1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package tls partially implements TLS 1.2, as specified in RFC 5246.
8 // BUG(agl): The crypto/tls package only implements some countermeasures
9 // against Lucky13 attacks on CBC-mode encryption, and only on SHA1
10 // variants. See http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and
11 // https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
27 // Server returns a new TLS server side connection
28 // using conn as the underlying transport.
29 // The configuration config must be non-nil and must include
30 // at least one certificate or else set GetCertificate.
31 func Server(conn net
.Conn
, config
*Config
) *Conn
{
32 return &Conn
{conn
: conn
, config
: config
}
35 // Client returns a new TLS client side connection
36 // using conn as the underlying transport.
37 // The config cannot be nil: users must set either ServerName or
38 // InsecureSkipVerify in the config.
39 func Client(conn net
.Conn
, config
*Config
) *Conn
{
40 return &Conn
{conn
: conn
, config
: config
, isClient
: true}
43 // A listener implements a network listener (net.Listener) for TLS connections.
44 type listener
struct {
49 // Accept waits for and returns the next incoming TLS connection.
50 // The returned connection is of type *Conn.
51 func (l
*listener
) Accept() (net
.Conn
, error
) {
52 c
, err
:= l
.Listener
.Accept()
56 return Server(c
, l
.config
), nil
59 // NewListener creates a Listener which accepts connections from an inner
60 // Listener and wraps each connection with Server.
61 // The configuration config must be non-nil and must include
62 // at least one certificate or else set GetCertificate.
63 func NewListener(inner net
.Listener
, config
*Config
) net
.Listener
{
70 // Listen creates a TLS listener accepting connections on the
71 // given network address using net.Listen.
72 // The configuration config must be non-nil and must include
73 // at least one certificate or else set GetCertificate.
74 func Listen(network
, laddr
string, config
*Config
) (net
.Listener
, error
) {
75 if config
== nil ||
(len(config
.Certificates
) == 0 && config
.GetCertificate
== nil) {
76 return nil, errors
.New("tls: neither Certificates nor GetCertificate set in Config")
78 l
, err
:= net
.Listen(network
, laddr
)
82 return NewListener(l
, config
), nil
85 type timeoutError
struct{}
87 func (timeoutError
) Error() string { return "tls: DialWithDialer timed out" }
88 func (timeoutError
) Timeout() bool { return true }
89 func (timeoutError
) Temporary() bool { return true }
91 // DialWithDialer connects to the given network address using dialer.Dial and
92 // then initiates a TLS handshake, returning the resulting TLS connection. Any
93 // timeout or deadline given in the dialer apply to connection and TLS
94 // handshake as a whole.
96 // DialWithDialer interprets a nil configuration as equivalent to the zero
97 // configuration; see the documentation of Config for the defaults.
98 func DialWithDialer(dialer
*net
.Dialer
, network
, addr
string, config
*Config
) (*Conn
, error
) {
99 // We want the Timeout and Deadline values from dialer to cover the
100 // whole process: TCP connection and TLS handshake. This means that we
101 // also need to start our own timers now.
102 timeout
:= dialer
.Timeout
104 if !dialer
.Deadline
.IsZero() {
105 deadlineTimeout
:= time
.Until(dialer
.Deadline
)
106 if timeout
== 0 || deadlineTimeout
< timeout
{
107 timeout
= deadlineTimeout
111 var errChannel
chan error
114 errChannel
= make(chan error
, 2)
115 time
.AfterFunc(timeout
, func() {
116 errChannel
<- timeoutError
{}
120 rawConn
, err
:= dialer
.Dial(network
, addr
)
125 colonPos
:= strings
.LastIndex(addr
, ":")
129 hostname
:= addr
[:colonPos
]
132 config
= defaultConfig()
134 // If no ServerName is set, infer the ServerName
135 // from the hostname we're connecting to.
136 if config
.ServerName
== "" {
137 // Make a copy to avoid polluting argument or default.
139 c
.ServerName
= hostname
143 conn
:= Client(rawConn
, config
)
146 err
= conn
.Handshake()
149 errChannel
<- conn
.Handshake()
163 // Dial connects to the given network address using net.Dial
164 // and then initiates a TLS handshake, returning the resulting
166 // Dial interprets a nil configuration as equivalent to
167 // the zero configuration; see the documentation of Config
169 func Dial(network
, addr
string, config
*Config
) (*Conn
, error
) {
170 return DialWithDialer(new(net
.Dialer
), network
, addr
, config
)
173 // LoadX509KeyPair reads and parses a public/private key pair from a pair
174 // of files. The files must contain PEM encoded data. The certificate file
175 // may contain intermediate certificates following the leaf certificate to
176 // form a certificate chain. On successful return, Certificate.Leaf will
177 // be nil because the parsed form of the certificate is not retained.
