...
Run Format

Source file src/crypto/tls/tls.go

     1	// Copyright 2009 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	// Package tls partially implements TLS 1.2, as specified in RFC 5246.
     6	package tls
     7	
     8	// BUG(agl): The crypto/tls package does not implement countermeasures
     9	// against Lucky13 attacks on CBC-mode encryption. See
    10	// http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and
    11	// https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
    12	
    13	import (
    14		"crypto"
    15		"crypto/ecdsa"
    16		"crypto/rsa"
    17		"crypto/x509"
    18		"encoding/pem"
    19		"errors"
    20		"fmt"
    21		"io/ioutil"
    22		"net"
    23		"strings"
    24		"time"
    25	)
    26	
    27	// Server returns a new TLS server side connection
    28	// using conn as the underlying transport.
    29	// The configuration config must be non-nil and must include
    30	// at least one certificate or else set GetCertificate.
    31	func Server(conn net.Conn, config *Config) *Conn {
    32		return &Conn{conn: conn, config: config}
    33	}
    34	
    35	// Client returns a new TLS client side connection
    36	// using conn as the underlying transport.
    37	// The config cannot be nil: users must set either ServerName or
    38	// InsecureSkipVerify in the config.
    39	func Client(conn net.Conn, config *Config) *Conn {
    40		return &Conn{conn: conn, config: config, isClient: true}
    41	}
    42	
    43	// A listener implements a network listener (net.Listener) for TLS connections.
    44	type listener struct {
    45		net.Listener
    46		config *Config
    47	}
    48	
    49	// Accept waits for and returns the next incoming TLS connection.
    50	// The returned connection c is a *tls.Conn.
    51	func (l *listener) Accept() (c net.Conn, err error) {
    52		c, err = l.Listener.Accept()
    53		if err != nil {
    54			return
    55		}
    56		c = Server(c, l.config)
    57		return
    58	}
    59	
    60	// NewListener creates a Listener which accepts connections from an inner
    61	// Listener and wraps each connection with Server.
    62	// The configuration config must be non-nil and must include
    63	// at least one certificate or else set GetCertificate.
    64	func NewListener(inner net.Listener, config *Config) net.Listener {
    65		l := new(listener)
    66		l.Listener = inner
    67		l.config = config
    68		return l
    69	}
    70	
    71	// Listen creates a TLS listener accepting connections on the
    72	// given network address using net.Listen.
    73	// The configuration config must be non-nil and must include
    74	// at least one certificate or else set GetCertificate.
    75	func Listen(network, laddr string, config *Config) (net.Listener, error) {
    76		if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) {
    77			return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config")
    78		}
    79		l, err := net.Listen(network, laddr)
    80		if err != nil {
    81			return nil, err
    82		}
    83		return NewListener(l, config), nil
    84	}
    85	
    86	type timeoutError struct{}
    87	
    88	func (timeoutError) Error() string   { return "tls: DialWithDialer timed out" }
    89	func (timeoutError) Timeout() bool   { return true }
    90	func (timeoutError) Temporary() bool { return true }
    91	
    92	// DialWithDialer connects to the given network address using dialer.Dial and
    93	// then initiates a TLS handshake, returning the resulting TLS connection. Any
    94	// timeout or deadline given in the dialer apply to connection and TLS
    95	// handshake as a whole.
    96	//
    97	// DialWithDialer interprets a nil configuration as equivalent to the zero
    98	// configuration; see the documentation of Config for the defaults.
    99	func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) {
   100		// We want the Timeout and Deadline values from dialer to cover the
   101		// whole process: TCP connection and TLS handshake. This means that we
   102		// also need to start our own timers now.
   103		timeout := dialer.Timeout
   104	
   105		if !dialer.Deadline.IsZero() {
   106			deadlineTimeout := dialer.Deadline.Sub(time.Now())
   107			if timeout == 0 || deadlineTimeout < timeout {
   108				timeout = deadlineTimeout
   109			}
   110		}
   111	
   112		var errChannel chan error
   113	
   114		if timeout != 0 {
   115			errChannel = make(chan error, 2)
   116			time.AfterFunc(timeout, func() {
   117				errChannel <- timeoutError{}
   118			})
   119		}
   120	
   121		rawConn, err := dialer.Dial(network, addr)
   122		if err != nil {
   123			return nil, err
   124		}
   125	
   126		colonPos := strings.LastIndex(addr, ":")
   127		if colonPos == -1 {
   128			colonPos = len(addr)
   129		}
   130		hostname := addr[:colonPos]
   131	
   132		if config == nil {
   133			config = defaultConfig()
   134		}
   135		// If no ServerName is set, infer the ServerName
   136		// from the hostname we're connecting to.
   137		if config.ServerName == "" {
   138			// Make a copy to avoid polluting argument or default.
   139			c := *config
   140			c.ServerName = hostname
   141			config = &c
   142		}
   143	
   144		conn := Client(rawConn, config)
   145	
   146		if timeout == 0 {
   147			err = conn.Handshake()
   148		} else {
   149			go func() {
   150				errChannel <- conn.Handshake()
   151			}()
   152	
   153			err = <-errChannel
   154		}
   155	
   156		if err != nil {
   157			rawConn.Close()
