mint

package module
v0.0.0-...-db925b7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2017 License: MIT Imports: 32 Imported by: 0

README

A lock with a mint leaf

mint - A Minimal TLS 1.3 stack

Build Status

This project is primarily a learning effort for me to understand the TLS 1.3 protocol. The goal is to arrive at a pretty complete implementation of TLS 1.3, with minimal, elegant code that demonstrates how things work. Testing is a priority to ensure correctness, but otherwise, the quality of the software engineering might not be at a level where it makes sense to integrate this with other libraries. Backward compatibility is not an objective.

We borrow liberally from the Go TLS library, especially where TLS 1.3 aligns with earlier TLS versions. However, unnecessary parts will be ruthlessly cut off.

Quickstart

Installation is the same as for any other Go package:

go get github.com/bifurcation/mint

The API is pretty much the same as for the TLS module, with Dial and Listen methods wrapping the underlying socket APIs.

conn, err := mint.Dial("tcp", "localhost:4430", &mint.Config{...})
...
listener, err := mint.Listen("tcp", "localhost:4430", &mint.Config{...})

Documentation is available on godoc.org

Interoperability testing

The mint-client and mint-server executables are included to make it easy to do basic interoperability tests with other TLS 1.3 implementations. The steps for testing against NSS are as follows.

# Install mint
go get github.com/bifurcation/mint

# Environment for NSS (you'll probably want a new directory)
NSS_ROOT=<whereever you want to put NSS>
mkdir $NSS_ROOT
cd $NSS_ROOT
export USE_64=1
export ENABLE_TLS_1_3=1
export HOST=localhost
export DOMSUF=localhost

# Build NSS
hg clone https://hg.mozilla.org/projects/nss
hg clone https://hg.mozilla.org/projects/nspr
cd nss
make nss_build_all

export PLATFORM=`cat $NSS_ROOT/dist/latest`
export DYLD_LIBRARY_PATH=$NSS_ROOT/dist/$PLATFORM/lib
export LD_LIBRARY_PATH=$NSS_ROOT/dist/$PLATFORM/lib

# Run NSS tests (this creates data for the server to use)
cd tests/ssl_gtests
./ssl_gtests.sh

# Test with client=mint server=NSS
cd $NSS_ROOT
./dist/$PLATFORM/bin/selfserv -d tests_results/security/$HOST.1/ssl_gtests/ -n rsa -p 4430
# if you get `NSS_Init failed.`, check the path above, particularly around $HOST
# ...
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-client/main.go

# Test with client=NSS server=mint
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-server/main.go
# ...
cd $NSS_ROOT
dist/$PLATFORM/bin/tstclnt -d tests_results/security/$HOST/ssl_gtests/ -V tls1.3:tls1.3 -h 127.0.0.1 -p 4430 -o

Documentation

Index

Constants

View Source 
const (
	// alert level
	AlertLevelWarning = 1
	AlertLevelError   = 2
)
View Source 
const DefaultCookieLength = 32

Variables

This section is empty.

Functions

func ALPNNegotiation 

func ALPNNegotiation(psk *PreSharedKey, offered, supported []string) (string, error)

func CertificateSelection 

func CertificateSelection(serverName *string, signatureSchemes []SignatureScheme, certs []*Certificate) (*Certificate, SignatureScheme, error)

func EarlyDataNegotiation 

func EarlyDataNegotiation(usingPSK, gotEarlyData, allowEarlyData bool) bool

func Listen 

func Listen(network, laddr string, config *Config) (net.Listener, error)

Listen creates a TLS listener accepting connections on the given network address using net.Listen. The configuration config must be non-nil and must include at least one certificate or else set GetCertificate.

func NewListener 

func NewListener(inner net.Listener, config *Config) net.Listener

NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with Server. The configuration config must be non-nil and must include at least one certificate or else set GetCertificate.

func PSKModeNegotiation 

func PSKModeNegotiation(canDoDH, canDoPSK bool, modes []PSKKeyExchangeMode) (bool, bool)

func VersionNegotiation 

func VersionNegotiation(offered, supported []uint16) (bool, uint16)

Types

type ALPNExtension 

type ALPNExtension struct {
	Protocols []string
}

opaque ProtocolName<1..2^8-1>; 

struct {
    ProtocolName protocol_name_list<2..2^16-1>
} ProtocolNameList;

func (ALPNExtension) Marshal 

func (alpn ALPNExtension) Marshal() ([]byte, error)

func (ALPNExtension) Type 

func (alpn ALPNExtension) Type() ExtensionType

func (*ALPNExtension) Unmarshal 

func (alpn *ALPNExtension) Unmarshal(data []byte) (int, error)

type Alert 

type Alert uint8
const (
	AlertCloseNotify                 Alert = 0
	AlertUnexpectedMessage           Alert = 10
	AlertBadRecordMAC                Alert = 20
	AlertDecryptionFailed            Alert = 21
	AlertRecordOverflow              Alert = 22
	AlertDecompressionFailure        Alert = 30
	AlertHandshakeFailure            Alert = 40
	AlertBadCertificate              Alert = 42
	AlertUnsupportedCertificate      Alert = 43
	AlertCertificateRevoked          Alert = 44
	AlertCertificateExpired          Alert = 45
	AlertCertificateUnknown          Alert = 46
	AlertIllegalParameter            Alert = 47
	AlertUnknownCA                   Alert = 48
	AlertAccessDenied                Alert = 49
	AlertDecodeError                 Alert = 50
	AlertDecryptError                Alert = 51
	AlertProtocolVersion             Alert = 70
	AlertInsufficientSecurity        Alert = 71
	AlertInternalError               Alert = 80
	AlertInappropriateFallback       Alert = 86
	AlertUserCanceled                Alert = 90
	AlertNoRenegotiation             Alert = 100
	AlertMissingExtension            Alert = 109
	AlertUnsupportedExtension        Alert = 110
	AlertCertificateUnobtainable     Alert = 111
	AlertUnrecognizedName            Alert = 112
	AlertBadCertificateStatsResponse Alert = 113
	AlertBadCertificateHashValue     Alert = 114
	AlertUnknownPSKIdentity          Alert = 115
	AlertNoApplicationProtocol       Alert = 120
	AlertNoAlert                     Alert = 255
)

