Infrastructure for Tls

[Drawaes]

Includes

1. Helper for reversing all structs and enums such that you don't have to have ugly casts everywhere and can reverse for network order
2. Basic enums for TLS (cipher suites etc) all coded to the required values based on RFCs and values that will be sent across the wire
3. A set of infrastructure for all the basic building blocks of Tls (Hashing, Certs, KeyExchange, BulkCiphers)

I have not included any implementations yet and made all internal for now, this can be reviewed at a later date but none should be used externally for now (except TlsProtocolVersion).

Next there are a few steps

1. Provide some implementations (or at least one for OpenSsl) that shows how the infrastructure is provided
2. Provide the upper parts of the protocol (state machines, parsers/writers)

I will probably work on 1 first so that there is something to actually use in 2 when we come to it (and my Tls 1.3 is a little rusty so I need to review so I will work on 1.2 first for part 2).

Cheers
Tim

[davidfowl]

Internal. Do you need this though?

[Drawaes]

If I don't have this I end up with a lot of (SomeEnum) BinaryPrimatives.Reverse((ushort) someEnum);

Etc it's really ugly and this using generics goes down all the way to basically the bswap in all cases. Also in later code for Tls there are other structs (including int24) that are just unsupported otherwise

[davidfowl]

Mutable struct? Why?

[Drawaes]

There is a sequence number on this we increased for each message sent. We then feed this into BulkCipher as additional information used during the encryption for AES etc. Also by making the methods convert to the correct bitness in the set it means we can directly blit the struct (by using a pointer)

[davidfowl]

What is this type for?

[Drawaes]

There is a difference in how TLS 1.2 and TLS 1.3 for instance encrypt each record (different additional info, different IV calculations for each, different headers and footers for the encryption frame) so this way the up level protocol handlers can abstract that detail and not care. They just have a Decrypt/Encrypt. I will upload the TLS 1.2 and TLS 1.3 implementation of each of these next.

[davidfowl]

Why does this need to exist and why isn't it read only

[Drawaes]

The IV is the initialisation vector that is used by the various symmetrical encryption algos. The spec defines how these are set so the "BulkCipher" will set them before every record that is encrypted (They contain a mixture of random/info from the handshake and counters). They are calculated differently for TLS 1.2 /1.3 etc and therefore cannot be controlled by the key implementation. They are mutated every record so they need to be editable.

[davidfowl]

Why is this memory writable?

[Drawaes]

Originally this was "OwnedMemory" because it came from a pool, however the BulkCipher needed to hold it for it's lifetime and then say when it was done. Is there still a concept of this now?

[davidfowl]

What's this?

[Drawaes]

That is the same as below the provider below will provide an instance of this (from say OpenSsl or BCrypt)

[davidfowl]

Can we use any of the BCL types?

[Drawaes]

So Tls during the handshake requires you to keep a running hash of the messages sent/received during the exchange. There is a BCL incremental hash function which is great but....

TLS requires you to grab the hash up until now at various points. This poses a problem as there is only a "gethashandreset" method where as I want to get the hash up to now and continue. Both BCrypt and OpenSsl support that scenario but the BCL does not.

Without this you would have to buffer the messages during the handshake which is significantly worse and the interop for hash isn't a big deal.

[Drawaes]

All changed or answered, read for comment

[davidfowl]

Should this be ref?

[jkotalik]

I think there are a few outstanding comments, but I don't see any reason to block this.

[davidfowl]

@Drawaes Can you rebase?