{"id":13684664,"url":"https://github.com/shiguredo/tls13-zig","last_synced_at":"2025-04-11T20:30:30.101Z","repository":{"id":47078069,"uuid":"515837458","full_name":"shiguredo/tls13-zig","owner":"shiguredo","description":"The first TLS1.3 implementation in Zig(master/HEAD) only with std.","archived":false,"fork":false,"pushed_at":"2024-07-17T14:22:57.000Z","size":10096,"stargazers_count":137,"open_issues_count":0,"forks_count":10,"subscribers_count":7,"default_branch":"develop","last_synced_at":"2025-03-25T16:22:22.357Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Zig","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shiguredo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-20T04:51:09.000Z","updated_at":"2025-02-20T06:49:32.000Z","dependencies_parsed_at":"2024-05-20T03:23:38.305Z","dependency_job_id":"654d3dde-3bd9-4017-94c5-ba51d987eda4","html_url":"https://github.com/shiguredo/tls13-zig","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiguredo%2Ftls13-zig","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiguredo%2Ftls13-zig/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiguredo%2Ftls13-zig/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiguredo%2Ftls13-zig/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shiguredo","download_url":"https://codeload.github.com/shiguredo/tls13-zig/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248476050,"owners_count":21110203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T14:00:36.457Z","updated_at":"2025-04-11T20:30:30.054Z","avatar_url":"https://github.com/shiguredo.png","language":"Zig","funding_links":[],"categories":["TLS","Libraries"],"sub_categories":[],"readme":"# tls13-zig\n\nThe first TLS1.3 implementation in Zig(0.13.0) only with std.\n\n\nThis repository is an experimental implementation and is not intended for production use.\n\n# LICENSE\n\n\n```\nCopyright 2022, Naoki MATSUMOTO (Original Author)\nCopyright 2022, Shiguredo Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n   http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n# Features\n- Supported CipherSuite\n  - TLS_AES_128_GCM_SHA256\n  - TLS_AES_256_GCM_SHA384\n  - TLS_CHACHA20_POLY1305_SHA256\n- Supported KeyShare\n  - x25519\n  - secp256r1\n- Supported SignatureAlgorithm\n  - ecdsa_secp256r1_sha256\n  - ecdsa_secp384r1_sha384\n  - rsa_pss_rsae_sha256\n\n# How to use\nThis client retrieves contents from `www.google.com` with TLS1.3.\nIf you want to try this, simple executes `zig run src/main.zig`.\n## Client\n```zig\nconst std = @import(\"std\");\nconst log = std.log;\nconst allocator = std.heap.page_allocator;\n\nconst client = @import(\"client.zig\");\n\npub fn main() !void {\n    log.info(\"started.\", .{});\n    var tls_client = try client.TLSClientTCP.init(allocator);\n    defer tls_client.deinit();\n    tls_client.print_keys = true;\n\n    try tls_client.connect(\"www.google.com\", 443);\n\n    const http_req = \"GET / HTTP/1.1\\r\\nHost: www.google.com\\r\\nUser-Agent: tls13-zig\\r\\nAccept: */*\\r\\n\\r\\n\";\n    _ = try tls_client.send(http_req);\n\n    var recv_bytes: [4096]u8 = undefined;\n    const recv_size = try tls_client.recv(\u0026recv_bytes);\n    log.info(\"RECV=\\n {s}\", .{recv_bytes[0..recv_size]});\n\n    try tls_client.close();\n    log.info(\"finished.\", .{});\n\n    return;\n}\n```\n\n## Server\nThis server is tested with latest Chrome and Firefox in Windows.\nIf you want to try this, simple executes `zig run src/main_test_server.zig`.\n```zig\nconst std = @import(\"std\");\nconst log = std.log;\nconst os = std.os;\nconst allocator = std.heap.page_allocator;\n\nconst server = @import(\"server.zig\");\n\npub fn main() !void {\n    // ignore SIGCHLD\n    var act = os.Sigaction{\n        .handler = .