kris
/
tls-tris
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
493 Cometimentos
4 Ramos
2.5 MiB
 
 
 
 
 
 
Árvore: f41d1032d9
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de 'f41d1032d9'
${ noResults }
tls-tris/_dev/tris-testclient/client.go

230 linhas
9.0 KiB
Em bruto Responsabilidade Histórico 

  1. package main

  2. 

  3. import (

  4. 	"crypto/tls"

  5. 	"crypto/x509"

  6. 	"flag"

  7. 	"fmt"

  8. 	"io"

  9. 	"log"

  10. 	"os"

  11. 	"strings"

  12. )

  13. 

  14. var tlsVersionToName = map[uint16]string{

  15. 	tls.VersionTLS10:        "1.0",

  16. 	tls.VersionTLS11:        "1.1",

  17. 	tls.VersionTLS12:        "1.2",

  18. 	tls.VersionTLS13:        "1.3",

  19. 	tls.VersionTLS13Draft18: "1.3 (draft 18)",

  20. }

  21. 

  22. var cipherSuiteIdToName = map[uint16]string{

  23. 	tls.TLS_RSA_WITH_AES_128_CBC_SHA:            "TLS_RSA_WITH_AES_128_CBC_SHA",

  24. 	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",

  25. 	tls.TLS_AES_128_GCM_SHA256:                  "TLS_AES_128_GCM_SHA256",

  26. 	tls.TLS_AES_256_GCM_SHA384:                  "TLS_AES_256_GCM_SHA384",

  27. 	tls.TLS_CHACHA20_POLY1305_SHA256:            "TLS_CHACHA20_POLY1305_SHA256",

  28. }

  29. 

  30. type Client struct {

  31. 	KeyLogWriter 	io.Writer

  32. 	failed       	uint

  33. 	client_cert     tls.Certificate

  34. 	client_certpool *x509.CertPool

  35. }

  36. 

  37. func (c *Client) run(addr string, version, cipherSuite uint16) {

  38. 	fmt.Printf("TLS %s with %s\n", tlsVersionToName[version], cipherSuiteIdToName[cipherSuite])

  39. 	tls_config := &tls.Config{

  40. 		InsecureSkipVerify: true,

  41. 		MinVersion:         version,

  42. 		MaxVersion:         version,

  43. 		CipherSuites:       []uint16{cipherSuite},

  44. 		KeyLogWriter:       c.KeyLogWriter,

  45. 		Certificates:       []tls.Certificate{c.client_cert},

  46. 		RootCAs:            c.client_certpool,

  47. 	}

  48. 	con, err := tls.Dial("tcp", addr, tls_config)

  49. 	if err != nil {

  50. 		fmt.Printf("handshake failed: %v\n\n", err)

  51. 		c.failed++

  52. 		return

  53. 	}

  54. 	defer con.Close()

  55. 

  56. 	_, err = con.Write([]byte("GET / HTTP/1.1\r\nHost: localhost\r\n\r\n"))

  57. 	if err != nil {

  58. 		fmt.Printf("Write failed: %v\n\n", err)

  59. 		c.failed++

  60. 		return

  61. 	}

  62. 

  63. 	buf := make([]byte, 1024)

  64. 	n, err := con.Read(buf)

  65. 	// A non-zero read with EOF is acceptable and occurs when a close_notify

  66. 	// is received right after reading data (observed with NSS selfserv).

  67. 	if !(n > 0 && err == io.EOF) && err != nil {

  68. 		fmt.Printf("Read failed: %v\n\n", err)

  69. 		c.failed++

  70. 		return

  71. 	}

  72. 	fmt.Printf("Read %d bytes\n", n)

  73. 

  74. 	fmt.Println("OK\n")

  75. }

  76. 

  77. func main() {

  78. 	var keylog_file string

  79. 	var enable_rsa, enable_ecdsa, client_auth bool

  80. 

  81. 	flag.StringVar(&keylog_file, "keylogfile", "", "Secrets will be logged here")

  82. 	flag.BoolVar(&enable_rsa, "rsa", true, "Whether to enable RSA cipher suites")

  83. 	flag.BoolVar(&enable_ecdsa, "ecdsa", true, "Whether to enable ECDSA cipher suites")

  84. 	flag.BoolVar(&client_auth, "cliauth", false, "Whether to enable client authentication")

  85. 	flag.Parse()

  86. 	if flag.NArg() != 1 {

  87. 		flag.Usage()

  88. 		os.Exit(1)

  89. 	}

  90. 	addr := flag.Arg(0)

  91. 	if !strings.Contains(addr, ":") {

  92. 		addr += ":443"

  93. 	}

  94. 

