mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: enable TLS 1.3 and update tests

Browse source 
To disable TLS 1.3, simply remove VersionTLS13 from supportedVersions,
as tested by TestEscapeRoute, and amend documentation. To make it
opt-in, revert the change to (*Config).supportedVersions from this CL.

I did not have the heart to implement the early data skipping feature
when I realized that it did not offer a choice between two
abstraction-breaking options, but demanded them both (look for handshake
type in case of HelloRetryRequest, trial decryption otherwise). It's a
lot of complexity for an apparently small gain, but if anyone has strong
opinions about it let me know.

Note that in TLS 1.3 alerts are encrypted, so the close_notify peeking
to return (n > 0, io.EOF) from Read doesn't work. If we are lucky, those
servers that unexpectedly close connections after serving a single
request will have stopped (maybe thanks to H/2) before they got updated
to TLS 1.3.

Relatedly, session tickets are now provisioned on the client first Read
instead of at Handshake time, because they are, well, post-handshake
messages. If this proves to be a problem we might try to peek at them.

Doubled the tests that cover logic that's different in TLS 1.3.

The benchmarks for TLS 1.2 compared to be0f3c286b5 (before TLS 1.3 and
its refactors, after CL 142817 changed them to use real connections)
show little movement.

name                                       old time/op   new time/op   delta
HandshakeServer/RSA-8                        795µs ± 1%    798µs ± 1%    ~     (p=0.057 n=10+18)
HandshakeServer/ECDHE-P256-RSA-8             903µs ± 0%    909µs ± 1%  +0.68%  (p=0.000 n=8+17)
HandshakeServer/ECDHE-P256-ECDSA-P256-8      198µs ± 0%    204µs ± 1%  +3.24%  (p=0.000 n=9+18)
HandshakeServer/ECDHE-X25519-ECDSA-P256-8    202µs ± 3%    208µs ± 1%  +2.98%  (p=0.000 n=9+20)
HandshakeServer/ECDHE-P521-ECDSA-P521-8     15.5ms ± 1%   15.9ms ± 2%  +2.49%  (p=0.000 n=10+20)
Throughput/MaxPacket/1MB-8                  5.81ms ±23%   6.14ms ±44%    ~     (p=0.605 n=8+18)
Throughput/MaxPacket/2MB-8                  8.91ms ±22%   8.74ms ±33%    ~     (p=0.498 n=9+19)
Throughput/MaxPacket/4MB-8                  12.8ms ± 3%   14.0ms ±10%  +9.74%  (p=0.000 n=10+17)
Throughput/MaxPacket/8MB-8                  25.1ms ± 7%   24.6ms ±16%    ~     (p=0.129 n=9+19)
Throughput/MaxPacket/16MB-8                 46.3ms ± 4%   45.9ms ±12%    ~     (p=0.340 n=9+20)
Throughput/MaxPacket/32MB-8                 88.5ms ± 4%   86.0ms ± 4%  -2.82%  (p=0.004 n=10+20)
Throughput/MaxPacket/64MB-8                  173ms ± 2%    167ms ± 7%  -3.42%  (p=0.001 n=10+19)
Throughput/DynamicPacket/1MB-8              5.88ms ± 4%   6.59ms ±64%    ~     (p=0.232 n=9+18)
Throughput/DynamicPacket/2MB-8              9.08ms ±12%   8.73ms ±21%    ~     (p=0.408 n=10+18)
Throughput/DynamicPacket/4MB-8              14.2ms ± 5%   14.0ms ±11%    ~     (p=0.188 n=9+19)
Throughput/DynamicPacket/8MB-8              25.1ms ± 6%   24.0ms ± 7%  -4.39%  (p=0.000 n=10+18)
Throughput/DynamicPacket/16MB-8             45.6ms ± 3%   43.3ms ± 1%  -5.22%  (p=0.000 n=10+8)
Throughput/DynamicPacket/32MB-8             88.4ms ± 3%   84.8ms ± 2%  -4.06%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8              175ms ± 3%    167ms ± 2%  -4.63%  (p=0.000 n=10+10)
Latency/MaxPacket/200kbps-8                  694ms ± 0%    694ms ± 0%  -0.02%  (p=0.000 n=9+9)
Latency/MaxPacket/500kbps-8                  279ms ± 0%    279ms ± 0%  -0.09%  (p=0.000 n=10+10)
Latency/MaxPacket/1000kbps-8                 140ms ± 0%    140ms ± 0%  -0.15%  (p=0.000 n=10+9)
Latency/MaxPacket/2000kbps-8                71.1ms ± 0%   71.0ms ± 0%  -0.09%  (p=0.001 n=8+9)
Latency/MaxPacket/5000kbps-8                30.5ms ± 6%   30.1ms ± 6%    ~     (p=0.905 n=10+9)
Latency/DynamicPacket/200kbps-8              134ms ± 0%    134ms ± 0%    ~     (p=0.796 n=9+9)
Latency/DynamicPacket/500kbps-8             54.8ms ± 0%   54.7ms ± 0%  -0.18%  (p=0.000 n=8+10)
Latency/DynamicPacket/1000kbps-8            28.5ms ± 0%   29.1ms ± 8%    ~     (p=0.173 n=8+10)
Latency/DynamicPacket/2000kbps-8            15.3ms ± 6%   15.9ms ±10%    ~     (p=0.905 n=9+10)
Latency/DynamicPacket/5000kbps-8            9.14ms ±21%   9.65ms ±82%    ~     (p=0.529 n=10+10)

