alexnask / iguanatls Goto Github PK
View Code? Open in Web Editor NEWMinimal, experimental TLS 1.2 implementation in Zig
License: MIT License
iguanatls's People
Contributors
Stargazers
Watchers
Forkers
marler8997 fengb sundbp hazeycode ahamid g-w1 tonis2 ve-nt agathazeren javierguerragiraldez nektro hetzge ristovski hawkbee chris3606 icodein joroovb acoderviciguanatls's Issues
attempting to read past EOF throws error.ServerMalformedResponse
it should instead return the usize value of 0 instead of an error.
Tests failing
❯ zig build test
test "HTTPS request on wikipedia main page"... FAIL (CertificateVerificationFailed)
/usr/lib/zig/std/heap/general_purpose_allocator.zig:606:13: 0x21ede9 in std.heap.general_purpose_allocator.GeneralPurposeAllocator((struct std.heap.general_purpose_allocator.Config constant)).resize (test)
return error.OutOfMemory;
bug: error.ServerMalformedResponse when trying to read HTTP payload (en.wikipedia.org)
I've been working on a HTTP client and so far I'm stuck on this issue: I receive the end of the HTTP headers, and then the first read of the payload fails with error.ServerMalformedResponse. eg.
> https://en.wikipedia.org/
Event{ .status = StatusEvent{ .version = 1.1, .code = 301, .reason = Moved Permanently } }
Event{ .header = Header{ .name = Date, .value = Sun, 27 Dec 2020 19:04:44 GMT } }
Event{ .header = Header{ .name = Server, .value = mw1351.eqiad.wmnet } }
Event{ .header = Header{ .name = X-Content-Type-Options, .value = nosniff } }
Event{ .header = Header{ .name = P3p, .value = CP="See https://en.wikipedia.org/wiki/Special:CentralAutoLogin/P3P for more info." } }
Event{ .header = Header{ .name = Vary, .value = Accept-Encoding,X-Forwarded-Proto,Cookie,Authorization } }
Event{ .header = Header{ .name = Cache-Control, .value = s-maxage=1200, must-revalidate, max-age=0 } }
Event{ .header = Header{ .name = X-Request-Id, .value = X@jazApAMMEAAnDqqMUAAABD } }
Event{ .header = Header{ .name = Last-Modified, .value = Sun, 27 Dec 2020 19:04:44 GMT } }
Event{ .header = Header{ .name = Location, .value = https://en.wikipedia.org/wiki/Main_Page } }
Event{ .header = Header{ .name = Content-Length, .value = 0 } }
Event{ .header = Header{ .name = Content-Type, .value = text/html; charset=utf-8 } }
Event{ .header = Header{ .name = Age, .value = 1073 } }
Event{ .header = Header{ .name = X-Cache, .value = cp2041 miss, cp2031 hit/158 } }
Event{ .header = Header{ .name = X-Cache-Status, .value = hit-front } }
Event{ .header = Header{ .name = Server-Timing, .value = cache;desc="hit-front" } }
Event{ .header = Header{ .name = Strict-Transport-Security, .value = max-age=106384710; includeSubDomains; preload } }
Event{ .header = Header{ .name = Report-To, .value = { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] } } }
Event{ .header = Header{ .name = NEL, .value = { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0} } }
Event{ .header = Header{ .name = Set-Cookie, .value = WMF-Last-Access=27-Dec-2020;Path=/;HttpOnly;secure;Expires=Thu, 28 Jan 2021 12:00:00 GMT } }
Event{ .header = Header{ .name = Set-Cookie, .value = WMF-Last-Access-Global=27-Dec-2020;Path=/;Domain=.wikipedia.org;HttpOnly;secure;Expires=Thu, 28 Jan 2021 12:00:00 GMT } }
Event{ .header = Header{ .name = X-Client-IP, .value = [omitted] } }
Event{ .header = Header{ .name = Set-Cookie, .value = GeoIP=[omitted]; Path=/; secure; Domain=.wikipedia.org } }
Event{ .header = Header{ .name = Connection, .value = close } }
Event{ .head_done = void }
Test [3/3] request.test ""... [default] (err): ServerMalformedResponse
Where Event.head_done at the bottom is the end of HTTP headers.
The stack trace is as shown:
[default] (err): ServerMalformedResponse
H:\repositories\truemedian\zfetch\zig-deps\c68076598504378d2760103321b684a8\src\main.zig:113:9: 0x7ff76b11126b in .iguanatls.check_record_type (test.obj)
return switch (err_num) {
^
H:\repositories\truemedian\zfetch\zig-deps\c68076598504378d2760103321b684a8\src\main.zig:63:5: 0x7ff76b0f5bf5 in .iguanatls.record_length (test.obj)
try check_record_type(t, reader);
^
H:\repositories\truemedian\zfetch\zig-deps\c68076598504378d2760103321b684a8\src\main.zig:778:37: 0x7ff76b0f4e0d in .iguanatls.Client(std.io.reader.Reader(.network.Socket,std.os.RecvFromError,.network.Socket.receive),std.io.writer.Writer(.network.Socket,.network.SendError,.network.Socket.send))::.iguanatls.Client(std.io.reader.Reader(.network.Socket,std.os.RecvFromError,.network.Socket.receive),std.io.writer.Writer(.network.Socket,.network.SendError,.network.Socket.send)).read (test.obj)
else => |e| return e,
^
H:\repositories\truemedian\zfetch\src\conn.zig:78:9: 0x7ff76b0fdf9c in conn.Connection::conn.Connection.read (test.obj)
return switch (self.protocol) {
When digging into Iguana to look at what i'm actually getting, it appears to be reading in an invalid place. in check_record_type
the 4 skipped bytes are 3 3 0 18, which would indicate the server is using TLS 3.3 (right..), severity is 99, and err_num is 200 (an invalid enum).