{ .handler = os.SIG.IGN },\n        .mask = os.empty_sigset,\n        .flags = (os.SA.SIGINFO | os.SA.RESTART | os.SA.RESETHAND),\n    };\n    try os.sigaction(os.SIG.CHLD, \u0026act, null);\n\n    log.info(\"started.\", .{});\n\n    // key and certificates need to be der-formatted.\n    // if you want to use RSAPrivateKey, please change '.ec' to '.rsa'.\n    // The procedure to generate test certificate is described in test/gen_cert.sh\n    var tls_server = try server.TLSServerTCP.init(\"./test/key.pem\", \"./test/cert.pem\", null, \"localhost\", allocator);\n    defer tls_server.deinit();\n\n    // Enable KEYLOG output.\n    tls_server.print_keys = true;\n    tls_server.record_size_limit = 2 \u003c\u003c 12;\n    tls_server.accept_resume = true;\n    tls_server.accept_early_data = true;\n\n    try tls_server.listen(8443);\n    while (true) {\n        var con = try tls_server.accept();\n        const fork_pid = std.os.fork() catch {\n            log.err(\"fork failed\", .{});\n            return;\n        };\n        if (fork_pid != 0) {\n            continue;\n        }\n        log.debug(\"forked\", .{});\n\n        defer {\n            con.close();\n            log.info(\"connection closed\", .{});\n        }\n        try con.handshake();\n\n        var recv_bytes: [4096]u8 = undefined;\n        // receieve contents\n        const recv_size = try con.recv(\u0026recv_bytes);\n        log.info(\"RECV=\\n{s}\", .{recv_bytes[0..recv_size]});\n        const get_req = \"GET / \";\n        if (std.mem.eql(u8, recv_bytes[0..get_req.len], get_req)) {\n            log.info(\"HTTP GET received\", .{});\n            const http_res = \"HTTP/1.0 200 ok\\r\\nContent-type: text/html\\r\\n\\r\\n\u003cHTML\u003e\u003cBODY\u003etls13-zig\u003c/BODY\u003e\u003c/HTML\u003e\";\n            // send contents\n            try con.tlsWriter().writeAll(http_res);\n        }\n\n        return;\n    }\n\n    return;\n}\n\n```\n\n# TODO\n## Priority: High\n- [x] Support HelloRetryRequest.\n- [ ] Error handle\n  - [ ] Send 'alert' when an error occur.\n- [x] Support KeyUpdate.\n- [x] Support NewSessionTicket.\n- [x] Support 0-RTT handshake(resumption). (disabled in server by default)\n- [ ] Add more E2E tests.\n    - [x] Static tests for server.\n    - [ ] Server tests with Web browser.\n- [ ] Support X.509(src/x509.zig) fully.\n  - [ ] Add more tests.\n  - [ ] Implement X.509 Certificate encoder.\n  - [ ] Verify implementation with NIST's test vectors.\n- [x] Verify X.509 Certificate itself. \n- [ ] Check the implementation follows RFC8446.\n\n## Priority: Low\n- [ ] Support Extensions.\n   - [x] record_size_limit\n   - [ ] application_layer_protocol_negotiation\n   - [x] pks_key_exchange_modes\n   - [ ] post_handshake_auth\n   - [ ] ec_points_format\n   - [ ] next_protocol_negotiation\n   - [ ] encrypt_then_mac\n   - [ ] extended_master_secret\n   - [ ] status_request\n   - [ ] signed_certificate_timestamp\n   - [ ] session_ticket\n   - [ ] compress_certificate\n   - [ ] application_settings\n- [ ] Improve slow RSA(src/rsa.zig).\n- [ ] Improve comments.\n\n# Example\n## TLS Termination Proxy\nThis is simple TLS termination proxy using tls13-zig.\nThis proxy terminates TLS1.3 and redirect contents to local server(localhost:8080).\nIf you want to try this, simple executes `cd examples/proxy \u0026\u0026 docker compose up`.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshiguredo%2Ftls13-zig","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshiguredo%2Ftls13-zig","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshiguredo%2Ftls13-zig/lists"}