178 func LoadX509KeyPair(certFile
, keyFile
string) (Certificate
, error
) {
179 certPEMBlock
, err
:= ioutil
.ReadFile(certFile
)
181 return Certificate
{}, err
183 keyPEMBlock
, err
:= ioutil
.ReadFile(keyFile
)
185 return Certificate
{}, err
187 return X509KeyPair(certPEMBlock
, keyPEMBlock
)
190 // X509KeyPair parses a public/private key pair from a pair of
191 // PEM encoded data. On successful return, Certificate.Leaf will be nil because
192 // the parsed form of the certificate is not retained.
193 func X509KeyPair(certPEMBlock
, keyPEMBlock
[]byte) (Certificate
, error
) {
194 fail
:= func(err error
) (Certificate
, error
) { return Certificate
{}, err
}
197 var skippedBlockTypes
[]string
199 var certDERBlock
*pem
.Block
200 certDERBlock
, certPEMBlock
= pem
.Decode(certPEMBlock
)
201 if certDERBlock
== nil {
204 if certDERBlock
.Type
== "CERTIFICATE" {
205 cert
.Certificate
= append(cert
.Certificate
, certDERBlock
.Bytes
)
207 skippedBlockTypes
= append(skippedBlockTypes
, certDERBlock
.Type
)
211 if len(cert
.Certificate
) == 0 {
212 if len(skippedBlockTypes
) == 0 {
213 return fail(errors
.New("tls: failed to find any PEM data in certificate input"))
215 if len(skippedBlockTypes
) == 1 && strings
.HasSuffix(skippedBlockTypes
[0], "PRIVATE KEY") {
216 return fail(errors
.New("tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
218 return fail(fmt
.Errorf("tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes
))
221 skippedBlockTypes
= skippedBlockTypes
[:0]
222 var keyDERBlock
*pem
.Block
224 keyDERBlock
, keyPEMBlock
= pem
.Decode(keyPEMBlock
)
225 if keyDERBlock
== nil {
226 if len(skippedBlockTypes
) == 0 {
227 return fail(errors
.New("tls: failed to find any PEM data in key input"))
229 if len(skippedBlockTypes
) == 1 && skippedBlockTypes
[0] == "CERTIFICATE" {
230 return fail(errors
.New("tls: found a certificate rather than a key in the PEM for the private key"))
232 return fail(fmt
.Errorf("tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes
))
234 if keyDERBlock
.Type
== "PRIVATE KEY" || strings
.HasSuffix(keyDERBlock
.Type
, " PRIVATE KEY") {
237 skippedBlockTypes
= append(skippedBlockTypes
, keyDERBlock
.Type
)
240 // We don't need to parse the public key for TLS, but we so do anyway
241 // to check that it looks sane and matches the private key.
242 x509Cert
, err
:= x509
.ParseCertificate(cert
.Certificate
[0])
247 cert
.PrivateKey
, err
= parsePrivateKey(keyDERBlock
.Bytes
)
252 switch pub
:= x509Cert
.PublicKey
.(type) {
254 priv
, ok
:= cert
.PrivateKey
.(*rsa
.PrivateKey
)
256 return fail(errors
.New("tls: private key type does not match public key type"))
258 if pub
.N
.Cmp(priv
.N
) != 0 {
259 return fail(errors
.New("tls: private key does not match public key"))
261 case *ecdsa
.PublicKey
:
262 priv
, ok
:= cert
.PrivateKey
.(*ecdsa
.PrivateKey
)
264 return fail(errors
.New("tls: private key type does not match public key type"))
266 if pub
.X
.Cmp(priv
.X
) != 0 || pub
.Y
.Cmp(priv
.Y
) != 0 {
267 return fail(errors
.New("tls: private key does not match public key"))
270 return fail(errors
.New("tls: unknown public key algorithm"))
276 // Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
277 // PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
278 // OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
279 func parsePrivateKey(der
[]byte) (crypto
.PrivateKey
, error
) {
280 if key
, err
:= x509
.ParsePKCS1PrivateKey(der
); err
== nil {
283 if key
, err
:= x509
.ParsePKCS8PrivateKey(der
); err
== nil {
284 switch key
:= key
.(type) {
285 case *rsa
.PrivateKey
, *ecdsa
.PrivateKey
:
288 return nil, errors
.New("tls: found unknown private key type in PKCS#8 wrapping")
291 if key
, err
:= x509
.ParseECPrivateKey(der
); err
== nil {
295 return nil, errors
.New("tls: failed to parse private key")