aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Fix doxygen warnings [ci skip]René Korthaus2016-10-197-19/+25
|
* Improve tls doxygen [ci skip]René Korthaus2016-10-199-0/+99
|
* Maintainer mode fixesJack Lloyd2016-10-172-11/+7
|
* In TLS::Session_Keys return values by referenceJack Lloyd2016-10-171-6/+6
|
* Merge GH #665 Add IncludeOS target, make filesystem/threads optionalJack Lloyd2016-10-172-6/+6
|\
| * Abstract out mutex type. Make threads optional.Jack Lloyd2016-10-122-6/+6
| |
* | Merge GH #659 TLS CBC is optionalJack Lloyd2016-10-136-2/+18
|\ \ | |/ |/|
| * Make TLS CBC optionalJack Lloyd2016-10-086-2/+18
| |
* | Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-075-12/+8
| | | | | | | | | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* | Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-076-15/+19
|/ | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* TLS: Split CBC+HMAC modes to standalone AEAD_ModeJack Lloyd2016-10-077-338/+683
| | | | | Now record layer only deals with an AEAD, and the weird complications of CBC modes mostly hidden in tls_cbc.cpp
* Minor improvementsRené Korthaus2016-10-033-25/+7
|
* Support encoding of supported point formats extensionRené Korthaus2016-10-039-4/+151
|
* New TLS positive and negative tests.Juraj Somorovsky2016-09-302-7/+7
| | | | | | | | | | | | | | | | | | | TLS message parsing: - CertificateVerify - HelloVerify - ClientHello (with extensions) - ServerHello (with extensions) - NewSessionTicket - Alert TLS message processing: - HelloVerify TLS Policy tests Unit tests with TLS client authentication Added test_throws method that checks the correct exception message.
* Removed redundant check in ClientHello parserJuraj Somorovsky2016-09-301-3/+0
|
* Vector out of bounds fixJuraj Somorovsky2016-09-301-1/+1
|
* Merge GH #633 Cleanup TLS CBC encryption codeJack Lloyd2016-09-261-140/+88
|\
| * Move this to avoid ASan triggerJack Lloyd2016-09-221-4/+4
| |
| * Further TLS CBC cleanupsJack Lloyd2016-09-211-28/+37
| |
| * Cleanup TLS CBC encryption record codeJack Lloyd2016-09-211-130/+69
| | | | | | | | | | | | | | The EtM and MtE codepaths had a lot of duplicated code. Tests ok, also did manual testing against a few online machines including the EtM test server at eid.vx4.net
* | Merge GH #516 Cipher_Mode API improvementsJack Lloyd2016-09-261-7/+4
|\ \
| * | Cipher_Mode API improvementsJack Lloyd2016-09-011-7/+4
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* / TLS Server should respect client signature_algorithms. Stricter TLS hello ↵Jack Lloyd2016-09-215-31/+89
|/ | | | | | | | | | | | | | | | | | | | decoding. If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in the shared union of the ciphersuite list and the extension, instead of ignoring it. Found by Juraj Somorovsky GH #619 The TLS v1.2 spec says that clients should only send the signature_algorithms extension in a hello for that version. Enforce that when decoding client hellos to prevent this extension from confusing a v1.0 negotiation. TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension in the client hello. Prohibit it. Reorder the TLS extensions in the client hello so there is no chance an empty extension is the last extension in the list. Some implementations apparently reject such hellos, even (perhaps especially) when they do not recognize the extension, this bug was mentioned on the ietf-tls mailing list a while back.
* Merge GH #578/#492: TLS EtM extension and new policy togglesJack Lloyd2016-08-3120-112/+525
|\
| * Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-3125-1486/+1516
| |\ | | | | | | | | | which recently landed on master.
| * | Address some issues with PR 492Jack Lloyd2016-08-1313-58/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
| * | Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-129-48/+46
| |\ \ | | | | | | | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * | | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-1119-104/+329
| | | | | | | | | | | | | | | | | | | | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
| * | | TLS Policy supportChristian Mainka2016-05-036-24/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size
* | | | Fix TLS build with SRP6 disabledJack Lloyd2016-08-311-1/+1
| |_|/ |/| |
* | | Move some Callback functions to a source file.Jack Lloyd2016-08-312-7/+17
| | | | | | | | | | | | | | | | | | Just to avoid the unused parameter warning (we want the parameter to be named in the header for documentation purposes, but in that case GCC warns that the param is unused).
