mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: enable TLS 1.3 and update tests

Browse source 
To disable TLS 1.3, simply remove VersionTLS13 from supportedVersions,
as tested by TestEscapeRoute, and amend documentation. To make it
opt-in, revert the change to (*Config).supportedVersions from this CL.

I did not have the heart to implement the early data skipping feature
when I realized that it did not offer a choice between two
abstraction-breaking options, but demanded them both (look for handshake
type in case of HelloRetryRequest, trial decryption otherwise). It's a
lot of complexity for an apparently small gain, but if anyone has strong
opinions about it let me know.

Note that in TLS 1.3 alerts are encrypted, so the close_notify peeking
to return (n > 0, io.EOF) from Read doesn't work. If we are lucky, those
servers that unexpectedly close connections after serving a single
request will have stopped (maybe thanks to H/2) before they got updated
to TLS 1.3.

Relatedly, session tickets are now provisioned on the client first Read
instead of at Handshake time, because they are, well, post-handshake
messages. If this proves to be a problem we might try to peek at them.

Doubled the tests that cover logic that's different in TLS 1.3.

The benchmarks for TLS 1.2 compared to be0f3c286b5 (before TLS 1.3 and
its refactors, after CL 142817 changed them to use real connections)
show little movement.

name                                       old time/op   new time/op   delta
HandshakeServer/RSA-8                        795µs ± 1%    798µs ± 1%    ~     (p=0.057 n=10+18)
HandshakeServer/ECDHE-P256-RSA-8             903µs ± 0%    909µs ± 1%  +0.68%  (p=0.000 n=8+17)
HandshakeServer/ECDHE-P256-ECDSA-P256-8      198µs ± 0%    204µs ± 1%  +3.24%  (p=0.000 n=9+18)
HandshakeServer/ECDHE-X25519-ECDSA-P256-8    202µs ± 3%    208µs ± 1%  +2.98%  (p=0.000 n=9+20)
HandshakeServer/ECDHE-P521-ECDSA-P521-8     15.5ms ± 1%   15.9ms ± 2%  +2.49%  (p=0.000 n=10+20)
Throughput/MaxPacket/1MB-8                  5.81ms ±23%   6.14ms ±44%    ~     (p=0.605 n=8+18)
Throughput/MaxPacket/2MB-8                  8.91ms ±22%   8.74ms ±33%    ~     (p=0.498 n=9+19)
Throughput/MaxPacket/4MB-8                  12.8ms ± 3%   14.0ms ±10%  +9.74%  (p=0.000 n=10+17)
Throughput/MaxPacket/8MB-8                  25.1ms ± 7%   24.6ms ±16%    ~     (p=0.129 n=9+19)
Throughput/MaxPacket/16MB-8                 46.3ms ± 4%   45.9ms ±12%    ~     (p=0.340 n=9+20)
Throughput/MaxPacket/32MB-8                 88.5ms ± 4%   86.0ms ± 4%  -2.82%  (p=0.004 n=10+20)
Throughput/MaxPacket/64MB-8                  173ms ± 2%    167ms ± 7%  -3.42%  (p=0.001 n=10+19)
Throughput/DynamicPacket/1MB-8              5.88ms ± 4%   6.59ms ±64%    ~     (p=0.232 n=9+18)
Throughput/DynamicPacket/2MB-8              9.08ms ±12%   8.73ms ±21%    ~     (p=0.408 n=10+18)
Throughput/DynamicPacket/4MB-8              14.2ms ± 5%   14.0ms ±11%    ~     (p=0.188 n=9+19)
Throughput/DynamicPacket/8MB-8              25.1ms ± 6%   24.0ms ± 7%  -4.39%  (p=0.000 n=10+18)
Throughput/DynamicPacket/16MB-8             45.6ms ± 3%   43.3ms ± 1%  -5.22%  (p=0.000 n=10+8)
Throughput/DynamicPacket/32MB-8             88.4ms ± 3%   84.8ms ± 2%  -4.06%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8              175ms ± 3%    167ms ± 2%  -4.63%  (p=0.000 n=10+10)
Latency/MaxPacket/200kbps-8                  694ms ± 0%    694ms ± 0%  -0.02%  (p=0.000 n=9+9)
Latency/MaxPacket/500kbps-8                  279ms ± 0%    279ms ± 0%  -0.09%  (p=0.000 n=10+10)
Latency/MaxPacket/1000kbps-8                 140ms ± 0%    140ms ± 0%  -0.15%  (p=0.000 n=10+9)
Latency/MaxPacket/2000kbps-8                71.1ms ± 0%   71.0ms ± 0%  -0.09%  (p=0.001 n=8+9)
Latency/MaxPacket/5000kbps-8                30.5ms ± 6%   30.1ms ± 6%    ~     (p=0.905 n=10+9)
Latency/DynamicPacket/200kbps-8              134ms ± 0%    134ms ± 0%    ~     (p=0.796 n=9+9)
Latency/DynamicPacket/500kbps-8             54.8ms ± 0%   54.7ms ± 0%  -0.18%  (p=0.000 n=8+10)
Latency/DynamicPacket/1000kbps-8            28.5ms ± 0%   29.1ms ± 8%    ~     (p=0.173 n=8+10)
Latency/DynamicPacket/2000kbps-8            15.3ms ± 6%   15.9ms ±10%    ~     (p=0.905 n=9+10)
Latency/DynamicPacket/5000kbps-8            9.14ms ±21%   9.65ms ±82%    ~     (p=0.529 n=10+10)

