• Stars
    star
    128
  • Rank 281,044 (Top 6 %)
  • Language
    Zig
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The first TLS1.3 implementation in Zig(master/HEAD) only with std.

tls13-zig

The first TLS1.3 implementation in Zig(master/HEAD) only with std.

This repository is an experimental implementation and is not intended for production use.

LICENSE

Copyright 2022, Naoki MATSUMOTO (Original Author)
Copyright 2022, Shiguredo Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Features

  • Supported CipherSuite
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
  • Supported KeyShare
    • x25519
    • secp256r1
  • Supported SignatureAlgorithm
    • ecdsa_secp256r1_sha256
    • ecdsa_secp384r1_sha384
    • rsa_pss_rsae_sha256

How to use

This client retrieves contents from www.google.com with TLS1.3. If you want to try this, simple executes zig run src/main.zig.

Client

const std = @import("std");
const log = std.log;
const allocator = std.heap.page_allocator;

const client = @import("client.zig");

pub fn main() !void {
    log.info("started.", .{});
    var tls_client = try client.TLSClientTCP.init(allocator);
    defer tls_client.deinit();
    tls_client.print_keys = true;

    try tls_client.connect("www.google.com", 443);

    const http_req = "GET / HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: tls13-zig\r\nAccept: */*\r\n\r\n";
    _ = try tls_client.send(http_req);

    var recv_bytes: [4096]u8 = undefined;
    const recv_size = try tls_client.recv(&recv_bytes);
    log.info("RECV=\n {s}", .{recv_bytes[0..recv_size]});

    try tls_client.close();
    log.info("finished.", .{});

    return;
}

Server

This server is tested with latest Chrome and Firefox in Windows. If you want to try this, simple executes zig run src/main_test_server.zig.

const std = @import("std");
const log = std.log;
const os = std.os;
const allocator = std.heap.page_allocator;

const server = @import("server.zig");

pub fn main() !void {
    // ignore SIGCHLD
    var act = os.Sigaction{
        .handler = .{ .handler = os.SIG.IGN },
        .mask = os.empty_sigset,
        .flags = (os.SA.SIGINFO | os.SA.RESTART | os.SA.RESETHAND),
    };
    try os.sigaction(os.SIG.CHLD, &act, null);

    log.info("started.", .{});

    // key and certificates need to be der-formatted.
    // if you want to use RSAPrivateKey, please change '.ec' to '.rsa'.
    // The procedure to generate test certificate is described in test/gen_cert.sh
    var tls_server = try server.TLSServerTCP.init("./test/key.pem", "./test/cert.pem", null, "localhost", allocator);
    defer tls_server.deinit();

    // Enable KEYLOG output.
    tls_server.print_keys = true;
    tls_server.record_size_limit = 2 << 12;
    tls_server.accept_resume = true;
    tls_server.accept_early_data = true;

    try tls_server.listen(8443);
    while (true) {
        var con = try tls_server.accept();
        const fork_pid = std.os.fork() catch {
            log.err("fork failed", .{});
            return;
        };
        if (fork_pid != 0) {
            continue;
        }
        log.debug("forked", .{});

        defer {
            con.close();
            log.info("connection closed", .{});
        }
        try con.handshake();

        var recv_bytes: [4096]u8 = undefined;
        // receieve contents
        const recv_size = try con.recv(&recv_bytes);
        log.info("RECV=\n{s}", .{recv_bytes[0..recv_size]});
        const get_req = "GET / ";
        if (std.mem.eql(u8, recv_bytes[0..get_req.len], get_req)) {
            log.info("HTTP GET received", .{});
            const http_res = "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n<HTML><BODY>tls13-zig</BODY></HTML>";
            // send contents
            try con.tlsWriter().writeAll(http_res);
        }

        return;
    }

    return;
}

TODO

Priority: High

  • Support HelloRetryRequest.
  • Error handle
    • Send 'alert' when an error occur.
  • Support KeyUpdate.
  • Support NewSessionTicket.
  • Support 0-RTT handshake(resumption). (disabled in server by default)
  • Add more E2E tests.
    • Static tests for server.
    • Server tests with Web browser.
  • Support X.509(src/x509.zig) fully.
    • Add more tests.
    • Implement X.509 Certificate encoder.
    • Verify implementation with NIST's test vectors.
  • Verify X.509 Certificate itself.
  • Check the implementation follows RFC8446.

Priority: Low

  • Support Extensions.
    • record_size_limit
    • application_layer_protocol_negotiation
    • pks_key_exchange_modes
    • post_handshake_auth
    • ec_points_format
    • next_protocol_negotiation
    • encrypt_then_mac
    • extended_master_secret
    • status_request
    • signed_certificate_timestamp
    • session_ticket
    • compress_certificate
    • application_settings
  • Improve slow RSA(src/rsa.zig).
  • Improve comments.

