Feature request: Support for Curve25519

[mkoppmann]

It would be nice, if Caddy could support Curve25519 as an alternative to the NIST P-256 curve for the Diffie–Hellman handshake. Besides being not made by the NSA, it should also be slightly faster and more secure.

Some applications that use Curve25519:

• OpenSSH
• OpenBSD (for package signing)
• Tor
• Signal
• DNSCurve and DNSCrypt

Additional links:

• https://godoc.org/golang.org/x/crypto/curve25519
• https://security.stackexchange.com/questions/50878/ecdsa-vs-ecdh-vs-ed25519-vs-curve25519

[mholt]

Hey @mkoppmann, thanks for the request! Any idea how we use this without modifying the TLS stack?

[mkoppmann]

So I looked more into this and found this open issue. Guess we have to wait, until agl finished that. He is currently working on the implementation of Chacha20 and Poly1305 I believe, which is also super awesome, so maybe he will work on Curve25519 next, since it is all by djb.

[aead]

As far as I know, ChaCha20Poly1305 is on the 1.8 dashboard - Adam will add it to the standard crypto/tls package - See Gerrit

[mholt]

Great -- since this seems out of scope for doing this in the Caddy project, I'll close the issue. Looking forward to the crypto improvements in Go 1.8 and beyond!

[wendigo]

@mholt @mkoppmann support for Curve25519 just landed in golang's master branch: https://github.com/golang/go/commit/e875fe42eee942c35cdecc7b4b5d4e762f47bade :smiley:

[mkoppmann]

Is this really happening? Go 1.8 is going to be the best release ever :smile:

[wendigo]

Giving the number of improvements to compiler, tooling, GC, performance and APIs I fully agree!

[mholt]

Cool, that was quick. :) We'll keep an eye on it as Go 1.8 matures and see what controls need to be exposed to configure it -- if any at all.

[elcore]

Hello everybody,

I implement X25519 :smile: -- It's working (on Chrome)

[mkoppmann]

Whaaaat? :laughing:

[elcore]

It's pretty simple @mrkoppmann :smile:

Build Golang from master, modify Caddy and compile it :smile:

[mkoppmann]

Will try it next week after an exam. Thanks for the info :+1:

[elcore]

👍 @mkoppmann

diff --git a/caddytls/config.go b/caddytls/config.go
index 92e5729..7c2b692 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -456,9 +456,10 @@ var defaultCiphers = []uint16{
 // Map of supported curves
 // https://golang.org/pkg/crypto/tls/#CurveID
 var supportedCurvesMap = map[string]tls.CurveID{
-       "P256": tls.CurveP256,
-       "P384": tls.CurveP384,
-       "P521": tls.CurveP521,
+       "X25519": tls.X25519,
+       "P256":   tls.CurveP256,
+       "P384":   tls.CurveP384,
+       "P521":   tls.CurveP521,
 }

 const (

diff --git a/caddytls/setup_test.go b/caddytls/setup_test.go
index b630e74..e5445c5 100644
--- a/caddytls/setup_test.go
+++ b/caddytls/setup_test.go
@@ -283,7 +283,7 @@ func TestSetupParseWithKeyType(t *testing.T) {

 func TestSetupParseWithCurves(t *testing.T) {
        params := `tls {
-            curves p256 p384 p521
+            curves x25519 p256 p384 p521
         }`
        cfg := new(Config)
        RegisterConfigGetter("", func(c *caddy.Controller) *Config { return cfg })
@@ -294,11 +294,11 @@ func TestSetupParseWithCurves(t *testing.T) {
                t.Errorf("Expected no errors, got: %v", err)
        }

-       if len(cfg.CurvePreferences) != 3 {
-               t.Errorf("Expected 3 curves, got %v", len(cfg.CurvePreferences))
+       if len(cfg.CurvePreferences) != 4 {
+               t.Errorf("Expected 4 curves, got %v", len(cfg.CurvePreferences))
        }

-       expectedCurves := []tls.CurveID{tls.CurveP256, tls.CurveP384, tls.CurveP521}
+       expectedCurves := []tls.CurveID{tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521}

        // Ensure ordering is correct
        for i, actual := range cfg.CurvePreferences {