version: 2.0.4+version: 2.0.5 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>