   158			return nil, err
   159		}
   160	
   161		return conn, nil
   162	}
   163	
   164	// Dial connects to the given network address using net.Dial
   165	// and then initiates a TLS handshake, returning the resulting
   166	// TLS connection.
   167	// Dial interprets a nil configuration as equivalent to
   168	// the zero configuration; see the documentation of Config
   169	// for the defaults.
   170	func Dial(network, addr string, config *Config) (*Conn, error) {
   171		return DialWithDialer(new(net.Dialer), network, addr, config)
   172	}
   173	
   174	// LoadX509KeyPair reads and parses a public/private key pair from a pair of
   175	// files. The files must contain PEM encoded data. On successful return,
   176	// Certificate.Leaf will be nil because the parsed form of the certificate is
   177	// not retained.
   178	func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) {
   179		certPEMBlock, err := ioutil.ReadFile(certFile)
   180		if err != nil {
   181			return Certificate{}, err
   182		}
   183		keyPEMBlock, err := ioutil.ReadFile(keyFile)
   184		if err != nil {
   185			return Certificate{}, err
   186		}
   187		return X509KeyPair(certPEMBlock, keyPEMBlock)
   188	}
   189	
   190	// X509KeyPair parses a public/private key pair from a pair of
   191	// PEM encoded data. On successful return, Certificate.Leaf will be nil because
   192	// the parsed form of the certificate is not retained.
   193	func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
   194		fail := func(err error) (Certificate, error) { return Certificate{}, err }
   195	
   196		var cert Certificate
   197		var skippedBlockTypes []string
   198		for {
   199			var certDERBlock *pem.Block
   200			certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
   201			if certDERBlock == nil {
   202				break
   203			}
   204			if certDERBlock.Type == "CERTIFICATE" {
   205				cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
   206			} else {
   207				skippedBlockTypes = append(skippedBlockTypes, certDERBlock.Type)
   208			}
   209		}
   210	
   211		if len(cert.Certificate) == 0 {
   212			if len(skippedBlockTypes) == 0 {
   213				return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input"))
   214			} else if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
   215				return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
   216			} else {
   217				return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
   218			}
   219		}
   220	
   221		skippedBlockTypes = skippedBlockTypes[:0]
   222		var keyDERBlock *pem.Block
   223		for {
   224			keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock)
   225			if keyDERBlock == nil {
   226				if len(skippedBlockTypes) == 0 {
   227					return fail(errors.New("crypto/tls: failed to find any PEM data in key input"))
   228				} else if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
   229					return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
   230				} else {
   231					return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
   232				}
   233			}
   234			if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
   235				break
   236			}
   237			skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type)
   238		}
   239	
   240		var err error
   241		cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
   242		if err != nil {
   243			return fail(err)
   244		}
   245	
   246		// We don't need to parse the public key for TLS, but we so do anyway
   247		// to check that it looks sane and matches the private key.
   248		x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
   249		if err != nil {
   250			return fail(err)
   251		}
   252	
   253		switch pub := x509Cert.PublicKey.(type) {
   254		case *rsa.PublicKey:
   255			priv, ok := cert.PrivateKey.(*rsa.PrivateKey)
   256			if !ok {
   257				return fail(errors.New("crypto/tls: private key type does not match public key type"))
   258			}
   259			if pub.N.Cmp(priv.N) != 0 {
   260				return fail(errors.New("crypto/tls: private key does not match public key"))
   261			}
   262		case *ecdsa.PublicKey:
   263			priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
   264			if !ok {
   265				return fail(errors.New("crypto/tls: private key type does not match public key type"))
   266	
   267			}
   268			if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
   269				return fail(errors.New("crypto/tls: private key does not match public key"))
   270			}
   271		default:
   272			return fail(errors.New("crypto/tls: unknown public key algorithm"))
   273		}
   274	
   275		return cert, nil
   276	}
   277	
   278	// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
   279	// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
   280	// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
   281	func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {
   282		if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
   283			return key, nil
   284		}
   285		if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
   286			switch key := key.(type) {
   287			case *rsa.PrivateKey, *ecdsa.PrivateKey:
   288				return key, nil
   289			default:
   290				return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
   291			}
   292		}
   293		if key, err := x509.ParseECPrivateKey(der); err == nil {
   294			return key, nil
   295		}
   296	
   297		return nil, errors.New("crypto/tls: failed to parse private key")
   298	}
   299	

View as plain text