kris/th5: Alternative TLS implementation in Go - th5

Alternative TLS implementation in Go

Kris Kwiatkowski 58c559ba00 fix: mac calculation fails when subsequent packet is shorter Before AEAD encryption data are stored in a buffer. Last possition of this buffer store data type. When subsequent TLS record is shorter than previous, the buffer is shrinked. This causes to remove data type, which results in wrong MAC calculation. Only in case of TLS 1.3.		il y a 6 ans
_dev	tls tris server: allow custom server keypairs (#128)	il y a 6 ans
testdata	crypto/tls: advertise support for SHA-512 signatures in 1.2	il y a 7 ans
.travis.yml	CI: Fail build if code is wrongly formatted	il y a 6 ans
13.go	cleanup: removes Committer interface	il y a 6 ans
README.md	Minimal number of changes needed to udpate to draft-28 (#115)	il y a 6 ans
alert.go	Adds 'certificate required' alert	il y a 6 ans
auth.go	crypto/tls: enable certificate validation on the client	il y a 6 ans
cipher_suites.go	Minimal number of changes needed to udpate to draft-28 (#115)	il y a 6 ans
common.go	removes old draft version indicators (#127)	il y a 6 ans
conn.go	fix: mac calculation fails when subsequent packet is shorter	il y a 6 ans
conn_test.go	crypto/tls: fix first byte test for 255 CBC padding bytes	il y a 7 ans
example_test.go	Minimal number of changes needed to udpate to draft-28 (#115)	il y a 6 ans
generate_cert.go	Remove delegated credential minting from the API	il y a 6 ans
handshake_client.go	Update implementation of draft-ietf-tls-subcerts to draft 02 (#108)	il y a 6 ans
handshake_client_test.go	Applies go fmt to all the code	il y a 6 ans
handshake_messages.go	remove support for generating draft 18-21 ServerHellos (#124)	il y a 6 ans
handshake_messages_test.go	don't generate a key share with Curve ID 0 in the ServerHello tests	il y a 6 ans
handshake_server.go	cleanup: removes Committer interface	il y a 6 ans
handshake_server_test.go	Update client SCT list during TLS 1.3 handshake, fixes #76	il y a 6 ans
handshake_test.go	crypto/tls: advertise support for SHA-512 signatures in 1.2	il y a 7 ans
hkdf.go	crypto/tls: implement TLS 1.3 minimal server	il y a 7 ans
key_agreement.go	Refactor the keyAgreement interface	il y a 6 ans
prf.go	crypto/tls: add RSASSA-PSS support for handshake messages	il y a 6 ans
prf_test.go	crypto/tls: decouple handshake signatures from the handshake hash.	il y a 9 ans
subcerts.go	Cleanup	il y a 6 ans
subcerts_test.go	DC draft-02, last minute change (#121)	il y a 6 ans
ticket.go	tris: update NewSessionTicket for draft -19 and -21	il y a 6 ans
tls.go	crypto/tls: disable CBC cipher suites with SHA-256 by default	il y a 7 ans
tls_test.go	Implement the delegated_credential extension for TLS	il y a 6 ans

README.md

 _____ _     ____        _        _
|_   _| |   / ___|      | |_ _ __(_)___
  | | | |   \___ \ _____| __| '__| / __|
  | | | |___ ___) |_____| |_| |  | \__ \
  |_| |_____|____/       \__|_|  |_|___/

crypto/tls, now with 100% more 1.3.

THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.

Usage

Since crypto/tls is very deeply (and not that elegantly) coupled with the Go stdlib, tls-tris shouldn’t be used as an external package. It is also impossible to vendor it as crypto/tls because stdlib packages would import the standard one and mismatch.

So, to build with tls-tris, you need to use a custom GOROOT.

A script is provided that will take care of it for you: ./_dev/go.sh. Just use that instead of the go tool.

The script also transparently fetches the custom Cloudflare Go 1.10 compiler with the required backports.

Development

Dependencies

Copy paste line bellow to install all required dependencies:

ArchLinux:

pacman -S go docker gcc git make patch python2 python-docker rsync

Debian:

apt-get install build-essential docker go patch python python-pip rsync
pip install setuptools
pip install docker

Ubuntu (18.04) :

apt-get update
apt-get install build-essential docker docker.io golang patch python python-pip rsync sudo
pip install setuptools
pip install docker
sudo usermod -a -G docker $USER

Similar dependencies can be found on any UNIX based system/distribution.

Building

There are number of things that need to be setup before running tests. Most important step is to copy go env GOROOT directory to _dev and swap TLS implementation and recompile GO. Then for testing we use go implementation from _dev/GOROOT.

git clone https://github.com/cloudflare/tls-tris.git
cd tls-tris; cp _dev/utils/pre-commit .git/hooks/ 
make -f _dev/Makefile build-all

Testing

We run 3 kinds of test:.

Unit testing:
make -f _dev/Makefile test-unit
Testing against BoringSSL test suite:
make -f _dev/Makefile test-bogo
Compatibility testing (see below):
make -f _dev/Makefile test-interop

To run all the tests in one go use:

make -f _dev/Makefile test

Testing interoperability with 3rd party libraries

In order to ensure compatibility we are testing our implementation against BoringSSL, NSS and PicoTLS.

Makefile has a specific target for testing interoperability with external libraries. Following command can be used in order to run such test:

make -f _dev/Makefile test-interop

The makefile target is just a wrapper and it executes _dev/interop_test_runner script written in python. The script implements interoperability tests using python unittest framework.

Script can be started from command line directly. For example:

> ./interop_test_runner -v InteropServer_NSS.test_zero_rtt
test_zero_rtt (__main__.InteropServer_NSS) ... ok

----------------------------------------------------------------------
Ran 1 test in 8.765s

OK

Debugging

When the environment variable TLSDEBUG is set to error, Tris will print a hexdump of the Client Hello and a stack trace if an handshake error occurs. If the value is short, only the error and the first meaningful stack frame are printed.