Add the key share extension #749
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #749 +/- ##
==========================================
+ Coverage 79.13% 81.26% +2.12%
==========================================
Files 102 102
Lines 6917 5679 -1238
==========================================
- Hits 5474 4615 -859
+ Misses 1068 683 -385
- Partials 375 381 +6
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Thanks for this draft! I have made some adjustments to your suggestion. I have taken inspiration from the TLS 1.3 implementation in the standard library where they reuse TLS 1.2 types and extensions rather than renaming or creating new - this simplified the implementation a lot. Additionally, I think we should only stick to the groups supported by the standard library and the TLS 1.3 implementation. Tests were a bit flaky with marshaling and unmarshaling in the same test. Therefore, I added tests with raw bytes captured from the NSS stack of Firefox with Wireshark (pro tip: you can copy bytes as a Go literal) and some handcrafted bytes. |
27c0863 to
a0986ed
Compare
|
@philipch07 @theodorsm thank you <3 i'm going to read the spec and submit a review this week 👍 |
There was a problem hiding this comment.
@theodorsm Thank you for the changes!! It's much cleaner now and I like the approach that you took regarding the renaming.
I wonder if there's a way that we can be extra clear in the docs about the renaming since the filename may be misleading for readers, but I don't have an answer to that off the top of my head. The comments that you added are still very useful.
| seenGroups := []elliptic.Curve{} | ||
|
|
||
| for _, e := range k.ClientShares { | ||
| if slices.Contains(seenGroups, e.Group) { | ||
| return nil, errDuplicateKeyShare | ||
| } | ||
|
|
||
| seenGroups = append(seenGroups, e.Group) |
There was a problem hiding this comment.
Do you think it would be better to have seenGroups be a map instead of a slice since we only use it to check for the existence of a group and we never have to traverse it?
| seenGroups := []elliptic.Curve{} | ||
| for !peek.Empty() { | ||
| var entry KeyShareEntry | ||
| var groupU16 uint16 | ||
| var raw cryptobyte.String | ||
|
|
||
| if !peek.ReadUint16(&groupU16) || !peek.ReadUint16LengthPrefixed(&raw) { | ||
| return errInvalidKeyShareFormat | ||
| } | ||
|
|
||
| group := elliptic.Curve(groupU16) | ||
|
|
||
| if slices.Contains(seenGroups, group) { | ||
| return errDuplicateKeyShare | ||
| } | ||
|
|
||
| seenGroups = append(seenGroups, group) |
There was a problem hiding this comment.
And same for here?
Description
This adds the
supported_versionsextension feature in accordance with DTLS v1.3 which refers to TLS 1.3 section 4.2.8, 4.2.8.1, and 4.2.8.2.Note about the ci failures:
This currently uses a global variable to test that my current logic is valid, so it will break all the DTLS v1.2 tests. At the moment, this is blocked by #738 as it requires a proper config/switch. I'm not sure what the best way of setting the toggle would be in
extensions.go, but hopefully my current approach makes some sense.Reference issue
Closes #743.