name                                       old speed     new speed     delta
Throughput/MaxPacket/1MB-8                 175MB/s ±13%  167MB/s ±64%    ~     (p=0.646 n=7+20)
Throughput/MaxPacket/2MB-8                 241MB/s ±25%  241MB/s ±40%    ~     (p=0.660 n=9+20)
Throughput/MaxPacket/4MB-8                 328MB/s ± 3%  300MB/s ± 9%  -8.70%  (p=0.000 n=10+17)
Throughput/MaxPacket/8MB-8                 335MB/s ± 7%  340MB/s ±17%    ~     (p=0.212 n=9+20)
Throughput/MaxPacket/16MB-8                363MB/s ± 4%  367MB/s ±11%    ~     (p=0.340 n=9+20)
Throughput/MaxPacket/32MB-8                379MB/s ± 4%  390MB/s ± 4%  +2.93%  (p=0.004 n=10+20)
Throughput/MaxPacket/64MB-8                388MB/s ± 2%  401MB/s ± 7%  +3.25%  (p=0.004 n=10+20)
Throughput/DynamicPacket/1MB-8             178MB/s ± 4%  157MB/s ±73%    ~     (p=0.127 n=9+20)
Throughput/DynamicPacket/2MB-8             232MB/s ±11%  243MB/s ±18%    ~     (p=0.415 n=10+18)
Throughput/DynamicPacket/4MB-8             296MB/s ± 5%  299MB/s ±15%    ~     (p=0.295 n=9+20)
Throughput/DynamicPacket/8MB-8             334MB/s ± 6%  350MB/s ± 7%  +4.58%  (p=0.000 n=10+18)
Throughput/DynamicPacket/16MB-8            368MB/s ± 3%  388MB/s ± 1%  +5.48%  (p=0.000 n=10+8)
Throughput/DynamicPacket/32MB-8            380MB/s ± 3%  396MB/s ± 2%  +4.20%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8            384MB/s ± 3%  403MB/s ± 2%  +4.83%  (p=0.000 n=10+10)

Comparing TLS 1.2 and TLS 1.3 at tip shows a slight (~5-10%) slowdown of
handshakes, which might be worth looking at next cycle, but the latency
improvements are expected to overshadow that.

