sdk icon indicating copy to clipboard operation
sdk copied to clipboard

Published 20 hours ago verified publisher icon dart-lang

RFC 9266: Channel Bindings for TLS 1.3 support

Open Neustradamus opened this issue 3 years ago • 5 comments

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

  • https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:

  • tls-unique for TLS =< 1.2
  • tls-exporter for TLS = 1.3

Thanks in advance.

Neustradamus avatar Aug 02 '22 21:08 Neustradamus

cc @brianquinlan

mit-mit avatar Aug 03 '22 13:08 mit-mit

//cc @brianquinlan

a-siva avatar Aug 08 '22 20:08 a-siva

@Neustradamus It wasn't clear from the BoringSSL bug (https://github.com/openssl/openssl/issues/18893) that you filed whether the necessary BoringSSL features are in place - are they?

brianquinlan avatar Aug 09 '22 18:08 brianquinlan

@brianquinlan: About BoringSSL, it is not complete, you can compare: 1/ tls-unique:

  • https://github.com/google/boringssl/search?q=tls-unique
  • https://github.com/google/boringssl/search?q=rfc5929

2/ tls-exporter:

  • https://github.com/google/boringssl/search?q=tls-exporter
  • https://github.com/google/boringssl/search?q=rfc9266

From @agl, @davidben: tls-unique:

  • https://github.com/google/boringssl/commit/af0e32cb84f0c9cc65b9233a3414d2562642b342
  • https://github.com/google/boringssl/commit/ced00b4258e86b14bd313b2701b103fd034dbe8c

I have commented here:

  • https://github.com/google/boringssl/commit/ced00b4258e86b14bd313b2701b103fd034dbe8c#commitcomment-79557686

I have requested more details:

Can you add more details like for previous "RFC5929":
- https://github.com/google/boringssl/search?q=rfc5929
- https://github.com/google/boringssl/search?q=tls-unique

Because we find nothing about: "RFC9266":
- https://github.com/google/boringssl/search?q=rfc9266
- https://github.com/google/boringssl/search?q=tls-exporter

Neustradamus avatar Aug 09 '22 22:08 Neustradamus

@Neustradamus, as I explained in the other places you've been CCing us, no new APIs are needed to implement RFC 9266, in any of OpenSSL or its derivatives. Or, indeed, in most TLS libraries I expect. You simply call the existing APIs for TLS's "export keying material" mechanism. Any API specific to RFC 9266 would just be convenience wrappers over that underlying primitive.

I don't see a particular need to add a convenience wrapper to BoringSSL right now.

davidben avatar Aug 10 '22 02:08 davidben

@PapaTutuWawa: I have done ticket here, do not hesitated to explain your problem.

Linked to:

  • https://github.com/PapaTutuWawa/moxxyv2/issues/13

Neustradamus avatar Aug 22 '22 23:08 Neustradamus

The issue comes from the fact that I would like to use TLS Channel Binding in my application using Dart to implement SCRAM-*-PLUS. For that, however, I would need access to the TLS connection's state (if that is the correct name) to get the neccessary data. Taking this Go SCRAM implementation as inspiration, something like Go's ExportKeyingMaterial would be required. As far as I know, Dart does not expose this kind of access in the SecureSocket class.

PapaTutuWawa avatar Aug 23 '22 10:08 PapaTutuWawa

Happy New Year 2023 to all!

Have you looked for this ticket and the @PapaTutuWawa comment?

Neustradamus avatar Jan 08 '23 18:01 Neustradamus