  95. 	client := Client{}

  96. 	if keylog_file == "" {

  97. 		keylog_file = os.Getenv("SSLKEYLOGFILE")

  98. 	}

  99. 	if keylog_file != "" {

  100. 		keylog_writer, err := os.OpenFile(keylog_file, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)

  101. 		if err != nil {

  102. 			log.Fatalf("Cannot open keylog file: %v", err)

  103. 		}

  104. 		client.KeyLogWriter = keylog_writer

  105. 		log.Println("Enabled keylog")

  106. 	}

  107. 

  108. 	if client_auth {

  109. 		var err error

  110. 		client.client_cert, err = tls.X509KeyPair([]byte(client_crt), []byte(client_key))

  111. 		if err != nil {

  112. 			panic("Can't load client certificate")

  113. 		}

  114. 

  115. 		client.client_certpool = x509.NewCertPool()

  116. 		if !client.client_certpool.AppendCertsFromPEM([]byte(client_ca)) {

  117. 			panic("Can't load client CA cert")

  118. 		}

  119. 	}

  120. 

  121. 	if enable_rsa {

  122. 		// Sanity check: TLS 1.2 with the mandatory cipher suite from RFC 5246

  123. 		client.run(addr, tls.VersionTLS12, tls.TLS_RSA_WITH_AES_128_CBC_SHA)

  124. 	}

  125. 	if enable_ecdsa {

  126. 		// Sane cipher suite for TLS 1.2 with an ECDSA cert (as used by boringssl)

  127. 		client.run(addr, tls.VersionTLS12, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)

  128. 	}

  129. 

  130. 

  131. 	client.run(addr, tls.VersionTLS13, tls.TLS_CHACHA20_POLY1305_SHA256)

  132. 	client.run(addr, tls.VersionTLS13, tls.TLS_AES_128_GCM_SHA256)

  133. 	client.run(addr, tls.VersionTLS13, tls.TLS_AES_256_GCM_SHA384)

  134. 

  135. 	// TODO test other kex methods besides X25519, like MTI secp256r1

  136. 	// TODO limit supported groups?

  137. 

  138. 	if client.failed > 0 {

  139. 		log.Fatalf("Failed handshakes: %d\n", client.failed)

  140. 	} else {

  141. 		fmt.Println("All handshakes passed")

  142. 	}

  143. }

  144. 

