|
|
@@ -3,7 +3,6 @@ package main |
|
|
|
import ( |
|
|
|
"crypto/tls" |
|
|
|
"crypto/x509" |
|
|
|
"encoding/hex" |
|
|
|
"errors" |
|
|
|
"flag" |
|
|
|
"fmt" |
|
|
@@ -12,6 +11,7 @@ import ( |
|
|
|
"net/http" |
|
|
|
"os" |
|
|
|
"strings" |
|
|
|
"syscall" |
|
|
|
"time" |
|
|
|
) |
|
|
|
|
|
|
@@ -56,7 +56,7 @@ func NewServer() *server { |
|
|
|
} |
|
|
|
|
|
|
|
func enablePQ(s *server, enableDefault bool) { |
|
|
|
var pqGroups = []tls.CurveID{tls.HybridSIDHp503Curve25519, tls.HybridSIKEp503Curve25519} |
|
|
|
var pqGroups = []tls.CurveID{tls.HybridSIDHp503Curve25519} |
|
|
|
if enableDefault { |
|
|
|
var defaultCurvePreferences = []tls.CurveID{tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521} |
|
|
|
s.TLS.CurvePreferences = append(s.TLS.CurvePreferences, defaultCurvePreferences...) |
|
|
@@ -144,6 +144,18 @@ err: |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
func charsToString(ca []int8) string { |
|
|
|
s := make([]byte, len(ca)) |
|
|
|
var lens int |
|
|
|
for ; lens < len(ca); lens++ { |
|
|
|
if ca[lens] == 0 { |
|
|
|
break |
|
|
|
} |
|
|
|
s[lens] = uint8(ca[lens]) |
|
|
|
} |
|
|
|
return string(s[0:lens]) |
|
|
|
} |
|
|
|
|
|
|
|
func main() { |
|
|
|
|
|
|
|
s := NewServer() |
|
|
@@ -151,7 +163,7 @@ func main() { |
|
|
|
arg_addr := flag.String("b", "0.0.0.0:443", "Address:port used for binding") |
|
|
|
arg_cert := flag.String("cert", "rsa", "Public algorithm to use:\nOptions [rsa, ecdsa, PrivateKeyFile:CertificateChainFile]") |
|
|
|
arg_zerortt := flag.String("rtt0", "n", `0-RTT, accepts following values [n: None, a: Accept, o: Offer, oa: Offer and Accept]`) |
|
|
|
arg_confirm := flag.Bool("rtt0ack", false, "0-RTT confirm") |
|
|
|
//arg_confirm := flag.Bool("rtt0ack", false, "0-RTT confirm") |
|
|
|
arg_clientauth := flag.Bool("cliauth", false, "Performs client authentication (RequireAndVerifyClientCert used)") |
|
|
|
arg_pq := flag.String("pq", "", "Enable quantum-resistant algorithms [c: Support classical and Quantum-Resistant, q: Enable Quantum-Resistant only]") |
|
|
|
flag.Parse() |
|
|
@@ -180,39 +192,32 @@ func main() { |
|
|
|
|
|
|
|
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { |
|
|
|
tlsConn := r.Context().Value(http.TLSConnContextKey).(*tls.Conn) |
|
|
|
var buf syscall.Utsname |
|
|
|
|
|
|
|
with0RTT := "" |
|
|
|
if !tlsConn.ConnectionState().HandshakeConfirmed { |
|
|
|
with0RTT = " [0-RTT]" |
|
|
|
} |
|
|
|
if *arg_confirm || r.URL.Path == "/confirm" { |
|
|
|
if err := tlsConn.ConfirmHandshake(); err != nil { |
|
|
|
log.Fatal(err) |
|
|
|
} |
|
|
|
if with0RTT != "" { |
|
|
|
with0RTT = " [0-RTT confirmed]" |
|
|
|
} |
|
|
|
if !tlsConn.ConnectionState().HandshakeConfirmed { |
|
|
|
panic("HandshakeConfirmed false after ConfirmHandshake") |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
resumed := "" |
|
|
|
if r.TLS.DidResume { |
|
|
|
resumed = " [resumed]" |
|
|
|
} |
|
|
|
|
|
|
|
http2 := "" |
|
|
|
if r.ProtoMajor == 2 { |
|
|
|
http2 = " [HTTP/2]" |
|
|
|
err := syscall.Uname(&buf) |
|
|
|
if err != nil { |
|
|
|
panic("Uname error\n") |
|
|
|
} |
|
|
|
|
|
|
|
fmt.Fprintf(w, "<!DOCTYPE html><p>Hello TLS %s%s%s%s _o/\n", tlsVersionToName[r.TLS.Version], resumed, with0RTT, http2) |
|
|
|
}) |
|
|
|
|
|
|
|
http.HandleFunc("/ch", func(w http.ResponseWriter, r *http.Request) { |
|
|
|
w.Header().Set("Content-Type", "text/plain") |
|
|
|
fmt.Fprintf(w, "Client Hello packet (%d bytes):\n%s", len(r.TLS.ClientHello), hex.Dump(r.TLS.ClientHello)) |
|
|
|
node := charsToString(buf.Nodename[:]) |
|
|
|
release := charsToString(buf.Release[:]) |
|
|
|
version := charsToString(buf.Version[:]) |
|
|
|
machine := charsToString(buf.Machine[:]) |
|
|
|
sysname := charsToString(buf.Sysname[:]) |
|
|
|
_ = tlsConn |
|
|
|
fmt.Fprintf(w, "<!DOCTYPE html><body style=\"font-family: courier\">Node\t\t\t\t: %s</br>Version\t\t\t\t: %s</br>Release\t\t\t\t: %s</br>Machine\t\t\t\t: %s</br>Sysname\t\t\t\t: %s</br><pre>", node, version, release, machine, sysname) |
|
|
|
fmt.Fprintf(w, ` |
|
|
|
▄████▄ ██▀███ ▓██ ██▓ ██▓███ ▄▄▄█████▓ ▒█████ |
|
|
|
▒██▀ ▀█ ▓██ ▒ ██▒▒██ ██▒▓██░ ██▒▓ ██▒ ▓▒▒██▒ ██▒ |
|
|
|
▒▓█ ▄ ▓██ ░▄█ ▒ ▒██ ██░▓██░ ██▓▒▒ ▓██░ ▒░▒██░ ██▒ |
|
|
|
▒▓▓▄ ▄██▒▒██▀▀█▄ ░ ▐██▓░▒██▄█▓▒ ▒░ ▓██▓ ░ ▒██ ██░ |
|
|
|
▒ ▓███▀ ░░██▓ ▒██▒ ░ ██▒▓░▒██▒ ░ ░ ▒██▒ ░ ░ ████▓▒░ |
|
|
|
░ ░▒ ▒ ░░ ▒▓ ░▒▓░ ██▒▒▒ ▒▓▒░ ░ ░ ▒ ░░ ░ ▒░▒░▒░ |
|
|
|
░ ▒ ░▒ ░ ▒░▓██ ░▒░ ░▒ ░ ░ ░ ▒ ▒░ |
|
|
|
░ ░░ ░ ▒ ▒ ░░ ░░ ░ ░ ░ ░ ▒ |
|
|
|
░ ░ ░ ░ ░ ░ ░ |
|
|
|
░ ░ ░ |
|
|
|
`) |
|
|
|
fmt.Fprintf(w, "</pre></body></html>") |
|
|
|
}) |
|
|
|
|
|
|
|
s.start() |
|
|
@@ -298,19 +303,6 @@ UQQgw5lFnKHZ9pk2VlKzgpkmd5fLMOhcHWQbsah9TFOuW5vEhWGHNhGCyGouWTzD |
|
|
|
mkwlPS8arj/ymUn6t/oiwSOA6GbjQLnTXvoAjdBxnukQlNY6TUDk+lSQw0qfZGIA |
|
|
|
xZywUgRbLZH8TFUnuEQps35XnWrY8rrXVj9+9h0B4g== |
|
|
|
-----END CERTIFICATE-----` |
|
|
|
ecdsaCert = `-----BEGIN CERTIFICATE----- |
|
|
|
MIIBbTCCAROgAwIBAgIQZCsHZcs5ZkzV+zC2E6j5RzAKBggqhkjOPQQDAjASMRAw |
|
|
|
DgYDVQQKEwdBY21lIENvMB4XDTE2MDkyNDE3NTE1OFoXDTI2MDkyMjE3NTE1OFow |
|
|
|
EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDTO |
|
|
|
B3IyzjYfKCp2HWy+P3QHxhdBT4AUGYgwTiSEj5phumPIahFNcOSWptN0UzlZvJdN |
|
|
|
MMjVmrFYK/FjF4abkNKjSzBJMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr |
|
|
|
BgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAKBggq |
|
|
|
hkjOPQQDAgNIADBFAiEAp9W157PM1IadPBc33Cbj7vaFvp+rXs/hSuMCzP8pgV8C |
|
|
|
IHCswo1qiC0ZjQmWsBlmz5Zbp9rOorIzBYmGRhRdNs3j |
|
|
|
ecdsaKey = `-----BEGIN EC PRIVATE KEY----- |
|
|
|
MHcCAQEEIFdhO7IW5UIwpB1e2Vunm9QyKvUHWcVwGfLjhpOajuR7oAoGCCqGSM49 |
|
|
|
AwEHoUQDQgAENM4HcjLONh8oKnYdbL4/dAfGF0FPgBQZiDBOJISPmmG6Y8hqEU1w |
|
|
|
5Jam03RTOVm8l00wyNWasVgr8WMXhpuQ0g== |
|
|
|
ecdsaCert = `` |
|
|
|
ecdsaKey = `` |
|
|
|
) |