rustls
common_state: expose key exchange group
Similar to negotiated_cipher_suite() it feels like there's utility in knowing the key exchange group that was used for the connection. In particular it also let us tighten up some FFHDE related unit tests where the expected key exchange was implied by success/failure but not verified precisely. Both those unit tests, some similar ones interrogating the negotiated ciphersuite, and the post-quantum example binary were updated to also interrogate the KEX group.
Resolves https://github.com/rustls/rustls/issues/2019
Note due to the NamedGroup::Unknown variant (which, as discussed in https://github.com/rustls/rustls/pull/1845 should probably be named NamedGroup::Other) the consumer might have to do a bit of legwork with the result from our API.
E.g. a connection made with the experimental rustls-post-quantum provider's KEX will give a connection that returns NamedGroup::Unknown(25497), not something like NamedGroup::X25519Kyber768Draft00. You'd need to map the TLS identifier to a name yourself.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 94.26%. Comparing base (
18aa20a) to head (75b5106). Report is 1 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #2028 +/- ##
=======================================
Coverage 94.25% 94.26%
=======================================
Files 97 97
Lines 21787 21815 +28
=======================================
+ Hits 20535 20563 +28
Misses 1252 1252
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Benchmark results
Instruction counts
Significant differences
There are no significant instruction count differences
Other differences
Click to expand
| Scenario | Baseline | Candidate | Diff | Threshold |
|---|---|---|---|---|
| handshake_tickets_aws_lc_rs_1.2_rsa_aes_server | 4496540 | 4394410 | -102130 (-2.27%) | 3.90% |
| handshake_session_id_aws_lc_rs_1.2_rsa_aes_server | 3996563 | 3921777 | -74786 (-1.87%) | 4.15% |
| handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server | 13755918 | 13818911 | 62993 (0.46%) | 0.99% |
| handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server | 13377521 | 13416486 | 38965 (0.29%) | 1.00% |
| handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server | 33556839 | 33470340 | -86499 (-0.26%) | 0.58% |
| handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server | 32965107 | 32880172 | -84935 (-0.26%) | 0.49% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client | 8785884 | 8765523 | -20361 (-0.23%) | 1.08% |
| handshake_no_resume_ring_1.3_ecdsap256_chacha_server | 2137461 | 2132805 | -4656 (-0.22%) | 0.82% |
| transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server | 46470814 | 46371370 | -99444 (-0.21%) | 0.38% |
| handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server | 13802258 | 13780301 | -21957 (-0.16%) | 0.87% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client | 30674387 | 30628577 | -45810 (-0.15%) | 0.32% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client | 8767447 | 8780459 | 13012 (0.15%) | 0.67% |
| transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server | 46408521 | 46474676 | 66155 (0.14%) | 0.26% |
| handshake_tickets_aws_lc_rs_1.3_rsa_aes_server | 33515306 | 33561480 | 46174 (0.14%) | 0.60% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client | 31085790 | 31120526 | 34736 (0.11%) | 0.32% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client | 30641697 | 30674924 | 33227 (0.11%) | 0.32% |
| transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server | 80658596 | 80602784 | -55812 (-0.07%) | 0.26% |
| handshake_session_id_aws_lc_rs_1.3_rsa_aes_server | 32957140 | 32978810 | 21670 (0.07%) | 0.60% |
| handshake_no_resume_ring_1.3_ecdsap256_aes_client | 3916141 | 3913806 | -2335 (-0.06%) | 0.45% |
| handshake_no_resume_ring_1.3_ecdsap256_chacha_client | 3920124 | 3917982 | -2142 (-0.05%) | 0.32% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client | 31108141 | 31091782 | -16359 (-0.05%) | 0.33% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client | 3382626 | 3381346 | -1280 (-0.04%) | 0.25% |
| handshake_tickets_aws_lc_rs_1.2_rsa_aes_client | 4324114 | 4325687 | 1573 (0.04%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client | 3385429 | 3384480 | -949 (-0.03%) | 0.27% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server | 1915572 | 1915089 | -483 (-0.03%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client | 92705105 | 92683093 | -22012 (-0.02%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server | 1912572 | 1912195 | -377 (-0.02%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client | 2227293 | 2226905 | -388 (-0.02%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap256_chacha_client | 41807148 | 41814238 | 7090 (0.02%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.2_rsa_aes_client | 4000677 | 4001266 | 589 (0.01%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap256_chacha_server | 43952303 | 43958446 | 6143 (0.01%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap256_aes_client | 41886402 | 41892122 | 5720 (0.01%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client | 2234241 | 2233950 | -291 (-0.01%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap256_chacha_server | 43366389 | 43371419 | 5030 (0.01%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client | 2016607 | 2016379 | -228 (-0.01%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap256_aes_client | 58318419 | 58324794 | 6375 (0.01%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client | 30646963 | 30650296 | 3333 (0.01%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server | 4292115 | 4291667 | -448 (-0.01%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client | 31134074 | 31137298 | 3224 (0.01%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap256_aes_client | 42338239 | 42342612 | 4373 (0.01%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap256_chacha_client | 42266760 | 42270912 | 4152 (0.01%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client | 30672073 | 30675037 | 2964 (0.01%) | 0.20% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server | 4295198 | 4294798 | -400 (-0.01%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client | 30660670 | 30663495 | 2825 (0.01%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_rsa_aes_client | 30686272 | 30689029 | 2757 (0.01%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap256_aes_server | 46458408 | 46462426 | 4018 (0.01%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap384_aes_server | 44041409 | 44038083 | -3326 (-0.01%) | 0.20% |
| handshake_session_id_ring_1.3_rsa_aes_server | 43464237 | 43461115 | -3122 (-0.01%) | 0.20% |
| handshake_tickets_ring_1.3_rsa_aes_server | 44037619 | 44034834 | -2785 (-0.01%) | 0.20% |
| handshake_session_id_ring_1.3_rsa_chacha_client | 41820488 | 41823123 | 2635 (0.01%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server | 32938686 | 32940674 | 1988 (0.01%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client | 31131548 | 31133406 | 1858 (0.01%) | 0.20% |
| handshake_no_resume_ring_1.2_rsa_aes_client | 2853455 | 2853623 | 168 (0.01%) | 0.20% |
| handshake_tickets_ring_1.2_rsa_aes_client | 4529440 | 4529180 | -260 (-0.01%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap256_aes_server | 43468134 | 43465839 | -2295 (-0.01%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap256_chacha_server | 80522387 | 80526617 | 4230 (0.01%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_rsa_aes_client | 31151618 | 31153228 | 1610 (0.01%) | 0.20% |
| handshake_no_resume_ring_1.3_rsa_chacha_client | 2956751 | 2956600 | -151 (-0.01%) | 0.20% |
| handshake_tickets_ring_1.2_rsa_aes_server | 4690781 | 4691009 | 228 (0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_rsa_aes_client | 2950629 | 2950766 | 137 (0.00%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client | 31112655 | 31114083 | 1428 (0.00%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap384_chacha_client | 42267127 | 42269015 | 1888 (0.00%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap256_aes_server | 44041072 | 44042869 | 1797 (0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_rsa_aes_server | 12177662 | 12177209 | -453 (-0.00%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server | 32979208 | 32980369 | 1161 (0.00%) | 0.20% |
| handshake_session_id_ring_1.2_rsa_aes_server | 4251699 | 4251557 | -142 (-0.00%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server | 33549163 | 33550180 | 1017 (0.00%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap384_chacha_client | 41803390 | 41804650 | 1260 (0.00%) | 0.20% |
| handshake_tickets_ring_1.3_rsa_chacha_client | 42285031 | 42286299 | 1268 (0.00%) | 0.20% |
| handshake_tickets_ring_1.3_rsa_aes_client | 42351744 | 42352994 | 1250 (0.00%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server | 32937865 | 32938798 | 933 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client | 58259945 | 58258400 | -1545 (-0.00%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server | 33548465 | 33549318 | 853 (0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap256_chacha_client | 92648610 | 92650846 | 2236 (0.00%) | 0.20% |
| handshake_session_id_ring_1.2_rsa_aes_client | 4264423 | 4264520 | 97 (0.00%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap384_aes_client | 41884092 | 41884984 | 892 (0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_rsa_chacha_server | 12183217 | 12182961 | -256 (-0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_ecdsap256_aes_server | 2131273 | 2131317 | 44 (0.00%) | 0.83% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server | 33515752 | 33516440 | 688 (0.00%) | 0.20% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server | 33516308 | 33516983 | 675 (0.00%) | 0.20% |
| transfer_no_resume_ring_1.2_rsa_aes_server | 46376690 | 46375808 | -882 (-0.00%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap384_chacha_server | 43955819 | 43956625 | 806 (0.00%) | 0.20% |
| handshake_tickets_ring_1.3_rsa_chacha_server | 43953422 | 43954148 | 726 (0.00%) | 0.20% |
| handshake_tickets_ring_1.3_ecdsap384_aes_client | 42332838 | 42333524 | 686 (0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap384_aes_client | 58315452 | 58314517 | -935 (-0.00%) | 0.20% |
| handshake_session_id_ring_1.3_rsa_aes_client | 41902775 | 41903368 | 593 (0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_ecdsap384_aes_server | 13739368 | 13739185 | -183 (-0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap384_chacha_client | 92649212 | 92647996 | -1216 (-0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_rsa_aes_server | 46469742 | 46470318 | 576 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client | 92713875 | 92714878 | 1003 (0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_ecdsap384_chacha_client | 35475410 | 35475063 | -347 (-0.00%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap384_chacha_server | 43366069 | 43366493 | 424 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server | 46451610 | 46452014 | 404 (0.00%) | 0.20% |
| handshake_no_resume_ring_1.2_rsa_aes_server | 11988456 | 11988367 | -89 (-0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client | 58242038 | 58242436 | 398 (0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap384_chacha_server | 80530946 | 80530460 | -486 (-0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_ecdsap384_aes_server | 46461847 | 46461574 | -273 (-0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_ecdsap384_chacha_server | 13741404 | 13741324 | -80 (-0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_rsa_aes_client | 58319498 | 58319165 | -333 (-0.00%) | 0.20% |
| handshake_session_id_ring_1.3_ecdsap384_aes_server | 43467213 | 43467001 | -212 (-0.00%) | 0.20% |
| handshake_no_resume_ring_1.3_ecdsap384_aes_client | 35473517 | 35473347 | -170 (-0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client | 58262337 | 58262570 | 233 (0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_rsa_chacha_server | 80538573 | 80538824 | 251 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server | 46453050 | 46453178 | 128 (0.00%) | 0.20% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server | 32979911 | 32979997 | 86 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server | 80631486 | 80631693 | 207 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client | 68658182 | 68658040 | -142 (-0.00%) | 0.20% |
| transfer_no_resume_ring_1.3_rsa_chacha_client | 92652331 | 92652141 | -190 (-0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server | 80632319 | 80632478 | 159 (0.00%) | 0.20% |
| transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client | 92719630 | 92719452 | -178 (-0.00%) | 0.20% |
| handshake_session_id_ring_1.3_rsa_chacha_server | 43363136 | 43363057 | -79 (-0.00%) | 0.20% |
| transfer_no_resume_ring_1.2_rsa_aes_client | 58200725 | 58200737 | 12 (0.00%) | 0.20% |
Wall-time
Significant differences
There are no significant wall-time differences
Other differences
Click to expand
| Scenario | Baseline | Candidate | Diff | Threshold |
|---|---|---|---|---|
| transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes | 4.48 ms | 4.53 ms | 0.05 ms (1.08%) | 3.99% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes | 478.55 µs | 483.15 µs | 4.60 µs (0.96%) | 2.77% |
| transfer_no_resume_aws_lc_rs_1.2_rsa_aes | 5.41 ms | 5.45 ms | 0.05 ms (0.84%) | 3.28% |
| handshake_no_resume_ring_1.3_ecdsap256_aes | 504.51 µs | 508.48 µs | 3.97 µs (0.79%) | 2.28% |
| transfer_no_resume_ring_1.3_ecdsap256_aes | 6.30 ms | 6.35 ms | 0.05 ms (0.78%) | 3.15% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha | 477.97 µs | 481.61 µs | 3.64 µs (0.76%) | 2.89% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes | 5.20 ms | 5.24 ms | 0.04 ms (0.71%) | 3.27% |
| handshake_no_resume_ring_1.3_ecdsap256_chacha | 501.58 µs | 504.89 µs | 3.31 µs (0.66%) | 2.11% |
| handshake_tickets_ring_1.2_rsa_aes | 1.65 ms | 1.64 ms | -0.01 ms (-0.61%) | 1.10% |
| transfer_no_resume_aws_lc_rs_1.3_rsa_aes | 5.41 ms | 5.45 ms | 0.03 ms (0.61%) | 2.98% |
| handshake_tickets_aws_lc_rs_1.2_rsa_aes | 2.24 ms | 2.23 ms | -0.01 ms (-0.60%) | 1.00% |
| handshake_session_id_aws_lc_rs_1.2_rsa_aes | 2.07 ms | 2.05 ms | -0.01 ms (-0.57%) | 1.04% |
| transfer_no_resume_ring_1.3_rsa_aes | 6.79 ms | 6.83 ms | 0.04 ms (0.55%) | 2.67% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes | 5.40 ms | 5.42 ms | 0.03 ms (0.53%) | 1.48% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha | 5.34 ms | 5.36 ms | 0.03 ms (0.52%) | 1.47% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha | 5.39 ms | 5.42 ms | 0.03 ms (0.48%) | 1.40% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes | 5.35 ms | 5.38 ms | 0.03 ms (0.48%) | 1.70% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha | 6.04 ms | 6.07 ms | 0.03 ms (0.45%) | 1.25% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha | 6.10 ms | 6.13 ms | 0.03 ms (0.44%) | 1.20% |
| transfer_no_resume_ring_1.3_ecdsap384_aes | 9.40 ms | 9.45 ms | 0.04 ms (0.44%) | 1.92% |
| handshake_no_resume_ring_1.2_rsa_aes | 975.07 µs | 978.93 µs | 3.86 µs (0.40%) | 1.12% |
| handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes | 6.11 ms | 6.14 ms | 0.02 ms (0.39%) | 1.50% |
| handshake_no_resume_ring_1.3_rsa_chacha | 985.78 µs | 989.56 µs | 3.78 µs (0.38%) | 1.34% |
| handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes | 6.07 ms | 6.09 ms | 0.02 ms (0.35%) | 1.28% |
| transfer_no_resume_ring_1.2_rsa_aes | 6.73 ms | 6.76 ms | 0.02 ms (0.34%) | 2.95% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha | 12.94 ms | 12.98 ms | 0.04 ms (0.34%) | 1.53% |
| handshake_session_id_aws_lc_rs_1.3_rsa_chacha | 6.28 ms | 6.30 ms | 0.02 ms (0.32%) | 1.24% |
| transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha | 13.65 ms | 13.69 ms | 0.04 ms (0.30%) | 1.32% |
| handshake_tickets_aws_lc_rs_1.3_rsa_chacha | 6.34 ms | 6.36 ms | 0.02 ms (0.29%) | 1.27% |
| transfer_no_resume_ring_1.3_ecdsap256_chacha | 12.95 ms | 12.99 ms | 0.04 ms (0.29%) | 1.38% |
| transfer_no_resume_ring_1.3_rsa_chacha | 13.44 ms | 13.48 ms | 0.04 ms (0.29%) | 1.32% |
| handshake_no_resume_ring_1.3_rsa_aes | 986.59 µs | 989.31 µs | 2.72 µs (0.28%) | 1.18% |
| handshake_tickets_aws_lc_rs_1.3_rsa_aes | 6.34 ms | 6.36 ms | 0.02 ms (0.26%) | 1.24% |
| transfer_no_resume_ring_1.3_ecdsap384_chacha | 16.05 ms | 16.09 ms | 0.04 ms (0.26%) | 1.23% |
| transfer_no_resume_aws_lc_rs_1.3_rsa_chacha | 13.88 ms | 13.91 ms | 0.04 ms (0.26%) | 1.39% |
| handshake_session_id_aws_lc_rs_1.3_rsa_aes | 6.30 ms | 6.31 ms | 0.01 ms (0.23%) | 1.12% |
| handshake_tickets_ring_1.3_ecdsap256_aes | 6.76 ms | 6.75 ms | -0.01 ms (-0.19%) | 1.00% |
| handshake_no_resume_aws_lc_rs_1.2_rsa_aes | 1.36 ms | 1.36 ms | -0.00 ms (-0.18%) | 2.06% |
| handshake_tickets_ring_1.3_ecdsap256_chacha | 6.73 ms | 6.71 ms | -0.01 ms (-0.18%) | 1.00% |
| handshake_no_resume_aws_lc_rs_1.3_rsa_chacha | 1.40 ms | 1.40 ms | -0.00 ms (-0.16%) | 3.18% |
| handshake_tickets_ring_1.3_rsa_aes | 7.24 ms | 7.24 ms | -0.01 ms (-0.13%) | 1.00% |
| handshake_tickets_ring_1.3_rsa_chacha | 7.20 ms | 7.19 ms | -0.01 ms (-0.10%) | 1.00% |
| handshake_no_resume_ring_1.3_ecdsap384_aes | 3.60 ms | 3.60 ms | 0.00 ms (0.10%) | 1.00% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha | 1.19 ms | 1.19 ms | 0.00 ms (0.09%) | 1.00% |
| handshake_no_resume_aws_lc_rs_1.3_rsa_aes | 1.41 ms | 1.41 ms | -0.00 ms (-0.09%) | 2.31% |
| handshake_session_id_ring_1.3_ecdsap256_aes | 6.71 ms | 6.71 ms | -0.01 ms (-0.08%) | 1.00% |
| handshake_session_id_ring_1.2_rsa_aes | 1.56 ms | 1.56 ms | -0.00 ms (-0.06%) | 1.27% |
| handshake_tickets_ring_1.3_ecdsap384_aes | 9.84 ms | 9.84 ms | -0.01 ms (-0.06%) | 1.00% |
| handshake_session_id_ring_1.3_rsa_aes | 7.20 ms | 7.20 ms | -0.00 ms (-0.05%) | 1.00% |
| handshake_session_id_ring_1.3_ecdsap384_aes | 9.79 ms | 9.80 ms | 0.00 ms (0.04%) | 1.00% |
| handshake_session_id_ring_1.3_ecdsap384_chacha | 9.76 ms | 9.76 ms | 0.00 ms (0.04%) | 1.00% |
| handshake_session_id_ring_1.3_rsa_chacha | 7.16 ms | 7.16 ms | 0.00 ms (0.03%) | 1.00% |
| handshake_session_id_ring_1.3_ecdsap256_chacha | 6.68 ms | 6.68 ms | -0.00 ms (-0.03%) | 1.00% |
| handshake_tickets_ring_1.3_ecdsap384_chacha | 9.81 ms | 9.81 ms | -0.00 ms (-0.02%) | 1.00% |
| handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes | 1.20 ms | 1.20 ms | 0.00 ms (0.01%) | 1.00% |
| handshake_no_resume_ring_1.3_ecdsap384_chacha | 3.60 ms | 3.60 ms | 0.00 ms (0.00%) | 1.00% |
Additional information
Checkout details:
- Base repo: https://github.com/rustls/rustls.git
- Base branch: main (18aa20abee0cbdd1c64e3e98d7cd1a7ffb883440)
- Candidate repo: https://github.com/cpu/rustls.git
- Candidate branch: cpu-2019-kex-conn-info (75b51068d84ba3657ce90fb4735df5910165f9b5)
![rustls-benchmarking[bot] avatar](https://avatars.githubusercontent.com/in/655614?v=4 "Published by a pub.dev verified publisher"){kind=small}
- Shower thought: we could perhaps return
Option<&'static dyn SupportedKxGroup>, but realistically the goals of a caller are better met byNamedGroup. ThoughSupportedKxGrouphas aDebugbound, and alsofips(), I guess the caller who wants that can just search through their provider for the named one if they wanted that.
Feels like that would align more with negotiated_cipher_suite() yielding SupportedKxGroup, I think I would prefer it over returning NamedGroup directly (going from SupportedKxGroup to NamedGroup is a trivial name() call away, while the other way around is less ergonomic).
Shower thought: we could perhaps return Option<&'static dyn SupportedKxGroup>
I've adopted this idea, but it does come with a new complication. In the TLS 1.3 client case we don't hang on to a &dyn SupportedKxGroup very long. In client/hs.rs's start_handshake() fn we almost immediately turn the &dyn SupportedKxGroup into a Box<dyn ActiveKeyExchange>. Once we've done that the ActiveKeyExchange trait doesn't facilitate going back to a SupportedKxGroup (and any changes to that trait would be breaking).
We can't stash the SupportedKxGroup into the CommonState in start_handshake() because at this point in the handshake we don't know if the SupportedKxGroup will end up being used (e.g. based on HRR, resumption, etc) and we want negotiated_key_exchange_group() to return None at this stage.
My solution here was to stash the SupportedKxGroup in the ClientHelloDetails and only extracting it to put into the CommonState later in the handshake once we've finished KX. It's a bit awkward but I think workable? If folks dislike this approach I would suggest we go back to exposing the NamedGroup instead of the SupportedKxGroup since the ActiveKeyExchange trait does make that available.
We can now implement bogo -expect-curve-id, -on-initial-expect-curve-id, and -on-resume-expect-curve-id options on top of this (either in this PR, or a later one).
Good idea, but I spent enough time fiddling with the above issue that I'd prefer to handle this in a follow-up PR on ~Tuesday if folks don't mind.
There's a test called resumption_combinations that could usefully call this too, it should be set for all full handshakes and TLS1.3 resumptions, but not set for TLS1.2 resumptions.
I integrated this suggestion in this branch. Thanks! It was helpful and I ended up shifting where/when the KX group was put into the CommonState based on this test.
Some checks haven’t completed yet
:cloud_with_lightning_and_rain: Looks like bad weather:
Actions runs triggered by pull requests are experiencing start delays.
I think the TLS 1.2 code paths are still setting the common state KX too soon. I will take another look at that & test coverage shortly.
I gave this branch some more thought and reworked how it was implemented (sorry to push changes after positive reviews!).
The new version removes the ClientHelloDetails field addition, removes some of the awkwardness in start_handshake, and is consistent in ensuring that the exposed negotiated group is only made available once key exchange has completed.
I'm happy with this now and promise to stop fiddling except for any review feedback :-)
We can now implement bogo -expect-curve-id, -on-initial-expect-curve-id, and -on-resume-expect-curve-id options on top of this (either in this PR, or a later one).
Unfortunately the API we're exposing doesn't make implementing these straightforward.
For -on-initial-expect-curve-id and -on-resume-expect-curve-id we lack the granularity to return the initial curve vs the negotiated curve. I don't think we want to expose that level of detail to our consumers so these will stay unimplemented.
For -expect-curve-id bogo expects to get the matching curve back even for resumption connections (e.g. CurveID-Resume-Client). We return None from our API in this case because we didn't do a full KX. I don't think we should change that so we're left evaluating workarounds, but we're stuck here too since we can't easily conditionally assert equality on expected vs actual KX ignoring these specific tests because AFAIK the only signal to use to inform the skip is the test name containing "Resume" and that information isn't wired through to the shim. (Edit: here's a commit to play with if someone thinks I missed another option).
We return None from our API in this case because we didn't do a full KX. I don't think we should change that
Why not? Does the cipher suite getter return None for resumed connections?
Why not?
Because key exchange wasn't negotiated/performed. Do you have a non-bogo use-case in mind that would benefit from the information?
Does the cipher suite getter return None for resumed connections?
No, but the ciphersuite is actively used for a resumed connection.
Because key exchange wasn't negotiated/performed. Do you have a non-bogo use-case in mind that would benefit from the information?
I guess one point would be simplifying implementation of openssl SSL_get_negotiated_group with 100% fidelity in rustls-openssl-compat (to save you looking it up -- it returns the connection's group if there is one, or the original connection's group if not). But I'm wary of that as a justification for rustls API design decisions, and I think it makes more sense to me that this new API accurately reflects the state of the current connection.
Because key exchange wasn't negotiated/performed. Do you have a non-bogo use-case in mind that would benefit from the information?
This caveat is not documented -- probably want to fix that?
I don't have a use case, just think it's not intuitive to many users.
This caveat is not documented -- probably want to fix that?
Agreed, I will fix and also add a pointer to the fn that returns whether it was a full handshake or not. 👍