aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_messages.h
Commit message (Collapse)AuthorAgeFilesLines
* Add TLS v1.3 downgrade indicatorJack Lloyd2019-07-121-0/+2
|
* Add support for HelloVerifyRequest on server sideJack Lloyd2019-06-181-1/+5
| | | | Closes GH #1833
* Add support for supported versions extension from TLS 1.3Jack Lloyd2019-05-241-0/+2
|
* implemented ocsp stapling (code not yet formatted properly)Falko Strenzke2019-05-221-0/+7
|
* Fix various issues in TLS found using BoGoJack Lloyd2019-05-201-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
* Use enums for TLS key exchange group paramsJack Lloyd2018-02-131-2/+2
|
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-281-12/+11
| | | | Adds support for PSS signatures (currently verifying only).
* For TLS client auth add callback giving list of trusted CA namesJack Lloyd2018-01-271-1/+1
| | | | Fixes #1261
* Add an examine callback alsoJack Lloyd2018-01-271-0/+4
|
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-271-1/+6
| | | | GH #1186
* Remove vestigial support for TLS compressionJack Lloyd2018-01-211-46/+40
| | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* Add supported groups TLS extension (RFC 7919)René Korthaus2017-10-171-0/+2
|
* Additional final annotationsJack Lloyd2017-10-151-2/+2
|
* Fixes for MSVCJack Lloyd2017-09-281-2/+1
| | | | BOTAN_UNUSED "uses" the RNG :/
* Further header cleanupsJack Lloyd2017-09-281-0/+2
|
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* More annotationsJack Lloyd2017-09-191-8/+8
|
* Add API stability annotations.Jack Lloyd2017-09-191-6/+6
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* De-inline accessor functions in Client_Hello typeJack Lloyd2017-09-011-93/+19
| | | | | This class is exposed but the extension types aren't, so calls to these functions from outside the library would not link.
* Content:Tomasz Frydrych2017-04-031-15/+15
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Add tests for certificate status messageJack Lloyd2017-01-041-8/+8
| | | | | | | Currently untested by TLS crosstalk tests because it is not supported on the server side. Exposes the rest of TLS message types to application.
* Export tls_messages.h as a public headerRené Korthaus2016-12-231-2/+2
| | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-86/+86
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-261-0/+31
|
* Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-0/+18
| | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-191-0/+1
|
* Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+18
|
* New TLS positive and negative tests.Juraj Somorovsky2016-09-301-6/+6
| | | | | | | | | | | | | | | | | | | TLS message parsing: - CertificateVerify - HelloVerify - ClientHello (with extensions) - ServerHello (with extensions) - NewSessionTicket - Alert TLS message processing: - HelloVerify TLS Policy tests Unit tests with TLS client authentication Added test_throws method that checks the correct exception message.
* TLS Server should respect client signature_algorithms. Stricter TLS hello ↵Jack Lloyd2016-09-211-0/+14
| | | | | | | | | | | | | | | | | | | | decoding. If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in the shared union of the ciphersuite list and the extension, instead of ignoring it. Found by Juraj Somorovsky GH #619 The TLS v1.2 spec says that clients should only send the signature_algorithms extension in a hello for that version. Enforce that when decoding client hellos to prevent this extension from confusing a v1.0 negotiation. TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension in the client hello. Prohibit it. Reorder the TLS extensions in the client hello so there is no chance an empty extension is the last extension in the list. Some implementations apparently reject such hellos, even (perhaps especially) when they do not recognize the extension, this bug was mentioned on the ietf-tls mailing list a while back.
* Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-311-10/+54
|\ | | | | | | which recently landed on master.
| * Removed Handshake_Info class.Matthias Gierlings2016-06-191-6/+13
| | | | | | | | | | - Undid changes replacing Hanshake_IO, Handshake_Hash with Handshake_Info.
| * Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-191-23/+60
| | | | | | | | | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
* | Address some issues with PR 492Jack Lloyd2016-08-131-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+11
| | | | | | | | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* | TLS Policy supportChristian Mainka2016-05-031-1/+1
|/ | | | | | | * --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size
* Check that TLS signature type is accepted by the policy.Jack Lloyd2016-03-061-2/+4
| | | | | | Previously the signature hashes and algos info was used to set the v1.2 signature_algorithms extension, but if the counterparty ignored the extension and sent something else, we wouldn't notice.
* Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-1/+1
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-9/+9
| | | | explicit.
* Make SRP6 support optional in TLSJack Lloyd2016-02-071-2/+15
| | | | | | | | Remove SRP_SHA from the default policy, since normal applications do not need it. Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange constructor, that's the default unique_ptr already.
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-071-14/+0
|
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-24/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Add final attribute to many classesJack Lloyd2016-01-101-13/+13
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-031-0/+10
| | | | Interop tested with mbed TLS
* Remove unused pkcs8 includesSimon Warta2015-08-031-1/+0
| | | | Only botan-cli, botan-tests and the FFI module depend on PKCS8
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-44/+25
|
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-4/+1
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-10/+38
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Let TLS policy disable putting the timestamp in the hello random fieldslloyd2014-11-041-1/+2
|
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-4/+4
|