-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: Add PSK support #23188
tls: Add PSK support #23188
Conversation
cc @nodejs/crypto Why is the PSK passed as a hexadecimal string instead of a buffer? |
Updated initial post on the status of this PR. |
It's been 25 days already 😮, sorry for the delay, wanted to get back to this in a week or two. |
@tniessen I assume that's due to https://tools.ietf.org/html/rfc4279#section-5.4
Though perhaps this should be changed to use Buffer (as strings are utf8)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its a good feature to have, thank you.
I feel that there is some lack of clarity in the types. Some things that are null terminated strings are Buffer in the API, some things that are arbitrary binary data are hex strings, etc. But perhaps I misunderstand, please see my comments, and review the API.
Currently, we cannot connect to a server using PSK without Lines 2150 to 2154 in e35f671
Lines 236 to 238 in e35f671
@bnoordhuis could you maybe help (as that was your comment initially). I'm not sure how to procceed with this one. (refs #23188 (comment)) |
ping @bnoordhuis PTAL #23188 (comment) and #23188 (comment)). |
@lundibundi its quite a bit of work to verify whether you have addressed all comments. You didn't address https://github.com/nodejs/node/pull/23188/files#r229014173 or https://github.com/nodejs/node/pull/23188/files#r228850947. It doesn't look like the identity hint was constrained to utf-8, it still accepts Buffer/arbitrary binary data (which will get truncated to the first NUL byte by ossl). I don't have the time today to go through every comment and re-read the diff to check what you did to address the comments. You can make re-review easier by following up on all comments with a thumbs up icon, or a statement saying you agree and will address, or some other indication of what happened. |
What's the status of this one? In progress? Stalled? Ready for reviews? @lundibundi @sam-github |
@Trott @sam-github, sorry for the delay, was swamped at work. Could someone from @nodejs/crypto take a look at https://github.com/nodejs/node/pull/23188/files#diff-801e3948990f4965a8ea4aca4a423864R2264 as I'm not sure if those changes are ok. This is ready for review. |
Rebased on master just in case. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some nits, and we have to sort out the oddity with the hex-encoded args.
#23188 (comment) is also blocking - we can't release this telling people to provide rejectUnauthorized
as an argument, that would make client auth completely insecure. Better to figure out another way, or to disallow mixing PSK and requestCert
or PSK and any non-PSK ciphers.
doc/api/tls.md
Outdated
with "decrypt_error" before it will be finished completely. | ||
Note that PSK ciphers are disabled by default, and using TLS-PSK thus | ||
requires explicitly specifying a cipher suite with the `ciphers` option. | ||
Additionally, it may be necessary to disable `rejectUnauthorized` if a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bug. If openssl allows a client to have both a PSK cipher suite configured, and a non-PSK certificate-based authentication configured so the server can choose which one to use, then the connection should be secure. disabling rejectUnauthorized means the cert-based auth won't happen, and the connection will be insecure. I don't see how we can release this feature with a security hole like this.
If this is fundamentally a problem (bug?) with openssl, we can raise with them, and then perhaps work harder in this PR to make it not possible for a server to both request a client certificate, and enable PSK ciphers.
It is also possible that this is something that could be fixed in our code, where we are validating a cert when we should not be when PSK was used.
You said to @addaleax that you would investigate this further. Have you? If you can't figure out what's going on, I could take a shot at looking at this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I forgot to remove this from here. Refer to #23188 (comment) and
https://github.com/nodejs/node/pull/23188/files#diff-f6e3a86962eaf0897ab59e88b418e64fR986
It will be necessary to provide a custom [`tls.checkServerIdentity()`][]
for the connection as the default one will try to check hostname/IP
of the server against the certificate but that's not applicable for PSK
because there won't be a certificate present.
https://wiki.openssl.org/index.php/TLS1.3#PSKs I'm reviewing what we'll need for TLSv1.3 support, and came across the above. I haven't looked really closely, yet, but my initial impression is that while some more work might be necessary to support PSKs with TLS1.3, that it wouldn't cause the API here to break, though some aspects might become optional (identity hints). It would be unfortunate to add a new API and shortly after have to change it, so even though TLS1.3 isn't in Node.js yet, lets make sure we know the impact. |
This is resolved with As for the TLS1.3, this should work as is. Based on the docs of the methods we use here (in openssl) they have kept the current methods as backups if the new methods are not implemented. |
70557ee
to
6a52fad
Compare
Add the `pskCallback` client/server option, which resolves an identity or identity hint to a pre-shared key. Add the `pskIdentityHint` server option to set the identity hint for the ServerKeyExchange message. Co-authored-by: Chris Osborn <[email protected]> Co-authored-by: stephank <[email protected]> Co-authored-by: Taylor Zane Glaeser <[email protected]> PR-URL: nodejs#23188 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Woohoo! This finally landed in f8d7e22 after more than one year! 🎉 @lundibundi awesome work |
