-
Notifications
You must be signed in to change notification settings - Fork 7
/
cfevent.go
184 lines (153 loc) · 5.53 KB
/
cfevent.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
// Copyright 2023 Cloudflare, Inc. All rights reserved. Use of this source code
// is governed by a BSD-style license that can be found in the LICENSE file.
package tls
import "time"
// CFEvent is a value emitted at various points in the handshake that is
// handled by the callback Config.CFEventHandler.
type CFEvent interface {
Name() string
}
// CFEventTLS13ClientHandshakeTimingInfo carries intra-stack time durations for
// TLS 1.3 client-state machine changes. It can be used for tracking metrics
// during a connection. Some durations may be sensitive, such as the amount of
// time to process a particular handshake message, so this event should only be
// used for experimental purposes.
type CFEventTLS13ClientHandshakeTimingInfo struct {
timer func() time.Time
start time.Time
WriteClientHello time.Duration
ProcessServerHello time.Duration
ReadEncryptedExtensions time.Duration
ReadCertificate time.Duration
ReadCertificateVerify time.Duration
ReadServerFinished time.Duration
WriteCertificate time.Duration
WriteCertificateVerify time.Duration
WriteClientFinished time.Duration
}
// Name is required by the CFEvent interface.
func (e CFEventTLS13ClientHandshakeTimingInfo) Name() string {
return "TLS13ClientHandshakeTimingInfo"
}
func (e CFEventTLS13ClientHandshakeTimingInfo) elapsedTime() time.Duration {
if e.timer == nil {
return 0
}
return e.timer().Sub(e.start)
}
func createTLS13ClientHandshakeTimingInfo(timerFunc func() time.Time) CFEventTLS13ClientHandshakeTimingInfo {
timer := time.Now
if timerFunc != nil {
timer = timerFunc
}
return CFEventTLS13ClientHandshakeTimingInfo{
timer: timer,
start: timer(),
}
}
// CFEventTLS13ServerHandshakeTimingInfo carries intra-stack time durations
// for TLS 1.3 state machine changes. It can be used for tracking metrics during a
// connection. Some durations may be sensitive, such as the amount of time to
// process a particular handshake message, so this event should only be used
// for experimental purposes.
type CFEventTLS13ServerHandshakeTimingInfo struct {
timer func() time.Time
start time.Time
ProcessClientHello time.Duration
WriteServerHello time.Duration
WriteEncryptedExtensions time.Duration
WriteCertificate time.Duration
WriteCertificateVerify time.Duration
WriteServerFinished time.Duration
ReadCertificate time.Duration
ReadCertificateVerify time.Duration
ReadClientFinished time.Duration
}
// Name is required by the CFEvent interface.
func (e CFEventTLS13ServerHandshakeTimingInfo) Name() string {
return "TLS13ServerHandshakeTimingInfo"
}
func (e CFEventTLS13ServerHandshakeTimingInfo) elapsedTime() time.Duration {
if e.timer == nil {
return 0
}
return e.timer().Sub(e.start)
}
func createTLS13ServerHandshakeTimingInfo(timerFunc func() time.Time) CFEventTLS13ServerHandshakeTimingInfo {
timer := time.Now
if timerFunc != nil {
timer = timerFunc
}
return CFEventTLS13ServerHandshakeTimingInfo{
timer: timer,
start: timer(),
}
}
const (
// Constants for ECH status events.
echStatusBypassed = 1 + iota
echStatusInner
echStatusOuter
)
// CFEventECHClientStatus is emitted once it is known whether the client
// bypassed, offered, or greased ECH.
type CFEventECHClientStatus int
// Bypassed returns true if the client bypassed ECH.
func (e CFEventECHClientStatus) Bypassed() bool {
return e == echStatusBypassed
}
// Offered returns true if the client offered ECH.
func (e CFEventECHClientStatus) Offered() bool {
return e == echStatusInner
}
// Greased returns true if the client greased ECH.
func (e CFEventECHClientStatus) Greased() bool {
return e == echStatusOuter
}
// Name is required by the CFEvent interface.
func (e CFEventECHClientStatus) Name() string {
return "ech client status"
}
// CFEventECHServerStatus is emitted once it is known whether the client
// bypassed, offered, or greased ECH.
type CFEventECHServerStatus int
// Bypassed returns true if the client bypassed ECH.
func (e CFEventECHServerStatus) Bypassed() bool {
return e == echStatusBypassed
}
// Accepted returns true if the client offered ECH.
func (e CFEventECHServerStatus) Accepted() bool {
return e == echStatusInner
}
// Rejected returns true if the client greased ECH.
func (e CFEventECHServerStatus) Rejected() bool {
return e == echStatusOuter
}
// Name is required by the CFEvent interface.
func (e CFEventECHServerStatus) Name() string {
return "ech server status"
}
// CFEventECHPublicNameMismatch is emitted if the outer SNI does not match
// match the public name of the ECH configuration. Note that we do not record
// the outer SNI in order to avoid collecting this potentially sensitive data.
type CFEventECHPublicNameMismatch struct{}
// Name is required by the CFEvent interface.
func (e CFEventECHPublicNameMismatch) Name() string {
return "ech public name does not match outer sni"
}
// For backwards compatibility.
type CFEventTLS13NegotiatedKEX = CFEventTLSNegotiatedNamedKEX
// CFEventTLSNegotiatedNamedKEX is emitted when a key agreement mechanism has been
// established that uses a named group. This includes all key agreements
// in TLSv1.3, but excludes RSA and DH in TLS 1.2 and earlier.
type CFEventTLSNegotiatedNamedKEX struct {
KEX CurveID
}
func (e CFEventTLSNegotiatedNamedKEX) Name() string {
return "CFEventTLSNegotiatedNamedKEX"
}
// CFEventTLS13HRR is emitted when a HRR is sent or received
type CFEventTLS13HRR struct{}
func (e CFEventTLS13HRR) Name() string {
return "CFEventTLS13HRR"
}