name                                       old speed     new speed     delta
Throughput/MaxPacket/1MB-8                 175MB/s ±13%  167MB/s ±64%    ~     (p=0.646 n=7+20)
Throughput/MaxPacket/2MB-8                 241MB/s ±25%  241MB/s ±40%    ~     (p=0.660 n=9+20)
Throughput/MaxPacket/4MB-8                 328MB/s ± 3%  300MB/s ± 9%  -8.70%  (p=0.000 n=10+17)
Throughput/MaxPacket/8MB-8                 335MB/s ± 7%  340MB/s ±17%    ~     (p=0.212 n=9+20)
Throughput/MaxPacket/16MB-8                363MB/s ± 4%  367MB/s ±11%    ~     (p=0.340 n=9+20)
Throughput/MaxPacket/32MB-8                379MB/s ± 4%  390MB/s ± 4%  +2.93%  (p=0.004 n=10+20)
Throughput/MaxPacket/64MB-8                388MB/s ± 2%  401MB/s ± 7%  +3.25%  (p=0.004 n=10+20)
Throughput/DynamicPacket/1MB-8             178MB/s ± 4%  157MB/s ±73%    ~     (p=0.127 n=9+20)
Throughput/DynamicPacket/2MB-8             232MB/s ±11%  243MB/s ±18%    ~     (p=0.415 n=10+18)
Throughput/DynamicPacket/4MB-8             296MB/s ± 5%  299MB/s ±15%    ~     (p=0.295 n=9+20)
Throughput/DynamicPacket/8MB-8             334MB/s ± 6%  350MB/s ± 7%  +4.58%  (p=0.000 n=10+18)
Throughput/DynamicPacket/16MB-8            368MB/s ± 3%  388MB/s ± 1%  +5.48%  (p=0.000 n=10+8)
Throughput/DynamicPacket/32MB-8            380MB/s ± 3%  396MB/s ± 2%  +4.20%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8            384MB/s ± 3%  403MB/s ± 2%  +4.83%  (p=0.000 n=10+10)

Comparing TLS 1.2 and TLS 1.3 at tip shows a slight (~5-10%) slowdown of
handshakes, which might be worth looking at next cycle, but the latency
improvements are expected to overshadow that.

