aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_messages.h
Commit message (Collapse)AuthorAgeFilesLines
* Server side PSKlloyd2012-01-271-6/+5
|
* Somewhat cleaner PSK handlinglloyd2012-01-271-3/+4
|
* Server side PSK kexlloyd2012-01-271-2/+3
|
* Add client-side support for PSK kex. Tested against OpenSSL.lloyd2012-01-271-0/+4
|
* Move all key exchange mechanism code (eg DH/ECDH/SRP) out of thelloyd2012-01-251-3/+9
| | | | | server handshake flow and into the server and client key exchange message types. It already was hidden from the client handshake code.
* s/tls_suites/tls_ciphersuite/lloyd2012-01-241-1/+1
|
* We can now actually handle multiple certificate types in the serverlloyd2012-01-241-2/+4
| | | | | and will choose one depending on which ciphersuites the client offered.
* Remove Certificate_Type enumlloyd2012-01-241-2/+2
|
* Send the supported elliptic curves extension. Instead of hardcodinglloyd2012-01-241-2/+3
| | | | | | | the values let policy specify them. Also choose an ECC curve for server kex from the client hello. Choice is via policy, default implementation is to choose the first curve the client supports out of the server's preference list.
* Get the list of supported ECC curves out of the client hello, andlloyd2012-01-241-0/+3
| | | | | avoid negotiating an ECDH key exchange if the client didn't send any curves that we know about.
* Working ECDH key exchange. Only tested on client side but seems goodlloyd2012-01-241-2/+1
| | | | | | | there. Only named curves supported, likely won't ever support explicit curves cause that's just asking for problems.
* Don't assume the server key exchange consists of a series of BigInts.lloyd2012-01-241-3/+2
| | | | | | That happens to be true for DH and export RSA key exchanges but isn't true for ECDH or SRP. (It's almost true for SRP, but if the salt had a leading zero byte it would be lost in the conversion).
* Make the version number a proper class, makes many things much easierlloyd2012-01-231-12/+12
| | | | for such a minor change.
* Since this branch is hugely API breaking already, go ahead and putlloyd2012-01-231-21/+25
| | | | | everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
* Remove the key() method on server key exchange - instead leave it tolloyd2012-01-231-1/+2
| | | | | the client key exchange object to interpret the message on the basis of the chosen ciphersuite.
* Have the client key exchange examine the server key exchange messagelloyd2012-01-231-5/+3
| | | | | | | directly (if it was sent), so that the client implementation doesn't have to know what key exchange mechanisms we actually support. Return a value in ECC curves extension serialization method.
* When generating a signature in TLS 1.2, respect the request of thelloyd2012-01-201-0/+6
| | | | | | | | | | | | | counterparty by using the highest preference hash they have available for the signature type we are generating. This does mean we will do stupid things, if the counterparty is stupid (for instance some versions of GnuTLS will prefer SHA-1 over the SHA-2s - likely someone misread the spec and ordered the list backwards). But because we filter out MD5 we'll never use that; even in the worst case, if someone requests only MD5, we'll skip over it and use SHA-1 as the fallback algorithm. Theoretically this is against the spec because we "MUST" send something compatible, but seriously, fuck em. Right in the eye.
* Instead of using a hardcoded value for signature_algothms, go withlloyd2012-01-201-1/+3
| | | | | | | | policy. Only functional change here from before is we now send DSA with SHA-2. This is fine, OpenSSL does it as well and while the spec says to wait until NIST comes up with a way to prevent hash impersonation, it doesn't really make sense to avoid possible hash substitution attacks by using the weakest available hash...
* TLS_Ciphersuite_Algos was just a strange level of indirection betweenlloyd2012-01-201-10/+10
| | | | | | | | the ciphersuite code and a set of strings specifying the underlying suite algorithms. Remove it entirely. Some things are likely broken. One I know about is that we always send the hash/signature type indicator but should only do so for TLS >= 1.2
* Basic processing for signature_algorithms extension in client hellolloyd2012-01-201-0/+2
|
* Initialize values once in constructor instead of in each branchlloyd2012-01-201-7/+1
|
* Many fixes for TLS 1.2 though some things in particular client authlloyd2012-01-201-6/+8
| | | | | | remain broken. New interface for querying the TLS extensions, much cleaner.
* Various and sundry bug fixeslloyd2012-01-191-0/+2
|
* Kinda maybe working TLS 1.2 for clients. Not well tested at all, but alloyd2012-01-191-1/+7
| | | | | | | | basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
* Remove Handshake_Message::deserialize which was an unnecessary hook.lloyd2012-01-191-20/+10
| | | | | | Instead deserialize directly in the constructors that are passed the raw message data. This makes it easier to pass contextual information needed for decoding (eg, version numbers) where necessary.
