Make the Elliptic curves and order configurable

daenney · daenney · commit de299f573c3e · 2022-07-29T13:30:38.000+02:00
This allows the client/server to chose which elliptic curves they wish to advertise, and in which order. Fixes #474
diff --git a/config.go b/config.go
@@ -10,6 +10,7 @@ import (
 	"io"
 	"time"
 
+	"github.com/pion/dtls/v2/pkg/crypto/elliptic"
 	"github.com/pion/logging"
 )
 
@@ -130,6 +131,12 @@ type Config struct {
 
 	// List of application protocols the peer supports, for ALPN
 	SupportedProtocols []string
+
+	// List of Elliptic Curves to use
+	//
+	// If an ECC ciphersuite is configured and EllipticCurves is empty
+	// it will default to X25519, P-256, P-384 in this specific order.
+	EllipticCurves []elliptic.Curve
 }
 
 func defaultConnectContextMaker() (context.Context, func()) {
@@ -145,6 +152,8 @@ func (c *Config) connectContextMaker() (context.Context, func()) {
 
 const defaultMTU = 1200 // bytes
 
+var defaultCurves = []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384} //nolint:gochecknoglobals
+
 // PSKCallback is called once we have the remote's PSKIdentityHint.
 // If the remote provided none it will be nil
 type PSKCallback func([]byte) ([]byte, error)
diff --git a/conn.go b/conn.go
@@ -154,6 +154,11 @@ func createConn(ctx context.Context, nextConn net.Conn, config *Config, isClient
 		serverName = ""
 	}
 
+	curves := config.EllipticCurves
+	if len(curves) == 0 {
+		curves = defaultCurves
+	}
+
 	hsCfg := &handshakeConfig{
 		localPSKCallback:            config.PSK,
 		localPSKIdentityHint:        config.PSKIdentityHint,
@@ -175,6 +180,7 @@ func createConn(ctx context.Context, nextConn net.Conn, config *Config, isClient
 		initialEpoch:                0,
 		keyLogWriter:                config.KeyLogWriter,
 		sessionStore:                config.SessionStore,
+		ellipticCurves:              curves,
 	}
 
 	// rfc5246#section-7.4.3
diff --git a/conn_test.go b/conn_test.go
@@ -2724,3 +2724,82 @@ func TestMultipleServerCertificates(t *testing.T) {
 		})
 	}
 }
+
+func TestEllipticCurveConfiguration(t *testing.T) {
+	// Check for leaking routines
+	report := test.CheckRoutines(t)
+	defer report()
+
+	for _, test := range []struct {
+		Name            string
+		ConfigCurves    []elliptic.Curve
+		HadnshakeCurves []elliptic.Curve
+	}{
+		{
+			Name:            "Curve defaulting",
+			ConfigCurves:    nil,
+			HadnshakeCurves: defaultCurves,
+		},
+		{
+			Name:            "Single curve",
+			ConfigCurves:    []elliptic.Curve{elliptic.X25519},
+			HadnshakeCurves: []elliptic.Curve{elliptic.X25519},
+		},
+		{
+			Name:            "Multiple curves",
+			ConfigCurves:    []elliptic.Curve{elliptic.P384, elliptic.X25519},
+			HadnshakeCurves: []elliptic.Curve{elliptic.P384, elliptic.X25519},
+		},
+	} {
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+
+		ca, cb := dpipe.Pipe()
+		type result struct {
+			c   *Conn
+			err error
+		}
+		c := make(chan result)
+
+		go func() {
+			client, err := testClient(ctx, ca, &Config{CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, EllipticCurves: test.ConfigCurves}, true)
+			c <- result{client, err}
+		}()
+
+		server, err := testServer(ctx, cb, &Config{CipherSuites: []CipherSuiteID{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, EllipticCurves: test.ConfigCurves}, true)
+		if err != nil {
+			t.Fatalf("Server error: %v", err)
+		}
+
+		if len(test.ConfigCurves) == 0 && len(test.HadnshakeCurves) != len(server.fsm.cfg.ellipticCurves) {
+			t.Fatalf("Failed to default Elliptic curves, expected %d, got: %d", len(test.HadnshakeCurves), len(server.fsm.cfg.ellipticCurves))
+		}
+
+		if len(test.ConfigCurves) != 0 {
+			if len(test.HadnshakeCurves) != len(server.fsm.cfg.ellipticCurves) {
+				t.Fatalf("Failed to configure Elliptic curves, expect %d, got %d", len(test.HadnshakeCurves), len(server.fsm.cfg.ellipticCurves))
+			}
+			for i, c := range test.ConfigCurves {
+				if c != server.fsm.cfg.ellipticCurves[i] {
+					t.Fatalf("Failed to maintain Elliptic curve order, expected %s, got %s", c, server.fsm.cfg.ellipticCurves[i])
+				}
+			}
+		}
+
+		res := <-c
+		if res.err != nil {
+			t.Fatalf("Client error; %v", err)
+		}
+
+		defer func() {
+			err = server.Close()
+			if err != nil {
+				t.Fatal(err)
+			}
+			err = res.c.Close()
+			if err != nil {
+				t.Fatal(err)
+			}
+		}()
+	}
+}
diff --git a/flight1handler.go b/flight1handler.go
@@ -74,7 +74,7 @@ func flight1Generate(c flightConn, state *State, cache *handshakeCache, cfg *han
 	if setEllipticCurveCryptographyClientHelloExtensions {
 		extensions = append(extensions, []extension.Extension{
 			&extension.SupportedEllipticCurves{
-				EllipticCurves: []elliptic.Curve{elliptic.X25519, elliptic.P256, elliptic.P384},
+				EllipticCurves: cfg.ellipticCurves,
 			},
 			&extension.SupportedPointFormats{
 				PointFormats: []elliptic.CurvePointFormat{elliptic.CurvePointFormatUncompressed},
diff --git a/handshaker.go b/handshaker.go
@@ -9,6 +9,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/pion/dtls/v2/pkg/crypto/elliptic"
 	"github.com/pion/dtls/v2/pkg/crypto/signaturehash"
 	"github.com/pion/dtls/v2/pkg/protocol/alert"
 	"github.com/pion/dtls/v2/pkg/protocol/handshake"
@@ -106,6 +107,7 @@ type handshakeConfig struct {
 	clientCAs                   *x509.CertPool
 	retransmitInterval          time.Duration
 	customCipherSuites          func() []CipherSuite
+	ellipticCurves              []elliptic.Curve
 