func (Alert) Error 

func (e Alert) Error() string

func (Alert) String 

func (e Alert) String() string

type Capabilities 

type Capabilities struct {
	// For both client and server
	CipherSuites     []CipherSuite
	Groups           []NamedGroup
	SignatureSchemes []SignatureScheme
	PSKs             PreSharedKeyCache
	Certificates     []*Certificate
	AuthCertificate  func(chain []CertificateEntry) error

	// For client
	PSKModes []PSKKeyExchangeMode

	// For server
	NextProtos        []string
	AllowEarlyData    bool
	RequireCookie     bool
	RequireClientAuth bool
}

Capabilities objects represent the capabilities of a TLS client or server, as an input to TLS negotiation

type Certificate 

type Certificate struct {
	Chain      []*x509.Certificate
	PrivateKey crypto.Signer
}

type CertificateBody 

type CertificateBody struct {
	CertificateRequestContext []byte
	CertificateList           []CertificateEntry
}

func (CertificateBody) Marshal 

func (c CertificateBody) Marshal() ([]byte, error)

func (CertificateBody) Type 

func (c CertificateBody) Type() HandshakeType

func (*CertificateBody) Unmarshal 

func (c *CertificateBody) Unmarshal(data []byte) (int, error)

type CertificateEntry 

type CertificateEntry struct {
	CertData   *x509.Certificate
	Extensions ExtensionList
}

opaque ASN1Cert<1..2^24-1>; 

struct {
    ASN1Cert cert_data;
    Extension extensions<0..2^16-1>
} CertificateEntry;

struct {
    opaque certificate_request_context<0..2^8-1>;
    CertificateEntry certificate_list<0..2^24-1>;
} Certificate;

type CertificateRequestBody 

type CertificateRequestBody struct {
	CertificateRequestContext []byte        `tls:"head=1"`
	Extensions                ExtensionList `tls:"head=2"`
}
struct {
    opaque certificate_request_context<0..2^8-1>;
    Extension extensions<2..2^16-1>;
} CertificateRequest;

func (CertificateRequestBody) Marshal 

func (cr CertificateRequestBody) Marshal() ([]byte, error)

func (CertificateRequestBody) Type 

func (cr CertificateRequestBody) Type() HandshakeType

func (*CertificateRequestBody) Unmarshal 

func (cr *CertificateRequestBody) Unmarshal(data []byte) (int, error)

type CertificateVerifyBody 

type CertificateVerifyBody struct {
	Algorithm SignatureScheme
	Signature []byte `tls:"head=2"`
}
struct {
    SignatureScheme algorithm;
    opaque signature<0..2^16-1>;
} CertificateVerify;

func (*CertificateVerifyBody) EncodeSignatureInput 

func (cv *CertificateVerifyBody) EncodeSignatureInput(data []byte) []byte

func (CertificateVerifyBody) Marshal 

func (cv CertificateVerifyBody) Marshal() ([]byte, error)

func (*CertificateVerifyBody) Sign 

func (cv *CertificateVerifyBody) Sign(privateKey crypto.Signer, handshakeHash []byte) (err error)

func (CertificateVerifyBody) Type 

func (cv CertificateVerifyBody) Type() HandshakeType

func (*CertificateVerifyBody) Unmarshal 

func (cv *CertificateVerifyBody) Unmarshal(data []byte) (int, error)

func (*CertificateVerifyBody) Verify 

func (cv *CertificateVerifyBody) Verify(publicKey crypto.PublicKey, handshakeHash []byte) error

type CipherSuite 

type CipherSuite uint16

uint8 CipherSuite[2]; 

const (
	// XXX: Actually TLS_NULL_WITH_NULL_NULL, but we need a way to label the zero
	// value for this type so that we can detect when a field is set.
	CIPHER_SUITE_UNKNOWN         CipherSuite = 0x0000
	TLS_AES_128_GCM_SHA256       CipherSuite = 0x1301
	TLS_AES_256_GCM_SHA384       CipherSuite = 0x1302
	TLS_CHACHA20_POLY1305_SHA256 CipherSuite = 0x1303
	TLS_AES_128_CCM_SHA256       CipherSuite = 0x1304
	TLS_AES_256_CCM_8_SHA256     CipherSuite = 0x1305
)

func CipherSuiteNegotiation 

func CipherSuiteNegotiation(psk *PreSharedKey, offered, supported []CipherSuite) (CipherSuite, error)

type ClientHelloBody 

type ClientHelloBody struct {
	// Omitted: clientVersion
	// Omitted: legacySessionID
	// Omitted: legacyCompressionMethods
	Random       [32]byte
	CipherSuites []CipherSuite
	Extensions   ExtensionList
}
struct {
    ProtocolVersion legacy_version = 0x0303; /* TLS v1.2 */
    Random random;
    opaque legacy_session_id<0..32>;
    CipherSuite cipher_suites<2..2^16-2>;
    opaque legacy_compression_methods<1..2^8-1>;
    Extension extensions<0..2^16-1>;
} ClientHello;

func (ClientHelloBody) Marshal 

func (ch ClientHelloBody) Marshal() ([]byte, error)

func (ClientHelloBody) Truncated 

func (ch ClientHelloBody) Truncated() ([]byte, error)