name                                       old time/op   new time/op   delta
HandshakeServer/ECDHE-P256-RSA-8             909µs ± 1%    963µs ± 0%   +5.87%  (p=0.000 n=17+18)
HandshakeServer/ECDHE-P256-ECDSA-P256-8      204µs ± 1%    225µs ± 2%  +10.20%  (p=0.000 n=18+20)
HandshakeServer/ECDHE-X25519-ECDSA-P256-8    208µs ± 1%    230µs ± 2%  +10.35%  (p=0.000 n=20+18)
HandshakeServer/ECDHE-P521-ECDSA-P521-8     15.9ms ± 2%   15.9ms ± 1%     ~     (p=0.444 n=20+19)
Throughput/MaxPacket/1MB-8                  6.14ms ±44%   7.07ms ±46%     ~     (p=0.057 n=18+19)
Throughput/MaxPacket/2MB-8                  8.74ms ±33%   8.61ms ± 9%     ~     (p=0.552 n=19+17)
Throughput/MaxPacket/4MB-8                  14.0ms ±10%   14.1ms ±12%     ~     (p=0.707 n=17+20)
Throughput/MaxPacket/8MB-8                  24.6ms ±16%   25.6ms ±14%     ~     (p=0.107 n=19+20)
Throughput/MaxPacket/16MB-8                 45.9ms ±12%   44.7ms ± 6%     ~     (p=0.607 n=20+19)
Throughput/MaxPacket/32MB-8                 86.0ms ± 4%   87.9ms ± 8%     ~     (p=0.113 n=20+19)
Throughput/MaxPacket/64MB-8                  167ms ± 7%    169ms ± 2%   +1.26%  (p=0.011 n=19+19)
Throughput/DynamicPacket/1MB-8              6.59ms ±64%   6.79ms ±43%     ~     (p=0.480 n=18+19)
Throughput/DynamicPacket/2MB-8              8.73ms ±21%   9.58ms ±13%   +9.71%  (p=0.006 n=18+20)
Throughput/DynamicPacket/4MB-8              14.0ms ±11%   13.9ms ±10%     ~     (p=0.687 n=19+20)
Throughput/DynamicPacket/8MB-8              24.0ms ± 7%   24.6ms ± 8%   +2.36%  (p=0.045 n=18+17)
Throughput/DynamicPacket/16MB-8             43.3ms ± 1%   44.3ms ± 2%   +2.48%  (p=0.001 n=8+9)
Throughput/DynamicPacket/32MB-8             84.8ms ± 2%   86.7ms ± 2%   +2.27%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8              167ms ± 2%    170ms ± 3%   +1.89%  (p=0.005 n=10+10)
Latency/MaxPacket/200kbps-8                  694ms ± 0%    699ms ± 0%   +0.65%  (p=0.000 n=9+10)
Latency/MaxPacket/500kbps-8                  279ms ± 0%    280ms ± 0%   +0.68%  (p=0.000 n=10+10)
Latency/MaxPacket/1000kbps-8                 140ms ± 0%    141ms ± 0%   +0.59%  (p=0.000 n=9+9)
Latency/MaxPacket/2000kbps-8                71.0ms ± 0%   71.3ms ± 0%   +0.42%  (p=0.000 n=9+9)
Latency/MaxPacket/5000kbps-8                30.1ms ± 6%   30.7ms ±10%   +1.93%  (p=0.019 n=9+9)
Latency/DynamicPacket/200kbps-8              134ms ± 0%    138ms ± 0%   +3.22%  (p=0.000 n=9+10)
Latency/DynamicPacket/500kbps-8             54.7ms ± 0%   56.3ms ± 0%   +3.03%  (p=0.000 n=10+8)
Latency/DynamicPacket/1000kbps-8            29.1ms ± 8%   29.1ms ± 0%     ~     (p=0.173 n=10+8)
Latency/DynamicPacket/2000kbps-8            15.9ms ±10%   16.4ms ±36%     ~     (p=0.633 n=10+8)
Latency/DynamicPacket/5000kbps-8            9.65ms ±82%   8.32ms ± 8%     ~     (p=0.573 n=10+8)

name                                       old speed     new speed     delta
Throughput/MaxPacket/1MB-8                 167MB/s ±64%  155MB/s ±55%     ~     (p=0.224 n=20+19)
Throughput/MaxPacket/2MB-8                 241MB/s ±40%  244MB/s ± 9%     ~     (p=0.407 n=20+17)
Throughput/MaxPacket/4MB-8                 300MB/s ± 9%  298MB/s ±11%     ~     (p=0.707 n=17+20)
Throughput/MaxPacket/8MB-8                 340MB/s ±17%  330MB/s ±13%     ~     (p=0.201 n=20+20)
Throughput/MaxPacket/16MB-8                367MB/s ±11%  375MB/s ± 5%     ~     (p=0.607 n=20+19)
Throughput/MaxPacket/32MB-8                390MB/s ± 4%  382MB/s ± 8%     ~     (p=0.113 n=20+19)
Throughput/MaxPacket/64MB-8                401MB/s ± 7%  397MB/s ± 2%   -0.96%  (p=0.030 n=20+19)
Throughput/DynamicPacket/1MB-8             157MB/s ±73%  156MB/s ±39%     ~     (p=0.738 n=20+20)
Throughput/DynamicPacket/2MB-8             243MB/s ±18%  220MB/s ±14%   -9.65%  (p=0.006 n=18+20)
Throughput/DynamicPacket/4MB-8             299MB/s ±15%  303MB/s ± 9%     ~     (p=0.512 n=20+20)
Throughput/DynamicPacket/8MB-8             350MB/s ± 7%  342MB/s ± 8%   -2.27%  (p=0.045 n=18+17)
Throughput/DynamicPacket/16MB-8            388MB/s ± 1%  378MB/s ± 2%   -2.41%  (p=0.001 n=8+9)
Throughput/DynamicPacket/32MB-8            396MB/s ± 2%  387MB/s ± 2%   -2.21%  (p=0.000 n=10+10)
Throughput/DynamicPacket/64MB-8            403MB/s ± 2%  396MB/s ± 3%   -1.84%  (p=0.005 n=10+10)

Fixes #9671

Change-Id: Ieb57c5140eb2c083b8be0d42b240cd2eeec0dcf6
Reviewed-on: https://go-review.googlesource.com/c/147638
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2018-11-05 22:52:51 -05:00
parent 07b241c4b9
commit 5db23cd389
83 changed files with 3733 additions and 3281 deletions
Download patch file Download diff file Expand all files Collapse all files

