2009-11-03 02:25:20 +00:00
|
|
|
// Copyright 2009 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package tls
|
|
|
|
|
|
|
|
import (
|
2010-04-05 22:38:02 +01:00
|
|
|
"crypto/rand"
|
2009-12-15 23:33:31 +00:00
|
|
|
"crypto/rsa"
|
|
|
|
"io"
|
2010-04-05 22:38:02 +01:00
|
|
|
"io/ioutil"
|
|
|
|
"once"
|
|
|
|
"time"
|
2009-11-03 02:25:20 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2010-04-27 06:19:04 +01:00
|
|
|
maxPlaintext = 16384 // maximum plaintext payload length
|
|
|
|
maxCiphertext = 16384 + 2048 // maximum ciphertext payload length
|
|
|
|
recordHeaderLen = 5 // record header length
|
|
|
|
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
|
2009-11-03 02:25:20 +00:00
|
|
|
|
2010-04-27 06:19:04 +01:00
|
|
|
minVersion = 0x0301 // minimum supported version - TLS 1.0
|
|
|
|
maxVersion = 0x0302 // maximum supported version - TLS 1.1
|
|
|
|
)
|
2009-11-03 02:25:20 +00:00
|
|
|
|
|
|
|
// TLS record types.
|
|
|
|
type recordType uint8
|
|
|
|
|
|
|
|
const (
|
2009-12-15 23:33:31 +00:00
|
|
|
recordTypeChangeCipherSpec recordType = 20
|
|
|
|
recordTypeAlert recordType = 21
|
|
|
|
recordTypeHandshake recordType = 22
|
|
|
|
recordTypeApplicationData recordType = 23
|
2009-11-03 02:25:20 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// TLS handshake message types.
|
|
|
|
const (
|
2009-12-15 23:33:31 +00:00
|
|
|
typeClientHello uint8 = 1
|
|
|
|
typeServerHello uint8 = 2
|
|
|
|
typeCertificate uint8 = 11
|
|
|
|
typeServerHelloDone uint8 = 14
|
|
|
|
typeClientKeyExchange uint8 = 16
|
|
|
|
typeFinished uint8 = 20
|
2009-12-23 19:13:09 +00:00
|
|
|
typeNextProtocol uint8 = 67 // Not IANA assigned
|
2009-11-03 02:25:20 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// TLS cipher suites.
|
|
|
|
var (
|
2009-12-15 23:33:31 +00:00
|
|
|
TLS_RSA_WITH_RC4_128_SHA uint16 = 5
|
2009-11-03 02:25:20 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// TLS compression types.
|
|
|
|
var (
|
2009-12-15 23:33:31 +00:00
|
|
|
compressionNone uint8 = 0
|
2009-11-03 02:25:20 +00:00
|
|
|
)
|
|
|
|
|
2009-12-23 19:13:09 +00:00
|
|
|
// TLS extension numbers
|
|
|
|
var (
|
|
|
|
extensionServerName uint16 = 0
|
|
|
|
extensionNextProtoNeg uint16 = 13172 // not IANA assigned
|
|
|
|
)
|
|
|
|
|
2009-11-03 02:25:20 +00:00
|
|
|
type ConnectionState struct {
|
2009-12-23 19:13:09 +00:00
|
|
|
HandshakeComplete bool
|
|
|
|
CipherSuite string
|
2010-04-27 06:19:04 +01:00
|
|
|
Error alert
|
2009-12-23 19:13:09 +00:00
|
|
|
NegotiatedProtocol string
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// A Config structure is used to configure a TLS client or server. After one
|
|
|
|
// has been passed to a TLS function it must not be modified.
|
|
|
|
type Config struct {
|
|
|
|
// Rand provides the source of entropy for nonces and RSA blinding.
|
2009-12-15 23:33:31 +00:00
|
|
|
Rand io.Reader
|
2009-11-03 02:25:20 +00:00
|
|
|
// Time returns the current time as the number of seconds since the epoch.
|
2009-12-15 23:33:31 +00:00
|
|
|
Time func() int64
|
|
|
|
Certificates []Certificate
|
|
|
|
RootCAs *CASet
|
2009-12-23 19:13:09 +00:00
|
|
|
// NextProtos is a list of supported, application level protocols.
|
|
|
|
// Currently only server-side handling is supported.
|
|
|
|
NextProtos []string
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type Certificate struct {
|
2009-12-15 23:33:31 +00:00
|
|
|
Certificate [][]byte
|
|
|
|
PrivateKey *rsa.PrivateKey
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// A TLS record.
|
|
|
|
type record struct {
|
2009-12-15 23:33:31 +00:00
|
|
|
contentType recordType
|
|
|
|
major, minor uint8
|
|
|
|
payload []byte
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type handshakeMessage interface {
|
2009-12-15 23:33:31 +00:00
|
|
|
marshal() []byte
|
2010-04-27 06:19:04 +01:00
|
|
|
unmarshal([]byte) bool
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type encryptor interface {
|
|
|
|
// XORKeyStream xors the contents of the slice with bytes from the key stream.
|
2009-12-15 23:33:31 +00:00
|
|
|
XORKeyStream(buf []byte)
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mutualVersion returns the protocol version to use given the advertised
|
|
|
|
// version of the peer.
|
2010-04-27 06:19:04 +01:00
|
|
|
func mutualVersion(vers uint16) (uint16, bool) {
|
|
|
|
if vers < minVersion {
|
|
|
|
return 0, false
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
2010-04-27 06:19:04 +01:00
|
|
|
if vers > maxVersion {
|
|
|
|
vers = maxVersion
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
2010-04-27 06:19:04 +01:00
|
|
|
return vers, true
|
2009-11-03 02:25:20 +00:00
|
|
|
}
|
|
|
|
|
2010-04-05 22:38:02 +01:00
|
|
|
// The defaultConfig is used in place of a nil *Config in the TLS server and client.
|
|
|
|
var varDefaultConfig *Config
|
|
|
|
|
|
|
|
func defaultConfig() *Config {
|
|
|
|
once.Do(initDefaultConfig)
|
|
|
|
return varDefaultConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
// Possible certificate files; stop after finding one.
|
|
|
|
// On OS X we should really be using the Directory Services keychain
|
|
|
|
// but that requires a lot of Mach goo to get at. Instead we use
|
|
|
|
// the same root set that curl uses.
|
|
|
|
var certFiles = []string{
|
|
|
|
"/etc/ssl/certs/ca-certificates.crt", // Linux etc
|
|
|
|
"/usr/share/curl/curl-ca-bundle.crt", // OS X
|
|
|
|
}
|
|
|
|
|
|
|
|
func initDefaultConfig() {
|
|
|
|
roots := NewCASet()
|
|
|
|
for _, file := range certFiles {
|
|
|
|
data, err := ioutil.ReadFile(file)
|
|
|
|
if err == nil {
|
|
|
|
roots.SetFromPEM(data)
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
varDefaultConfig = &Config{
|
|
|
|
Rand: rand.Reader,
|
|
|
|
Time: time.Seconds,
|
|
|
|
RootCAs: roots,
|
|
|
|
}
|
|
|
|
}
|