« back to all changes in this revision
Viewing changes to fork/tls/common.go
- browse files at revision 240
- compare with another revision
- download diff
- download tarball
- view history from revision 240
- Committer: Ian Booth
- Date: 2014-12-02 00:36:45 UTC
- Revision ID: ian.booth@canonical.com-20141202003645-ye8a5akifuf2wjk3
Ensure all regions have costs and remove custom formatting
- files removed:
- utilities
- files modified:
- Makefile
added
removed
fork/tls/common.go
5
5
package tls
6
6
7
7
import (
8
"crypto"
9
"crypto/rand"
10
"crypto/x509"
11
"io"
12
"strings"
13
"sync"
14
"time"
8
"crypto"
9
"crypto/rand"
10
"crypto/x509"
11
"io"
12
"strings"
13
"sync"
14
"time"
15
15
)
16
16
17
17
const (
18
maxPlaintext = 16384 // maximum plaintext payload length
19
maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
20
recordHeaderLen = 5 // record header length
21
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
22
23
versionSSL30 = 0x0300
24
versionTLS10 = 0x0301
25
26
minVersion = versionSSL30
27
maxVersion = versionTLS10
18
maxPlaintext = 16384 // maximum plaintext payload length
19
maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
20
recordHeaderLen = 5 // record header length
21
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
22
23
versionSSL30 = 0x0300
24
versionTLS10 = 0x0301
25
26
minVersion = versionSSL30
27
maxVersion = versionTLS10
28
28
)
29
29
30
30
// TLS record types.
31
31
type recordType uint8
32
32
33
33
const (
34
recordTypeChangeCipherSpec recordType = 20
35
recordTypeAlert recordType = 21
36
recordTypeHandshake recordType = 22
37
recordTypeApplicationData recordType = 23
34
recordTypeChangeCipherSpec recordType = 20
35
recordTypeAlert recordType = 21
36
recordTypeHandshake recordType = 22
37
recordTypeApplicationData recordType = 23
38
38
)
39
39
40
40
// TLS handshake message types.
41
41
const (
42
typeHelloRequest uint8 = 0
43
typeClientHello uint8 = 1
44
typeServerHello uint8 = 2
45
typeCertificate uint8 = 11
46
typeServerKeyExchange uint8 = 12
47
typeCertificateRequest uint8 = 13
48
typeServerHelloDone uint8 = 14
49
typeCertificateVerify uint8 = 15
50
typeClientKeyExchange uint8 = 16
51
typeFinished uint8 = 20
52
typeCertificateStatus uint8 = 22
53
typeNextProtocol uint8 = 67 // Not IANA assigned
42
typeHelloRequest uint8 = 0
43
typeClientHello uint8 = 1
44
typeServerHello uint8 = 2
45
typeCertificate uint8 = 11
46
typeServerKeyExchange uint8 = 12
47
typeCertificateRequest uint8 = 13
48
typeServerHelloDone uint8 = 14
49
typeCertificateVerify uint8 = 15
50
typeClientKeyExchange uint8 = 16
51
typeFinished uint8 = 20
52
typeCertificateStatus uint8 = 22
53
typeNextProtocol uint8 = 67 // Not IANA assigned
54
54
)
55
55
56
56
// TLS compression types.
57
57
const (
58
compressionNone uint8 = 0
58
compressionNone uint8 = 0
59
59
)
60
60
61
61
// TLS extension numbers
62
62
var (
63
extensionServerName uint16 = 0
64
extensionStatusRequest uint16 = 5
65
extensionSupportedCurves uint16 = 10
66
extensionSupportedPoints uint16 = 11
67
extensionNextProtoNeg uint16 = 13172 // not IANA assigned
63
extensionServerName uint16 = 0
64
extensionStatusRequest uint16 = 5
65
extensionSupportedCurves uint16 = 10
66
extensionSupportedPoints uint16 = 11
67
extensionNextProtoNeg uint16 = 13172 // not IANA assigned
68
68
)
69
69
70
70
// TLS Elliptic Curves
71
71
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
72
72
var (
73
curveP256 uint16 = 23
74
curveP384 uint16 = 24
75
curveP521 uint16 = 25
73
curveP256 uint16 = 23
74
curveP384 uint16 = 24
75
curveP521 uint16 = 25
76
76
)
77
77
78
78
// TLS Elliptic Curve Point Formats
79
79
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
80
80
var (
81
pointFormatUncompressed uint8 = 0
81
pointFormatUncompressed uint8 = 0
82
82
)
83
83
84
84
// TLS CertificateStatusType (RFC 3546)
85
85
const (
86
statusTypeOCSP uint8 = 1
86
statusTypeOCSP uint8 = 1
87
87
)
88
88
89
89
// Certificate types (for certificateRequestMsg)
90
90
const (
91
certTypeRSASign = 1 // A certificate containing an RSA key
92
certTypeDSSSign = 2 // A certificate containing a DSA key
93
certTypeRSAFixedDH = 3 // A certificate containing a static DH key
94
certTypeDSSFixedDH = 4 // A certificate containing a static DH key
95
// Rest of these are reserved by the TLS spec
91
certTypeRSASign = 1 // A certificate containing an RSA key
92
certTypeDSSSign = 2 // A certificate containing a DSA key
93
certTypeRSAFixedDH = 3 // A certificate containing a static DH key
94
certTypeDSSFixedDH = 4 // A certificate containing a static DH key
95
// Rest of these are reserved by the TLS spec
96
96
)
97
97
98
98
// ConnectionState records basic TLS details about the connection.
