Open Bug 1725938 (ech) Opened 3 years ago Updated 1 year ago

[meta] ECH

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
ASSIGNED

People

(Reporter: djackson, Assigned: djackson)

References

(Depends on 12 open bugs)

Details

(Keywords: meta, Whiteboard: [nss-fx][nss-meta])

Attachments

(7 files, 1 obsolete file)

Bug 1725938 - Stricter ClientHelloInner Decompression. r=mt.
(deleted), text/x-phabricator-request
Details
Bug 1725938 - Update generation of the Associated Data for ECH-13 r=mt
(deleted), text/x-phabricator-request
Details
Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. r=mt
(deleted), text/x-phabricator-request
Details
Bug 1725938 - Remove ECH_inner extension, use new enum format. r=mt
(deleted), text/x-phabricator-request
Details
Bug 1725938 - Tidy up error handling r=mt
(deleted), text/x-phabricator-request
Details
Bug 1725938 - Update tests for ECH-13. r=mt
(deleted), text/x-phabricator-request
Details
WIP: Bug 1725938: Add a script for testing ECH Interoperability
(deleted), text/x-phabricator-request
Details

Changes between ECH Draft 10 and Draft 13.

  • During ClientHelloInner Decompression, duplicate extensions must be rejected.
  • ClientHello padding is moved from the record layer to a dedicated field.
  • HRR now has an explicit confirmation value (which should be checked and GREASEd)
  • Changes to ClientHelloOuterAAD Generation
  • Requirements for dummy PSKs and early_data in ClientHelloOuters
  • ECHConfig format changes
  • Codepoint changes
Depends on: 1712879
Severity: -- → N/A
Priority: -- → P1
Summary: ECH -13 updates → [meta] TLS 1.3 ECH draft -13 updates
Whiteboard: nss-fx → [nss-fx][nss-meta]

Decompression is now a linear scan, ensuring the same CHO extension
is never considered for inclusion more than once. The added tests
check that duplicate or out of order references are now rejected.

Depends on: 1677181
Depends on: 1728281

This change simplifies the AAD generation for the ECH Xtn's payload in Client Hellos.
The AAD is now composed of the entire ClientHelloOuter, with the ECH Xtn payload replaced
with zeroes.

TODO: Regenerate the disabled tests.

Depends on D125697

Depends on D125697

Attachment #9241357 - Attachment is obsolete: true
Attachment #9239654 - Attachment description: WIP: Bug 1725938 - Update generation of ECH Xtn AAD → WIP: Bug 1725938 - Update generation of the Associated Data for ECH-13
Attachment #9239654 - Attachment description: WIP: Bug 1725938 - Update generation of the Associated Data for ECH-13 → Bug 1725938 - Update generation of the Associated Data for ECH-13
Attachment #9241361 - Attachment description: WIP: Bug 1725938 - Remove ECH_inner extension, use new enum format. → Bug 1725938 - Remove ECH_inner extension, use new enum format.
Attachment #9236489 - Attachment description: WIP: Bug 1725938 - Stricter ClientHelloInner Decompression → Bug 1725938 - Stricter ClientHelloInner Decompression
Attachment #9241356 - Attachment description: WIP: Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size → Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. r=mt
Attachment #9241361 - Attachment description: Bug 1725938 - Remove ECH_inner extension, use new enum format. → Bug 1725938 - Remove ECH_inner extension, use new enum format. r=mt
Attachment #9236489 - Attachment description: Bug 1725938 - Stricter ClientHelloInner Decompression → Bug 1725938 - Stricter ClientHelloInner Decompression. r=mt.
Attachment #9239654 - Attachment description: Bug 1725938 - Update generation of the Associated Data for ECH-13 → Bug 1725938 - Update generation of the Associated Data for ECH-13 r=mt

Small commit to tidy up the error handling when receiving ECH extensions.

Depends on D130696

  • Add a new test helper function for creating an ECH Config/
  • Update ECH Config tests to dynamically generate their configs.
  • Regenerate tests using fixed ClientHello configs for ECH-13.
  • Add test for recursive ECH Outer Extensions.
  • Add test for ECH Inner Extension with payload (should be empty).
  • Add test to ensure AAD covers both before and after ECH extension.

Depends on D130697

The included python3 script uses drill and tstclnt to test NSS against other ECH
server implementations.

Depends on D130699

Depends on: 1742568
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Depends on: 1748469
Depends on: 1749869
Status: REOPENED → ASSIGNED
Depends on: 1751877
Depends on: 1755904
Depends on: 1756127
Depends on: 1756485
Depends on: 1759525
Depends on: 1760809
Depends on: 1763120
Summary: [meta] TLS 1.3 ECH draft -13 updates → [meta] ECH
Depends on: 1765590
Depends on: 1767974
Depends on: 1773965
Depends on: 1771479
Depends on: 1779370
Depends on: 1779361
Depends on: 1779357
Depends on: 1779234
Depends on: 1771100
Depends on: 1780807
Depends on: 1781224
Depends on: 1788924
No longer depends on: 1788924
Depends on: 1789381
No longer depends on: 1789381
Depends on: 1790357
Depends on: 1790801
Depends on: 1804460
Depends on: 1816952
No longer depends on: 1816952
Depends on: 1817185
Depends on: 1822876
Depends on: 1822877
Depends on: 1500289
Duplicate of this bug: 1590863
Depends on: 1824578
Priority: P1 → P3
Depends on: 1828861
Depends on: 1847589
Depends on: 1847804
Alias: ech
Depends on: 1850248
Depends on: 1535235
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: