DTLS 1.3 signature_algorithms_cert Extension

[adrianosela]

DTLS 1.3 signature_algorithms_cert Extension

Addresses part of #776: Adds support for the signature_algorithms_cert extension.

Note: Per https://www.rfc-editor.org/rfc/rfc8446#section-4.2.3 and https://www.rfc-editor.org/rfc/rfc8446#section-1.3 this extension may optionally apply to DTLS 1.2, so we can safely ship any net-new additions to the API e.g. CertificateSignatureSchemes in config.

[codecov]

Codecov Report

❌ Patch coverage is 82.26950% with 25 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.69%. Comparing base (9495bef) to head (7d91c46).

Files with missing lines	Patch %	Lines
conn.go	22.22%	6 Missing and 1 partial ⚠️
crypto.go	87.09%	2 Missing and 2 partials ⚠️
flight1handler.go	0.00%	3 Missing and 1 partial ⚠️
flight3handler.go	0.00%	3 Missing and 1 partial ⚠️
flight0handler.go	0.00%	2 Missing ⚠️
pkg/protocol/extension/extension.go	50.00%	2 Missing ⚠️
...ocol/extension/generic_signature_hash_extension.go	94.28%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #788      +/-   ##
==========================================
- Coverage   81.72%   81.69%   -0.04%     
==========================================
  Files         108      110       +2     
  Lines        6062     6161      +99     
==========================================
+ Hits         4954     5033      +79     
- Misses        712      728      +16     
- Partials      396      400       +4     

Flag	Coverage Δ
go	81.69% <82.26%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[adrianosela]

This PR needs some clean-up and a lot more unit tests. But I figured I'd open it and ask for any early feedback cc:// @theodorsm @JoTurk

[adrianosela]

This PR is ready for formal review now.

[adrianosela]

If you want to play with the new CertificateSignatureSchemes config setting, you may take a look at the end-to-end listen/dial example in this commit, which I intend to PR after this goes out.

[theodorsm]

Tnx! I left some comment.

As this introduces a new config flag, perhaps we should wait until #786 is merged? What do you think @JoTurk?

[theodorsm]

Is signaturesSchemes set as fallback (I do support it tho, as that how they do it in /crypto/tls)? The way I read the code, it is not currently.

[adrianosela]

Shoot -- very good catch -- thank you!

[adrianosela]

Actually... I just removed the fallback comment... now there is no fallback.

Can you point me to where in /crypto/tls the code falls back? AFAICT, there is no config setting for the _cert option in crypto/tls.

[theodorsm]

I see you removed the comment, but I do think we should set the signaturesSchemes as fallback as they do in /crypto/tls. https://cs.opensource.google/go/go/+/master:src/crypto/tls/handshake_client.go;l=123;drc=acd65ebb13a11f1b070b63a66b35bb1b15934409

That is, we should start to send the signature_algorithms_cert with DTLS 1.2 with the default list provided by ParseSignatureSchemes. If we remove the length check it should do that, like we do with signatureSchemes above.

[JoTurk]

I'm going to review this tonight. Looks so cool thank you so much.

perhaps we should wait until #786 is merged? What do you think @JoTurk?

I agree, sorry i got busy with life stuff. I'll get #786 ready for review tonight too.

[adrianosela]

Thanks for the review @theodorsm. Looking forward to your @JoTurk :D

I've made your requested changes in new commits @theodorsm , just to make review easier. Once you are happy I will squash into 1.

[theodorsm]

Wow, thanks for the fast fix @adrianosela. I like the generic signature extension.

I went over it once more and noticed two things.

[theodorsm]

I see you removed the comment, but I do think we should set the signaturesSchemes as fallback as they do in /crypto/tls. https://cs.opensource.google/go/go/+/master:src/crypto/tls/handshake_client.go;l=123;drc=acd65ebb13a11f1b070b63a66b35bb1b15934409

That is, we should start to send the signature_algorithms_cert with DTLS 1.2 with the default list provided by ParseSignatureSchemes. If we remove the length check it should do that, like we do with signatureSchemes above.

[adrianosela]

@theodorsm

• signature_algotihms_cert is no longer included in a ServerHello: nice catch
• we now do set the signaturesSchemes as fallback ( as in crypto/tls), followed your suggestion of removing the len check like we do with signatureSchemes

[theodorsm]

I am so sorry about the back-and-forth, but I had to take a bit longer time to reason about the handshake state machine. I added more comments.

Also, we should do as you did previously, with checking for the length of the provided CertificateSignatureSchemes and not fallback to signaturesSchemes in config. I looked at some captures from firefox and chrome and they do not add the signature_algorithms_cert by default. We have the same policy for both extensions:

Implementations which have the same policy in both cases MAY omit the "signature_algorithms_cert" extension.

[theodorsm]

LGTM! Let's rebase and merge once the config options are merged.