* | | Remove debug printfJack Lloyd2016-08-311-1/+0
| | |
* | | Merge GH #567/GH #457 TLS refactoring and Callbacks interfaceJack Lloyd2016-08-3119-652/+1250
|\ \ \
| * | | Added doxygen function parameter comments to tls_callbacks.hDan Brown2016-08-191-12/+32
| | | |
| * | | Add a Callbacks function for ALPNJack Lloyd2016-08-163-14/+44
| | | |
| * | | Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-1614-151/+221
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
| * | | Removed Handshake_Info class.Matthias Gierlings2016-06-198-56/+49
| | | | | | | | | | | | | | | | | | | | - Undid changes replacing Hanshake_IO, Handshake_Hash with Handshake_Info.
| * | | Removed TLS::Session::PropertiesMatthias Gierlings2016-06-197-197/+96
| | | | | | | | | | | | | | | | | | | | - Removed proposed wrapper class to logically group TLS session properties.
| * | | Reverted proposed constructor changes to X509_CA.Matthias Gierlings2016-06-193-14/+28
| | | | | | | | | | | | | | | | | | | | - Removed Certificate_Properties class used to wrap X509_CA parameters. - Whitespace cleanup.
| * | | Compatibility patch for TLS::Callback interfaceMatthias Gierlings2016-06-197-16/+242
| | | | | | | | | | | | | | | | | | | | - Added legacy constructor support for TLS::Channel, TLS::Client, TLS::Server.
| * | | Added virtual Callback InterfaceMatthias Gierlings2016-06-198-52/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - extracted inner class TLS::Channel::Callbacks to stand-alone class TLS::Callbacks. - provided default implementations for TLS::Callbacks members executing calls to std::function members for backward compatibility. - applied changes to cli, tests and TLS::Channel related classes to be compatible with new interface.
| * | | Implemented Feedback on GH #457Matthias Gierlings2016-06-197-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | - Removed deprecated TLS-Alert-Callback parameters. - Fixed improper naming of accessor for ALPN-Strings in tls_client.h - Fixed erroneous indentation on Ciphersuite Constructor.
| * | | Fix for amalgamation build problemsMatthias Gierlings2016-06-194-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - fixed broken tls_magic.h include - added forward declarations for Handshake_IO and Handshake_Hash in tls_handshake_msg.h - comment after #endif in tls_server_handshake.h caused surplus #endif in botan_all_internal.h - removed unnecessary semicolons causing -Wpedantic warnings.
| * | | Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-1922-892/+1172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
* | | | Merge GH #583 Clean up TLS ciphersuite handlingJack Lloyd2016-08-173-696/+193
|\ \ \ \
| * | | | Clean up TLS ciphersuite handlingJack Lloyd2016-08-163-696/+193
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stores ciphersuites in a sorted std::vector, then lookups are done by binary search instead of a switch lookup. The loop that explicitly gathered all the ciphersuites out of the switch statement can then be removed, as can Ciphersuite::all_known_ciphersuite_ids which only existed to make the scan loop faster by avoiding having to call by_id on the entire 0x0000-0xFFFF range. Precomputes the result of Ciphersuite::valid at construction time.
* | | | | Update info.txtDaniel Neus2016-08-161-2/+1
| | | | |
* | | | | add sha1_sse2 to the TLS module dependenciesDaniel Neus2016-08-151-0/+1
|/ / / /
* | | | Remove unused kdf2 dependency from tls moduleRené Korthaus2016-07-041-1/+0
| | | |
* | | | Various fixes with bsi module policyRené Korthaus2016-07-042-2/+8
|/ / /