Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: add PSK support #6379

Open
gopherbot opened this Issue Sep 13, 2013 · 13 comments

Comments

Projects
None yet
8 participants
@gopherbot
Copy link

gopherbot commented Sep 13, 2013

by tiebingzhang:

RFC 4279 (http://tools.ietf.org/html/rfc4279#page-10) added PSK to TLS.
OpenSSL and GnuTLS already have support for it.

The RFC defines three additional key exchange algorithms:
PSK
RSA-PSK
DHE-PSK

It would be nice to add at least PSK and DHE-PSK to GO's crypto/tls package. The work
seems to be reasonable size.

According to Wikipedia
(http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Key_Exchange_Algorithms_.28Alternative_key-exchanges.29),
RSA-PSK has not been implemented by any of the listed implementations, so it is maybe
okay to push that one off for later.
@rsc

This comment has been minimized.

Copy link
Contributor

rsc commented Oct 18, 2013

Comment 1:

For now at least, very low priority.

Labels changed: added priority-someday, removed priority-triage.

Status changed to Accepted.

@rsc

This comment has been minimized.

Copy link
Contributor

rsc commented Nov 27, 2013

Comment 2:

Labels changed: added go1.3maybe.

@rsc

This comment has been minimized.

Copy link
Contributor

rsc commented Dec 4, 2013

Comment 3:

Labels changed: added release-none, removed go1.3maybe.

@rsc

This comment has been minimized.

Copy link
Contributor

rsc commented Dec 4, 2013

Comment 4:

Labels changed: added repo-main.

@rsc rsc added this to the Unplanned milestone Apr 10, 2015

@tchap

This comment has been minimized.

Copy link

tchap commented Feb 17, 2017

Might be a good idea to revisit this. I am interested in IoT and some devices simply cannot do regular TLS. Having a solid implementation of TLS-PSK would enable people to use Go to implement a server communicating with a swarm of IoT devices. I am not so much into crypto to be able to implement this myself. Basically just saying that IoT is on hype today and the last comment in this thread is more than 3 years old. For someone knowing crypto and crypto/tls it seems that this would not be too much work...

@tchap

This comment has been minimized.

Copy link

tchap commented Feb 17, 2017

Sorry, the last change in this thread is 2015, but anyway :-)

@rsc

This comment has been minimized.

Copy link
Contributor

rsc commented Feb 17, 2017

/cc @agl for advice

@agl

This comment has been minimized.

Copy link
Contributor

agl commented Feb 17, 2017

My feeling is that this is fairly obscure and that we (by which I mean "I") should focus on TLS 1.3 support in crypto/tls, at least in the 1.9 cycle.

@mordyovits

This comment has been minimized.

Copy link

mordyovits commented May 18, 2017

@agl @rsc @tchap I have implemented the PSK and DHE_PSK ciphers (server and client). Is there interest in merging code for this? It required removing assumptions about there always being a server cert, so it's not totally trivial.

@bradfitz bradfitz modified the milestones: Go1.10, Unplanned May 18, 2017

@bradfitz

This comment has been minimized.

Copy link
Member

bradfitz commented May 18, 2017

Go 1.9 is frozen, but I'll let @agl decide for Go 1.10.

@mordyovits

This comment has been minimized.

Copy link

mordyovits commented Jun 6, 2017

You can find my fork with PSK support here:
https://github.com/mordyovits/golang-crypto-tls

@EdSchouten

This comment has been minimized.

Copy link

EdSchouten commented Apr 4, 2018

TLS-PSK would be quite a nifty tool for securing Paxos/Raft-based systems without the need for complex certificate management.

@tommie

This comment has been minimized.

Copy link

tommie commented Apr 4, 2018

I have a hopefully mergeable version in https://github.com/tommie/go/tree/tls-psk. It's a bit behind master by now, but seems fine.

I need to go over it one more time to double-check sanity there. There are some assumptions about certificate fields being set in the current code, and my patch needs to wrap those in if-statements, making it a bit scary. I also only cared about relatively modern PSK cihper suites.

If there is interest, I can push forward with that. I just haven't had the time lately. OTOH golang/go allows GitHub pull requests now, so that's nice. :)

@agl agl added the Proposal-Crypto label Apr 26, 2018

@golang golang deleted a comment from hexfusion Apr 26, 2018

@bradfitz bradfitz modified the milestones: Go1.11, Unplanned Jun 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.