99
99
type ConnectionState struct {
100
HandshakeComplete bool
101
CipherSuite uint16
102
NegotiatedProtocol string
103
NegotiatedProtocolIsMutual bool
104
105
// ServerName contains the server name indicated by the client, if any.
106
// (Only valid for server connections.)
107
ServerName string
108
109
// the certificate chain that was presented by the other side
110
PeerCertificates []*x509.Certificate
111
// the verified certificate chains built from PeerCertificates.
112
VerifiedChains [][]*x509.Certificate
100
HandshakeComplete bool
101
CipherSuite uint16
102
NegotiatedProtocol string
103
NegotiatedProtocolIsMutual bool
104
105
// ServerName contains the server name indicated by the client, if any.
106
// (Only valid for server connections.)
107
ServerName string
108
109
// the certificate chain that was presented by the other side
110
PeerCertificates []*x509.Certificate
111
// the verified certificate chains built from PeerCertificates.
112
VerifiedChains [][]*x509.Certificate
113
113
}
114
114
115
115
// ClientAuthType declares the policy the server will follow for
117
117
type ClientAuthType int
118
118
119
119
const (
120
NoClientCert ClientAuthType = iota
121
RequestClientCert
122
RequireAnyClientCert
123
VerifyClientCertIfGiven
124
RequireAndVerifyClientCert
120
NoClientCert ClientAuthType = iota
121
RequestClientCert
122
RequireAnyClientCert
123
VerifyClientCertIfGiven
124
RequireAndVerifyClientCert
125
125
)
126
126
127
127
// A Config structure is used to configure a TLS client or server. After one
128
128
// has been passed to a TLS function it must not be modified.
129
129
type Config struct {
130
// Rand provides the source of entropy for nonces and RSA blinding.
131
// If Rand is nil, TLS uses the cryptographic random reader in package
132
// crypto/rand.
133
Rand io.Reader
134
135
// Time returns the current time as the number of seconds since the epoch.
136
// If Time is nil, TLS uses time.Now.
137
Time func() time.Time
138
139
// Certificates contains one or more certificate chains
140
// to present to the other side of the connection.
141
// Server configurations must include at least one certificate.
142
Certificates []Certificate
143
144
// NameToCertificate maps from a certificate name to an element of
145
// Certificates. Note that a certificate name can be of the form
146
// '*.example.com' and so doesn't have to be a domain name as such.
147
// See Config.BuildNameToCertificate
148
// The nil value causes the first element of Certificates to be used
149
// for all connections.
150
NameToCertificate map[string]*Certificate
151
152
// RootCAs defines the set of root certificate authorities
153
// that clients use when verifying server certificates.
154
// If RootCAs is nil, TLS uses the host's root CA set.
155
RootCAs *x509.CertPool
156
157
// NextProtos is a list of supported, application level protocols.
158
NextProtos []string
159
160
// ServerName is included in the client's handshake to support virtual
161
// hosting.
162
ServerName string
163
164
// ClientAuth determines the server's policy for
165
// TLS Client Authentication. The default is NoClientCert.
166
ClientAuth ClientAuthType
167
168
// ClientCAs defines the set of root certificate authorities
169
// that servers use if required to verify a client certificate
170
// by the policy in ClientAuth.
171
ClientCAs *x509.CertPool
172
173
// InsecureSkipVerify controls whether a client verifies the
174
// server's certificate chain and host name.
175
// If InsecureSkipVerify is true, TLS accepts any certificate
176
// presented by the server and any host name in that certificate.
177
// In this mode, TLS is susceptible to man-in-the-middle attacks.
178
// This should be used only for testing.
