Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TLS 1.3] Preparations for addition of TLS 1.3 #2946

Merged
merged 4 commits into from
Apr 5, 2022
Merged

[TLS 1.3] Preparations for addition of TLS 1.3 #2946

merged 4 commits into from
Apr 5, 2022

Conversation

reneme
Copy link
Collaborator

@reneme reneme commented Apr 4, 2022
edited
Loading

Depends on: #2941, #2947, #2948 (requires rebase after merge)

This includes refactorings and preparatory steps for the integration of TLS 1.3 into the code base. The intention is similar to the previous TLS 1.2 refactoring pull request by @pist-eb and colleagues.

The central preparation is to add a Pimpl-Layer behind the public interfaces of TLS::Client and TLS::Server. Furthermore, central TLS handshake messages (such as Client Hello and Server Hello) are renamed into Client_Hello_12 with a Client_Hello base class. Generally, such base classes encapsulate common behaviour (usually mostly wire format marshalling) while _12 provides protocol version specific functionality. The addition of TLS 1.3 will fill in the gaps with Client_Hello_13 and friends.

This PR was created by squashing the changes in the pending TLS 1.3 PR and then removing (most) of the TLS 1.3 specific code. Hence, some interfaces or functionality might be unused or dangling right now. I tried to keep API and functionality adaptions to an absolute minimum to ease grafting the TLS 1.3 changes onto this PR later.

@reneme reneme marked this pull request as ready for review April 4, 2022 12:04
@reneme reneme mentioned this pull request Apr 4, 2022
Merged
16 tasks
@reneme reneme changed the title Preparations for addition of TLS 1.3 [TLS 1.3] Preparations for addition of TLS 1.3 Apr 4, 2022
@reneme @mako-eb @paba-eb
prepare TLS 1.2 for addition of TLS 1.3
fd9d1c3 
Co-authored-by: René Meusel <rene.meusel@nexenio.com>
Co-authored-by: Marek Kocik <extern.Marek.Kocik@elektrobit.com>
Co-authored-by: Grzegorz Dulewicz <extern.Grzegorz.Dulewicz@elektrobit.com>
Co-authored-by: Pawel Bazelewski <extern.pawel.bazelewski@elektrobit.com>
Co-authored-by: Pawel Jarosz <extern.pawel.jarosz@elektrobit.com>
@reneme
Copy link
Collaborator Author

reneme commented Apr 4, 2022
edited
Loading

Thanks for the quick turnaround with the smaller PRs. This is now rebased to latest master and hence doesn't include the changes in tls_reader.h, tls_transitions.h, tests.h, ... any longer.

@codecov-commenter
Copy link

codecov-commenter commented Apr 4, 2022
edited
Loading

Codecov Report

Merging #2946 (4c0c50f) into master (b040969) will decrease coverage by 0.02%.
The diff coverage is 89.47%.

@@            Coverage Diff             @@
##           master    #2946      +/-   ##
==========================================
- Coverage   92.60%   92.58%   -0.03%     
==========================================
  Files         573      577       +4     
  Lines       66485    66710     +225     
  Branches     6365     6375      +10     
==========================================
+ Hits        61570    61762     +192     
- Misses       4882     4915      +33     
  Partials       33       33
Impacted Files Coverage Δ
src/bogo_shim/bogo_shim.cpp 88.72% <ø> (ø)
src/lib/tls/tls12/msg_cert_status.cpp 76.66% <ø> (ø)
src/lib/tls/tls12/msg_hello_verify.cpp 100.00% <ø> (ø)
src/lib/tls/tls12/tls_cbc/tls_cbc.cpp 90.38% <ø> (ø)
src/lib/tls/tls12/tls_handshake_hash.cpp 100.00% <ø> (ø)
src/lib/tls/tls12/tls_record.cpp 95.81% <ø> (ø)
src/lib/tls/tls12/tls_session_key.cpp 100.00% <ø> (ø)
src/lib/tls/tls_algos.cpp 83.93% <ø> (ø)
src/tests/test_tls.cpp 92.46% <ø> (ø)
src/tests/test_tls_utils.cpp 0.00% <0.00%> (ø)
... and 42 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b040969...4c0c50f. Read the comment docs.

@randombit
Copy link
Owner

Thanks for splitting this out. This is the "easy" part for review (nothing really new, unlike the actual 1.3 logic) but is already a big patch. Working on the review now, may take a day or two.

randombit
randombit reviewed Apr 4, 2022
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK that went faster than I thought. Overall looks very good! Left some comments, and I do want to do a final pass review before merge, but we're almost there on this one.

src/lib/tls/msg_client_hello.cpp Show resolved Hide resolved
src/tests/test_tls.cpp Outdated Show resolved Hide resolved
src/tests/test_tls_utils.h Outdated Show resolved Hide resolved
src/tests/test_tls_messages.cpp Outdated Show resolved Hide resolved
src/lib/tls/msg_cert_req.cpp Outdated Show resolved Hide resolved
src/lib/tls/tls_algos.h Outdated Show resolved Hide resolved
src/lib/tls/tls_callbacks.cpp Show resolved Hide resolved
src/lib/tls/tls_policy.h Outdated Show resolved Hide resolved
src/lib/tls/tls_messages.h Show resolved Hide resolved
src/lib/tls/tls_extensions.h Outdated Show resolved Hide resolved
@reneme
Remove redundant TLS_Policy::use_extended_master_secret()
13af235 
For TLS 1.2 EMS is always enabled and TLS 1.3 won't need this
extension anyway.
@reneme
include what you use
9b41f88
@reneme
review comments
4c0c50f
@reneme
Copy link
Collaborator Author

reneme commented Apr 5, 2022

I acted on all your comments.

Regarding coding style comments: Let's do style fixes on the final PR to avoid unnecessary rebase frustration. I'm very much in favour of clang-format, by the way! We're currently using the astyle formatter somewhat consistently with varying satisfaction.

Actually clang-format seems to support Whitesmith style as of recently, though I didn't figure out a configuration to match the current code base's style reasonably well anyway.

@randombit
Copy link
Owner

Let's do style fixes on the final PR to avoid unnecessary rebase frustration.

Sounds good.

Actually clang-format seems to support Whitesmith style as of recently, though I didn't figure out a configuration to match the current code base's style reasonably well anyway.

I have also so far been unable to get anything that is close to the current codebase. I think when it happens I'll just do a reformat into some other style that is convenient to express using clang-format configuration and that I don't find too ugly. For this purpose I'll probably wait until just before we do a final 3.0 release when things are otherwise very quiet in terms of new development. And then we'll just have to suffer that any backports to 2.x are going to be a little painful, but hopefully not too many will be required.

randombit
randombit approved these changes Apr 5, 2022
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's go!

@reneme
Copy link
Collaborator Author

reneme commented Apr 5, 2022

Great! I'll get going on the rebase of #2922. Probably that'll mean squashing its commit history, at least partially.

@reneme reneme merged commit 17fe9c1 into randombit:master Apr 5, 2022
@reneme reneme deleted the tls13/pimpl_refactoring branch April 5, 2022 14:06
@reneme reneme mentioned this pull request Apr 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@randombit randombit randombit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@reneme @codecov-commenter @randombit