  145. const (

  146. 	client_ca = `-----BEGIN CERTIFICATE-----

  147. MIIFYDCCA0igAwIBAgIJAPpBgIvtQb1EMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV

  148. BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX

  149. aWRnaXRzIFB0eSBMdGQwHhcNMTgwMjEzMjAxNjA3WhcNMTkwMjEzMjAxNjA3WjBF

  150. MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50

  151. ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC

  152. CgKCAgEAr4xgdmB4DaEh8zRFmg/1ZxYhQZMUP0iQX/Y8nDWxNlcd42p3TgpY1biz

  153. jrq58ln9Om4U/GAn2RmtBAynSBXIlR5oVa44JeMM8Ka8R/dMKyHpF0Nj2EJB9unb

  154. TC33PfzOlnKQxATwevnnhI6tGluWmwvxXUi7WnX0di+nQg9HrIVom3KrmRr2/41y

  155. g497ccYUuNnKE6sewGdGzw045oWZpMDA2Us+MFo1IywOurjaM9bueRhPTcIiQ8RE

  156. h7qb+FRwfxaj9ynZA2PCM7WMSSWCiZJV0uj/pshYF2lvtJcJef4dhwnsYBpc+mgx

  157. 2q9qcUBeo3ZHbi1/PRqjwSmcW3yY5cQRbpYp6xFmgmX3oHQkVXS0UlpNVZ+morcS

  158. HEpaK8b76fCFcL5yFsAJkPPfny1IKU+CfaVq60dM/mxbEW6J4mZT/uAiqrCilMC+

  159. FyiATCZur8Ks7p47eZy700DllLod7gWTiuZTgHeQFVoX+jxbCZKlFn5Xspu8ALoK

  160. Mla/q83mICRVy3+eMUsD7DNvoWYpCAYy/oMk0VWfrQ48JkCGbBW2PW/dU2nmqVhY

  161. /11rurkr+1TUvYodnajANtXvUjW1DPOLb4dES4Qc4b7Fw8eFXrARhl5mXiL5HFKR

  162. /VnRshiJ+QwTVkxl+KkZHEm/WS8QD+Zd8leAxh9MCoaU/XrBUBkCAwEAAaNTMFEw

  163. HQYDVR0OBBYEFKUinuD1xRvcNd2Wti/PnBJp7On1MB8GA1UdIwQYMBaAFKUinuD1

  164. xRvcNd2Wti/PnBJp7On1MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD

  165. ggIBAJdJrNBftqkTs2HyuJ3x5RIsTxYh85hJYwNOdFLyzVG6HER9jRCnvmNTjG0O

  166. I5wz5hQvDpwXs4BCCXHQZrTLAi3BEjq3AjrmR/XeGHulbWh3eh8LVu7MiLRgt+Ys

  167. GnL2IaERrbkje24nCCMNPbI3fGDQEhTIYmmX8RJp+5BOJgCycKk6pFgfrjJv2C+d

  168. 78pcjlYII6M4vPnr/a08M49Bq6b5ADvIfe5G2KrUvD/+vwoAwv6d/daymHCQ2rY5

  169. kmdVk9VUp3Q4uKoeej4ENJSAUNTV7oTu346oc7q9sJffB5OltqbrE7ichak7lL+v

  170. EjArZHElAhKNFXRZViCMvGDs+7JztqbsfT8Xb6Z27e+WyudB2bOUGm3hKuTIl06D

  171. bA7yUskwEhmkd1CJqO5RLEJjKitOqe6Ye0/GsmPQNDK8GvyXTyGQK5OqBuzEexF0

  172. mlPoIhpSVH3K9SkRTTHvvcbdYlaQLi6gKq2uhbk4PnS2nfBtXqYIy9mxcgBJzLiB

  173. /ydfLcf3GClwgvO1JHp6qAl4CO7oe8jqHpoGuznwi1aqkTyNkQWh0OXq3MS+dyqB

  174. 2yXFCFIeKCx18TE1OtuTD3ppBDjpyd0o/a6kYR3FDmdks/J33bGwLsLH3lbN6VjF

  175. PNfNkaE1tfkpSGYsuT1DPxX8aAT4JLUfZ1Si6iO+E0Sj9LXA

  176. -----END CERTIFICATE-----`

  177. 	client_crt = `-----BEGIN CERTIFICATE-----

  178. MIID/jCCAeYCAQEwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV

  179. BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0

  180. ZDAeFw0xODAyMTMyMDU0MjZaFw0xOTAyMTMyMDU0MjZaMEUxCzAJBgNVBAYTAkFV

  181. MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz

  182. IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD1li7/35Q

  183. C/T6FACSbsd0WlImu42i6w96wfngAfEgbz5Ip+IA2rJ8G5LNHTYYCpr9LlmhY6zm

  184. soHgAkff6XwUnZaetX01UmGP4CD4D3UumkR1uKY4bCSNImm53SZgelOznpsqAWKE

  185. zosMrDcOAJKJSN411KwVzWysfRCPyxvmLETzU9KHFCJ1oY3t1HzYIAqpHv9sMSst

  186. dNHW3X7bWEAVKCQMKO+rWe/wAhE4iTVdlRi02oRoRWSVj41+nk6jI8KJNq70stHc

