mirror
/
gost-mirror
mirror of https://github.com/ginuerzh/gost
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
389 Commits
7 Branches
52 Tags
33 MiB
 
 
Tree: c91e424cbe
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c91e424cbe'
${ noResults }
gost-mirror/vendor/github.com/bifurcation/mint
rui.zheng db4591cadd
update vendor for QUIC 		9 years ago
..
syntax update vendor for QUIC 9 years ago
LICENSE.md update vendor for QUIC 9 years ago
README.md update vendor for QUIC 9 years ago
alert.go update vendor for QUIC 9 years ago
client-state-machine.go update vendor for QUIC 9 years ago
common.go update vendor for QUIC 9 years ago
conn.go update vendor for QUIC 9 years ago
crypto.go update vendor for QUIC 9 years ago
extensions.go update vendor for QUIC 9 years ago
ffdhe.go update vendor for QUIC 9 years ago
frame-reader.go update vendor for QUIC 9 years ago
handshake-layer.go update vendor for QUIC 9 years ago
handshake-messages.go update vendor for QUIC 9 years ago
log.go update vendor for QUIC 9 years ago
mint.svg update vendor for QUIC 9 years ago
negotiation.go update vendor for QUIC 9 years ago
record-layer.go update vendor for QUIC 9 years ago
server-state-machine.go update vendor for QUIC 9 years ago
state-machine.go update vendor for QUIC 9 years ago
tls.go update vendor for QUIC 9 years ago

README.md

A lock with a mint leaf

mint - A Minimal TLS 1.3 stack

Build Status

This project is primarily a learning effort for me to understand the TLS 1.3 protocol. The goal is to arrive at a pretty complete implementation of TLS 1.3, with minimal, elegant code that demonstrates how things work. Testing is a priority to ensure correctness, but otherwise, the quality of the software engineering might not be at a level where it makes sense to integrate this with other libraries. Backward compatibility is not an objective.

We borrow liberally from the Go TLS library, especially where TLS 1.3 aligns with earlier TLS versions. However, unnecessary parts will be ruthlessly cut off.

Quickstart

Installation is the same as for any other Go package:

go get github.com/bifurcation/mint

The API is pretty much the same as for the TLS module, with Dial and Listen methods wrapping the underlying socket APIs.

conn, err := mint.Dial("tcp", "localhost:4430", &mint.Config{...})
...
listener, err := mint.Listen("tcp", "localhost:4430", &mint.Config{...})

Documentation is available on godoc.org

Interoperability testing

The mint-client and mint-server executables are included to make it easy to do basic interoperability tests with other TLS 1.3 implementations. The steps for testing against NSS are as follows.

# Install mint
go get github.com/bifurcation/mint

# Environment for NSS (you'll probably want a new directory)
NSS_ROOT=<whereever you want to put NSS>
mkdir $NSS_ROOT
cd $NSS_ROOT
export USE_64=1
export ENABLE_TLS_1_3=1
export HOST=localhost
export DOMSUF=localhost

# Build NSS
hg clone https://hg.mozilla.org/projects/nss
hg clone https://hg.mozilla.org/projects/nspr
cd nss
make nss_build_all

export PLATFORM=`cat $NSS_ROOT/dist/latest`
export DYLD_LIBRARY_PATH=$NSS_ROOT/dist/$PLATFORM/lib
export LD_LIBRARY_PATH=$NSS_ROOT/dist/$PLATFORM/lib

# Run NSS tests (this creates data for the server to use)
cd tests/ssl_gtests
./ssl_gtests.sh

# Test with client=mint server=NSS
cd $NSS_ROOT
./dist/$PLATFORM/bin/selfserv -d tests_results/security/$HOST.1/ssl_gtests/ -n rsa -p 4430
# if you get `NSS_Init failed.`, check the path above, particularly around $HOST
# ...
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-client/main.go

# Test with client=NSS server=mint
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-server/main.go
# ...
cd $NSS_ROOT
dist/$PLATFORM/bin/tstclnt -d tests_results/security/$HOST/ssl_gtests/ -V tls1.3:tls1.3 -h 127.0.0.1 -p 4430 -o