TODO: File a spec bug to clarify this

func (ClientHelloBody) Type 

func (ch ClientHelloBody) Type() HandshakeType

func (*ClientHelloBody) Unmarshal 

func (ch *ClientHelloBody) Unmarshal(data []byte) (int, error)

type ClientStateStart 

type ClientStateStart struct {
	Caps   Capabilities
	Opts   ConnectionOptions
	Params ConnectionParameters
	// contains filtered or unexported fields
}

func (ClientStateStart) Next 

func (state ClientStateStart) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ClientStateWaitCV 

type ClientStateWaitCV struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ClientStateWaitCV) Next 

func (state ClientStateWaitCV) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ClientStateWaitCert 

type ClientStateWaitCert struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ClientStateWaitCert) Next 

func (state ClientStateWaitCert) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ClientStateWaitCertCR 

type ClientStateWaitCertCR struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ClientStateWaitCertCR) Next 

func (state ClientStateWaitCertCR) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ClientStateWaitEE 

type ClientStateWaitEE struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ClientStateWaitEE) Next 

func (state ClientStateWaitEE) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ClientStateWaitFinished 

type ClientStateWaitFinished struct {
	Params ConnectionParameters
	// contains filtered or unexported fields
}

func (ClientStateWaitFinished) Next 

func (state ClientStateWaitFinished) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ClientStateWaitSH 

type ClientStateWaitSH struct {
	Caps       Capabilities
	Opts       ConnectionOptions
	Params     ConnectionParameters
	OfferedDH  map[NamedGroup][]byte
	OfferedPSK PreSharedKey
	PSK        []byte
	// contains filtered or unexported fields
}

func (ClientStateWaitSH) Next 

func (state ClientStateWaitSH) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type Config 

type Config struct {
	// Client fields
	ServerName string

	// Server fields
	SendSessionTickets bool
	TicketLifetime     uint32
	TicketLen          int
	EarlyDataLifetime  uint32
	AllowEarlyData     bool
	RequireCookie      bool
	RequireClientAuth  bool

	// Shared fields
	Certificates     []*Certificate
	AuthCertificate  func(chain []CertificateEntry) error
	CipherSuites     []CipherSuite
	Groups           []NamedGroup
	SignatureSchemes []SignatureScheme
	NextProtos       []string
	PSKs             PreSharedKeyCache
	PSKModes         []PSKKeyExchangeMode
	// contains filtered or unexported fields
}

Config is the struct used to pass configuration settings to a TLS client or server instance. The settings for client and server are pretty different, but we just throw them all in here.

func (*Config) Init 

func (c *Config) Init(isClient bool) error

func (Config) ValidForClient 

func (c Config) ValidForClient() bool

func (Config) ValidForServer 

func (c Config) ValidForServer() bool

type Conn 

type Conn struct {
	EarlyData []byte
	// contains filtered or unexported fields
}

Conn implements the net.Conn interface, as with "crypto/tls" * Read, Write, and Close are provided locally * LocalAddr, RemoteAddr, and Set*Deadline are forwarded to the inner Conn

func Client 

func Client(conn net.Conn, config *Config) *Conn

Client returns a new TLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerName or InsecureSkipVerify in the config.

func Dial 

func Dial(network, addr string, config *Config) (*Conn, error)

Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Dial interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.

func DialWithDialer 

func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)

DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Any timeout or deadline given in the dialer apply to connection and TLS handshake as a whole.

DialWithDialer interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.

func NewConn 

func NewConn(conn net.Conn, config *Config, isClient bool) *Conn

func Server 

func Server(conn net.Conn, config *Config) *Conn

Server returns a new TLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must include at least one certificate or else set GetCertificate.

func (*Conn) Close 

func (c *Conn) Close() error

Close closes the connection.

func (*Conn) Handshake 

func (c *Conn) Handshake() Alert

Handshake causes a TLS handshake on the connection. The `isClient` member determines whether a client or server handshake is performed. If a handshake has already been performed, then its result will be returned.

func (*Conn) LocalAddr 

func (c *Conn) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*Conn) Read 

func (c *Conn) Read(buffer []byte) (int, error)

Read application data until the buffer is full. Handshake and alert records are consumed by the Conn object directly.

func (*Conn) RemoteAddr 

func (c *Conn) RemoteAddr() net.Addr

RemoteAddr returns the remote network address.

func (*Conn) SendKeyUpdate 

func (c *Conn) SendKeyUpdate(requestUpdate bool) error

func (*Conn) SetDeadline 

func (c *Conn) SetDeadline(t time.Time) error

SetDeadline sets the read and write deadlines associated with the connection. A zero value for t means Read and Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.

func (*Conn) SetReadDeadline 

func (c *Conn) SetReadDeadline(t time.Time) error

SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.

func (*Conn) SetWriteDeadline 

func (c *Conn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the write deadline on the underlying connection. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.

func (*Conn) Write 

func (c *Conn) Write(buffer []byte) (int, error)

