I'm a bit reluctant here because I don't know what I'm getting myself
into and I don't really want to spend more time on this than I already do.
Anyway, a couple of years ago I wondered what TLS was all about and I
tried to understand it by writing code to do TLS as a hobby project.
Trying to play with privilege separation as well, things got kind of out
of hand and eventually, more or less by accident, I ended up with
something looking like the following, e.g., this is what a connection
may look like of someone connecting to a service over TLS:
application o-o tls_client o-o network
(plaintext) (crypto) (ciphertext)
o
| key exchange (temporary)
o
kex helper
Example of the accompanying public API:
int tls_client_socket_unix(int s, ...);
The idea is to run the TLS protocol in different processes (tls_client,
kex helper) by impersonal users.
All TLS/crypto code lives in those processes, the user's application
doesn't know about TLS/crypto and does not need to be linked against it.
The user application only needs to be able to talk to a daemon over an
UNIX socket to exchange a file descriptor.
The user doesn't own any keying material, which is set up per user, per
key exchange, per role (client/server), per hostname. Only kex helpers
have access on behalf of the user. Roughly every key exchange type has
its own handler program.
A configuration file is involved, only to be changed by a system
administrator.
The tls_client_socket_unix function is used as follows:
- open an ordinary TCP socket "s".
- before exchanging application data, pass this socket to the
tls_client_socket_unix function, upon successful return, the socket is
protected by the TLS protocol and application data can be sent back and
forth as if it were an ordinary socket, upon failure the socket is useless.
The tls_client_socket_unix function could also be implemented natively
in scripting languages supporting file descriptor transfer over an UNIX
socket, e.g. Perl, Python, Ruby, without the need for any TLS/crypto
modules.
Something similar can be done for a service accepting TLS connections.
I think I have this working to some extent for ftp(1), httpd(8) and
possibly acme-client(1), as well as simple Perl, Python and Ruby modules.
What I did is by no means complete or perfect, or even cryptographically
secure, still, would it be useful to have this code available ? It seems
like a bit of a waste to just let it sit on my hard drive not really
doing anything useful.
Regards,
Remco