name                                       old time/op   new time/op   delta
HandshakeServer/ECDHE-P256-RSA-8             909µs ± 1%    963µs ± 0%   +5.87%  (p=0.000 n=17+18)
HandshakeServer/ECDHE-P256-ECDSA-P256-8      204µs ± 1%    225µs ± 2%  +10.20%  (p=0.000 n=18+20)
HandshakeServer/ECDHE-X25519-ECDSA-P256-8    208µs ± 1%    230µs ± 2%  +10.35%  (p=0.000 n=20+18)
HandshakeServer/ECDHE-P521-ECDSA-P521-8     15.9ms ± 2%   15.9ms ± 1%     ~     (p=0.444 n=20+19)
Throughput/MaxPacket/1MB-8                  6.14ms ±44%   7.07ms ±46%     ~     (p=0.057 n=18+19)
Throughput/MaxPacket/2MB-8                  8.74ms ±33%   8.61ms ± 9%     ~     (p=0.552 n=19+17)
Throughput/MaxPacket/4MB-8                  14.0ms ±10%   14.1ms ±12%     ~     (p=0.707 n=17+20)
Throughput/MaxPacket/8MB-8                  24.6ms ±16%   25.6ms ±14%     ~     (p=0.107 n=19+20)
Throughput/MaxPacket/16MB-8                 45.9ms ±12%   44.7ms ± 6%     ~     (p=0.607 n=20+19)
Throughput/MaxPacket/32MB-8                 86.0ms ± 4%   87.9ms ± 8%     ~     (p=0.113 n=20+19)
Throughput/MaxPacket/64MB-8                  167ms ± 7%    169ms ± 2%   +1.26%  (p=0.011 n=19+19)
Throughput/DynamicPacket/1MB-8              6.59ms ±64%   6.79ms ±43%     ~     (p=0.480 n=18+19)
Throughput/DynamicPacket/2MB-8              8.73ms ±21%   9.58ms ±13%   +9.71%  (p=0.006 n=18+20)
Throughput/DynamicPacket/4MB-8              14.0ms ±11%   13.9ms ±10%     ~     (p=0.687 n=19+20)
Throughput/DynamicPacket/8MB-8              24.0ms ± 7%   24.6ms ± 8%   +2.36%  (p=0.045 n=18+17)
Throughput/DynamicPacket/16MB-8             43.3ms ± 1%   44.3ms ± 2%   +2.48%  (p=0.001 n=8+9)
Throughput/DynamicPacket/32MB-8             84.8ms ± 2%   86.7ms ± 2%   +2.27%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8              167ms ± 2%    170ms ± 3%   +1.89%  (p=0.005 n=10+10)
Latency/MaxPacket/200kbps-8                  694ms ± 0%    699ms ± 0%   +0.65%  (p=0.000 n=9+10)
Latency/MaxPacket/500kbps-8                  279ms ± 0%    280ms ± 0%   +0.68%  (p=0.000 n=10+10)
Latency/MaxPacket/1000kbps-8                 140ms ± 0%    141ms ± 0%   +0.59%  (p=0.000 n=9+9)
Latency/MaxPacket/2000kbps-8                71.0ms ± 0%   71.3ms ± 0%   +0.42%  (p=0.000 n=9+9)
Latency/MaxPacket/5000kbps-8                30.1ms ± 6%   30.7ms ±10%   +1.93%  (p=0.019 n=9+9)
Latency/DynamicPacket/200kbps-8              134ms ± 0%    138ms ± 0%   +3.22%  (p=0.000 n=9+10)
Latency/DynamicPacket/500kbps-8             54.7ms ± 0%   56.3ms ± 0%   +3.03%  (p=0.000 n=10+8)
Latency/DynamicPacket/1000kbps-8            29.1ms ± 8%   29.1ms ± 0%     ~     (p=0.173 n=10+8)
Latency/DynamicPacket/2000kbps-8            15.9ms ±10%   16.4ms ±36%     ~     (p=0.633 n=10+8)
Latency/DynamicPacket/5000kbps-8            9.65ms ±82%   8.32ms ± 8%     ~     (p=0.573 n=10+8)

name                                       old speed     new speed     delta
Throughput/MaxPacket/1MB-8                 167MB/s ±64%  155MB/s ±55%     ~     (p=0.224 n=20+19)
Throughput/MaxPacket/2MB-8                 241MB/s ±40%  244MB/s ± 9%     ~     (p=0.407 n=20+17)
Throughput/MaxPacket/4MB-8                 300MB/s ± 9%  298MB/s ±11%     ~     (p=0.707 n=17+20)
Throughput/MaxPacket/8MB-8                 340MB/s ±17%  330MB/s ±13%     ~     (p=0.201 n=20+20)
Throughput/MaxPacket/16MB-8                367MB/s ±11%  375MB/s ± 5%     ~     (p=0.607 n=20+19)
Throughput/MaxPacket/32MB-8                390MB/s ± 4%  382MB/s ± 8%     ~     (p=0.113 n=20+19)
Throughput/MaxPacket/64MB-8                401MB/s ± 7%  397MB/s ± 2%   -0.96%  (p=0.030 n=20+19)
Throughput/DynamicPacket/1MB-8             157MB/s ±73%  156MB/s ±39%     ~     (p=0.738 n=20+20)
Throughput/DynamicPacket/2MB-8             243MB/s ±18%  220MB/s ±14%   -9.65%  (p=0.006 n=18+20)
Throughput/DynamicPacket/4MB-8             299MB/s ±15%  303MB/s ± 9%     ~     (p=0.512 n=20+20)
Throughput/DynamicPacket/8MB-8             350MB/s ± 7%  342MB/s ± 8%   -2.27%  (p=0.045 n=18+17)
Throughput/DynamicPacket/16MB-8            388MB/s ± 1%  378MB/s ± 2%   -2.41%  (p=0.001 n=8+9)
Throughput/DynamicPacket/32MB-8            396MB/s ± 2%  387MB/s ± 2%   -2.21%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8            403MB/s ± 2%  396MB/s ± 3%   -1.84%  (p=0.005 n=10+10)

