-
Notifications
You must be signed in to change notification settings - Fork 2
/
server_kemtls.go
297 lines (252 loc) · 10.2 KB
/
server_kemtls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"log"
"net"
"time"
)
// These test cert and keys were generated with the following program, available in the
// crypto/tls directory:
//
// go run generate_cert.go -ecdsa-curve P256 -host 127.0.0.1 -ca
// go run generate_cert.go -ecdsa-curve P256 -host 127.0.0.1 -allowDC
//
var rootCertPEMP256 = `-----BEGIN CERTIFICATE-----
MIIBijCCATGgAwIBAgIRALM63nKUutZeH12Fk/5tChgwCgYIKoZIzj0EAwIwEjEQ
MA4GA1UEChMHQWNtZSBDbzAeFw0yMTA0MTkxMTAyMzhaFw0yMjA0MTkxMTAyMzha
MBIxEDAOBgNVBAoTB0FjbWUgQ28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR4
n0U8wpgVD81/HGgNbUW/8ZoLUT1nSUvZpntvzZ9nCLFWjf6X/zOO+Zpw9ci+Ob/H
Db8ikQZ9GR1L8GStT7fjo2gwZjAOBgNVHQ8BAf8EBAMCAoQwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU3bt5t8hhnxTne+C/
lqWvK7ytdMAwDwYDVR0RBAgwBocEfwAAATAKBggqhkjOPQQDAgNHADBEAiAmR2b0
Zf/yqBQWNjcb5BkEMXXB+HUYbUXWal0cQf8tswIgIN5sngQOABJiFfoJo6PCB2+V
Uf8DiE3gx/2Z4bZugww=
-----END CERTIFICATE-----
`
var rootKeyPEMP256 = `-----BEGIN EC PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggzl0gcTDyAi7edv5
1aPR0dlDog4XCJdftcdPCjI1xpmhRANCAAR4n0U8wpgVD81/HGgNbUW/8ZoLUT1n
SUvZpntvzZ9nCLFWjf6X/zOO+Zpw9ci+Ob/HDb8ikQZ9GR1L8GStT7fj
-----END EC PRIVATE KEY-----
`
var delegatorCertPEMP256 = `-----BEGIN CERTIFICATE-----
MIIBgDCCASWgAwIBAgIRAKHVtdPqHtn9cjVHW94hM/gwCgYIKoZIzj0EAwIwEjEQ
MA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMTYyMTEzNThaFw0yMjAzMTYyMTEzNTha
MBIxEDAOBgNVBAoTB0FjbWUgQ28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATo
iWgTin1LZO5Ncqz7lV+G6rmpFEJznHcLgFuQUdLKEO2sBh5gUd9s+4S9SpOUziZp
p1CK+A1yziNpRAXh0LZho1wwWjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAPBgkrBgEEAYLaSywEAgUAMBQGA1UdEQQN
MAuCCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNJADBGAiEA3g74ed4oORh4NRXCESrd
EjqWLR3aSV/hn6ozgpLSbOsCIQD7/DFIiPu+mmFrDMRiM6dBQDteo8ou2goEhQWa
9Lq5SQ==
-----END CERTIFICATE-----
`
var delegatorKeyPEMP256 = `-----BEGIN EC PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQga+i6tUZxZC1WRj/c
wGYkTQyxBueWzjK7XsOm9kdZuwChRANCAAToiWgTin1LZO5Ncqz7lV+G6rmpFEJz
nHcLgFuQUdLKEO2sBh5gUd9s+4S9SpOUziZpp1CK+A1yziNpRAXh0LZh
-----END EC PRIVATE KEY-----
`
const (
// In the absence of an application profile standard specifying otherwise,
// the maximum validity period is set to 7 days.
testDcMaxTTLSeconds = 60 * 60 * 24 * 7
testDcMaxTTL = time.Duration(testDcMaxTTLSeconds * time.Second)
)
func initServer() *tls.Config {
rootCertP256 := new(tls.Certificate)
// The delegation P256 certificate.
dcCertP256 := new(tls.Certificate)
var err error
*rootCertP256, err = tls.X509KeyPair([]byte(rootCertPEMP256), []byte(rootKeyPEMP256))
if err != nil {
panic(err)
}
rootCertP256.Leaf, err = x509.ParseCertificate(rootCertP256.Certificate[0])
if err != nil {
panic(err)
}
*dcCertP256, err = tls.X509KeyPair([]byte(delegatorCertPEMP256), []byte(delegatorKeyPEMP256))
if err != nil {
panic(err)
}
dcCertP256.Leaf, err = x509.ParseCertificate(dcCertP256.Certificate[0])
if err != nil {
panic(err)
}
cfg := &tls.Config{
MinVersion: tls.VersionTLS10,
MaxVersion: tls.VersionTLS13,
KEMTLSEnabled: true,
}
// The root certificates for the peer.