Write application data

type ConnectionOptions 

type ConnectionOptions struct {
	ServerName string
	NextProtos []string
	EarlyData  []byte
}

ConnectionOptions objects represent per-connection settings for a client initiating a connection

type ConnectionParameters 

type ConnectionParameters struct {
	UsingPSK               bool
	UsingDH                bool
	ClientSendingEarlyData bool
	UsingEarlyData         bool
	UsingClientAuth        bool

	CipherSuite CipherSuite
	ServerName  string
	NextProto   string
}

ConnectionParameters objects represent the parameters negotiated for a connection.

type ConnectionState 

type ConnectionState struct {
	HandshakeComplete bool                // TLS handshake is complete
	CipherSuite       CipherSuite         // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
	PeerCertificates  []*x509.Certificate // certificate chain presented by remote peer
}

type CookieExtension 

type CookieExtension struct {
	Cookie []byte `tls:"head=2,min=1"`
}
struct {
    opaque cookie<1..2^16-1>;
} Cookie;

func NewCookie 

func NewCookie() (*CookieExtension, error)

XXX: In the long run, this should maybe be replaced with something that encapsulates state, instead of just being a nonce

func (CookieExtension) Marshal 

func (c CookieExtension) Marshal() ([]byte, error)

func (CookieExtension) Type 

func (c CookieExtension) Type() ExtensionType

func (*CookieExtension) Unmarshal 

func (c *CookieExtension) Unmarshal(data []byte) (int, error)

type DecryptError 

type DecryptError string

func (DecryptError) Error 

func (err DecryptError) Error() string

type EarlyDataExtension 

type EarlyDataExtension struct{}

func (EarlyDataExtension) Marshal 

func (ed EarlyDataExtension) Marshal() ([]byte, error)

func (EarlyDataExtension) Type 

func (ed EarlyDataExtension) Type() ExtensionType

func (*EarlyDataExtension) Unmarshal 

func (ed *EarlyDataExtension) Unmarshal(data []byte) (int, error)

type EncryptedExtensionsBody 

type EncryptedExtensionsBody struct {
	Extensions ExtensionList `tls:"head=2"`
}
struct {
    Extension extensions<0..2^16-1>;
} EncryptedExtensions;

Marshal() and Unmarshal() are handled by ExtensionList

func (EncryptedExtensionsBody) Marshal 

func (ee EncryptedExtensionsBody) Marshal() ([]byte, error)

func (EncryptedExtensionsBody) Type 

func (ee EncryptedExtensionsBody) Type() HandshakeType

func (*EncryptedExtensionsBody) Unmarshal 

func (ee *EncryptedExtensionsBody) Unmarshal(data []byte) (int, error)

type EndOfEarlyDataBody 

type EndOfEarlyDataBody struct{}

struct {} EndOfEarlyData;

func (EndOfEarlyDataBody) Marshal 

func (eoed EndOfEarlyDataBody) Marshal() ([]byte, error)

func (EndOfEarlyDataBody) Type 

func (eoed EndOfEarlyDataBody) Type() HandshakeType

func (*EndOfEarlyDataBody) Unmarshal 

func (eoed *EndOfEarlyDataBody) Unmarshal(data []byte) (int, error)

type Extension 

type Extension struct {
	ExtensionType ExtensionType
	ExtensionData []byte `tls:"head=2"`
}
struct {
    ExtensionType extension_type;
    opaque extension_data<0..2^16-1>;
} Extension;

func (Extension) Marshal 

func (ext Extension) Marshal() ([]byte, error)

func (*Extension) Unmarshal 

func (ext *Extension) Unmarshal(data []byte) (int, error)

type ExtensionBody 

type ExtensionBody interface {
	Type() ExtensionType
	Marshal() ([]byte, error)
	Unmarshal(data []byte) (int, error)
}

type ExtensionList 

type ExtensionList []Extension

func (*ExtensionList) Add 

func (el *ExtensionList) Add(src ExtensionBody) error

func (ExtensionList) Find 

func (el ExtensionList) Find(dst ExtensionBody) bool

func (ExtensionList) Marshal 

func (el ExtensionList) Marshal() ([]byte, error)

func (*ExtensionList) Unmarshal 

func (el *ExtensionList) Unmarshal(data []byte) (int, error)

type ExtensionType 

type ExtensionType uint16

enum {...} ExtensionType 

const (
	ExtensionTypeServerName          ExtensionType = 0
	ExtensionTypeSupportedGroups     ExtensionType = 10
	ExtensionTypeSignatureAlgorithms ExtensionType = 13
	ExtensionTypeALPN                ExtensionType = 16
	ExtensionTypeKeyShare            ExtensionType = 40
	ExtensionTypePreSharedKey        ExtensionType = 41
	ExtensionTypeEarlyData           ExtensionType = 42
	ExtensionTypeSupportedVersions   ExtensionType = 43
	ExtensionTypeCookie              ExtensionType = 44
	ExtensionTypePSKKeyExchangeModes ExtensionType = 45
	ExtensionTypeTicketEarlyDataInfo ExtensionType = 46
)

type FinishedBody 

type FinishedBody struct {
	VerifyDataLen int
	VerifyData    []byte
}
struct {
    opaque verify_data[verify_data_length];
} Finished;

verifyDataLen is not a field in the TLS struct, but we add it here so that calling code can tell us how much data to expect when we marshal / unmarshal. (We could add this to the marshal/unmarshal methods, but let's try to keep the signature consistent for now.)