Add the `pskCallback` client/server option, which resolves an identity or identity hint to a pre-shared key. Add the `pskIdentityHint` server option to set the identity hint for the ServerKeyExchange message. Co-authored-by: Chris Osborn <[email protected]> Co-authored-by: stephank <[email protected]> Co-authored-by: Taylor Zane Glaeser <[email protected]> PR-URL: #23188 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Notable changes: * assert: * Implement `assert.match()` and `assert.doesNotMatch()` (Ruben Bridgewater) #30929 * events: * Add `EventEmitter.on` to async iterate over events (Matteo Collina) #27994 * Allow monitoring error events (Gerhard Stoebich) #30932 * fs: * Allow overriding `fs` for streams (Robert Nagy) #29083 * perf_hooks: * Move `perf_hooks` out of experimental (legendecas) #31101 * repl: * Implement ZSH-like reverse-i-search (Ruben Bridgewater) #31006 * tls: * Add PSK (pre-shared key) support (Denys Otrishko) #23188 PR-URL: #31238
Notable changes: * assert: * Implement `assert.match()` and `assert.doesNotMatch()` (Ruben Bridgewater) #30929 * events: * Add `EventEmitter.on` to async iterate over events (Matteo Collina) #27994 * Allow monitoring error events (Gerhard Stoebich) #30932 * fs: * Allow overriding `fs` for streams (Robert Nagy) #29083 * perf_hooks: * Move `perf_hooks` out of experimental (legendecas) #31101 * repl: * Implement ZSH-like reverse-i-search (Ruben Bridgewater) #31006 * tls: * Add PSK (pre-shared key) support (Denys Otrishko) #23188 PR-URL: #31238
Notable changes: * assert: * Implement `assert.match()` and `assert.doesNotMatch()` (Ruben Bridgewater) #30929 * events: * Add `EventEmitter.on` to async iterate over events (Matteo Collina) #27994 * Allow monitoring error events (Gerhard Stoebich) #30932 * fs: * Allow overriding `fs` for streams (Robert Nagy) #29083 * perf_hooks: * Move `perf_hooks` out of experimental (legendecas) #31101 * repl: * Implement ZSH-like reverse-i-search (Ruben Bridgewater) #31006 * tls: * Add PSK (pre-shared key) support (Denys Otrishko) #23188 PR-URL: #31238
Add the `pskCallback` client/server option, which resolves an identity or identity hint to a pre-shared key. Add the `pskIdentityHint` server option to set the identity hint for the ServerKeyExchange message. Co-authored-by: Chris Osborn <[email protected]> Co-authored-by: stephank <[email protected]> Co-authored-by: Taylor Zane Glaeser <[email protected]> PR-URL: #23188 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Add the `pskCallback` client/server option, which resolves an identity or identity hint to a pre-shared key. Add the `pskIdentityHint` server option to set the identity hint for the ServerKeyExchange message. Co-authored-by: Chris Osborn <[email protected]> Co-authored-by: stephank <[email protected]> Co-authored-by: Taylor Zane Glaeser <[email protected]> PR-URL: #23188 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
nodejs/node#23188 We don't support much of TLS owing to schisms between BoringSSL and OpenSSL.
nodejs/node#23188 We don't support much of TLS owing to schisms between BoringSSL and OpenSSL.
* chore: bump node in DEPS to v12.16.0 * Fixup asar support setup patch nodejs/node#30862 * Fixup InternalCallbackScope patch nodejs/node#30236 * Fixup GN buildfiles patch nodejs/node#30755 * Fixup low-level hooks patch nodejs/node#30466 * Fixup globals require patch nodejs/node#31643 * Fixup process stream patch nodejs/node#30862 * Fixup js2c modification patch nodejs/node#30755 * Fixup internal fs override patch nodejs/node#30610 * Fixup context-aware warn patch nodejs/node#30336 * Fixup Node.js with ltcg config nodejs/node#29388 * Fixup oaepLabel patch nodejs/node#30917 * Remove redundant ESM test patch nodejs/node#30997 * Remove redundant cli flag patch nodejs/node#30466 * Update filenames.json * Remove macro generation in GN build files nodejs/node#30755 * Fix some compilation errors upstream * Add uvwasi to deps nodejs/node#30258 * Fix BoringSSL incompatibilities * Fixup linked module patch nodejs/node#30274 * Add missing sources to GN uv build libuv/libuv#2347 * Patch some uvwasi incompatibilities * chore: bump Node.js to v12.6.1 * Remove mark_arraybuffer_as_untransferable.patch nodejs/node#30549 * Fix uvwasi build failure on win * Fixup --perf-prof cli option error * Fixup early cjs module loading * fix: initialize diagnostics properly nodejs/node#30025 * Disable new esm syntax specs nodejs/node#30219 * Fixup v8 weakref hook spec nodejs/node#29874 * Fix async context timer issue * Disable monkey-patch-main spec It relies on nodejs/node#29777, and we don't override prepareStackTrace. * Disable new tls specs nodejs/node#23188 We don't support much of TLS owing to schisms between BoringSSL and OpenSSL. Co-authored-by: Shelley Vohr <[email protected]>
Co-Authored-By: Fabian Iwand <[email protected]> PR-URL: #52627 Fixes: #52448 Refs: #23188 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
Co-Authored-By: Fabian Iwand <[email protected]> PR-URL: nodejs#52627 Fixes: nodejs#52448 Refs: nodejs#23188 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
Co-Authored-By: Fabian Iwand <[email protected]> PR-URL: nodejs#52627 Fixes: nodejs#52448 Refs: nodejs#23188 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]>
Basically #14978.Wanted to push to that branch but started with a rebase which resulted in github closing the PR and disallowing me to push there.Add the
pskCallback
client/server option, which resolves an identityor identity hint to a pre-shared key.
Add the
pskIdentityHint
server option to set the identity hint for theServerKeyExchange message.
Co-authored-by: Chris Osborn [email protected]
Co-authored-by: stephank [email protected]
Co-authored-by: Taylor Zane Glaeser [email protected]
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAdditional changes:
_tsl_common.js
Edit: note for all reviewers, thanks for reviewing, though this is currently waiting on @taylorzane, I'm not sure if he will have time to finish this.* If he does have time then we will either float those comments and changes to #14978 or I'll just give him push access to this branch.* If he doesn't have time for this then I'll pick it up and address comments/review more thoroughly.Initially, I've only just rebased this on master and did simple cleanups without changing much.Adding 'In Progress' to be verbose.I'll proceed with this now.Addressed review comments and updated PR description.