2009-11-06 00:43:29 +00:00
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
2013-10-02 17:09:13 +01:00
// Package tls partially implements TLS 1.2, as specified in RFC 5246.
2019-05-12 18:42:15 +01:00
package trs
2009-11-06 00:43:29 +00:00
2016-11-29 20:41:29 +00:00
// BUG(agl): The crypto/tls package only implements some countermeasures
2017-01-16 23:54:45 +00:00
// against Lucky13 attacks on CBC-mode encryption, and only on SHA1
// variants. See http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and
2015-12-08 16:49:17 +00:00
// https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
2009-11-06 00:43:29 +00:00
import (
2012-11-16 08:33:59 +00:00
"crypto"
"crypto/ecdsa"
2010-11-05 13:54:56 +00:00
"crypto/rsa"
"crypto/x509"
"encoding/pem"
2011-11-02 02:04:37 +00:00
"errors"
2015-08-30 18:23:30 +01:00
"fmt"
2010-07-02 18:00:18 +01:00
"io/ioutil"
2009-12-15 23:33:31 +00:00
"net"
2010-11-05 13:54:56 +00:00
"strings"
2014-02-28 14:40:12 +00:00
"time"
2009-11-06 00:43:29 +00:00
)
2010-12-07 21:15:15 +00:00
// Server returns a new TLS server side connection
// using conn as the underlying transport.
2015-08-20 19:26:56 +01:00
// The configuration config must be non-nil and must include
// at least one certificate or else set GetCertificate.
2009-11-21 23:53:03 +00:00
func Server ( conn net . Conn , config * Config ) * Conn {
2010-04-27 06:19:04 +01:00
return & Conn { conn : conn , config : config }
2009-11-21 23:53:03 +00:00
}
2010-12-07 21:15:15 +00:00
// Client returns a new TLS client side connection
// using conn as the underlying transport.
2014-06-03 09:11:17 +01:00
// The config cannot be nil: users must set either ServerName or
2014-02-19 16:17:09 +00:00
// InsecureSkipVerify in the config.
2009-11-21 23:53:03 +00:00
func Client ( conn net . Conn , config * Config ) * Conn {
2010-04-27 06:19:04 +01:00
return & Conn { conn : conn , config : config , isClient : true }
2009-11-21 23:53:03 +00:00
}
2012-02-03 20:08:53 +00:00
// A listener implements a network listener (net.Listener) for TLS connections.
type listener struct {
net . Listener
config * Config
2009-11-06 00:43:29 +00:00
}
2010-12-07 21:15:15 +00:00
// Accept waits for and returns the next incoming TLS connection.
2016-02-28 23:52:49 +00:00
// The returned connection is of type *Conn.
func ( l * listener ) Accept ( ) ( net . Conn , error ) {
c , err := l . Listener . Accept ( )
2009-11-06 00:43:29 +00:00
if err != nil {
2016-02-28 23:52:49 +00:00
return nil , err
2009-11-06 00:43:29 +00:00
}
2016-02-28 23:52:49 +00:00
return Server ( c , l . config ) , nil
2009-11-06 00:43:29 +00:00
}
// NewListener creates a Listener which accepts connections from an inner
// Listener and wraps each connection with Server.
2015-08-20 19:26:56 +01:00
// The configuration config must be non-nil and must include
// at least one certificate or else set GetCertificate.
2012-02-03 20:08:53 +00:00
func NewListener ( inner net . Listener , config * Config ) net . Listener {
l := new ( listener )
l . Listener = inner
2009-12-15 23:33:31 +00:00
l . config = config
2012-02-03 20:08:53 +00:00
return l
2009-11-06 00:43:29 +00:00
}
2010-04-05 22:38:02 +01:00
2010-12-07 21:15:15 +00:00
// Listen creates a TLS listener accepting connections on the
// given network address using net.Listen.
