diff --git a/_dev/Makefile b/_dev/Makefile index f5e0a84..9d6be5f 100644 --- a/_dev/Makefile +++ b/_dev/Makefile @@ -79,7 +79,7 @@ endif build-test-%: $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH) $(DOCKER) build $(BUILDARG) -t tls-tris:$* $(DEV_DIR)/$* - $(DOCKER) build $(BUILDARG) -t $(*)-localserver $(DEV_DIR)/$* + $(DOCKER) build GOARCH=arm64 $(BUILDARG) -t $(*)-localserver $(DEV_DIR)/$* build-all: \ build-test-tris-client \ diff --git a/_dev/patches/88253a956a753213617d95af3f42a23a78798473.patch b/_dev/patches/88253a956a753213617d95af3f42a23a78798473.patch deleted file mode 100644 index 582be1e..0000000 --- a/_dev/patches/88253a956a753213617d95af3f42a23a78798473.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 88253a956a753213617d95af3f42a23a78798473 Mon Sep 17 00:00:00 2001 -From: Filippo Valsorda -Date: Mon, 28 Nov 2016 05:24:21 +0000 -Subject: [PATCH] net/http: attach TLSConnContextKey to the request Context - -Change-Id: Ic59c84f992c829dc7da741b128dd6899366fa1d2 ---- - src/net/http/request.go | 4 +++- - src/net/http/server.go | 12 ++++++++++++ - 2 files changed, 15 insertions(+), 1 deletion(-) - -diff --git a/src/net/http/request.go b/src/net/http/request.go -index 13f367c1a8..b2827ff123 100644 ---- a/src/net/http/request.go -+++ b/src/net/http/request.go -@@ -275,7 +275,9 @@ type Request struct { - // was received. This field is not filled in by ReadRequest. - // The HTTP server in this package sets the field for - // TLS-enabled connections before invoking a handler; -- // otherwise it leaves the field nil. -+ // otherwise it leaves the field nil. The value is fixed -+ // at the state of the connection immediately after Handshake, -+ // for an immediate value use TLSConnContextKey. - // This field is ignored by the HTTP client. - TLS *tls.ConnectionState - -diff --git a/src/net/http/server.go b/src/net/http/server.go -index 2fa8ab23d8..b0542cdbc3 100644 ---- a/src/net/http/server.go -+++ b/src/net/http/server.go -@@ -223,6 +223,12 @@ var ( - // the local address the connection arrived on. - // The associated value will be of type net.Addr. - LocalAddrContextKey = &contextKey{"local-addr"} -+ -+ // TLSConnContextKey is a context key. It can be used in -+ // HTTP handlers with context.WithValue to access the -+ // underlying *tls.Conn being served. If the connection -+ // is not TLS, the key is not set. -+ TLSConnContextKey = &contextKey{"tls-conn"} - ) - - // A conn represents the server side of an HTTP connection. -@@ -969,6 +975,9 @@ func (c *conn) readRequest(ctx context.Context) (w *response, err error) { - delete(req.Header, "Host") - - ctx, cancelCtx := context.WithCancel(ctx) -+ if tlsConn, ok := c.rwc.(*tls.Conn); ok { -+ ctx = context.WithValue(ctx, TLSConnContextKey, tlsConn) -+ } - req.ctx = ctx - req.RemoteAddr = c.remoteAddr - req.TLS = c.tlsState -@@ -3161,6 +3170,9 @@ func (h initNPNRequest) ServeHTTP(rw ResponseWriter, req *Request) { - if req.RemoteAddr == "" { - req.RemoteAddr = h.c.RemoteAddr().String() - } -+ if req.ctx != nil && req.ctx.Value(TLSConnContextKey) == nil { -+ req.ctx = context.WithValue(req.ctx, TLSConnContextKey, h.c) -+ } - h.h.ServeHTTP(rw, req) - } - diff --git a/_dev/tris-localserver/server.go b/_dev/tris-localserver/server.go index 4c7733f..1a0051c 100644 --- a/_dev/tris-localserver/server.go +++ b/_dev/tris-localserver/server.go @@ -3,7 +3,6 @@ package main import ( "crypto/tls" "crypto/x509" - "encoding/hex" "errors" "flag" "fmt" @@ -12,6 +11,7 @@ import ( "net/http" "os" "strings" + "syscall" "time" ) @@ -56,7 +56,7 @@ func NewServer() *server { } func enablePQ(s *server, enableDefault bool) { - var pqGroups = []tls.CurveID{tls.HybridSIDHp503Curve25519, tls.HybridSIKEp503Curve25519} + var pqGroups = []tls.CurveID{tls.HybridSIDHp503Curve25519} if enableDefault { var defaultCurvePreferences = []tls.CurveID{tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521} s.TLS.CurvePreferences = append(s.TLS.CurvePreferences, defaultCurvePreferences...) @@ -144,6 +144,18 @@ err: } } +func charsToString(ca []int8) string { + s := make([]byte, len(ca)) + var