179
InsecureSkipVerify bool
180
181
// CipherSuites is a list of supported cipher suites. If CipherSuites
182
// is nil, TLS uses a list of suites supported by the implementation.
183
CipherSuites []uint16
130
// Rand provides the source of entropy for nonces and RSA blinding.
131
// If Rand is nil, TLS uses the cryptographic random reader in package
132
// crypto/rand.
133
Rand io.Reader
134
135
// Time returns the current time as the number of seconds since the epoch.
136
// If Time is nil, TLS uses time.Now.
137
Time func() time.Time
138
139
// Certificates contains one or more certificate chains
140
// to present to the other side of the connection.
141
// Server configurations must include at least one certificate.
142
Certificates []Certificate
143
144
// NameToCertificate maps from a certificate name to an element of
145
// Certificates. Note that a certificate name can be of the form
146
// '*.example.com' and so doesn't have to be a domain name as such.
147
// See Config.BuildNameToCertificate
148
// The nil value causes the first element of Certificates to be used
149
// for all connections.
150
NameToCertificate map[string]*Certificate
151
152
// RootCAs defines the set of root certificate authorities
153
// that clients use when verifying server certificates.
154
// If RootCAs is nil, TLS uses the host's root CA set.
155
RootCAs *x509.CertPool
156
157
// NextProtos is a list of supported, application level protocols.
158
NextProtos []string
159
160
// ServerName is included in the client's handshake to support virtual
161
// hosting.
162
ServerName string
163
164
// ClientAuth determines the server's policy for
165
// TLS Client Authentication. The default is NoClientCert.
166
ClientAuth ClientAuthType
167
168
// ClientCAs defines the set of root certificate authorities
169
// that servers use if required to verify a client certificate
170
// by the policy in ClientAuth.
171
ClientCAs *x509.CertPool
172
173
// InsecureSkipVerify controls whether a client verifies the
174
// server's certificate chain and host name.
175
// If InsecureSkipVerify is true, TLS accepts any certificate
176
// presented by the server and any host name in that certificate.
177
// In this mode, TLS is susceptible to man-in-the-middle attacks.
178
// This should be used only for testing.
179
InsecureSkipVerify bool
180
181
// CipherSuites is a list of supported cipher suites. If CipherSuites
182
// is nil, TLS uses a list of suites supported by the implementation.
183
CipherSuites []uint16
184
184
}
185
185
186
186
func (c *Config) rand() io.Reader {
187
r := c.Rand
188
if r == nil {
189
return rand.Reader
190
}
191
return r
187
r := c.Rand
188
if r == nil {
189
return rand.Reader
190
}
191
return r
192
192
}
193
193
194
194
func (c *Config) time() time.Time {
195
t := c.Time
196
if t == nil {
197
t = time.Now
198
}
199
return t()
195
t := c.Time
196
if t == nil {
197
t = time.Now
198
}
199
return t()
200
200
}
201
201
202
202
func (c *Config) cipherSuites() []uint16 {
203
s := c.CipherSuites
204
if s == nil {
205
s = defaultCipherSuites()
206
}
207
return s
203
s := c.CipherSuites
204
if s == nil {
205
s = defaultCipherSuites()
206
}
207
return s
208
208
}
209
209
210
210
// getCertificateForName returns the best certificate for the given name,
211
211
// defaulting to the first element of c.Certificates if there are no good
212
212
// options.
213
213
func (c *Config) getCertificateForName(name string) *Certificate {
214
if len(c.Certificates) == 1 || c.NameToCertificate == nil {
215
// There's only one choice, so no point doing any work.
216
return &c.Certificates[0]
217
}
218
219
name = strings.ToLower(name)
220
for len(name) > 0 && name[len(name)-1] == '.' {
221
name = name[:len(name)-1]
222
}
223
224
if cert, ok := c.NameToCertificate[name]; ok {
225
return cert
226
}
227
228
// try replacing labels in the name with wildcards until we get a
229
// match.
230
labels := strings.Split(name, ".")
231
for i := range labels {
232
labels[i] = "*"
233
candidate := strings.Join(labels, ".")
234
if cert, ok := c.NameToCertificate[candidate]; ok {
235
return cert
236
}
237
}
238
239
// If nothing matches, return the first certificate.
240
return &c.Certificates[0]
214
if len(c.Certificates) == 1 || c.NameToCertificate == nil {
215
// There's only one choice, so no point doing any work.
216
return &c.Certificates[0]
217
}
218
219
name = strings.ToLower(name)
220
for len(name) > 0 && name[len(name)-1] == '.' {
221
name = name[:len(name)-1]
222
}
223
224
if cert, ok := c.NameToCertificate[name]; ok {
225
return cert
226
}
227
228
// try replacing labels in the name with wildcards until we get a
229
// match.