Fixes #9671

Change-Id: Ieb57c5140eb2c083b8be0d42b240cd2eeec0dcf6
Reviewed-on: https://go-review.googlesource.com/c/147638
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2018-11-05 22:52:51 -05:00
parent 07b241c4b9
commit 5db23cd389
83 changed files with 3733 additions and 3281 deletions
Download patch file Download diff file Expand all files Collapse all files

56
testdata/Server-TLSv12-ClientAuthRequestedNotGiven vendored
View file

@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
00000000 16 03 01 00 97 01 00 00 93 03 03 f3 41 3d 06 d9 |............A=..|
00000010 97 bb f5 12 3f 23 ec 16 e0 5a 55 3d f2 5b 7d df |....?#...ZU=.[}.|
00000020 cf bf 96 d7 c2 cc 20 e9 9b 4c 5a 00 00 04 00 2f |...... ..LZ..../|
00000000 16 03 01 00 97 01 00 00 93 03 03 23 f3 fb 5f cb |...........#.._.|
00000010 3f 63 8a f2 4c c7 41 cd 64 00 4f 7c 63 66 e1 3f |?c..L.A.d.O|cf.?|
00000020 b6 8d 4e 24 20 35 9c c5 c3 96 e9 00 00 04 00 2f |..N$ 5........./|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@ -12,7 +12,7 @@
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..|
00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@ -57,31 +57,31 @@
000002c0 00 00 00 |...|
>>> Flow 3 (client to server)
00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................|
00000010 86 10 00 00 82 00 80 20 42 c0 a5 c6 81 fa 13 e7 |....... B.......|
00000020 a1 cc 81 01 43 75 a0 53 a9 d4 a6 6b b6 39 e0 68 |....Cu.S...k.9.h|
00000030 ab 3d 7c f3 90 14 ba 37 8d 43 d1 95 ae b5 bc 78 |.=|....7.C.....x|
00000040 c9 b0 90 82 e9 d8 15 29 f0 53 df 71 e2 b5 84 fa |.......).S.q....|
00000050 95 6b 02 28 8f ec c9 80 ff c8 29 14 e3 4b da 11 |.k.(......)..K..|
00000060 04 3f b3 69 cd 99 a3 41 fd 1f 6f 8d f8 08 32 e1 |.?.i...A..o...2.|
00000070 56 f8 25 8e 2f b4 e0 6e 61 2a 07 ba 7e ab 65 46 |V.%./..na*..~.eF|
00000080 1b f6 77 da b6 9b 1d 0f 4a cf bf 81 04 b1 6f 7e |..w.....J.....o~|
00000090 0d 72 22 3c 9a f3 69 14 03 03 00 01 01 16 03 03 |.r"<..i.........|
000000a0 00 40 2a a8 99 e7 90 7c 45 32 c7 5f c9 8f 4a 0d |.@*....|E2._..J.|
000000b0 cf 7b 90 71 43 68 76 f0 69 de 72 8a 74 b0 26 ee |.{.qChv.i.r.t.&.|
000000c0 92 4c 7f 0b 84 25 78 94 36 59 0b 32 3e c4 6a d2 |.L...%x.6Y.2>.j.|
000000d0 28 6f f8 5c ab 94 1b e5 95 2d 78 68 08 44 13 9a |(o.\.....-xh.D..|
000000e0 9a 3d |.=|
00000010 86 10 00 00 82 00 80 d7 50 22 1d 9e b8 81 12 e5 |........P"......|
00000020 47 e6 65 cf 82 19 a2 43 9a 5c 7b 44 98 eb d9 ac |G.e....C.\{D....|