Example

TLS Termination Proxy

This is simple TLS termination proxy using tls13-zig. This proxy terminates TLS1.3 and redirect contents to local server(localhost:8080). If you want to try this, simple executes cd examples/proxy && docker compose up.

This sample works on tls13.pibvt.net

More Repositories

1

momo

WebRTC Native Client Momo
C++
779
star
2

packer-templates

This repository has finished updating
Shell
510
star
3

media-processors

Media Processors
TypeScript
83
star
4

sora-unity-sdk

WebRTC SFU Sora Unity SDK
C++
73
star
5

sora-js-sdk

WebRTC SFU Sora JavaScript SDK
TypeScript
69
star
6

zakuro

WebRTC Load Testing Tool Zakuro
C++
44
star
7

hisui

Recording Composition Tool Hisui
C++
44
star
8

sora-ios-sdk

WebRTC SFU Sora iOS SDK
Swift
42
star
9

quic-client-zig

Zig
41
star
10

suzu

Audio Streaming Gateway Suzu
Go
40
star
11

shiguredo-webrtc-build

WebRTC Build Tool for iOS/Android
Objective-C++
39
star
12

sora-cpp-sdk

WebRTC SFU Sora C++ SDK
C++
37
star
13

sora-android-sdk

WebRTC SFU Sora Android SDK
Kotlin
28
star
14

quic-server-zig

Zig
27
star
15

seminar

時雨堂セミナー
26
star
16

lyra-wasm

Lyra V2 WebAssembly build
TypeScript
26
star
17

rnnoise-wasm

SIMD-accelerated WebAssembly build of RNNoise
TypeScript
25
star
18

cpp-mp4

C++
24
star
19

dtln-aec

An echo cancellation library for browsers using DTLN-aec
TypeScript
24
star
20

sora-devtools

Sora DevTools
TypeScript
17
star
21

sora-unity-sdk-samples

Sora Unity SDK サンプル集
C#
17
star
22

sphinx_shiguredo_theme

時雨堂 Sphinx テーマ
CSS
16
star
23

sora-e2ee

WebRTC SFU Sora 向け E2EE ライブラリ
Go
15
star
24

shiguredo-webrtc-windows

Windows 向け WebRTC ライブラリ用ビルドツール
PowerShell
14
star
25

swidden

ヘッダーベース HTTP API フレームワーク
Erlang
14
star
26

sora-ios-sdk-samples

WebRTC SFU Sora iOS SDK サンプル集
Swift
13
star
27

sora-c-sdk

WebRTC SFU Sora C SDK
C++
12
star
28

kohaku

WebRTC Stats Collector Kohaku
Go
12
star
29

streaming-speech-to-text-with-codecs

C++
11
star
30

dockerfiles

Dockerfile templates.
Dockerfile
10
star
31

crdt

Conflict-free Replicated Data Types in Erlang/OTP.
Erlang
10
star
32

sora-android-sdk-samples

WebRTC SFU Sora Android SDK サンプル集
C++
10
star
33

sora-python-sdk

WebRTC SFU Sora Python SDK
C++
9
star
34

sora-flutter-sdk

Sora Flutter SDK
C++
8
star
35

oss

時雨堂のオープンソースソフトウェアについて
7
star
36

dorayaki

Erlang
7
star
37

sora-cpp-sdk-samples

WebRTC SFU Sora C++ SDK サンプル集
Python
6
star
38

sora-ios-sdk-quickstart

WebRTC SFU Sora iOS SDK クイックスタート
Swift
6
star
39

kvconf

Erlang
6
star
40

sora-webrtc-android

[OLD] WebRTC libraries for Android
Shell
6
star
41

sora-android-sdk-quickstart

WebRTC SFU Sora Android SDK クイックスタート
Kotlin
6
star
42

rebar3_zig

Rebar3 plugin to call Zig functions from Erlang using NIF
Erlang
5
star
43

shiguredo-webrtc-android

WebRTC libraries for Android
Shell
5
star
44

sora-labo-doc

Sora Labo ドキュメント
4
star
45

sora-python-sdk-samples

Sora Python SDK サンプル集
Python
3
star
46

ayame-labo-doc

2
star
47

sora-webrtc-ios

WebRTC libraries for iOS
Ruby
2
star
48

sora-ios-sdk-specs

WebRTC SFU Sora iOS SDK 用の CocoaPod Specs リポジトリ
Ruby
2
star
49

base32_clockwork

Base32 (RFC 4648, Crockford, Clockwork)
Erlang
2
star
50

shiguredo-webrtc-ios

Ruby
2
star
51

sora-flutter-sdk-samples

1
star
52

rebar3_static_deps

Erlang
1
star
53

sora-archive-uploader

Sora Archive Uploader
Go
1
star