230
labels := strings.Split(name, ".")
231
for i := range labels {
232
labels[i] = "*"
233
candidate := strings.Join(labels, ".")
234
if cert, ok := c.NameToCertificate[candidate]; ok {
235
return cert
236
}
237
}
238
239
// If nothing matches, return the first certificate.
240
return &c.Certificates[0]
241
241
}
242
242
243
243
// BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate
244
244
// from the CommonName and SubjectAlternateName fields of each of the leaf
245
245
// certificates.
246
246
func (c *Config) BuildNameToCertificate() {
247
c.NameToCertificate = make(map[string]*Certificate)
248
for i := range c.Certificates {
249
cert := &c.Certificates[i]
250
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
251
if err != nil {
252
continue
253
}
254
if len(x509Cert.Subject.CommonName) > 0 {
255
c.NameToCertificate[x509Cert.Subject.CommonName] = cert
256
}
257
for _, san := range x509Cert.DNSNames {
258
c.NameToCertificate[san] = cert
259
}
260
}
247
c.NameToCertificate = make(map[string]*Certificate)
248
for i := range c.Certificates {
249
cert := &c.Certificates[i]
250
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
251
if err != nil {
252
continue
253
}
254
if len(x509Cert.Subject.CommonName) > 0 {
255
c.NameToCertificate[x509Cert.Subject.CommonName] = cert
256
}
257
for _, san := range x509Cert.DNSNames {
258
c.NameToCertificate[san] = cert
259
}
260
}
261
261
}
262
262
263
263
// A Certificate is a chain of one or more certificates, leaf first.
264
264
type Certificate struct {
265
Certificate [][]byte
266
PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey
267
// OCSPStaple contains an optional OCSP response which will be served
268
// to clients that request it.
269
OCSPStaple []byte
270
// Leaf is the parsed form of the leaf certificate, which may be
271
// initialized using x509.ParseCertificate to reduce per-handshake
272
// processing for TLS clients doing client authentication. If nil, the
273
// leaf certificate will be parsed as needed.
274
Leaf *x509.Certificate
265
Certificate [][]byte
266
PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey
267
// OCSPStaple contains an optional OCSP response which will be served
268
// to clients that request it.
269
OCSPStaple []byte
270
// Leaf is the parsed form of the leaf certificate, which may be
271
// initialized using x509.ParseCertificate to reduce per-handshake
272
// processing for TLS clients doing client authentication. If nil, the
273
// leaf certificate will be parsed as needed.
274
Leaf *x509.Certificate
275
275
}
276
276
277
277
// A TLS record.
278
278
type record struct {
279
contentType recordType
280
major, minor uint8
281
payload []byte
279
contentType recordType
280
major, minor uint8
281
payload []byte
282
282
}
283
283
284
284
type handshakeMessage interface {
285
marshal() []byte
286
unmarshal([]byte) bool
285
marshal() []byte
286
unmarshal([]byte) bool
287
287
}
288
288
289
289
// mutualVersion returns the protocol version to use given the advertised
290
290
// version of the peer.
291
291
func mutualVersion(vers uint16) (uint16, bool) {
292
if vers < minVersion {
293
return 0, false
294
}
295
if vers > maxVersion {
296
vers = maxVersion
297
}
298
return vers, true
292
if vers < minVersion {
293
return 0, false
294
}
295
if vers > maxVersion {
296
vers = maxVersion
297
}
298
return vers, true
299
299
}
300
300
301
301
var emptyConfig Config
302
302
303
303
func defaultConfig() *Config {
304
return &emptyConfig
304
return &emptyConfig
305
305
}
306
306
307
307
var (
308
once sync.Once
309
varDefaultCipherSuites []uint16
308
once sync.Once
309
varDefaultCipherSuites []uint16
310
310
)
311
311
312
312
func defaultCipherSuites() []uint16 {
313
once.Do(initDefaultCipherSuites)
314
return varDefaultCipherSuites
313
once.Do(initDefaultCipherSuites)
314
return varDefaultCipherSuites
315
315
}
316
316
317
317
func initDefaultCipherSuites() {
318
varDefaultCipherSuites = make([]uint16, len(cipherSuites))
319
for i, suite := range cipherSuites {
320
varDefaultCipherSuites[i] = suite.id
321
}
318
varDefaultCipherSuites = make([]uint16, len(cipherSuites))
319
for i, suite := range cipherSuites {
320
varDefaultCipherSuites[i] = suite.id
321
}
322
322
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1