63
testdata/Server-TLSv12-RSA-3DES vendored
View file

@ -1,15 +1,18 @@
>>> Flow 1 (client to server)
00000000 16 03 01 00 5d 01 00 00 59 03 03 0c fb 72 82 e5 |....]...Y....r..|
00000010 9a 04 90 c8 0d 73 25 9a 3f 88 e3 48 71 a2 33 3e |.....s%.?..Hq.3>|
00000020 90 32 74 bc 12 38 d6 3a d3 11 1d 00 00 04 00 0a |.2t..8.:........|
00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......|
00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................|
00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................|
00000060 00 00 |..|
00000000 16 03 01 00 97 01 00 00 93 03 03 48 e2 22 70 f7 |...........H."p.|
00000010 9a 24 ce 92 69 d1 ff fc c0 c9 ba b2 da 8e 83 7a |.$..i..........z|
00000020 6e 8d 24 60 e2 e2 81 76 e6 72 37 00 00 04 00 0a |n.$`...v.r7.....|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....|
00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................|
00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................|
00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............|
>>> Flow 2 (server to client)
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................|
00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 0a 00 00 |...DOWNGRD......|
00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.|
00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......|
00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..|
@ -50,27 +53,27 @@
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............|
>>> Flow 3 (client to server)
00000000 16 03 03 00 86 10 00 00 82 00 80 04 90 54 41 b9 |.............TA.|
00000010 22 12 39 d9 1d 0b b8 6c d4 b3 8a ec 78 42 80 a5 |".9....l....xB..|
00000020 03 c9 2a 9e 95 6f a0 28 3a 5c e9 59 28 ba 49 9b |..*..o.(:\.Y(.I.|
00000030 37 63 61 3f c4 ac ba 55 6b 85 a5 27 ed 37 b9 25 |7ca?...Uk..'.7.%|
00000040 04 cf 84 ad 43 6b ab 13 fa 72 29 b8 01 d9 aa 0c |....Ck...r).....|
00000050 be b1 9a c4 5a 05 3d 2d 71 b4 72 f5 3a 77 fb 6b |....Z.=-q.r.:w.k|
00000060 45 b0 5b 00 f8 1e f9 70 7f a4 64 c9 1e 35 56 0b |E.[....p..d..5V.|
00000070 68 07 4c 04 95 f4 ca b1 0a b3 25 2b 93 2d be 80 |h.L.......%+.-..|
00000080 76 15 75 07 23 ee 25 f3 1b a8 2f 14 03 03 00 01 |v.u.#.%.../.....|
00000090 01 16 03 03 00 30 e5 cd 56 75 e6 a4 58 e5 33 cc |.....0..Vu..X.3.|
000000a0 95 23 e0 7f 01 f2 45 21 bb 7d 7c 17 1f 59 7c f9 |.#....E!.}|..Y|.|
000000b0 38 05 a3 95 4d 9b f2 3f 9d 84 2c 31 15 8b 4d d4 |8...M..?..,1..M.|
000000c0 17 3c 62 2b f6 71 |.<b+.q|
00000000 16 03 03 00 86 10 00 00 82 00 80 20 44 e6 19 b2 |........... D...|
00000010 c5 9f 95 af 90 29 b2 5c e9 c5 29 8c a2 bd 72 49 |.....).\..)...rI|
00000020 8d c8 ea e8 cc bd 65 d9 1c fe 95 f0 60 0e ee 13 |......e.....`...|
00000030 ea 7b bf 59 3c 08 21 07 73 b7 04 16 a7 a5 98 2e |.{.Y<.!.s.......|
00000040 ab ee db c3 83 ea c8 b2 07 3e 76 a0 8f d4 8f df |.........>v.....|
00000050 70 91 b7 ed 12 54 e2 e7 68 cb ed 26 be 84 a9 24 |p....T..h..&...$|
00000060 fb 89 48 49 4e 9b 14 98 82 ab 64 0c a5 a0 ec 1d |..HIN.....d.....|
00000070 96 b7 83 c3 14 cb de a5 97 d1 86 28 b6 d4 65 5d |...........(..e]|
00000080 0b 45 04 37 02 53 8c 96 5d f8 d3 14 03 03 00 01 |.E.7.S..].......|
00000090 01 16 03 03 00 30 04 43 06 c4 96 f5 f6 23 5d 46 |.....0.C.....#]F|
000000a0 ec 3d f4 18 44 3f f8 d2 e9 74 37 22 56 df f2 35 |.=..D?...t7"V..5|
000000b0 3d a0 8d 8a 80 be 4e 40 66 28 4c 37 aa f7 43 cf |=.....N@f(L7..C.|
000000c0 9e 29 83 7b 39 28 |.).{9(|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 30 00 00 00 00 00 |..........0.....|
00000010 00 00 00 b3 85 c2 1b ac 9e c2 01 f7 0f 76 6d 09 |.............vm.|
00000020 5c 4f 9f a6 89 1b 56 e3 05 0b 7e 0d 9d 6b 36 35 |\O....V...~..k65|
00000030 49 99 aa 4c 14 3b 69 2a 87 71 7d 17 03 03 00 30 |I..L.;i*.q}....0|
00000040 00 00 00 00 00 00 00 00 15 65 d4 be e5 1b c9 29 |.........e.....)|
00000050 e9 3a c4 22 72 f8 0c 40 c7 f5 45 a1 a3 c8 a8 64 |.:."r..@..E....d|
00000060 22 4c 6c 79 3f 32 66 d4 05 09 a8 d4 d8 a8 f3 c7 |"Lly?2f.........|
00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 fc 8d c6 |.... ...........|
00000080 3d b1 c4 9f 30 26 e3 b9 46 8f ce 9f 7e 5b 1e a3 |=...0&..F...~[..|
00000090 d0 98 64 3c 0d |..d<.|
00000010 00 00 00 27 75 8a 8d 43 68 0e af 19 6d d2 63 1c |...'u..Ch...m.c.|
00000020 44 51 0b 86 4c fc 16 1c 77 f8 96 1e 72 3d b9 45 |DQ..L...w...r=.E|
00000030 40 cc 70 bc 72 a3 d3 ff f6 e5 3f 17 03 03 00 30 |@.p.r.....?....0|
00000040 00 00 00 00 00 00 00 00 f4 cf bc 55 e6 d7 4f d2 |...........U..O.|
00000050 8f ae 52 8d 16 d0 44 9a c9 39 5b a7 69 bb 04 96 |..R...D..9[.i...|
00000060 c9 d9 0c 92 a0 da b4 52 c5 dd 20 cb 4b 8c ad 51 |.......R.. .K..Q|
00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 43 52 b5 |.... ........CR.|
00000080 d2 98 37 93 69 73 49 27 08 75 76 54 e7 39 b3 4c |..7.isI'.uvT.9.L|
00000090 da 48 84 00 20 |.H.. |