2015-08-20 19:26:56 +01:00
// The configuration config must be non-nil and must include
// at least one certificate or else set GetCertificate.
2012-02-03 20:08:53 +00:00
func Listen ( network , laddr string , config * Config ) ( net . Listener , error ) {
2015-08-20 19:31:15 +01:00
if config == nil || ( len ( config . Certificates ) == 0 && config . GetCertificate == nil ) {
return nil , errors . New ( "tls: neither Certificates nor GetCertificate set in Config" )
2010-04-27 06:19:04 +01:00
}
2010-04-05 22:38:02 +01:00
l , err := net . Listen ( network , laddr )
if err != nil {
return nil , err
}
2010-04-27 06:19:04 +01:00
return NewListener ( l , config ) , nil
2010-04-05 22:38:02 +01:00
}
2014-02-28 14:40:12 +00:00
type timeoutError struct { }
func ( timeoutError ) Error ( ) string { return "tls: DialWithDialer timed out" }
func ( timeoutError ) Timeout ( ) bool { return true }
func ( timeoutError ) Temporary ( ) bool { return true }
// DialWithDialer connects to the given network address using dialer.Dial and
// then initiates a TLS handshake, returning the resulting TLS connection. Any
// timeout or deadline given in the dialer apply to connection and TLS
// handshake as a whole.
//
// DialWithDialer interprets a nil configuration as equivalent to the zero
// configuration; see the documentation of Config for the defaults.
func DialWithDialer ( dialer * net . Dialer , network , addr string , config * Config ) ( * Conn , error ) {
// We want the Timeout and Deadline values from dialer to cover the
// whole process: TCP connection and TLS handshake. This means that we
// also need to start our own timers now.
timeout := dialer . Timeout
if ! dialer . Deadline . IsZero ( ) {
2016-08-30 02:05:18 +01:00
deadlineTimeout := time . Until ( dialer . Deadline )
2014-02-28 14:40:12 +00:00
if timeout == 0 || deadlineTimeout < timeout {
timeout = deadlineTimeout
}
}
var errChannel chan error
if timeout != 0 {
errChannel = make ( chan error , 2 )
time . AfterFunc ( timeout , func ( ) {
errChannel <- timeoutError { }
} )
}
rawConn , err := dialer . Dial ( network , addr )
2010-04-05 22:38:02 +01:00
if err != nil {
return nil , err
}
2010-11-05 13:54:56 +00:00
2014-02-28 14:40:12 +00:00
colonPos := strings . LastIndex ( addr , ":" )
2010-11-05 13:54:56 +00:00
if colonPos == - 1 {
2014-02-28 14:40:12 +00:00
colonPos = len ( addr )
2010-11-05 13:54:56 +00:00
}
2014-02-28 14:40:12 +00:00
hostname := addr [ : colonPos ]
2010-11-05 13:54:56 +00:00
2010-12-07 21:15:15 +00:00
if config == nil {
config = defaultConfig ( )
}
2012-03-07 18:12:35 +00:00
// If no ServerName is set, infer the ServerName
// from the hostname we're connecting to.
if config . ServerName == "" {
2010-12-07 21:15:15 +00:00
// Make a copy to avoid polluting argument or default.
2016-08-30 04:19:01 +01:00
c := config . Clone ( )
2010-12-07 21:15:15 +00:00
c . ServerName = hostname
2016-06-21 15:00:41 +01:00
config = c
2010-12-07 21:15:15 +00:00
}
2014-02-28 14:40:12 +00:00
conn := Client ( rawConn , config )
if timeout == 0 {
err = conn . Handshake ( )
} else {
go func ( ) {
errChannel <- conn . Handshake ( )
} ( )
err = <- errChannel
}
if err != nil {
rawConn . Close ( )
2010-12-07 21:15:15 +00:00
return nil , err
2010-09-20 15:32:08 +01:00
}
2014-02-28 14:40:12 +00:00
2010-12-07 21:15:15 +00:00
return conn , nil
2010-04-05 22:38:02 +01:00
}
2010-07-02 18:00:18 +01:00
2014-02-28 14:40:12 +00:00
// Dial connects to the given network address using net.Dial
// and then initiates a TLS handshake, returning the resulting
// TLS connection.
