This is a soup-to-nuts implementation of TLS 1.3 created by staring at documents for hours until code came out. The single goal was to establish a valid TLS session by any means possible and trick servers into talking to me.
This code is crude and lumpy and ugly. This is intentional and should serve as a warning to others: this code is not usable for real work. In particular the crypto code is slow and full of timing side-channels. Any attempts to clean things up will be viewed as an attempt to trick someone else into using this code and will be rejected.
To win a bet I implemented this with as few dependencies as possible.
The crypto library has only one dependency, crypto/rand
. This
caused some code to be particularly un-golangly as I couldn't create
error
objects.
Note: The above paragraphs are examples of bad software practices.
Build and run with the following:
go get github.com/syncsynchalt/tincan-tls/cmd/tincan-client
export PATH=$PATH:~/go/bin
tincan-client host port
The following algorithms were built for this implementation:
SHA-256
message digest - RFC 6234HMAC
message authentication codes - RFC 2104AES-128
symmetric cipher - FIPS 197curve25519
(a particular elliptic curve) - RFC 7748ECDHE
(Elliptic Curve Diffie-Hellman with Ephemeral keys) - RFC 4492GCM
(Galois/Counter Mode) - NIST SP 800-38DHKDF
(HMAC Key Derivation Function) - RFC 5869