00000030 e1 4e f5 9d ad bd 0a 0e 17 07 81 b9 b5 4b bb b1 |.N...........K..|
00000040 95 da 0a 82 67 ba 98 1b cc 45 91 62 ee 36 eb e3 |....g....E.b.6..|
00000050 18 30 34 f6 38 ab 3d 0c a7 2b bd 90 94 49 81 af |.04.8.=..+...I..|
00000060 67 a0 f2 b4 0f c0 09 eb c3 23 24 4b 76 3f cb b9 |g........#$Kv?..|
00000070 4c a3 53 a7 f6 53 34 1b 24 24 2f cc 24 d8 fb 12 |L.S..S4.$$/.$...|
00000080 65 60 cf 06 92 c3 7c 63 18 b1 92 88 e3 a8 1d 9c |e`....|c........|
00000090 f7 c1 9a a4 af 78 7d 14 03 03 00 01 01 16 03 03 |.....x}.........|
000000a0 00 40 91 9a 6b 71 c5 3e 88 9a 26 b4 af fa 41 26 |.@..kq.>..&...A&|
000000b0 72 33 a7 72 9b 22 89 d9 a5 ed 3d 0e 0e af c8 ef |r3.r."....=.....|
000000c0 3d c8 89 e4 0d 21 df 06 37 23 0f 50 d1 3e ef af |=....!..7#.P.>..|
000000d0 d8 cd 30 cc c4 18 3a 12 49 c0 0a 21 20 cd ac 66 |..0...:.I..! ..f|
000000e0 96 c3 |..|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
00000010 00 00 00 00 00 00 00 00 00 00 00 58 dd c1 b3 2e |...........X....|
00000020 88 70 3e a3 39 e2 fd 31 9e 28 b0 10 54 aa ac 50 |.p>.9..1.(..T..P|
00000030 50 26 3a 73 b4 85 11 18 ea 1a 98 73 c4 52 0a 66 |P&:s.......s.R.f|
00000040 c6 c7 47 05 8a 79 b8 e1 d4 89 0d 17 03 03 00 40 |..G..y.........@|
00000010 00 00 00 00 00 00 00 00 00 00 00 2d 70 ad 8f ed |...........-p...|
00000020 c0 cf ce 73 28 76 8f da 65 41 46 53 dd 06 0d cc |...s(v..eAFS....|
00000030 36 cb f3 b8 c7 1f df 53 1a 7d 1e 9f d6 b9 e3 9e |6......S.}......|
00000040 fe a8 d9 91 6c 3b d2 ef b6 30 55 17 03 03 00 40 |....l;...0U....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 ac d4 c6 97 fe 43 18 5d e2 ce 80 a0 4c b4 82 96 |.....C.]....L...|
00000070 fe 7c 25 05 a5 2e 31 d7 39 34 7c dc d6 bd 54 86 |.|%...1.94|...T.|
00000080 34 01 aa e9 65 20 3b 5d 35 03 40 68 f5 cb ec 8c |4...e ;]5.@h....|
00000060 6a 43 95 20 f0 f9 b4 e0 12 24 ae c1 55 c2 ad ec |jC. .....$..U...|
00000070 de 42 1f 0b ff 5b e5 ab 8b aa 72 69 2f 10 12 ca |.B...[....ri/...|
00000080 8c f2 77 be 60 81 ef c9 34 dc d7 68 57 d5 17 aa |..w.`...4..hW...|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
000000a0 00 00 00 00 00 9e 32 db a8 b6 e5 f2 f9 f7 ca 62 |......2........b|
000000b0 b8 43 a1 04 e6 68 9e d3 0a e3 30 08 f1 3a 67 f3 |.C...h....0..:g.|
000000c0 a3 12 a0 7c 79 |...|y|
000000a0 00 00 00 00 00 c0 4b 9e e5 6b 45 60 e1 7b 87 b1 |......K..kE`.{..|
000000b0 76 06 e4 dc d7 01 eb db 04 9c 9b d4 bd 5c e0 18 |v............\..|
000000c0 72 7a 73 93 4f |rzs.O|