For similar reasons, we don't use the `syntax` module here, because this struct doesn't map well to standard TLS presentation language concepts.

TODO: File a spec bug

func (FinishedBody) Marshal 

func (fin FinishedBody) Marshal() ([]byte, error)

func (FinishedBody) Type 

func (fin FinishedBody) Type() HandshakeType

func (*FinishedBody) Unmarshal 

func (fin *FinishedBody) Unmarshal(data []byte) (int, error)

type HandshakeAction 

type HandshakeAction interface{}

Marker interface for actions that an implementation should take based on state transitions.

type HandshakeLayer 

type HandshakeLayer struct {
	// contains filtered or unexported fields
}

func NewHandshakeLayer 

func NewHandshakeLayer(r *RecordLayer) *HandshakeLayer

func (*HandshakeLayer) ReadMessage 

func (h *HandshakeLayer) ReadMessage() (*HandshakeMessage, error)

func (*HandshakeLayer) WriteMessage 

func (h *HandshakeLayer) WriteMessage(hm *HandshakeMessage) error

func (*HandshakeLayer) WriteMessages 

func (h *HandshakeLayer) WriteMessages(hms []*HandshakeMessage) error

type HandshakeMessage 

type HandshakeMessage struct {
	// contains filtered or unexported fields
}
struct {
    HandshakeType msg_type;    /* handshake type */
    uint24 length;             /* bytes in message */
    select (HandshakeType) {
      ...
    } body;
} Handshake;

We do the select{...} part in a different layer, so we treat the actual message body as opaque: 

struct {
    HandshakeType msg_type;
    opaque msg<0..2^24-1>
} Handshake;

TODO: File a spec bug

func HandshakeMessageFromBody 

func HandshakeMessageFromBody(body HandshakeMessageBody) (*HandshakeMessage, error)

func (*HandshakeMessage) Marshal 

func (hm *HandshakeMessage) Marshal() []byte

Note: This could be done with the `syntax` module, using the simplified syntax as discussed above. However, since this is so simple, there's not much benefit to doing so.

func (HandshakeMessage) ToBody 

func (hm HandshakeMessage) ToBody() (HandshakeMessageBody, error)

type HandshakeMessageBody 

type HandshakeMessageBody interface {
	Type() HandshakeType
	Marshal() ([]byte, error)
	Unmarshal(data []byte) (int, error)
}

type HandshakeState 

type HandshakeState interface {
	Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)
}

type HandshakeType 

type HandshakeType byte

enum {...} HandshakeType; 

const (
	// Omitted: *_RESERVED
	HandshakeTypeClientHello         HandshakeType = 1
	HandshakeTypeServerHello         HandshakeType = 2
	HandshakeTypeNewSessionTicket    HandshakeType = 4
	HandshakeTypeEndOfEarlyData      HandshakeType = 5
	HandshakeTypeHelloRetryRequest   HandshakeType = 6
	HandshakeTypeEncryptedExtensions HandshakeType = 8
	HandshakeTypeCertificate         HandshakeType = 11
	HandshakeTypeCertificateRequest  HandshakeType = 13
	HandshakeTypeCertificateVerify   HandshakeType = 15
	HandshakeTypeServerConfiguration HandshakeType = 17
	HandshakeTypeFinished            HandshakeType = 20
	HandshakeTypeKeyUpdate           HandshakeType = 24
	HandshakeTypeMessageHash         HandshakeType = 254
)

type HelloRetryRequestBody 

type HelloRetryRequestBody struct {
	Version     uint16
	CipherSuite CipherSuite
	Extensions  ExtensionList `tls:"head=2,min=2"`
}
struct {
    ProtocolVersion server_version;
    CipherSuite	cipher_suite;
    Extension extensions<2..2^16-1>;
} HelloRetryRequest;

func (HelloRetryRequestBody) Marshal 

func (hrr HelloRetryRequestBody) Marshal() ([]byte, error)

func (HelloRetryRequestBody) Type 

func (hrr HelloRetryRequestBody) Type() HandshakeType

func (*HelloRetryRequestBody) Unmarshal 

func (hrr *HelloRetryRequestBody) Unmarshal(data []byte) (int, error)

type KeyShareClientHelloInner 

type KeyShareClientHelloInner struct {
	ClientShares []KeyShareEntry `tls:"head=2,min=0"`
}

type KeyShareEntry 

type KeyShareEntry struct {
	Group       NamedGroup
	KeyExchange []byte `tls:"head=2,min=1"`
}
struct {
    NamedGroup group;
    opaque key_exchange<1..2^16-1>;
} KeyShareEntry;

struct {
    select (Handshake.msg_type) {
        case client_hello:
            KeyShareEntry client_shares<0..2^16-1>;

        case hello_retry_request:
            NamedGroup selected_group;

        case server_hello:
            KeyShareEntry server_share;
    };
} KeyShare;

func (KeyShareEntry) SizeValid 

func (kse KeyShareEntry) SizeValid() bool

type KeyShareExtension 

type KeyShareExtension struct {
	HandshakeType HandshakeType
	SelectedGroup NamedGroup
	Shares        []KeyShareEntry
}

func (KeyShareExtension) Marshal 

func (ks KeyShareExtension) Marshal() ([]byte, error)

func (KeyShareExtension) Type 

func (ks KeyShareExtension) Type() ExtensionType

func (*KeyShareExtension) Unmarshal 

func (ks *KeyShareExtension) Unmarshal(data []byte) (int, error)