  187. QSST0A7SUacPYKJWqJRhP1pZ6k4G3ZVE8332az7jvcN1uGGjERZoUbZxGB+mbMCC

  188. GJwnwnNiI6/hAgMBAAEwDQYJKoZIhvcNAQELBQADggIBADNr6QMl57CdHEzNwc2M

  189. CSZsuOLakp8YiovVDOXJ/p/lykUIIcR1rI1iNfb8oOFTZmrndGZVAh76EExdMHYG

  190. m+4Vr2+z/73AZwvhhnLhftOKFFwkdjCfXouPlkc/zmhOORakIFGlLZFkuZRY6k2D

  191. Q8uIt7E5uXSVl11A1LxN5X8lhK2G4lxJZuj1AqEFj9QD44Qy+MdgX38lzGCEXd8c

  192. Y5K8zLJGbgXgYaFxqd0bImfjgjj82+Mui0OTV5PcRlczJX08ygKjcoAMVyvPHu72

  193. 3zzxvoNcqUrvbptVvg9c7FSOpK95YZOe1LiyqZCwNJQl4fPRE++XQ4zDNdyiAp76

  194. a6BQg/M8gOpV/VBMTsNDr/yP/7eBqkfvU7jLfz7wKMDdcjeZnKom42f+/XOLEo6E

  195. hyDuHGdQh10bZD/Ukcs69+pA3ioic1A8pQzAElH3IuDBsMJg30x8tACLKNcUY8BE

  196. 2eJgrCxWcvq88DeAT03W9AVpFZA8ZQUR3SHCquMBFogsmUDDMN+CoC0u5dBwHP+O

  197. 9rmWOXn8gp/zBCKGwemgVV5vSNzJs7z3aoqIiAABl56LBaXxjKzRmXoB/SyUW5zl

  198. 1zy4SQTE6SJYqqU6h2yRdT8n0oWN3AMy0VxbJTRq32kdYJVQK9cLKVqpxtCCtPnN

  199. 3lV+HDsj7k+AJjHiu1F4O+sp

  200. -----END CERTIFICATE-----`

  201. 	client_key = `-----BEGIN RSA PRIVATE KEY-----

  202. MIIEpAIBAAKCAQEAw9ZYu/9+UAv0+hQAkm7HdFpSJruNousPesH54AHxIG8+SKfi

  203. ANqyfBuSzR02GAqa/S5ZoWOs5rKB4AJH3+l8FJ2WnrV9NVJhj+Ag+A91LppEdbim

  204. OGwkjSJpud0mYHpTs56bKgFihM6LDKw3DgCSiUjeNdSsFc1srH0Qj8sb5ixE81PS

  205. hxQidaGN7dR82CAKqR7/bDErLXTR1t1+21hAFSgkDCjvq1nv8AIROIk1XZUYtNqE

  206. aEVklY+Nfp5OoyPCiTau9LLR3EEkk9AO0lGnD2CiVqiUYT9aWepOBt2VRPN99ms+

  207. 473DdbhhoxEWaFG2cRgfpmzAghicJ8JzYiOv4QIDAQABAoIBADKcbZhAYjt7q5cJ

  208. nlA5svA9+2cpJ2SITRrTkKk0t0VDmpwaTw0bd+8dDSZXO0ihTQbLeLx9zwxb67ah

  209. wEN8yuVlCK0BiFdEcBRHvx18mTMvCSxHSSXhxNx4nUw8fBOI6aLNBZqoevaJjmP7

  210. CctjmHtESrEswkBsM36sX6BZxF8Kc4Q5Znuxqksnl6HNoxnjhmygJmYCFTToiTHa

  211. f2HWKBiZfgfxX7WEuHer3h6nmBbBCOX1/hcipBMBBVIqFl1ZSIF/B3lR8UV4/X+a

  212. SNMqggOqkEIuHKkSCKo1lNxEPP2p54EHrKkjepoqMzIFuYnn4qWesMznpmy+zBGB

  213. 6PCjfzUCgYEA92etvRVQjBx8dHTSiyCNbS1ELgiCkzar8PGH+ytTIaj/TTF1LfAi

  214. UYRp5MtOKmQXxE3IRLDF8P8rEKC06aV12hVwhd2xfHjje+KZkwWZ2PIj+GbK7f1r

  215. MvKN5eE0NhGiSvu5SiFuks/SV8Qc4StFPmiWf33XKvJuAWNkCu+bUZsCgYEAyqQL

  216. nVNKTlgHNKDJKMHi/buZt8wtwGGXCxcv+w88PmEC0OCbH/V2niCPLvFmK1xDXpru

  217. k7z9FTc+QeasEMtxY/Gcs3IgUzxOHxAL7cn6KBM44uDhpIcv3BFWtR053acVU6S4

  218. IKuijWIJNJEk2qksgQTX7Mv/xq2uXvfZqajdKjMCgYEA3x+5F9s+Pm5+a4TkUSc1

  219. hS4a3C0+ncfjv7QEwCftnGDOhu7A0IJOYRg7bGVShHaq3JaNtC19BwEJ9MALCOD5

  220. bYqCZahvpmNcPeE6Qdb+TiLq/96sy4AOiu8nvBejv9Ode2SUUd/e2jbla9Ppe8VL

  221. eKJYgHicchYb0dKyag54FFsCgYEAuToEB9W3aS9bvsZtuZyooSfXFcND2sMZrqCO

  222. Uh2WAqroSQfVo/vaZiX623z62A2o4xQZmd+5MqhhdxmkFGHyDtouU3SxiYPpIMmp

  223. Lb1etT0E1ZWbi6mqnK0YpcrGNw5gFynMyMg6eKOxKGS33EuhC3ni6Wd7MB9X8ST6

  224. x/M73jMCgYBBge3/ugnZPE78TDL3DdefrjeYFaKhVc622eimS/MEPbkbdxh8azTM

  225. LAoibwDU1NC8/3MfOBYMe6Qklu3kjexOJrfdo0Z7Khgd9F8A4tKwslUndSSlAfKF

  226. 2rjfqabVMZMLZ2XEbA4W5JTfaZS4YYGcrjY7+i7OsnSxoYG2sb+xlQ==

  227. -----END RSA PRIVATE KEY-----`

  228. )