Closed Bug 1728281 Opened 3 years ago Closed 3 years ago

Add ECH-13 HRR Handling

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: djackson, Assigned: djackson)

References

(Blocks 1 open bug)

Details

Attachments

(3 files)

Bug 1728281 - Add ECH-13 HRR Handling. r=mt
(deleted), text/x-phabricator-request
Details
Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference. r=mt
(deleted), text/x-phabricator-request
Details
Bug 1728281 - Add tests for ECH HRR Changes. r=mt
(deleted), text/x-phabricator-request
Details

ECH Draft 13 adds an extension to HelloRetryRequests which allows a client to discern whether the HRR pertains to the ClientHelloOuter or ClientHelloInner.

This changset adds client and server support for ECH extensions in the HelloRetryRequest Message. Servers append an ECH extension with a payload of 8 bytes to their HRRs. If ECH has been accepted, the client can check the payload corresponds to a secret derived from the ClientHelloInner's random value. If ECH has been rejected, the value will not match. In the latter case, the server will have filled the payload with random bytes.

As a consequence of this change, a special handler for writing HRR extensions was added (as the HRR payload must be written last). The size of the HRR cookie has increased by 8 bytes as well, as in the event the server GREASE'd the ECH HRR value, it cannot rederive the value without some additional secret and thus cannot complete the handshake without it. To avoid standing out, the cookie size cannot change and thus this value is always stored.

Additional tests for this change will follow in a subsequent revision.

Severity: -- → N/A
Priority: -- → P1
Attachment #9238705 - Attachment description: WIP: Bug 1728281 - Add ECH-13 HRR Handling → Bug 1728281 - Add ECH-13 HRR Handling
Attachment #9238705 - Attachment description: Bug 1728281 - Add ECH-13 HRR Handling → Bug 1728281 - Add ECH-13 HRR Handling. r=mt

Draft 13 added an ECH extension for HRR messages. When GREASEing, this should only
be sent if the server was configured with ECH support or explicitly opted in.

Depends on D124649

Testcases for HRR ECH Xtns:
- Clients reject xtns of the wrong size.
- Clients reject mangled xtns.
- Clients reject unsolicited xtns.
- Servers send ECH HRR Xtns when accepting, rejecting or GREASEing
- Clients and Servers do not send xtns if disabled and not GREASEing
- Clients alert if servers accept ECH in HRR, then reject in SH.

Depends on D130695

There are some r+ patches which didn't land and no activity in this bug for 2 weeks.
:djackson, could you have a look please?
For more information, please visit auto_nag documentation.

Flags: needinfo?(mt)
Flags: needinfo?(djackson)
Flags: needinfo?(mt)
Flags: needinfo?(djackson)
Flags: needinfo?(bbeurdouche)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: