Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(s2n-quic-transport): support exporting from TLS sessions #1984

Merged
merged 1 commit into from
Oct 11, 2023
Merged

feat(s2n-quic-transport): support exporting from TLS sessions #1984

merged 1 commit into from
Oct 11, 2023

Conversation

Mark-Simulacrum
Copy link
Collaborator

@Mark-Simulacrum Mark-Simulacrum commented Oct 4, 2023
edited
Loading

Description of changes:

This adds support for exporting symmetric keys from the negotiated QUIC connection for use by other applications/protocols. See https://datatracker.ietf.org/doc/html/rfc5705 for some further details.

See s2n-tls upstream (aws/s2n-tls#4230), released as part of s2n-tls 0.0.39 on crate.io. rustls already supports the relevant API.

Call-outs:

The event API is somewhat novel as added here, but should be relatively extensible and works out ok.

Testing:

New test added.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Mark-Simulacrum Mark-Simulacrum force-pushed the tls-exporter branch 3 times, most recently from 20aa2ab to 8051eca Compare October 4, 2023 18:46
@Mark-Simulacrum Mark-Simulacrum force-pushed the tls-exporter branch 2 times, most recently from 72220ca to efe6a4e Compare October 9, 2023 14:48
@Mark-Simulacrum
Copy link
Collaborator Author

Remaining CI failure looks to be due to stable release adding new clippy breakage, not in files modified by this PR.

@Mark-Simulacrum Mark-Simulacrum force-pushed the tls-exporter branch 3 times, most recently from 1392984 to cfd32ca Compare October 11, 2023 18:07
@Mark-Simulacrum
Copy link
Collaborator Author

OK, incorporated s2n-tls availability and added a test that makes sure this works.

camshaft
camshaft reviewed Oct 11, 2023
View reviewed changes
quic/s2n-quic/src/tests/exporter.rs Outdated Show resolved Hide resolved
quic/s2n-quic/src/tests/exporter.rs
@@ -0,0 +1,120 @@
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really like the test here! Nice work

@Mark-Simulacrum
Support exporting from TLS sessions
7b36fbd 
This also bumps s2n-tls dependency to 0.0.39 so that we can make use of
the new TLS-Exporter functionality in s2n-tls, not just in rustls.
@camshaft camshaft changed the title Support exporting from TLS sessions feat(s2n-quic-transport): support exporting from TLS sessions Oct 11, 2023
@camshaft camshaft enabled auto-merge (squash) October 11, 2023 19:52
@camshaft camshaft merged commit 1e85c77 into aws:main Oct 11, 2023
127 of 128 checks passed
@Mark-Simulacrum Mark-Simulacrum deleted the tls-exporter branch October 11, 2023 22:32
@WesleyRosenblum WesleyRosenblum mentioned this pull request Dec 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@camshaft camshaft camshaft approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Mark-Simulacrum @camshaft