RTG-2418 Update qtls

This commit is contained in:
Bas Westerbaan 2023-01-04 14:52:00 +01:00
parent 887e486a63
commit de4fd472f3
15 changed files with 65 additions and 35 deletions

4
go.mod
View File

@ -111,8 +111,8 @@ replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
// Post-quantum tunnel RTG-1339 // Post-quantum tunnel RTG-1339
replace ( replace (
// branch go1.18 // branch go1.18
github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e
// branch go1.19 // branch go1.19
github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e
) )

8
go.sum
View File

@ -132,10 +132,10 @@ github.com/cloudflare/circl v1.2.1-0.20220809205628-0a9554f37a47 h1:YzpECHxZ9TzO
github.com/cloudflare/circl v1.2.1-0.20220809205628-0a9554f37a47/go.mod h1:qhx8gBILsYlbam7h09SvHDSkjpe3TfLA7b/z4rxJvkE= github.com/cloudflare/circl v1.2.1-0.20220809205628-0a9554f37a47/go.mod h1:qhx8gBILsYlbam7h09SvHDSkjpe3TfLA7b/z4rxJvkE=
github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc h1:Dvk3ySBsOm5EviLx6VCyILnafPcQinXGP5jbTdHUJgE= github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc h1:Dvk3ySBsOm5EviLx6VCyILnafPcQinXGP5jbTdHUJgE=
github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc/go.mod h1:HlgKKR8V5a1wroIDDIz3/A+T+9Janfq+7n1P5sEFdi0= github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc/go.mod h1:HlgKKR8V5a1wroIDDIz3/A+T+9Janfq+7n1P5sEFdi0=
github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 h1:LEsjEHfKnIJEJU9QEIPVRuslxpBu+2kG2DXhxpkGT+o= github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e h1:frfo+L0qloEb6Vj+qjS4pbAYSJQZAlUnKZu0uJoErac=
github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0/go.mod h1:aIsWqC0WXyUiUxBl/RfxAjDyWE9CCLqvSMnCMTd/+bc= github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e/go.mod h1:mW0BgKFFDAiSmOdUwoORtjo0V2vqw5QzVYRtKQqw/Jg=
github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 h1:ErNoeVNqFXV+emlf4gY7Ms7/0DbQ8PT2UFxNyWBc51Q= github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e h1:RtQDXvDi0PK3EonP0v7zkE5/rApK4MsgRATCdD+ughg=
github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2/go.mod h1:mW0BgKFFDAiSmOdUwoORtjo0V2vqw5QzVYRtKQqw/Jg= github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e/go.mod h1:aIsWqC0WXyUiUxBl/RfxAjDyWE9CCLqvSMnCMTd/+bc=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=

View File

@ -125,6 +125,9 @@ type Conn struct {
used0RTT bool used0RTT bool
tmp [16]byte tmp [16]byte
connStateMutex sync.Mutex
connState ConnectionStateWith0RTT
} }
// Access to net.Conn methods. // Access to net.Conn methods.
@ -1533,19 +1536,16 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
// ConnectionState returns basic TLS details about the connection. // ConnectionState returns basic TLS details about the connection.
func (c *Conn) ConnectionState() ConnectionState { func (c *Conn) ConnectionState() ConnectionState {
c.handshakeMutex.Lock() c.connStateMutex.Lock()
defer c.handshakeMutex.Unlock() defer c.connStateMutex.Unlock()
return c.connectionStateLocked() return c.connState.ConnectionState
} }
// ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection. // ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection.
func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT { func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT {
c.handshakeMutex.Lock() c.connStateMutex.Lock()
defer c.handshakeMutex.Unlock() defer c.connStateMutex.Unlock()
return ConnectionStateWith0RTT{ return c.connState
ConnectionState: c.connectionStateLocked(),
Used0RTT: c.used0RTT,
}
} }
func (c *Conn) connectionStateLocked() ConnectionState { func (c *Conn) connectionStateLocked() ConnectionState {
@ -1576,6 +1576,15 @@ func (c *Conn) connectionStateLocked() ConnectionState {
return toConnectionState(state) return toConnectionState(state)
} }
func (c *Conn) updateConnectionState() {
c.connStateMutex.Lock()
defer c.connStateMutex.Unlock()
c.connState = ConnectionStateWith0RTT{
Used0RTT: c.used0RTT,
ConnectionState: c.connectionStateLocked(),
}
}
// OCSPResponse returns the stapled OCSP response from the TLS server, if // OCSPResponse returns the stapled OCSP response from the TLS server, if
// any. (Only valid for client connections.) // any. (Only valid for client connections.)
func (c *Conn) OCSPResponse() []byte { func (c *Conn) OCSPResponse() []byte {

