README
¶
go-channelbinding: Go library to create TLS channel binding data for use with authentcation protocols
go-channelbinding provides TLS Channel Binding support as defined in RFC 5929:
- tls-unique: binds to an individual TLS connection
- tls-server-end-point: binds to the server's TLS certificate
These bindings are available for TLS versions prior to TLS1.3 only, and are subject to issues related to session resumption and renegotiation, as described in this miTLS paper. Please take time to read and understand the limitations before relying on channel bindings to secure authentication protocols.
The library also supports channel bindings for TLS 1.3 as defined in RFC 9266:
- tls-exporter: binds to TLS Exported Keying Material (EKM)
Example
package main
import (
"crypto/tls"
"fmt"
"os"
cb "github.com/golang-auth/go-channelbinding"
)
func main() {
tlsConf := tls.Config{MaxVersion: tls.VersionTLS12}
conn, err := tls.Dial("tcp", "ldap.example.com:636", &tlsConf)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
tlsState := conn.ConnectionState()
data, err := cb.MakeTLSChannelBinding(tlsState, tlsState.PeerCertificates[0], cb.TLSChannelBindingEndpoint)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// use data...
_ = data
}
TLS 1.3
The tls-server-endpoint and tls-exporter bindings are supported for TLS 1.3, with tls-exporter repacing tls-unique that was available for earlier TLS versions. tls-unique is not available for TLS 1.3 (see the security concerns outlined in the referenced miTLS paper). As mentioned in RFC 9266, tls-exporter should only be used when extended master secrets are in use. Go 1.22 and later disables the use of exported key material when extended master secrets or TLS 1.3 are not in use so attempting to use this module in those cases will fail safe.
Documentation
¶
Overview ¶
Package channelbinding provides TLS Channel Binding support as defined in RFC 5929:
tls-unique: binds to an individual TLS connection tls-server-end-point: binds to the server's TLS certificate
These bindings are available for TLS versions prior to TLS1.3 only, and are subject to issues related to session resumption and renegotiation, as described in the miTLS paper. Please take time to read and understand the limitations before relying on channel bindings to secure authentication protocols.
The library also supports channel bindings for TLS 1.3 as defined in RFC 9266:
tls-exporter: binds to TLS Exported Keying Material (EKM)
Index ¶
Constants ¶
const ( TLSChannelBindingNone = iota TLSChannelBindingUnique TLSChannelBindingEndpoint TLSChannelBindingExporter )
Supported TLS channel binding types
Variables ¶
This section is empty.
Functions ¶
func MakeTLSChannelBinding ¶
func MakeTLSChannelBinding(state tls.ConnectionState, serverCert *x509.Certificate, bindingType TLSChannelBindingType) (cbData []byte, err error)
MakeTLSChannelBinding creates the TLS channel binding data for a given binding type.
Unfortunately it is not possible to determine whether the caller is the client or server from the ConncetionState alone. Therefore, serverCert must be passed when requesting TLSCHannelBindingEndpoint binding. For a client, this value is state.PeerCertificates[0]. Determining which certificate to use for a server is more complex when multiple server certs are used (eg. when making use of SNI), and this is left to the caller to determine.
serverCert may be nil when requesting TLSChannelBindingUnique or TLSChannelBindingExporter binding.
A request for TLSChannelBindingUnique will fail if TLS1.3 is in use, or if session resumption is enabled.
A request for TLSChannelBindingEndpoint will fail if no serverCert is supplied.
The returned data is suitable for passing to SASL or GSSAPI authentication mechanisms.
Note that it is the caller's responsibility to ensure that session renegotiation does not occur between the time that MakeTLSChannelBinding() is called and the end of the authentication phase of the application protocol.
Types ¶
type TLSChannelBindingType ¶
type TLSChannelBindingType int
TLSChannelBindingType defines a TLS Channel Binding type
Source Files