cfg.RootCAs = x509.NewCertPool()
dcRoot, err := x509.ParseCertificate(rootCertP256.Certificate[0])
if err != nil {
panic(err)
}
cfg.RootCAs.AddCert(dcRoot)
cfg.Certificates = make([]tls.Certificate, 1)
cfg.Certificates[0] = *dcCertP256
maxTTL, _ := time.ParseDuration("24h")
validTime := maxTTL + time.Now().Sub(dcCertP256.Leaf.NotBefore)
dc, priv, err := tls.NewDelegatedCredential(dcCertP256, tls.KEMTLSWithKyber512, validTime, false)
if err != nil {
panic(err)
}
dcPair := tls.DelegatedCredentialPair{dc, priv}
cfg.Certificates[0].DelegatedCredentials = make([]tls.DelegatedCredentialPair, 1)
cfg.Certificates[0].DelegatedCredentials[0] = dcPair
return cfg
}
func initClient() *tls.Config {
ccfg := &tls.Config{
MinVersion: tls.VersionTLS10,
MaxVersion: tls.VersionTLS13,
InsecureSkipVerify: true, // Setting it to true due to the fact that it doesn't contain any IP SANs
SupportDelegatedCredential: true,
KEMTLSEnabled: true,
}
return ccfg
}
func newLocalListener() net.Listener {
ln, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
ln, err = net.Listen("tcp6", "[::1]:0")
}
if err != nil {
log.Fatal(err)
}
return ln
}
type timingInfo struct {
serverTimingInfo tls.CFEventTLS13ServerHandshakeTimingInfo
clientTimingInfo tls.CFEventTLS13ClientHandshakeTimingInfo
}
func (ti *timingInfo) eventHandler(event tls.CFEvent) {
switch e := event.(type) {
case tls.CFEventTLS13ServerHandshakeTimingInfo:
ti.serverTimingInfo = e
case tls.CFEventTLS13ClientHandshakeTimingInfo:
ti.clientTimingInfo = e
}
}
func testConnWithDC(clientMsg, serverMsg string, clientConfig, serverConfig *tls.Config, peer string) (timingState timingInfo, dcUsed bool, kemtlsUsed bool, cconnState, sconnState tls.ConnectionState, err error) {
clientConfig.CFEventHandler = timingState.eventHandler
serverConfig.CFEventHandler = timingState.eventHandler
ln := newLocalListener()
defer ln.Close()
serverCh := make(chan *tls.Conn, 1)
var serverErr error
go func() {
serverConn, err := ln.Accept()
if err != nil {
serverErr = err
serverCh <- nil
return
}
server := tls.Server(serverConn, serverConfig)
if err := server.Handshake(); err != nil {
serverErr = fmt.Errorf("handshake error: %v", err)
serverCh <- nil
return
}
serverCh <- server
}()
client, err := tls.Dial("tcp", ln.Addr().String(), clientConfig)
if err != nil {
return timingState, false, false, cconnState, sconnState, err
}
defer client.Close()
server := <-serverCh
if server == nil {
return timingState, false, false, cconnState, sconnState, err
}
bufLen := len(clientMsg)
if len(serverMsg) > len(clientMsg) {
bufLen = len(serverMsg)
}
buf := make([]byte, bufLen)
client.Write([]byte(clientMsg))
n, err := server.Read(buf)
if err != nil || n != len(clientMsg) || string(buf[:n]) != clientMsg {
return timingState, false, false, cconnState, sconnState, fmt.Errorf("Server read = %d, buf= %q; want %d, %s", n, buf, len(clientMsg), clientMsg)
}
server.Write([]byte(serverMsg))
n, err = client.Read(buf)
if n != len(serverMsg) || err != nil || string(buf[:n]) != serverMsg {
return timingState, false, false, cconnState, sconnState, fmt.Errorf("Client read = %d, %v, data %q; want %d, nil, %s", n, err, buf, len(serverMsg), serverMsg)
}
if peer == "client" {
if client.ConnectionState().VerifiedDC == true && (server.ConnectionState().DidKEMTLS && client.ConnectionState().DidKEMTLS) {
return timingState, true, true, client.ConnectionState(), server.ConnectionState(), nil
}
}
return timingState, false, false, cconnState, sconnState, nil
