github.com/sean-/go@v0.0.0-20151219100004-97f854cd7bb6/src/crypto/tls/tls.go (about) 1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package tls partially implements TLS 1.2, as specified in RFC 5246. 6 package tls 7 8 // BUG(agl): The crypto/tls package does not implement countermeasures 9 // against Lucky13 attacks on CBC-mode encryption. See 10 // http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and 11 // https://www.imperialviolet.org/2013/02/04/luckythirteen.html. 12 13 import ( 14 "crypto" 15 "crypto/ecdsa" 16 "crypto/rsa" 17 "crypto/x509" 18 "encoding/pem" 19 "errors" 20 "fmt" 21 "io/ioutil" 22 "net" 23 "strings" 24 "time" 25 ) 26 27 // Server returns a new TLS server side connection 28 // using conn as the underlying transport. 29 // The configuration config must be non-nil and must include 30 // at least one certificate or else set GetCertificate. 31 func Server(conn net.Conn, config *Config) *Conn { 32 return &Conn{conn: conn, config: config} 33 } 34 35 // Client returns a new TLS client side connection 36 // using conn as the underlying transport. 37 // The config cannot be nil: users must set either ServerName or 38 // InsecureSkipVerify in the config. 39 func Client(conn net.Conn, config *Config) *Conn { 40 return &Conn{conn: conn, config: config, isClient: true} 41 } 42 43 // A listener implements a network listener (net.Listener) for TLS connections. 44 type listener struct { 45 net.Listener 46 config *Config 47 } 48 49 // Accept waits for and returns the next incoming TLS connection. 50 // The returned connection c is a *tls.Conn. 51 func (l *listener) Accept() (c net.Conn, err error) { 52 c, err = l.Listener.Accept() 53 if err != nil { 54 return 55 } 56 c = Server(c, l.config) 57 return 58 } 59 60 // NewListener creates a Listener which accepts connections from an inner 61 // Listener and wraps each connection with Server. 62 // The configuration config must be non-nil and must include 63 // at least one certificate or else set GetCertificate. 64 func NewListener(inner net.Listener, config *Config) net.Listener { 65 l := new(listener) 66 l.Listener = inner 67 l.config = config 68 return l 69 } 70 71 // Listen creates a TLS listener accepting connections on the 72 // given network address using net.Listen. 73 // The configuration config must be non-nil and must include 74 // at least one certificate or else set GetCertificate. 75 func Listen(network, laddr string, config *Config) (net.Listener, error) { 76 if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) { 77 return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config") 78 } 79 l, err := net.Listen(network, laddr) 80 if err != nil { 81 return nil, err 82 } 83 return NewListener(l, config), nil 84 } 85 86 type timeoutError struct{} 87 88 func (timeoutError) Error() string { return "tls: DialWithDialer timed out" } 89 func (timeoutError) Timeout() bool { return true } 90 func (timeoutError) Temporary() bool { return true } 91 92 // DialWithDialer connects to the given network address using dialer.Dial and 93 // then initiates a TLS handshake, returning the resulting TLS connection. Any 94 // timeout or deadline given in the dialer apply to connection and TLS 95 // handshake as a whole. 96 // 97 // DialWithDialer interprets a nil configuration as equivalent to the zero 98 // configuration; see the documentation of Config for the defaults. 99 func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) { 100 // We want the Timeout and Deadline values from dialer to cover the 101 // whole process: TCP connection and TLS handshake. This means that we 102 // also need to start our own timers now. 103 timeout := dialer.Timeout 104 105 if !dialer.Deadline.IsZero() { 106 deadlineTimeout := dialer.Deadline.Sub(time.Now()) 107 if timeout == 0 || deadlineTimeout < timeout { 108 timeout = deadlineTimeout 109 } 110 } 111 112 var errChannel chan error 113 114 if timeout != 0 { 115 errChannel = make(chan error, 2) 116 time.AfterFunc(timeout, func() { 117 errChannel <- timeoutError{} 118 }) 119 } 120 121 rawConn, err := dialer.Dial(network, addr) 122 if err != nil { 123 return nil, err 124 } 125 126 colonPos := strings.LastIndex(addr, ":") 127 if colonPos == -1 { 128 colonPos = len(addr) 129 } 130 hostname := addr[:colonPos] 131 132 if config == nil { 133 config = defaultConfig() 134 } 135 // If no ServerName is set, infer the ServerName 136 // from the hostname we're connecting to. 137 if config.ServerName == "" { 138 // Make a copy to avoid polluting argument or default. 