evangelos-ch/kemdtls

A Go prototype for KEMDTLS, an application of KEMTLS onto DTLS. Developed as part of my BSc dissertation.

KEMDTLS

A Go prototype for KEMDTLS, an application of KEMTLS onto DTLS

KEMDTLS

KEMDTLS is an application of Post-Quantum KEMTLS onto DTLS.

KEMTLS was proposed by Peter Shwabe, Douglas Stebila and Thom Wiggers for TLS 1.3. This is an integration of Post-Quantum KEMs using liboqs-go into pion/dtls to implement KEMDTLS in DTLS 1.2.

Main difference between KEMTLS and KEMDTLS is that KEMDTLS follows the DTLS 1.2 Key Schedule, whereas the original KEMTLS paper uses the TLS 1.3 Key Schedule, where part of the handshake itself is encrypted. As such KEMDTLS derives a Master Secret from a concatenation of the two exchanged shared secrets as the input to the DLTS 1.2 Key Schedule.

The purpose of the project and the repository is to experiment with post-quantum cryptosystems in an Internet of Things-oriented context as part of my BSc dissertation on the application of PQC on the IoT. It is simply a proof of concept meant to demonstrate the applicability of such schemes onto the protocol that supports CoAP as well as allow for some benchmarking experiments. As such nothing further has been tested.

TODO

[ ] Certificates that include Post-Quantum KEM keys. [ ] Extract Public Key from Certificate (pion/dtls surprisingly doesn't do this already when the Client receives the flight 4 messages!?)

DTLS

Native DTLS 1.2 implementation in the Go programming language.

A long term goal is a professional security review, and maybe inclusion in stdlib.

Goals/Progress

This will only be targeting DTLS 1.2, and the most modern/common cipher suites. We would love contributes that fall under the 'Planned Features' and fixing any bugs!

Current features

• DTLS 1.2 Client/Server
• Key Exchange via ECDHE(curve25519, nistp256, nistp384) and PSK
• Packet loss and re-ordering is handled during handshaking
• Key export (RFC 5705)
• Serialization and Resumption of sessions
• Extended Master Secret extension (RFC 7627)

Supported ciphers

ECDHE

• TLS_ECDHE_ECDSA_WITH_AES_128_CCM (RFC 6655)
• TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (RFC 6655)
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (RFC 8422)
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (RFC 8422)

PSK

• TLS_PSK_WITH_AES_128_CCM (RFC 6655)
• TLS_PSK_WITH_AES_128_CCM_8 (RFC 6655)
• TLS_PSK_WITH_AES_128_GCM_SHA256 (RFC 5487)
• TLS_PSK_WITH_AES_128_CBC_SHA256 (RFC 5487)

Planned Features

• Chacha20Poly1305

Excluded Features

• DTLS 1.0
• Renegotiation
• Compression

Using

This library needs at least Go 1.13, and you should have Go modules enabled.

Pion DTLS

For a DTLS 1.2 Server that listens on 127.0.0.1:4444

go run examples/listen/selfsign/main.go

For a DTLS 1.2 Client that connects to 127.0.0.1:4444

go run examples/dial/selfsign/main.go

OpenSSL

Pion DTLS can connect to itself and OpenSSL.

  // Generate a certificate
  openssl ecparam -out key.pem -name prime256v1 -genkey
  openssl req -new -sha256 -key key.pem -out server.csr
  openssl x509 -req -sha256 -days 365 -in server.csr -signkey key.pem -out cert.pem

  // Use with examples/dial/selfsign/main.go
  openssl s_server -dtls1_2 -cert cert.pem -key key.pem -accept 4444

  // Use with examples/listen/selfsign/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -debug -cert cert.pem -key key.pem

Using with PSK

Pion DTLS also comes with examples that do key exchange via PSK

Pion DTLS

go run examples/listen/psk/main.go

go run examples/dial/psk/main.go

OpenSSL

  // Use with examples/dial/psk/main.go
  openssl s_server -dtls1_2 -accept 4444 -nocert -psk abc123 -cipher PSK-AES128-CCM8

  // Use with examples/listen/psk/main.go
  openssl s_client -dtls1_2 -connect 127.0.0.1:4444 -psk abc123 -cipher PSK-AES128-CCM8

Contributing

Check out the contributing wiki to join the group of amazing people making this project possible:

• Sean DuBois - Original Author
• Michiel De Backker - Public API
• Chris Hiszpanski - Support Signature Algorithms Extension
• Iñigo Garcia Olaizola - Serialization & resumption, cert verification, E2E
• Daniele Sluijters - AES-CCM support
• Jin Lei - Logging
• Hugo Arregui
• Lander Noterman
• Aleksandr Razumov - Fuzzing
• Ryan Gordon
• Stefan Tatschner
• Hayden James
• Jozef Kralik
• Robert Eperjesi
• Atsushi Watanabe
• Julien Salleyron - Server Name Indication
• Jeroen de Bruijn
• bjdgyc
• Jeffrey Stoke (Jeff Ctor) - Fragmentbuffer Fix
• Frank Olbricht
• ZHENK
• Carson Hoffman
• Vadim Filimonov
• Jim Wert
• Alvaro Viebrantz
• Kegan Dougal
• Michael Zabka

License

MIT License - see LICENSE for full text