aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/c_kex.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-13/+13
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Huge pile of post merge fixups, mtn really fucked that mergelloyd2012-04-251-2/+2
|
* Finish up server side SRP support, a little ugly but it works.lloyd2012-04-061-1/+3
| | | | | | Add SRP hooks in the examples Fix next protocol support in the tls_server example.
* Re-enable TLS (was disabled by trunk merge), and require the srp6 modulelloyd2012-04-051-0/+4
| | | | | | | | | | Initial outline of server side SRP support. Need to figure out how to transfer the v, b, B params from the server key exchange message to the client key exchange. The DH variants do this by passing a Private_Key via server_kex_key call, but wrapping SRP params in a Private_Key really doesn't feel right. Not sure what to do here. Possibly both SRP and DH should return a Key_Exchange_Material* that a client key exchange knows how to dynamic cast on.
* Initial client-side support for SRP (finally!). Tested against OpenSSLlloyd2012-04-051-0/+29
| | | | | 1.0.1, only the certificate versions tested currently as OpenSSL doesn't support anon SRP.
* Add an abstraction for reading handshake messages (as DTLS handles itlloyd2012-03-051-2/+2
| | | | | | | | quite differently). Avoid using a queue for reading certificates. Hide the version code in the handshake state with a getter and setter.
* Move the handshake serialization code to Record_Writerlloyd2012-03-031-1/+2
|
* Fix inverted conditionallloyd2012-01-271-2/+2
|
* Change naming convention to match RFCslloyd2012-01-271-7/+7
|
* Remove debug outputlloyd2012-01-271-11/+0
|
* Server side PSKlloyd2012-01-271-81/+98
|
* Working though somewhat clumsy DHE_PSK and ECDHE_PSK. Tested against GnuTLSlloyd2012-01-271-4/+37
|
* Somewhat cleaner PSK handlinglloyd2012-01-271-22/+28
|
* Server side PSK kexlloyd2012-01-271-7/+28
|
* Split up the psk function as the server also wants to be able to looklloyd2012-01-271-7/+10
| | | | up a PSK from an identity.
* Add client-side support for PSK kex. Tested against OpenSSL.lloyd2012-01-271-6/+38
|
* Make Alert a first class object ala Version. Move the alert codes intolloyd2012-01-261-1/+1
| | | | the Alert class for namespacing.
* In earlier versions, key exchange == "RSA" meant export-stylelloyd2012-01-251-3/+3
| | | | | | | | | | | | ephemeral RSA, and key exchange == "" meant RSA via the key in the server certificate. However we don't support any of the export suites anymore (and in fact that code probably never worked), so use kex algo == "RSA" to represent the server cert case as it's much easier to read the code and to understand from a policy configuration perspective. Also fix the default policy, "TripleDES" != "3DES" so we would not offer (as a client) and would reject (as a server) any 3DES ciphersuites.
* Move all key exchange mechanism code (eg DH/ECDH/SRP) out of thelloyd2012-01-251-19/+42
| | | | | server handshake flow and into the server and client key exchange message types. It already was hidden from the client handshake code.
* For ECDH you don't strip leading zeros. Bikeshedding: 1 Consistency: 0lloyd2012-01-241-3/+5
|
* Read ECDH client key exchange messageslloyd2012-01-241-25/+26
|
* Working ECDH key exchange. Only tested on client side but seems goodlloyd2012-01-241-29/+47
| | | | | | | there. Only named curves supported, likely won't ever support explicit curves cause that's just asking for problems.
* Don't assume the server key exchange consists of a series of BigInts.lloyd2012-01-241-4/+8
| | | | | | That happens to be true for DH and export RSA key exchanges but isn't true for ECDH or SRP. (It's almost true for SRP, but if the salt had a leading zero byte it would be lost in the conversion).
* Make the version number a proper class, makes many things much easierlloyd2012-01-231-10/+13
| | | | for such a minor change.
* Since this branch is hugely API breaking already, go ahead and putlloyd2012-01-231-2/+6
| | | | | everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
* Remove the key() method on server key exchange - instead leave it tolloyd2012-01-231-9/+16
| | | | | the client key exchange object to interpret the message on the basis of the chosen ciphersuite.
* Have the client key exchange examine the server key exchange messagelloyd2012-01-231-22/+46
| | | | | | | directly (if it was sent), so that the client implementation doesn't have to know what key exchange mechanisms we actually support. Return a value in ECC curves extension serialization method.
* TLS_Ciphersuite_Algos was just a strange level of indirection betweenlloyd2012-01-201-2/+2
| | | | | | | | the ciphersuite code and a set of strings specifying the underlying suite algorithms. Remove it entirely. Some things are likely broken. One I know about is that we always send the hash/signature type indicator but should only do so for TLS >= 1.2
* Remove Handshake_Message::deserialize which was an unnecessary hook.lloyd2012-01-191-15/+7
| | | | | | Instead deserialize directly in the constructors that are passed the raw message data. This makes it easier to pass contextual information needed for decoding (eg, version numbers) where necessary.
* The leading zeros of a DH pre master secret are supposed to belloyd2012-01-181-2/+23
| | | | | | stripped out. Would cause failures with DHE in one out of every few hundred connection attempts where the finished message would not decrypt properly and the handshake would be rejected.
* The server would incorrectly send a server key exchange message when alloyd2012-01-061-1/+1
| | | | | | | | | | | | | | | | | | pure RSA ciphersuite was negotiated. Detection of version rollback attacks with pure RSA ciphersuites was incorrect and would cause failures if the client supported a version we didn't (eg GnuTLS with TLS 1.2 enabled). Improve detection of SSLv2 client hellos. In particular, if a client that only supports SSLv2 connects, we will detect this case and send a protocol_version alert (which the SSLv2-only client will not understand, but a packet analyzer probably will) plus an exception with the message "Client claims to only support SSLv2, rejecting" instead of the previous much less helpful "Unknown record type" message. Remove vestigial support for RSA export ciphersuite key exchange.
* Add a function for getting the version number of an active connection.lloyd2011-12-301-1/+1
| | | | | | | | Add a new callback that is called with the session info when a handshake completes. Currently only called on the server side as the client doesn't have session resumption yet. Rename CipherSuite to TLS_Cipher_Suite.
* Clean up the ordering of constructor args to the various message typeslloyd2011-12-291-15/+7
|
* Working though hacking client verify (server side only). Only supportslloyd2011-12-281-1/+1
| | | | | TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested so far.
* Initial hooks for session resumptionlloyd2011-12-231-2/+2
|
* Rename ssl module to tlslloyd2011-12-231-0/+165