type KeyShareHelloRetryInner 

type KeyShareHelloRetryInner struct {
	SelectedGroup NamedGroup
}

type KeyShareServerHelloInner 

type KeyShareServerHelloInner struct {
	ServerShare KeyShareEntry
}

type KeyUpdateBody 

type KeyUpdateBody struct {
	KeyUpdateRequest KeyUpdateRequest
}
enum {
    update_not_requested(0), update_requested(1), (255)
} KeyUpdateRequest;

struct {
    KeyUpdateRequest request_update;
} KeyUpdate;

func (KeyUpdateBody) Marshal 

func (ku KeyUpdateBody) Marshal() ([]byte, error)

func (KeyUpdateBody) Type 

func (ku KeyUpdateBody) Type() HandshakeType

func (*KeyUpdateBody) Unmarshal 

func (ku *KeyUpdateBody) Unmarshal(data []byte) (int, error)

type KeyUpdateRequest 

type KeyUpdateRequest uint8
enum {
    update_not_requested(0), update_requested(1), (255)
} KeyUpdateRequest;

const (
	KeyUpdateNotRequested KeyUpdateRequest = 0
	KeyUpdateRequested    KeyUpdateRequest = 1
)

type Listener 

type Listener struct {
	net.Listener
	// contains filtered or unexported fields
}

A listener implements a network listener (net.Listener) for TLS connections.

func (*Listener) Accept 

func (l *Listener) Accept() (c net.Conn, err error)

Accept waits for and returns the next incoming TLS connection. The returned connection c is a *tls.Conn.

type NamedGroup 

type NamedGroup uint16

enum {...} NamedGroup 

const (
	// Elliptic Curve Groups.
	P256 NamedGroup = 23
	P384 NamedGroup = 24
	P521 NamedGroup = 25
	// ECDH functions.
	X25519 NamedGroup = 29
	X448   NamedGroup = 30
	// Finite field groups.
	FFDHE2048 NamedGroup = 256
	FFDHE3072 NamedGroup = 257
	FFDHE4096 NamedGroup = 258
	FFDHE6144 NamedGroup = 259
	FFDHE8192 NamedGroup = 250
)

func DHNegotiation 

func DHNegotiation(keyShares []KeyShareEntry, groups []NamedGroup) (bool, NamedGroup, []byte, []byte)

type NewSessionTicketBody 

type NewSessionTicketBody struct {
	TicketLifetime uint32
	TicketAgeAdd   uint32
	Ticket         []byte        `tls:"head=2,min=1"`
	Extensions     ExtensionList `tls:"head=2"`
}
struct {
    uint32 ticket_lifetime;
    uint32 ticket_age_add;
    opaque ticket<1..2^16-1>;
    Extension extensions<0..2^16-2>;
} NewSessionTicket;

func NewSessionTicket 

func NewSessionTicket(ticketLen int, ticketLifetime uint32) (*NewSessionTicketBody, error)

func (NewSessionTicketBody) Marshal 

func (tkt NewSessionTicketBody) Marshal() ([]byte, error)

func (NewSessionTicketBody) Type 

func (tkt NewSessionTicketBody) Type() HandshakeType

func (*NewSessionTicketBody) Unmarshal 

func (tkt *NewSessionTicketBody) Unmarshal(data []byte) (int, error)

type PSKBinderEntry 

type PSKBinderEntry struct {
	Binder []byte `tls:"head=1,min=32"`
}

type PSKIdentity 

type PSKIdentity struct {
	Identity            []byte `tls:"head=2,min=1"`
	ObfuscatedTicketAge uint32
}
struct {
    opaque identity<1..2^16-1>;
    uint32 obfuscated_ticket_age;
} PskIdentity;

opaque PskBinderEntry<32..255>; 

struct {
    select (Handshake.msg_type) {
        case client_hello:
            PskIdentity identities<7..2^16-1>;
            PskBinderEntry binders<33..2^16-1>;

        case server_hello:
            uint16 selected_identity;
    };

} PreSharedKeyExtension;

type PSKKeyExchangeMode 

type PSKKeyExchangeMode uint8

enum {...} PskKeyExchangeMode; 

const (
	PSKModeKE    PSKKeyExchangeMode = 0
	PSKModeDHEKE PSKKeyExchangeMode = 1
)

type PSKKeyExchangeModesExtension 

type PSKKeyExchangeModesExtension struct {
	KEModes []PSKKeyExchangeMode `tls:"head=1,min=1"`
}

enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; 

struct {
    PskKeyExchangeMode ke_modes<1..255>;
} PskKeyExchangeModes;

func (PSKKeyExchangeModesExtension) Marshal 

func (pkem PSKKeyExchangeModesExtension) Marshal() ([]byte, error)

func (PSKKeyExchangeModesExtension) Type 

func (pkem PSKKeyExchangeModesExtension) Type() ExtensionType

func (*PSKKeyExchangeModesExtension) Unmarshal 

func (pkem *PSKKeyExchangeModesExtension) Unmarshal(data []byte) (int, error)

type PSKMapCache 

type PSKMapCache map[string]PreSharedKey

func (PSKMapCache) Get 

func (cache PSKMapCache) Get(key string) (psk PreSharedKey, ok bool)

func (*PSKMapCache) Put 

func (cache *PSKMapCache) Put(key string, psk PreSharedKey)