// Dial interprets a nil configuration as equivalent to
// the zero configuration; see the documentation of Config
// for the defaults.
func Dial ( network , addr string , config * Config ) ( * Conn , error ) {
return DialWithDialer ( new ( net . Dialer ) , network , addr , config )
}
2016-05-16 20:51:52 +01:00
// LoadX509KeyPair reads and parses a public/private key pair from a pair
// of files. The files must contain PEM encoded data. The certificate file
// may contain intermediate certificates following the leaf certificate to
// form a certificate chain. On successful return, Certificate.Leaf will
// be nil because the parsed form of the certificate is not retained.
2015-01-13 19:34:46 +00:00
func LoadX509KeyPair ( certFile , keyFile string ) ( Certificate , error ) {
2010-07-02 18:00:18 +01:00
certPEMBlock , err := ioutil . ReadFile ( certFile )
if err != nil {
2015-01-13 19:34:46 +00:00
return Certificate { } , err
2010-07-02 18:00:18 +01:00
}
2011-04-04 16:32:59 +01:00
keyPEMBlock , err := ioutil . ReadFile ( keyFile )
if err != nil {
2015-01-13 19:34:46 +00:00
return Certificate { } , err
2011-04-04 16:32:59 +01:00
}
return X509KeyPair ( certPEMBlock , keyPEMBlock )
}
2010-07-02 18:00:18 +01:00
2011-04-04 16:32:59 +01:00
// X509KeyPair parses a public/private key pair from a pair of
2016-01-19 16:27:10 +00:00
// PEM encoded data. On successful return, Certificate.Leaf will be nil because
// the parsed form of the certificate is not retained.
2015-01-13 19:34:46 +00:00
func X509KeyPair ( certPEMBlock , keyPEMBlock [ ] byte ) ( Certificate , error ) {
fail := func ( err error ) ( Certificate , error ) { return Certificate { } , err }
2015-08-30 18:23:30 +01:00
var cert Certificate
var skippedBlockTypes [ ] string
2011-02-05 18:54:25 +00:00
for {
2015-08-30 18:23:30 +01:00
var certDERBlock * pem . Block
2011-02-05 18:54:25 +00:00
certDERBlock , certPEMBlock = pem . Decode ( certPEMBlock )
if certDERBlock == nil {
break
}
if certDERBlock . Type == "CERTIFICATE" {
cert . Certificate = append ( cert . Certificate , certDERBlock . Bytes )
2015-08-30 18:23:30 +01:00
} else {
skippedBlockTypes = append ( skippedBlockTypes , certDERBlock . Type )
2011-02-05 18:54:25 +00:00
}
}
if len ( cert . Certificate ) == 0 {
2015-08-30 18:23:30 +01:00
if len ( skippedBlockTypes ) == 0 {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: failed to find any PEM data in certificate input" ) )
2016-03-14 09:35:13 +00:00
}
if len ( skippedBlockTypes ) == 1 && strings . HasSuffix ( skippedBlockTypes [ 0 ] , "PRIVATE KEY" ) {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched" ) )
2015-08-30 18:23:30 +01:00
}
2016-04-12 18:43:44 +01:00
return fail ( fmt . Errorf ( "tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v" , skippedBlockTypes ) )
2010-07-02 18:00:18 +01:00
}
2015-08-30 18:23:30 +01:00
skippedBlockTypes = skippedBlockTypes [ : 0 ]
2012-09-13 16:00:16 +01:00
var keyDERBlock * pem . Block
for {
keyDERBlock , keyPEMBlock = pem . Decode ( keyPEMBlock )
if keyDERBlock == nil {
2015-08-30 18:23:30 +01:00
if len ( skippedBlockTypes ) == 0 {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: failed to find any PEM data in key input" ) )
