Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK #301

Merged
merged 5 commits into from
Jun 27, 2024
Merged

Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK #301

merged 5 commits into from
Jun 27, 2024

Conversation

adotkhan
Copy link
Contributor

The TLS-PSK changes introduced in 8094658 sets the SessionTicket or PSK (either from cache or explicitly set) on the first call to (*UConn)BuildHandshakeState and locks the sessionController, preventing library user from inspecting the ClientHello to then craft an appropriate SessionTicket / PSK.

Our use case involves building a UConn with a potentially randomzied ClientHello and adding a SessionTicket to it encrypted with an out-of-band shared secret. To craft the appropriate SessionTicket (since the ClientHello parameters need to agree with it), the ClientHello is inspected for example to check whether EMS is present by calling BuildHandshakeState first.

Specifically, with regards to PSK / SessionTicket, the following doc comment on BuildHandshakeState does not apply to SetSessionTicketExtension/SetPskExtension, since the sessionController is locked after the first BuildHandshakeState call and further change to these extensions is disallowed:

// BuildHandshakeState is automatically called before uTLS performs handshake,
// amd should only be called explicitly to inspect/change fields of
// default/mimicked ClientHello.

This draft PR suggests one workaround, it's admittedly a fragile solution, however a review by uTLS maintainers is much appreicated towards finding an appropriate solution.

@gaukas
Copy link
Contributor

gaukas commented Jun 19, 2024

Looks interesting, I am gonna give a pass on this PR later this week.

Thanks for contributing to uTLS, @adotkhan!

gaukas
gaukas suggested changes Jun 20, 2024
View reviewed changes
Copy link
Contributor

@gaukas gaukas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request. Overall it looks good to me, but it would be much better if we can follow a less breaking manner (see comments for MakeClientSessionState in u_public.go).

I also shared my two cents on separating (*UConn).lockSessionState out of the last few lines in (*UConn).BuildHandshakeState. I agree we probably should do something like that, but I would kindly ask you to at least expore if there are any further change we can add to make it more natural (comments in u_conn.go)

u_public.go Outdated Show resolved Hide resolved
u_public.go Outdated Show resolved Hide resolved
u_conn.go Outdated Show resolved Hide resolved
@adotkhan
Copy link
Contributor Author

Thank you for the review @gaukas, much appreciated.

I have applied your suggestion regarding removing ExtMasterSecret bool field from MakeClientSessionState to avoid breaking the API.

cbf02ab reverts BuildHandshakeState behavior to what it was before, and adds a new BuildHandshakeStateWithoutSession which I believe would resolve the concerns you raised.

Since we only needed to inspect a partial/incomplete Client Hello, as more manual use case, I believe it makes sense to not change BuildHandshakeState.
This also avoids potential issues with having to remember to call lockSessionState.

@adotkhan
Copy link
Contributor Author

I missed what you mentioned regarding marshalling the Client Hello after the uLoadSession call.
I believe f061fb7 should resolve the issues raised better.

@gaukas
Copy link
Contributor

gaukas commented Jun 26, 2024

Much obliged! Feel free to mark this pull request ready-for-review and re-request a review from me if you are done with it.

@adotkhan adotkhan marked this pull request as ready for review June 26, 2024 22:47
@adotkhan adotkhan requested a review from gaukas June 26, 2024 22:48
gaukas
gaukas approved these changes Jun 27, 2024
View reviewed changes
Copy link
Contributor

@gaukas gaukas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks for patching BuildHandshakeState and adding Extended Master Secret-related methods to *ClientSessionState!

@gaukas gaukas merged commit 925bfb3 into refraction-networking:master Jun 27, 2024
6 checks passed
gaukas pushed a commit that referenced this pull request Jun 28, 2024
@adotkhan @gaukas
Allow BuildHandshakeState to inspect ClientHello before setting Sessi…
3c290c4 
…onTicket/PSK (#301)

* Lock sessionController only on last call to BuildHandshakeState

* Add public getter/setter for SessionState.extMasterSecret

* Fix breaking exported MakeClientSessionState

* Revert `(*UConn).BuildHandshakeState` to lock session controller

This partially reverts ebe5d66
and introduces BuildHandshakeStateWithoutSession.

* fix: Marshal the Client Hello after loading session


---------

Signed-off-by: Gaukas Wang <i@gaukas.wang>
@gaukas
Copy link
Contributor

gaukas commented Jul 5, 2024

Released in v1.6.7!

This was referenced Jul 16, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gaukas gaukas gaukas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adotkhan @gaukas