}
func main() {
serverMsg := "hello, client"
clientMsg := "hello, server"
serverConfig := initServer()
clientConfig := initClient()
ts, dc, kemtls, cconn, _, err := testConnWithDC(clientMsg, serverMsg, clientConfig, serverConfig, "client")
fmt.Println("Client")
fmt.Printf("|--> Write Client Hello %v \n", ts.clientTimingInfo.WriteClientHello)
fmt.Println(" Server")
fmt.Printf(" | Receive Client Hello %v \n", ts.serverTimingInfo.ProcessClientHello)
fmt.Printf(" | Write Server Hello %v \n", ts.serverTimingInfo.WriteServerHello)
fmt.Printf(" | Write Server Enc Exts %v \n", ts.serverTimingInfo.WriteEncryptedExtensions)
fmt.Printf("<--| Write Server Certificate %v \n", ts.serverTimingInfo.WriteCertificate)
fmt.Println("Client")
fmt.Printf("-->| Process Server Hello %v \n", ts.clientTimingInfo.ProcessServerHello)
fmt.Printf(" | Receive Server Enc Exts %v \n", ts.clientTimingInfo.ReadEncryptedExtensions)
fmt.Printf(" | Receive Server Certificate %v \n", ts.clientTimingInfo.ReadCertificate)
fmt.Printf(" | Write KEM Ciphertext %v \n", ts.clientTimingInfo.WriteKEMCiphertext)
fmt.Printf("<--| Write Client Finished %v \n", ts.clientTimingInfo.WriteClientFinished)
fmt.Println(" Server")
fmt.Printf("-->| Receive KEM Ciphertext %v \n", ts.serverTimingInfo.ReadKEMCiphertext)
fmt.Printf(" | Receive Client Finished %v \n", ts.serverTimingInfo.ReadClientFinished)
fmt.Printf("<--| Write Server Finished %v \n", ts.serverTimingInfo.WriteServerFinished)
fmt.Println("Client")
fmt.Printf("-->| Process Server Finshed %v \n", ts.clientTimingInfo.ReadServerFinished)
fmt.Printf("Client Total time: %v \n", ts.clientTimingInfo.FullProtocol)
fmt.Printf("Server Total time: %v \n", ts.serverTimingInfo.FullProtocol)
if err != nil {
log.Println("")
log.Println(err.Error())
} else if !dc && !kemtls {
log.Println("")
log.Println("Failure while trying to use kemtls with dcs")
} else {
log.Println("")
log.Println("Success using kemtls (kem: kyber512, kemSig: kyber512) with dc")
}
clientConfig.CachedCert = cconn.CertificateMessage
ts, dc, kemtls, _, _, err = testConnWithDC(clientMsg, serverMsg, clientConfig, serverConfig, "server")
fmt.Println("Client")
fmt.Printf("|--> Write Client Hello %v \n", ts.clientTimingInfo.WriteClientHello)
fmt.Println(" Server")
fmt.Printf(" | Receive Client Hello %v \n", ts.serverTimingInfo.ProcessClientHello)
fmt.Printf(" | Write Server Hello %v \n", ts.serverTimingInfo.WriteServerHello)
fmt.Printf(" | Write Server Enc Exts %v \n", ts.serverTimingInfo.WriteEncryptedExtensions)
fmt.Printf("<--| Write Server Finished %v \n", ts.serverTimingInfo.WriteServerFinished)
fmt.Println("Client")
fmt.Printf("-->| Process Server Hello %v \n", ts.clientTimingInfo.ProcessServerHello)
fmt.Printf(" | Receive Server Enc Exts %v \n", ts.clientTimingInfo.ReadEncryptedExtensions)
fmt.Printf("-->| Process Server Finished %v \n", ts.clientTimingInfo.ReadServerFinished)
fmt.Printf("<--| Write Client Finished %v \n", ts.clientTimingInfo.WriteClientFinished)
fmt.Println(" Server")
fmt.Printf("-->| Receive Client Finished %v \n", ts.serverTimingInfo.ReadClientFinished)
fmt.Println("Client")
fmt.Printf("Client Total time: %v \n", ts.clientTimingInfo.FullProtocol)
fmt.Printf("Server Total time: %v \n", ts.serverTimingInfo.FullProtocol)
if err != nil {
log.Println("")
log.Println(err.Error())
} else {
log.Println("")
log.Println("Success using pdk-kemtls (kem: kyber512, kemSig: kyber512) with dc")
}
}