* I'm not sure if I like this asthetically, but passing around thelloyd2012-01-191-29/+10
| | | | | | | | | | | | | | | | | | entire handshake state in many cases makes things simpler to update, in that each message type already knows what it needs depending on the version, params, etc, and this way a) that knowledge doesn't need to percolate up the the actual client and server handshake code and b) each message type can be updated for new formats/version without having to change its callers. Downside is it hides the dependency information away, and makes it non-obvious what needs to be created beforehand for each message to work correctly. However this is (almost) entirely predicated on the handshake message flows, and these we control with the next expected message scheme, so this should be fairly safe to do. This checkin only updates the ones where it was immediately relevant but for consistency probably all of them should be updated in the same way.
* Support SSLv3 client auth on the client side.lloyd2012-01-191-0/+2
| | | | | | Add getters for major and minor protocoll version on TLS_Session. Add Certificate_Type code points for ECC certs.
* As someone pointed out on the TLS list, NPN isn't really a negotiationlloyd2012-01-041-2/+2
| | | | per-se, it's a notification by the client. Rename accordingly.
* The first 4 bytes of the client and server randoms are supposed to belloyd2012-01-041-0/+2
| | | | | | a timestamp. Instead we used random values for all, but hypothetically it would be useful for the timestamp to be correct in case someone decides to interpret that field. Which they hopefully won't.
* Split hello.cpp into c_hello.cpp and s_hello.cpplloyd2012-01-041-9/+13
| | | | | | Add support for NPN on the server side. Server is initialized with the list of protocols it wants to offer, once the handshake completes the client requested protocol is available via a getter.
* Add support for next protocol negotiation. Client only currently;lloyd2012-01-041-26/+61
| | | | tested with google.com:443
* Add Credentials_Manager which is an interface to something that knowslloyd2012-01-031-1/+0
| | | | | what certs, keys, etc are available to the app. Needs polishing but it seems like it should be sound.
* Add support for client-side session resumptionlloyd2011-12-311-13/+19
|
* Add a function for getting the version number of an active connection.lloyd2011-12-301-1/+1
| | | | | | | | Add a new callback that is called with the session info when a handshake completes. Currently only called on the server side as the client doesn't have session resumption yet. Rename CipherSuite to TLS_Cipher_Suite.
* Add support for the maximum fragment length extension. No hooks for itlloyd2011-12-301-0/+7
| | | | | | | on the client side at the moment. Tested with gnutls-cli --recordsize. Save the fragment size and the secure renegotiation flags in the session state.
* Full support for renegotiation including RFC 5746 extensions forlloyd2011-12-301-0/+2
| | | | | | | | | | | | | client and server. Server side can handle SCSV values as well, client always sends the extension instead. Handle an empty SNI extension coming back from the server - this is used to indicate that it understood the name. Also add better checking for extensions by passing in what the supposed size of the extension is. Only send the secure negotiation extension in the server hello if the client indicated support for it.
* Server side handling of the secure renegotiation extension.lloyd2011-12-301-0/+2
|
* Many renegotiation fixes. Add support for the secure renegotiationlloyd2011-12-301-1/+5
| | | | | extension (client side only at the moment). Add an interface that allows applications to request renegotiation.
* About half an implementation of RFC 5746lloyd2011-12-291-50/+66
|
* Add support for sending server name indicator in client hellolloyd2011-12-291-2/+4
| | | | | | | | Add support for sending and reading the SRP identifier extension. Add some helper classes for managing TLS extensions Add ciphersuite codes for SRP key exchange.
* Clean up the ordering of constructor args to the various message typeslloyd2011-12-291-34/+50
|
* Additional bits for SSLv3 client authlloyd2011-12-281-1/+10
|
* Save peer certs in session info. Use helper function for handshakelloyd2011-12-281-1/+1
| | | | hashing.
* Working though hacking client verify (server side only). Only supportslloyd2011-12-281-14/+14
| | | | | TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested so far.
* Make TLS_Session_Params a real class. Various cleanups.lloyd2011-12-281-6/+10
|
* Partial bits of the server side of client auth. Incomplete.lloyd2011-12-281-9/+13
| | | | | | Pass a session manager to TLS_Client's constructor. Currently unused. Add time-based session expiration to the in-memory session cache.
* Force resumed session to use previous ciphersuite, etclloyd2011-12-271-0/+8
|
* First rev of working session resumption (server side only). Only workslloyd2011-12-271-0/+7
| | | | with TLS at the moment, SessionKeys is a mess.
* Initial hooks for session resumptionlloyd2011-12-231-25/+37
|
* Rename ssl module to tlslloyd2011-12-231-0/+297
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 12:17:42 +0000