func (PSKMapCache) Size 

func (cache PSKMapCache) Size() int

type PreSharedKey 

type PreSharedKey struct {
	CipherSuite  CipherSuite
	IsResumption bool
	Identity     []byte
	Key          []byte
	NextProto    string
	ReceivedAt   time.Time
	ExpiresAt    time.Time
	TicketAgeAdd uint32
}

func PSKNegotiation 

func PSKNegotiation(identities []PSKIdentity, binders []PSKBinderEntry, context []byte, psks PreSharedKeyCache) (bool, int, *PreSharedKey, cipherSuiteParams, error)

type PreSharedKeyCache 

type PreSharedKeyCache interface {
	Get(string) (PreSharedKey, bool)
	Put(string, PreSharedKey)
	Size() int
}

type PreSharedKeyExtension 

type PreSharedKeyExtension struct {
	HandshakeType    HandshakeType
	Identities       []PSKIdentity
	Binders          []PSKBinderEntry
	SelectedIdentity uint16
}

func (PreSharedKeyExtension) HasIdentity 

func (psk PreSharedKeyExtension) HasIdentity(id []byte) ([]byte, bool)

func (PreSharedKeyExtension) Marshal 

func (psk PreSharedKeyExtension) Marshal() ([]byte, error)

func (PreSharedKeyExtension) Type 

func (psk PreSharedKeyExtension) Type() ExtensionType

func (*PreSharedKeyExtension) Unmarshal 

func (psk *PreSharedKeyExtension) Unmarshal(data []byte) (int, error)

type ReadEarlyData 

type ReadEarlyData struct{}

type ReadPastEarlyData 

type ReadPastEarlyData struct{}

type RecordLayer 

type RecordLayer struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewRecordLayer 

func NewRecordLayer(conn io.ReadWriter) *RecordLayer

func (*RecordLayer) PeekRecordType 

func (r *RecordLayer) PeekRecordType() (RecordType, error)

func (*RecordLayer) ReadRecord 

func (r *RecordLayer) ReadRecord() (*TLSPlaintext, error)

func (*RecordLayer) Rekey 

func (r *RecordLayer) Rekey(cipher aeadFactory, key []byte, iv []byte) error

func (*RecordLayer) WriteRecord 

func (r *RecordLayer) WriteRecord(pt *TLSPlaintext) error

func (*RecordLayer) WriteRecordWithPadding 

func (r *RecordLayer) WriteRecordWithPadding(pt *TLSPlaintext, padLen int) error

type RecordType 

type RecordType byte

enum {...} ContentType; 

const (
	RecordTypeAlert           RecordType = 21
	RecordTypeHandshake       RecordType = 22
	RecordTypeApplicationData RecordType = 23
)

type RekeyIn 

type RekeyIn struct {
	Label  string
	KeySet keySet
}

type RekeyOut 

type RekeyOut struct {
	Label  string
	KeySet keySet
}

type SendEarlyData 

type SendEarlyData struct{}

type SendHandshakeMessage 

type SendHandshakeMessage struct {
	Message *HandshakeMessage
}

type ServerHelloBody 

type ServerHelloBody struct {
	Version     uint16
	Random      [32]byte
	CipherSuite CipherSuite
	Extensions  ExtensionList `tls:"head=2"`
}
struct {
    ProtocolVersion version;
    Random random;
    CipherSuite cipher_suite;
    Extension extensions<0..2^16-1>;
} ServerHello;

func (ServerHelloBody) Marshal 

func (sh ServerHelloBody) Marshal() ([]byte, error)

func (ServerHelloBody) Type 

func (sh ServerHelloBody) Type() HandshakeType

func (*ServerHelloBody) Unmarshal 

func (sh *ServerHelloBody) Unmarshal(data []byte) (int, error)

type ServerNameExtension 

type ServerNameExtension string
struct {
    NameType name_type;
    select (name_type) {
        case host_name: HostName;
    } name;
} ServerName;

enum {
    host_name(0), (255)
} NameType;

opaque HostName<1..2^16-1>; 

struct {
    ServerName server_name_list<1..2^16-1>
} ServerNameList;

But we only care about the case where there's a single DNS hostname. We will never create anything else, and throw if we receive something else 

2         1          2

| listLen | NameType | nameLen | name |

func (ServerNameExtension) Marshal 

func (sni ServerNameExtension) Marshal() ([]byte, error)

func (ServerNameExtension) Type 

func (sni ServerNameExtension) Type() ExtensionType

func (*ServerNameExtension) Unmarshal 

func (sni *ServerNameExtension) Unmarshal(data []byte) (int, error)

type ServerStateNegotiated 

type ServerStateNegotiated struct {
	Caps   Capabilities
	Params ConnectionParameters
	// contains filtered or unexported fields
}

func (ServerStateNegotiated) Next 

func (state ServerStateNegotiated) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ServerStateStart 

type ServerStateStart struct {
	Caps Capabilities
	// contains filtered or unexported fields
}

func (ServerStateStart) Next 

func (state ServerStateStart) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ServerStateWaitCV 

type ServerStateWaitCV struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ServerStateWaitCV) Next 

func (state ServerStateWaitCV) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ServerStateWaitCert 

type ServerStateWaitCert struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ServerStateWaitCert) Next 

func (state ServerStateWaitCert) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ServerStateWaitEOED 

type ServerStateWaitEOED struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ServerStateWaitEOED) Next 

func (state ServerStateWaitEOED) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ServerStateWaitFinished 

type ServerStateWaitFinished struct {
	Params ConnectionParameters
	// contains filtered or unexported fields
}