ECDSA Authentication
Hi @alexnask !
I use iguanaTLS for my http client (requestz) and it works like a charm !
But yesterday, someone figured out he could not request a specific HTTP server because of a TLS handshake failure.
After a small analysis, it seems like the cypher suites available in iguanaTLS are not accepted by the server:
it accepts "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" and the closest one that iguanaTLS provides is "ECDHE-RSA-CHACHA20-POLY1305".
I don't know much about TLS/crypto in general, but if possible I am willing to try something to make it work for iguanaTLS. I would be very happy if anyone could provide me some advice/guidelines on the matter !
I hope you are doing fine, and I wish you a nice day :)
Cf:
Issue: ducdetronquito/requestz#22
The targeted server: api.forismatic.com
Server's accepted cypher suites: https://www.ssllabs.com/ssltest/analyze.html?d=api.forismatic.com&s=104.21.72.231
Cypher suites provided by iguanaTLS:
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-RSA-AES128-GCM-SHA256
Connecting to cockroachDB with iguana
I am trying to connect to CockroachDB secure instance using IguanaTLS, but cant manage to do it.
If I use default cert validation, code fails with error: CertificateVerificationFailed
If using no validation, I get error: ServerMalformedResponse
The same certs worked, in Node.js TLS and config like below
{
host: "localhost",
port: 26257,
key: fs.readFileSync('certs/client.root.key'),
cert: fs.readFileSync('certs/client.root.crt'),
ca: fs.readFileSync('certs/ca.crt')
}
My iguanaTLS connection looks like below
var tlsSocket = try TLS.client_connect(.{
.rand = rand,
.temp_allocator = allocator,
.reader = socket.reader(),
.writer = socket.writer(),
.cert_verifier = .default,
.ciphersuites = TLS.ciphersuites.all,
.trusted_certificates = ca_cert.data.items,
.client_certificates = &[1]x509.ClientCertificateChain{client_cert},
}, "127.0.0.1");
Perhaps someone can help me out here : /
Handle "Certificate Request" and "Server Hello Done" in separate records
When connecting to irc.libera.chat port 6697, iguanaTLS returns a ServerMalformedResponse. The line that returns this error is:
Line 1353 in 44485c6
After some triage I realized that the reason iguana is expecting there to be 8 extra bytes at the end of the "Certificate Request" message is for the "Server Hello Done" message. However, in this case, the libera irc server splits these 2 messages into 2 separate records.
active?
you still working on this?
Malformed data from TLS connection.
After initializing an tls client with:
try tls.client_connect(.{
.reader = self.socket.reader(),
.writer = self.socket.writer(),
.cert_verifier = .none,
.temp_allocator = self.allocator,
.ciphersuites = tls.ciphersuites.all,
.protocols = &[_][]const u8{"http/1.1"},
}, self.hostname);
Where self.socket is a zig-network Socket type.
Reading the payload portion of a https request to https://httpbin.org/get returns:
{
"args": {},
"headers": {
"Host": "httpbin.org",
"User-Agent": "zfetch",
"X-Amzn-Trace-Id": "Root=1-6027525d-67064b6874605a484ba4d0ef"
},
"origin": "[redacted]",
"url": "https:/t"
}
bin.org/ge�����
After a quick look into the path this code takes: it appears to be coming from a call to ctr in the ECDHE_RSA_AES128_GCM_SHA256 ciphersuite. Specifically lines 177-190 in crypto.zig seem to be returning garbage.
MalformedDER error from CertificateChain.from_pem
With this PEM file and the following code, I get a MalformedDER error.
var reader = std.io.fixedBufferStream(
@embedFile("/etc/ssl/certs/ca-certificates.crt"),
).reader();
const trust = try tls.x509.CertificateChain.from_pem(alloc, reader);Tell me if you want/need any other information.
Unable to handshake with id.twitch.tv
Hi, iguanaTLS works perfectly well when getting emotes, but I get a handshake error when trying to connect to Twitch's token validation endpoint.
To test you can just send a GET request to https://id.twitch.tv/oauth2/validate, it should return a nice json response with an error code in it.
`error: mutable 'seed' not accessible from here`
/home/snuc/dev/zigmod/.zigmod/deps/git/github.com/alexnask/iguanaTLS/src/main.zig:1607:24: error: mutable 'seed' not accessible from here
a1: *[32 + seed.len]u8,
^
/home/snuc/dev/zigmod/.zigmod/deps/git/github.com/alexnask/iguanaTLS/src/main.zig:1577:13: note: declared mutable here
var seed: [77]u8 = undefined;
^
/home/snuc/dev/zigmod/.zigmod/deps/git/github.com/alexnask/iguanaTLS/src/main.zig:1605:35: note: crosses namespace boundary here
const KeyExpansionState = struct {
^
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.