 	onFlightState func(flightVal, handshakeState)
 	log           logging.LeveledLogger
diff --git a/handshaker_test.go b/handshaker_test.go
@@ -1,3 +1,4 @@
+//nolint:dupl
 package dtls
 
 import (
@@ -264,6 +265,7 @@ func TestHandshaker(t *testing.T) {
 				cfg := &handshakeConfig{
 					localCipherSuites:     cipherSuites,
 					localCertificates:     []tls.Certificate{clientCert},
+					ellipticCurves:        defaultCurves,
 					localSignatureSchemes: signaturehash.Algorithms(),
 					insecureSkipVerify:    true,
 					log:                   logger,
@@ -296,6 +298,7 @@ func TestHandshaker(t *testing.T) {
 				cfg := &handshakeConfig{
 					localCipherSuites:     cipherSuites,
 					localCertificates:     []tls.Certificate{clientCert},
+					ellipticCurves:        defaultCurves,
 					localSignatureSchemes: signaturehash.Algorithms(),
 					insecureSkipVerify:    true,
 					log:                   logger,
diff --git a/pkg/crypto/elliptic/elliptic.go b/pkg/crypto/elliptic/elliptic.go
@@ -5,6 +5,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"errors"
+	"fmt"
 
 	"golang.org/x/crypto/curve25519"
 )
@@ -57,6 +58,18 @@ const (
 	X25519 Curve = 0x001d
 )
 
+func (c Curve) String() string {
+	switch c {
+	case P256:
+		return "P-256"
+	case P384:
+		return "P-384"
+	case X25519:
+		return "X25519"
+	}
+	return fmt.Sprintf("%#x", uint16(c))
+}
+
 // Curves returns all curves we implement
 func Curves() map[Curve]bool {
 	return map[Curve]bool{
diff --git a/pkg/crypto/elliptic/elliptic_test.go b/pkg/crypto/elliptic/elliptic_test.go
@@ -0,0 +1,24 @@
+package elliptic
+
+import "testing"
+
+func TestString(t *testing.T) {
+	tests := []struct {
+		in  Curve
+		out string
+	}{
+		{X25519, "X25519"},
+		{P256, "P-256"},
+		{P384, "P-384"},
+		{0, "0x0"},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.out, func(t *testing.T) {
+			if tt.in.String() != tt.out {
+				t.Fatalf("Expected: %s, got: %s", tt.out, tt.in.String())
+			}
+		})
+	}
+}
