Update to Go 1.13.4 crypto/tls

raff · Dec 17, 2019 · 18c4d60 · 18c4d60
1 parent c3cd848
commit 18c4d60
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -5,6 +5,9 @@ This package adds PSK cipher suites to the "standard" Go crypto/tls package.
 Well, since currently the standard crypto/tls package is not extensible, this package uses an "extensible" version
 (a copy of the standard crypto/tls package with some added functionalities)
 
+This version is compatible with crypto/tls from Go 1.13.4. If you need the older version (based on Go 1.2.2) you
+can checkout the release/tag v0.0.0
+
 Installatation
 ==============
 
@@ -37,6 +40,7 @@ Usage
         config := &tls.Config{
                 CipherSuites: []uint16{psk.TLS_PSK_WITH_AES_128_CBC_SHA},
                 Certificates: []tls.Certificate{tls.Certificate{}},
+                MaxVersion: tls.VersionTLS12,   // <<<<<<<<<< REQUIRED FOR NOW
                 Extra: psk.PSKConfig{
                     GetKey: getKey,
                     GetIdentity: getIdentity,

diff --git a/go.mod b/go.mod
@@ -0,0 +1,5 @@
+module github.com/raff/tls-psk
+
+go 1.13
+
+require github.com/raff/tls-ext v1.0.0
diff --git a/go.sum b/go.sum
@@ -0,0 +1,10 @@
+github.com/raff/tls-ext v1.0.0 h1:72EP1QYiXxTpTt3zWLi6YefLDnXFHTvnxog/H6COwj4=
+github.com/raff/tls-ext v1.0.0/go.mod h1:HEICLTE9Cp+MmIiJ9iZnNj4VYxkUKjdpEml9ersDBbs=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/psk.go b/psk.go
@@ -7,6 +7,7 @@ package psk
 import (
 	"crypto/x509"
 	"errors"
+        "fmt"
 	"github.com/raff/tls-ext"
 )
 
@@ -16,16 +17,16 @@ func init() {
 
 // The list of supported PSK cipher suites
 var pskCipherSuites = []*tls.CipherSuite{
-	{TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, tls.SuiteNoCerts, tls.CipherRC4, tls.MacSHA1, nil},
-	{TLS_PSK_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, pskKA, tls.SuiteNoCerts, tls.Cipher3DES, tls.MacSHA1, nil},
-	{TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, tls.SuiteNoCerts, tls.CipherAES, tls.MacSHA1, nil},
-	{TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, tls.SuiteNoCerts, tls.CipherAES, tls.MacSHA1, nil},
+	//tls.NewCipherSuite(TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, tls.SuiteNoCerts, tls.CipherRC4, tls.MacSHA1, nil),
+	tls.NewCipherSuite(TLS_PSK_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, pskKA, tls.SuiteNoCerts, tls.Cipher3DES, tls.MacSHA1, nil),
+	tls.NewCipherSuite(TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, tls.SuiteNoCerts, tls.CipherAES, tls.MacSHA1, nil),
+	tls.NewCipherSuite(TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, tls.SuiteNoCerts, tls.CipherAES, tls.MacSHA1, nil),
 }
 
 // A list of the possible PSK cipher suite ids.
 // Note that not all of them are supported.
 const (
-	TLS_PSK_WITH_RC4_128_SHA          uint16 = 0x008A
+	//TLS_PSK_WITH_RC4_128_SHA          uint16 = 0x008A
 	TLS_PSK_WITH_3DES_EDE_CBC_SHA     uint16 = 0x008B
 	TLS_PSK_WITH_AES_128_CBC_SHA      uint16 = 0x008C
 	TLS_PSK_WITH_AES_256_CBC_SHA      uint16 = 0x008D
@@ -66,7 +67,7 @@ func (ka pskKeyAgreement) ProcessClientKeyExchange(config *tls.Config, cert *tls
 
 	pskConfig, ok := config.Extra.(PSKConfig)
 	if !ok {
-		return nil, errors.New("bad Config - Extra not of type PSKConfig")
+		return nil, fmt.Errorf("bad Config - Extra not of type PSKConfig: %#v", config.Extra)
 	}
 
 	if pskConfig.GetKey == nil {
@@ -112,7 +113,7 @@ func (ka pskKeyAgreement) GenerateClientKeyExchange(config *tls.Config, clientHe
 
 	pskConfig, ok := config.Extra.(PSKConfig)
 	if !ok {
-		return nil, nil, errors.New("bad Config - Extra not of type PSKConfig")
+		return nil, nil, fmt.Errorf("bad Config - Extra not of type PSKConfig: %#v", config.Extra)
 	}
 
 	if pskConfig.GetIdentity == nil {