139 c := *config 140 c.ServerName = hostname 141 config = &c 142 } 143 144 conn := Client(rawConn, config) 145 146 if timeout == 0 { 147 err = conn.Handshake() 148 } else { 149 go func() { 150 errChannel <- conn.Handshake() 151 }() 152 153 err = <-errChannel 154 } 155 156 if err != nil { 157 rawConn.Close() 158 return nil, err 159 } 160 161 return conn, nil 162 } 163 164 // Dial connects to the given network address using net.Dial 165 // and then initiates a TLS handshake, returning the resulting 166 // TLS connection. 167 // Dial interprets a nil configuration as equivalent to 168 // the zero configuration; see the documentation of Config 169 // for the defaults. 170 func Dial(network, addr string, config *Config) (*Conn, error) { 171 return DialWithDialer(new(net.Dialer), network, addr, config) 172 } 173 174 // LoadX509KeyPair reads and parses a public/private key pair from a pair of 175 // files. The files must contain PEM encoded data. 176 func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) { 177 certPEMBlock, err := ioutil.ReadFile(certFile) 178 if err != nil { 179 return Certificate{}, err 180 } 181 keyPEMBlock, err := ioutil.ReadFile(keyFile) 182 if err != nil { 183 return Certificate{}, err 184 } 185 return X509KeyPair(certPEMBlock, keyPEMBlock) 186 } 187 188 // X509KeyPair parses a public/private key pair from a pair of 189 // PEM encoded data. 190 func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) { 191 fail := func(err error) (Certificate, error) { return Certificate{}, err } 192 193 var cert Certificate 194 var skippedBlockTypes []string 195 for { 196 var certDERBlock *pem.Block 197 certDERBlock, certPEMBlock = pem.Decode(certPEMBlock) 198 if certDERBlock == nil { 199 break 200 } 201 if certDERBlock.Type == "CERTIFICATE" { 202 cert.Certificate = append(cert.Certificate, certDERBlock.Bytes) 203 } else { 204 skippedBlockTypes = append(skippedBlockTypes, certDERBlock.Type) 205 } 206 } 207 208 if len(cert.Certificate) == 0 { 209 if len(skippedBlockTypes) == 0 { 210 return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input")) 211 } else if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") { 212 return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched")) 213 } else { 214 return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes)) 215 } 216 } 217 218 skippedBlockTypes = skippedBlockTypes[:0] 219 var keyDERBlock *pem.Block 220 for { 221 keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock) 222 if keyDERBlock == nil { 223 if len(skippedBlockTypes) == 0 { 224 return fail(errors.New("crypto/tls: failed to find any PEM data in key input")) 225 } else if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" { 226 return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key")) 227 } else { 228 return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes)) 229 } 230 } 231 if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { 232 break 233 } 234 skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type) 235 } 236 237 var err error 238 cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes) 239 if err != nil { 240 return fail(err) 241 } 242 243 // We don't need to parse the public key for TLS, but we so do anyway 244 // to check that it looks sane and matches the private key. 245 x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) 246 if err != nil { 247 return fail(err) 248 } 249 250 switch pub := x509Cert.PublicKey.(type) { 251 case *rsa.PublicKey: 252 priv, ok := cert.PrivateKey.(*rsa.PrivateKey) 253 if !ok { 254 return fail(errors.New("crypto/tls: private key type does not match public key type")) 255 } 256 if pub.N.Cmp(priv.N) != 0 { 257 return fail(errors.New("crypto/tls: private key does not match public key")) 258 } 259 case *ecdsa.PublicKey: 260 priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey) 261 if !ok { 262 return fail(errors.New("crypto/tls: private key type does not match public key type")) 263 264 } 265 if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 { 266 return fail(errors.New("crypto/tls: private key does not match public key")) 267 } 268 default: 269 return fail(errors.New("crypto/tls: unknown public key algorithm")) 270 } 271 272 return cert, nil 273 } 274 275 // Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates 276 // PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys. 277 // OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three. 278 func parsePrivateKey(der []byte) (crypto.PrivateKey, error) { 279 if key, err := x509.ParsePKCS1PrivateKey(der); err == nil { 280 return key, nil 281 } 282 if key, err := x509.ParsePKCS8PrivateKey(der); err == nil { 283 switch key := key.(type) { 284 case *rsa.PrivateKey, *ecdsa.PrivateKey: 285 return key, nil 286 default: 287 return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping") 288 } 289 } 290 if key, err := x509.ParseECPrivateKey(der); err == nil { 291 return key, nil 292 } 293 294 return nil, errors.New("crypto/tls: failed to parse private key") 295 }