func (ServerStateWaitFinished) Next 

func (state ServerStateWaitFinished) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type ServerStateWaitFlight2 

type ServerStateWaitFlight2 struct {
	AuthCertificate func(chain []CertificateEntry) error
	Params          ConnectionParameters
	// contains filtered or unexported fields
}

func (ServerStateWaitFlight2) Next 

func (state ServerStateWaitFlight2) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type SignatureAlgorithmsExtension 

type SignatureAlgorithmsExtension struct {
	Algorithms []SignatureScheme `tls:"head=2,min=2"`
}
struct {
  SignatureScheme supported_signature_algorithms<2..2^16-2>;
} SignatureSchemeList

func (SignatureAlgorithmsExtension) Marshal 

func (sa SignatureAlgorithmsExtension) Marshal() ([]byte, error)

func (SignatureAlgorithmsExtension) Type 

func (sa SignatureAlgorithmsExtension) Type() ExtensionType

func (*SignatureAlgorithmsExtension) Unmarshal 

func (sa *SignatureAlgorithmsExtension) Unmarshal(data []byte) (int, error)

type SignatureScheme 

type SignatureScheme uint16

enum {...} SignatureScheme 

const (
	// RSASSA-PKCS1-v1_5 algorithms
	RSA_PKCS1_SHA1   SignatureScheme = 0x0201
	RSA_PKCS1_SHA256 SignatureScheme = 0x0401
	RSA_PKCS1_SHA384 SignatureScheme = 0x0501
	RSA_PKCS1_SHA512 SignatureScheme = 0x0601
	// ECDSA algorithms
	ECDSA_P256_SHA256 SignatureScheme = 0x0403
	ECDSA_P384_SHA384 SignatureScheme = 0x0503
	ECDSA_P521_SHA512 SignatureScheme = 0x0603
	// RSASSA-PSS algorithms
	RSA_PSS_SHA256 SignatureScheme = 0x0804
	RSA_PSS_SHA384 SignatureScheme = 0x0805
	RSA_PSS_SHA512 SignatureScheme = 0x0806
	// EdDSA algorithms
	Ed25519 SignatureScheme = 0x0807
	Ed448   SignatureScheme = 0x0808
)

type StateConnected 

type StateConnected struct {
	Params ConnectionParameters
	// contains filtered or unexported fields
}

StateConnected is symmetric between client and server

func (*StateConnected) KeyUpdate 

func (state *StateConnected) KeyUpdate(request KeyUpdateRequest) ([]HandshakeAction, Alert)

func (*StateConnected) NewSessionTicket 

func (state *StateConnected) NewSessionTicket(length int, lifetime, earlyDataLifetime uint32) ([]HandshakeAction, Alert)

func (StateConnected) Next 

func (state StateConnected) Next(hm *HandshakeMessage) (HandshakeState, []HandshakeAction, Alert)

type StorePSK 

type StorePSK struct {
	PSK PreSharedKey
}

type SupportedGroupsExtension 

type SupportedGroupsExtension struct {
	Groups []NamedGroup `tls:"head=2,min=2"`
}
struct {
    NamedGroup named_group_list<2..2^16-1>;
} NamedGroupList;

func (SupportedGroupsExtension) Marshal 

func (sg SupportedGroupsExtension) Marshal() ([]byte, error)

func (SupportedGroupsExtension) Type 

func (sg SupportedGroupsExtension) Type() ExtensionType

func (*SupportedGroupsExtension) Unmarshal 

func (sg *SupportedGroupsExtension) Unmarshal(data []byte) (int, error)

type SupportedVersionsExtension 

type SupportedVersionsExtension struct {
	Versions []uint16 `tls:"head=1,min=2,max=254"`
}
struct {
    ProtocolVersion versions<2..254>;
} SupportedVersions;

func (SupportedVersionsExtension) Marshal 

func (sv SupportedVersionsExtension) Marshal() ([]byte, error)

func (SupportedVersionsExtension) Type 

func (sv SupportedVersionsExtension) Type() ExtensionType

func (*SupportedVersionsExtension) Unmarshal 

func (sv *SupportedVersionsExtension) Unmarshal(data []byte) (int, error)

type TLSPlaintext 

type TLSPlaintext struct {
	// contains filtered or unexported fields
}
struct {
    ContentType type;
    ProtocolVersion record_version = { 3, 1 };    /* TLS v1.x */
    uint16 length;
    opaque fragment[TLSPlaintext.length];
} TLSPlaintext;

type TicketEarlyDataInfoExtension 

type TicketEarlyDataInfoExtension struct {
	MaxEarlyDataSize uint32
}

func (TicketEarlyDataInfoExtension) Marshal 

func (tedi TicketEarlyDataInfoExtension) Marshal() ([]byte, error)

func (TicketEarlyDataInfoExtension) Type 

func (tedi TicketEarlyDataInfoExtension) Type() ExtensionType

func (*TicketEarlyDataInfoExtension) Unmarshal 

func (tedi *TicketEarlyDataInfoExtension) Unmarshal(data []byte) (int, error)

type TimeoutError 

type TimeoutError struct{}

func (TimeoutError) Error 

func (TimeoutError) Error() string

func (TimeoutError) Temporary 

func (TimeoutError) Temporary() bool

func (TimeoutError) Timeout 

func (TimeoutError) Timeout() bool

Source Files

View all Source files

Directories

Path Synopsis
bin
mint-client command
mint-client-https command
mint-server command
mint-server-https command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.