BedrockFramework
BedrockFramework copied to clipboard
Implement OpenSSL based TLS support
Details here need to be fleshed out and I'm going to lean on @Drawaes to help flesh this out and break it down into work items. Ideally we'd have several parsers for various parts of the pipeline (handshake writer and reader etc).
- [ ] - ClientHelloMessageReader - This will parse the client hello message
- [ ] - ClientHelloMessageWriter - This will write the client hello message
Parts needed off the top of my head
Protocol Version Parser (to figure out which version of the protocol is going to be used)
Record (R/W) RecordType RecordHeader
Main record types that need to be handled
ChangeCipherSpec Alert Handshake Application
Then within the handshake there is handshake framing (so another R/W) with a header and type.
Message types in there are
client_hello - 1, server hello - 2, new session ticket - 4, end of early_data - 5, hello retry_request 6, encrypted extensions - 8, certificate - 11, Server Key Exchange = 12, certificate request - 13, server hello done = 14, certificate verify - 15, client key exchange - 16, finished - 20, key update -24,
How much can we leverage from dotnet to implement this? I assume the main difference will be exposing Pipe apis vs Stream apis?
@jkotalik I think there are different layers here:
- The various parsers for message types (or single parser for multiple message types)
- The crypto interface
- The end to end usage of it (Pipe and Stream using them above primitives to do the end to end)
There are a few questions here to answer. Are you wanting to do all of the protocol handling in OpenSsl and make a simple PInvoke layer (ala Sslstream) or something slightly more ambitious (ala go, Java etc) where you have the protocol handling in managed code with maybe just the crypto handled in OpenSsl (with it built to be able to swap the crypto implementations). My preference is the second the first is somewhat boring 😴.
I prefer the latter. I'd like the crypto to be an abstraction though not baked to use open ssl.
Hello guys, are the functions involved in this issue still under development? I hope to implement the message type of new session ticket during handshake, but sslsteam does not seem to use this message type. Is there any other way