search

cloudflare / tls-tris

crypto/tls, now with 100% more 1.3. THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.
Other
291 stars 51 forks source link

Add ESNI client and server support #172

Open Lekensteyn opened 5 years ago

Lekensteyn commented 5 years ago

Implements https://tools.ietf.org/html/draft-ietf-tls-esni-01 Extends the tls.Config API with a ClientESNIKeys structure which must contain a valid key. If this key is not valid, the handshake will fail. A GetServerESNIKeys API is also added which allows the server to dynamically query for an appropriate ESNI key.

Add a new 'esnitool' utility to generate ESNIKeys for testing purposes, this uses a short lifetime, a single curve and cipher suite. The test client and server can now be used with these keys. Additionally the test client can securely query the ESNI key from DNS (hardcoded to use 1.1.1.1:853 using DoT for now).

Fixes https://github.com/cloudflare/tls-tris/issues/138

This change depends on https://github.com/cloudflare/tls-tris/pull/171 to ensure that the shared secret can be calculated without access to a tls.Conn structure. Therefore that commit is also included in this PR.

Note: this does not implement the latest draft (-03). If so, at least these changes are necessary:

Lekensteyn commented 5 years ago

I've addressed the review comments, the GOOS=linux change was split in a separate commit. Since it the ESNI changes touch the same context, the ESNI patch effectively depends on that.

Aside from these two patches, there is also a Makefile patch to avoid unnecessary rebuilds. This is independent of ESNI, but included here for easier testing. I hope that PR #173 can be merged first. If it makes it easier for you, I could also drop that rebuild patch here and restrict PR #173 to that single change. Let me know!

Lekensteyn commented 5 years ago

Ended up dropping the rebuild patch since it is not ready, will move that to PR #173. Now this patch is fully independent again and can be reviewed/merged independently.

kriskwiatkowski commented 5 years ago

Can you improve tests? At least handshake_messages_test.go, handshake_server_test.go and handshake_client_test.go should be augmented with some testing. Ideally some test cases are introduced to testdata.

eighthave commented 4 years ago

I'm working with a group, https://defo.ie/ on the ESNI standard. There are some test servers there that might be useful. Also, there are some tests in our openssl fork: https://github.com/sftcd/openssl

We also have working versions of nginx and lighttpd, and are building automated test suites to run in Travis CI and GitLab CI.

mvdan commented 4 years ago

@Lekensteyn perhaps it would be a good idea to switch to a patch on top of the upcoming Go 1.14.x. It seems to contain all non-draft TLS 1.3 features, and it would smooth the way towards eventually incorporating it into upstream Go. I also imagine that it's best to get the latest fixes from upstream's crypto packages.

Lekensteyn commented 4 years ago

@mvdan The plan to rebase has been an unwritten one, I have now opened #184 to track it.