Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ktls: add method to track key updates #4364

Merged
merged 6 commits into from
Jan 18, 2024
Merged

ktls: add method to track key updates #4364

merged 6 commits into from
Jan 18, 2024

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Jan 17, 2024
edited
Loading

Description of changes:

Add key update count tracking. A customer interesting in TLS1.3 + ktls wants to measure how often they currently update their keys.

I think it's safe to cap the fields at 255. We really don't expect any connections to get anywhere near that many updates. When awslc saw that many, it was because of a bug :) 255 key updates would be enough for using AES to send 50TB of data with average sized records or 100TB with maximum sized records. If I bumped the fields up to uint16_t, it'd be 12PB/25PB.

Callouts:

I can see the argument that this method is pretty useless. If you don't control your clients, it's never going to be safe to assume that no clients will ever require a key update. But maybe the number is low enough that you're willing to take the availability hit? Minimally this should be unstable until we decide it's really necessary for ktls or find another use case.

Testing:

Unit tests.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Jan 17, 2024
@lrstewart lrstewart marked this pull request as ready for review January 17, 2024 04:12
goatgoose
goatgoose reviewed Jan 17, 2024
View reviewed changes
@lrstewart @goatgoose
Remove S2N_API in .c
2b42b7b 
Co-authored-by: Sam Clark <[email protected]>
@lrstewart lrstewart requested a review from goatgoose January 17, 2024 19:34
@lrstewart lrstewart enabled auto-merge (squash) January 17, 2024 23:36
@lrstewart lrstewart disabled auto-merge January 18, 2024 00:24
@lrstewart lrstewart enabled auto-merge (squash) January 18, 2024 01:14
@lrstewart lrstewart merged commit 078d1e9 into aws:main Jan 18, 2024
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goatgoose goatgoose goatgoose approved these changes

@maddeleine maddeleine maddeleine approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lrstewart @goatgoose @maddeleine