View File

@ -306,6 +306,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session)) c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session))
} }
c.updateConnectionState()
return nil return nil
} }

View File

@ -83,6 +83,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
if err := hs.processServerHello(); err != nil { if err := hs.processServerHello(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.sendDummyChangeCipherSpec(); err != nil { if err := hs.sendDummyChangeCipherSpec(); err != nil {
return err return err
} }
@ -95,6 +96,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
if err := hs.readServerCertificate(); err != nil { if err := hs.readServerCertificate(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.readServerFinished(); err != nil { if err := hs.readServerFinished(); err != nil {
return err return err
} }
@ -115,7 +117,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
}) })
atomic.StoreUint32(&c.handshakeStatus, 1) atomic.StoreUint32(&c.handshakeStatus, 1)
c.updateConnectionState()
return nil return nil
} }

View File

@ -132,6 +132,7 @@ func (hs *serverHandshakeState) handshake() error {
c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random) c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random)
atomic.StoreUint32(&c.handshakeStatus, 1) atomic.StoreUint32(&c.handshakeStatus, 1)
c.updateConnectionState()
return nil return nil
} }

View File

@ -56,6 +56,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
if err := hs.checkForResumption(); err != nil { if err := hs.checkForResumption(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.pickCertificate(); err != nil { if err := hs.pickCertificate(); err != nil {
return err return err
} }
@ -78,6 +79,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
if err := hs.readClientCertificate(); err != nil { if err := hs.readClientCertificate(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.readClientFinished(); err != nil { if err := hs.readClientFinished(); err != nil {
return err return err
} }
@ -89,7 +91,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
}) })
atomic.StoreUint32(&c.handshakeStatus, 1) atomic.StoreUint32(&c.handshakeStatus, 1)
c.updateConnectionState()
return nil return nil
} }

View File

@ -1,6 +1,6 @@
# qtls # qtls
[![Go Reference](https://pkg.go.dev/badge/github.com/marten-seemann/qtls-go1-17.svg)](https://pkg.go.dev/github.com/marten-seemann/qtls-go1-17) [![Go Reference](https://pkg.go.dev/badge/github.com/marten-seemann/qtls-go1-19.svg)](https://pkg.go.dev/github.com/marten-seemann/qtls-go1-19)
[![.github/workflows/go-test.yml](https://github.com/marten-seemann/qtls-go1-17/actions/workflows/go-test.yml/badge.svg)](https://github.com/marten-seemann/qtls-go1-17/actions/workflows/go-test.yml) [![.github/workflows/go-test.yml](https://github.com/marten-seemann/qtls-go1-19/actions/workflows/go-test.yml/badge.svg)](https://github.com/marten-seemann/qtls-go1-19/actions/workflows/go-test.yml)
This repository contains a modified version of the standard library's TLS implementation, modified for the QUIC protocol. It is used by [quic-go](https://github.com/lucas-clemente/quic-go). This repository contains a modified version of the standard library's TLS implementation, modified for the QUIC protocol. It is used by [quic-go](https://github.com/lucas-clemente/quic-go).

View File

@ -346,7 +346,7 @@ type clientSessionState struct {
// SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which // SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which
// are supported via this interface. // are supported via this interface.
// //
//go:generate sh -c "mockgen -package qtls -destination mock_client_session_cache_test.go github.com/marten-seemann/qtls-go1-17 ClientSessionCache" //go:generate sh -c "mockgen -package qtls -destination mock_client_session_cache_test.go github.com/marten-seemann/qtls-go1-19 ClientSessionCache"
type ClientSessionCache = tls.ClientSessionCache type ClientSessionCache = tls.ClientSessionCache
// SignatureScheme is a tls.SignatureScheme // SignatureScheme is a tls.SignatureScheme