2016-03-14 09:35:13 +00:00
}
if len ( skippedBlockTypes ) == 1 && skippedBlockTypes [ 0 ] == "CERTIFICATE" {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: found a certificate rather than a key in the PEM for the private key" ) )
2015-08-30 18:23:30 +01:00
}
2016-04-12 18:43:44 +01:00
return fail ( fmt . Errorf ( "tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v" , skippedBlockTypes ) )
2012-09-13 16:00:16 +01:00
}
2012-12-01 19:02:08 +00:00
if keyDERBlock . Type == "PRIVATE KEY" || strings . HasSuffix ( keyDERBlock . Type , " PRIVATE KEY" ) {
2012-09-13 16:00:16 +01:00
break
}
2015-08-30 18:23:30 +01:00
skippedBlockTypes = append ( skippedBlockTypes , keyDERBlock . Type )
2010-07-02 18:00:18 +01:00
}
2018-01-28 22:30:48 +00:00
// We don't need to parse the public key for TLS, but we so do anyway
// to check that it looks sane and matches the private key.
x509Cert , err := x509 . ParseCertificate ( cert . Certificate [ 0 ] )
2012-11-16 08:33:59 +00:00
if err != nil {
2015-01-13 19:34:46 +00:00
return fail ( err )
2010-07-02 18:00:18 +01:00
}
2018-01-28 22:30:48 +00:00
cert . PrivateKey , err = parsePrivateKey ( keyDERBlock . Bytes )
2010-07-02 18:00:18 +01:00
if err != nil {
2015-01-13 19:34:46 +00:00
return fail ( err )
2010-07-02 18:00:18 +01:00
}
2012-11-16 08:33:59 +00:00
switch pub := x509Cert . PublicKey . ( type ) {
case * rsa . PublicKey :
priv , ok := cert . PrivateKey . ( * rsa . PrivateKey )
if ! ok {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: private key type does not match public key type" ) )
2012-11-16 08:33:59 +00:00
}
if pub . N . Cmp ( priv . N ) != 0 {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: private key does not match public key" ) )
2012-11-16 08:33:59 +00:00
}
case * ecdsa . PublicKey :
priv , ok := cert . PrivateKey . ( * ecdsa . PrivateKey )
if ! ok {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: private key type does not match public key type" ) )
2012-11-16 08:33:59 +00:00
}
if pub . X . Cmp ( priv . X ) != 0 || pub . Y . Cmp ( priv . Y ) != 0 {
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: private key does not match public key" ) )
2012-11-16 08:33:59 +00:00
}
default :
2016-04-12 18:43:44 +01:00
return fail ( errors . New ( "tls: unknown public key algorithm" ) )
2010-07-02 18:00:18 +01:00
}
2015-01-13 19:34:46 +00:00
return cert , nil
2010-07-02 18:00:18 +01:00
}
2012-11-16 08:33:59 +00:00
// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
func parsePrivateKey ( der [ ] byte ) ( crypto . PrivateKey , error ) {
if key , err := x509 . ParsePKCS1PrivateKey ( der ) ; err == nil {
return key , nil
}
if key , err := x509 . ParsePKCS8PrivateKey ( der ) ; err == nil {
switch key := key . ( type ) {
case * rsa . PrivateKey , * ecdsa . PrivateKey :
return key , nil
default :
2016-04-12 18:43:44 +01:00
return nil , errors . New ( "tls: found unknown private key type in PKCS#8 wrapping" )
2012-11-16 08:33:59 +00:00
}
}
if key , err := x509 . ParseECPrivateKey ( der ) ; err == nil {
return key , nil
}
2016-04-12 18:43:44 +01:00
return nil , errors . New ( "tls: failed to parse private key" )
2012-11-16 08:33:59 +00:00
}