lens int + for ; lens < len(ca); lens++ { + if ca[lens] == 0 { + break + } + s[lens] = uint8(ca[lens]) + } + return string(s[0:lens]) +} + func main() { s := NewServer() @@ -151,7 +163,7 @@ func main() { arg_addr := flag.String("b", "0.0.0.0:443", "Address:port used for binding") arg_cert := flag.String("cert", "rsa", "Public algorithm to use:\nOptions [rsa, ecdsa, PrivateKeyFile:CertificateChainFile]") arg_zerortt := flag.String("rtt0", "n", `0-RTT, accepts following values [n: None, a: Accept, o: Offer, oa: Offer and Accept]`) - arg_confirm := flag.Bool("rtt0ack", false, "0-RTT confirm") + //arg_confirm := flag.Bool("rtt0ack", false, "0-RTT confirm") arg_clientauth := flag.Bool("cliauth", false, "Performs client authentication (RequireAndVerifyClientCert used)") arg_pq := flag.String("pq", "", "Enable quantum-resistant algorithms [c: Support classical and Quantum-Resistant, q: Enable Quantum-Resistant only]") flag.Parse() @@ -180,39 +192,32 @@ func main() { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { tlsConn := r.Context().Value(http.TLSConnContextKey).(*tls.Conn) + var buf syscall.Utsname - with0RTT := "" - if !tlsConn.ConnectionState().HandshakeConfirmed { - with0RTT = " [0-RTT]" - } - if *arg_confirm || r.URL.Path == "/confirm" { - if err := tlsConn.ConfirmHandshake(); err != nil { - log.Fatal(err) - } - if with0RTT != "" { - with0RTT = " [0-RTT confirmed]" - } - if !tlsConn.ConnectionState().HandshakeConfirmed { - panic("HandshakeConfirmed false after ConfirmHandshake") - } - } - - resumed := "" - if r.TLS.DidResume { - resumed = " [resumed]" - } - - http2 := "" - if r.ProtoMajor == 2 { - http2 = " [HTTP/2]" + err := syscall.Uname(&buf) + if err != nil { + panic("Uname error\n") } - - fmt.Fprintf(w, "

Hello TLS %s%s%s%s _o/\n", tlsVersionToName[r.TLS.Version], resumed, with0RTT, http2) - }) - - http.HandleFunc("/ch", func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/plain") - fmt.Fprintf(w, "Client Hello packet (%d bytes):\n%s", len(r.TLS.ClientHello), hex.Dump(r.TLS.ClientHello)) + node := charsToString(buf.Nodename[:]) + release := charsToString(buf.Release[:]) + version := charsToString(buf.Version[:]) + machine := charsToString(buf.Machine[:]) + sysname := charsToString(buf.Sysname[:]) + _ = tlsConn + fmt.Fprintf(w, "Node\t\t\t\t: %s
Version\t\t\t\t: %s
Release\t\t\t\t: %s
Machine\t\t\t\t: %s
Sysname\t\t\t\t: %s

", node, version, release, machine, sysname)
+		fmt.Fprintf(w, `
+ ▄████▄   ██▀███ ▓██   ██▓ ██▓███  ▄▄▄█████▓ ▒█████
+▒██▀ ▀█  ▓██ ▒ ██▒▒██  ██▒▓██░  ██▒▓  ██▒ ▓▒▒██▒  ██▒
+▒▓█    ▄ ▓██ ░▄█ ▒ ▒██ ██░▓██░ ██▓▒▒ ▓██░ ▒░▒██░  ██▒
+▒▓▓▄ ▄██▒▒██▀▀█▄   ░ ▐██▓░▒██▄█▓▒ ▒░ ▓██▓ ░ ▒██   ██░
+▒ ▓███▀ ░░██▓ ▒██▒ ░ ██▒▓░▒██▒ ░  ░  ▒██▒ ░ ░ ████▓▒░
+░ ░▒ ▒  ░░ ▒▓ ░▒▓░  ██▒▒▒ ▒▓▒░ ░  ░  ▒ ░░   ░ ▒░▒░▒░
+  ░  ▒     ░▒ ░ ▒░▓██ ░▒░ ░▒ ░         ░      ░ ▒ ▒░
+░          ░░   ░ ▒ ▒ ░░  ░░         ░      ░ ░ ░ ▒
+░ ░         ░     ░ ░                           ░ ░
+░                 ░ ░
+`)
+		fmt.Fprintf(w, "
") }) s.start() @@ -298,19 +303,6 @@ UQQgw5lFnKHZ9pk2VlKzgpkmd5fLMOhcHWQbsah9TFOuW5vEhWGHNhGCyGouWTzD mkwlPS8arj/ymUn6t/oiwSOA6GbjQLnTXvoAjdBxnukQlNY6TUDk+lSQw0qfZGIA xZywUgRbLZH8TFUnuEQps35XnWrY8rrXVj9+9h0B4g== -----END CERTIFICATE-----` - ecdsaCert = `-----BEGIN CERTIFICATE----- -MIIBbTCCAROgAwIBAgIQZCsHZcs5ZkzV+zC2E6j5RzAKBggqhkjOPQQDAjASMRAw -DgYDVQQKEwdBY21lIENvMB4XDTE2MDkyNDE3NTE1OFoXDTI2MDkyMjE3NTE1OFow -EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDTO -B3IyzjYfKCp2HWy+P3QHxhdBT4AUGYgwTiSEj5phumPIahFNcOSWptN0UzlZvJdN -MMjVmrFYK/FjF4abkNKjSzBJMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr -BgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAKBggq -hkjOPQQDAgNIADBFAiEAp9W157PM1IadPBc33Cbj7vaFvp+rXs/hSuMCzP8pgV8C -IHCswo1qiC0ZjQmWsBlmz5Zbp9rOorIzBYmGRhRdNs3j ------END CERTIFICATE-----` - ecdsaKey = `-----BEGIN EC PRIVATE KEY----- -MHcCAQEEIFdhO7IW5UIwpB1e2Vunm9QyKvUHWcVwGfLjhpOajuR7oAoGCCqGSM49 -AwEHoUQDQgAENM4HcjLONh8oKnYdbL4/dAfGF0FPgBQZiDBOJISPmmG6Y8hqEU1w -5Jam03RTOVm8l00wyNWasVgr8WMXhpuQ0g== ------END EC PRIVATE KEY-----` + ecdsaCert = `` + ecdsaKey = `` )