View File

@ -125,6 +125,9 @@ type Conn struct {
used0RTT bool used0RTT bool
tmp [16]byte tmp [16]byte
connStateMutex sync.Mutex
connState ConnectionStateWith0RTT
} }
// Access to net.Conn methods. // Access to net.Conn methods.
@ -1535,19 +1538,16 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {
// ConnectionState returns basic TLS details about the connection. // ConnectionState returns basic TLS details about the connection.
func (c *Conn) ConnectionState() ConnectionState { func (c *Conn) ConnectionState() ConnectionState {
c.handshakeMutex.Lock() c.connStateMutex.Lock()
defer c.handshakeMutex.Unlock() defer c.connStateMutex.Unlock()
return c.connectionStateLocked() return c.connState.ConnectionState
} }
// ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection. // ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection.
func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT { func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT {
c.handshakeMutex.Lock() c.connStateMutex.Lock()
defer c.handshakeMutex.Unlock() defer c.connStateMutex.Unlock()
return ConnectionStateWith0RTT{ return c.connState
ConnectionState: c.connectionStateLocked(),
Used0RTT: c.used0RTT,
}
} }
func (c *Conn) connectionStateLocked() ConnectionState { func (c *Conn) connectionStateLocked() ConnectionState {
@ -1578,6 +1578,15 @@ func (c *Conn) connectionStateLocked() ConnectionState {
return toConnectionState(state) return toConnectionState(state)
} }
func (c *Conn) updateConnectionState() {
c.connStateMutex.Lock()
defer c.connStateMutex.Unlock()
c.connState = ConnectionStateWith0RTT{
Used0RTT: c.used0RTT,
ConnectionState: c.connectionStateLocked(),
}
}
// OCSPResponse returns the stapled OCSP response from the TLS server, if // OCSPResponse returns the stapled OCSP response from the TLS server, if
// any. (Only valid for client connections.) // any. (Only valid for client connections.)
func (c *Conn) OCSPResponse() []byte { func (c *Conn) OCSPResponse() []byte {

View File

@ -311,6 +311,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session)) c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session))
} }
c.updateConnectionState()
return nil return nil
} }

View File

@ -87,6 +87,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
if err := hs.processServerHello(); err != nil { if err := hs.processServerHello(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.sendDummyChangeCipherSpec(); err != nil { if err := hs.sendDummyChangeCipherSpec(); err != nil {
return err return err
} }
@ -99,6 +100,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
if err := hs.readServerCertificate(); err != nil { if err := hs.readServerCertificate(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.readServerFinished(); err != nil { if err := hs.readServerFinished(); err != nil {
return err return err
} }
@ -119,7 +121,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
}) })
atomic.StoreUint32(&c.handshakeStatus, 1) atomic.StoreUint32(&c.handshakeStatus, 1)
c.updateConnectionState()
return nil return nil
} }

View File

@ -132,6 +132,7 @@ func (hs *serverHandshakeState) handshake() error {
c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random) c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random)
atomic.StoreUint32(&c.handshakeStatus, 1) atomic.StoreUint32(&c.handshakeStatus, 1)
c.updateConnectionState()
return nil return nil
} }

View File

@ -60,6 +60,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
if err := hs.checkForResumption(); err != nil { if err := hs.checkForResumption(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.pickCertificate(); err != nil { if err := hs.pickCertificate(); err != nil {
return err return err
} }
@ -82,6 +83,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
if err := hs.readClientCertificate(); err != nil { if err := hs.readClientCertificate(); err != nil {
return err return err
} }
c.updateConnectionState()
if err := hs.readClientFinished(); err != nil { if err := hs.readClientFinished(); err != nil {
return err return err
} }
@ -93,7 +95,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
}) })
atomic.StoreUint32(&c.handshakeStatus, 1) atomic.StoreUint32(&c.handshakeStatus, 1)
c.updateConnectionState()
return nil return nil
} }

8
vendor/modules.txt vendored
View File

@ -194,10 +194,10 @@ github.com/marten-seemann/qtls-go1-16
# github.com/marten-seemann/qtls-go1-17 v0.1.2 # github.com/marten-seemann/qtls-go1-17 v0.1.2
## explicit; go 1.17 ## explicit; go 1.17
github.com/marten-seemann/qtls-go1-17 github.com/marten-seemann/qtls-go1-17
# github.com/marten-seemann/qtls-go1-18 v0.1.2 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 # github.com/marten-seemann/qtls-go1-18 v0.1.2 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e
## explicit; go 1.18 ## explicit; go 1.18
github.com/marten-seemann/qtls-go1-18 github.com/marten-seemann/qtls-go1-18
# github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 # github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e
## explicit; go 1.19 ## explicit; go 1.19
github.com/marten-seemann/qtls-go1-19 github.com/marten-seemann/qtls-go1-19
# github.com/mattn/go-colorable v0.1.8 # github.com/mattn/go-colorable v0.1.8
@ -578,5 +578,5 @@ zombiezen.com/go/capnproto2/std/capnp/rpc
# github.com/lucas-clemente/quic-go => github.com/chungthuang/quic-go v0.27.1-0.20220809135021-ca330f1dec9f # github.com/lucas-clemente/quic-go => github.com/chungthuang/quic-go v0.27.1-0.20220809135021-ca330f1dec9f
# github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1 # github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1
# gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 # gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
# github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 # github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e
# github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 # github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e