aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-2310-111/+136
| | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* Add useful debugging output to path validation testJack Lloyd2016-11-231-1/+1
|
* Refactor X.509 path validationJack Lloyd2016-11-238-359/+748
| | | | | | | | | Splits path building, path validation, CRL checks, and OCSP checks into distinct functions in namespace PKIX. The previous path validation APIs remain. Fixes to OCSP to store more information and to handle modern OCSP setups in at least some situations.
* Add find_cert_by_pubkey_sha1 to Certificate_Store_In_MemoryJack Lloyd2016-11-234-55/+64
|
* Add X509_Certificate helper functions for OCSPJack Lloyd2016-11-232-4/+43
| | | | | Using the SHA-1 of the public key to identify the signing cert is hardcoded in OCSP and unlikely to change.
* Explicitly number all Certificate_Status_Code enum valuesJack Lloyd2016-11-232-25/+146
| | | | Add a to_string function for this type.
* Somewhat better errors in HTTPJack Lloyd2016-11-231-5/+9
|
* Add final_stdvecJack Lloyd2016-11-231-0/+7
| | | | Horrible name, useful function
* Add policy file for TLS client testingJack Lloyd2016-11-211-0/+19
| | | | [ci skip]
* Add warning to OID script outputJack Lloyd2016-11-212-1/+10
| | | | [ci skip]
* Add timeouts to TLS scanner [ci skip]Jack Lloyd2016-11-212-4/+17
|
* Fix doc of get_processor_timestamp [ci skip]Jack Lloyd2016-11-211-4/+10
|
* Merge GH #733 Add timing test suiteJack Lloyd2016-11-2016-0/+589
|\
| * Timing test suite needs to have TLS CBC functionality accessibleJuraj Somorovsky2016-11-201-1/+1
| |
| * Timing test suite with the mona timing libraryJuraj Somorovsky2016-11-2016-0/+589
| |
* | TLS-Attacker testsuite and fuzzingJuraj Somorovsky2016-11-197-0/+143
| |
* | TLS CBC functionality now exposed to the library developer. Useful for ↵Juraj Somorovsky2016-11-192-21/+32
|/ | | | | | direct TLS CBC testing. CLI TLS server now catches an exception if an invalid connection is received (Otherwise, the server always stopped working)
* Add brainpool test to TLSJack Lloyd2016-11-191-1/+3
|
* Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-191-4/+6
| | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* Fix class vs struct declaration.Jack Lloyd2016-11-191-4/+6
| | | | | Recent Clang complains about forward decl as 'class X' when X was actually declared as a struct.
* Merge GH #729 Add CECPQ1 (x25519+NewHope) TLS ciphersuitesJack Lloyd2016-11-1918-44/+249
|\
| * Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-1718-44/+249
| | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-186-75/+127
| | | | | | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* | Add X509_DN::emptyJack Lloyd2016-11-181-0/+2
| |
* | Don't force HMAC_DRBG to be enabledJack Lloyd2016-11-186-20/+27
| | | | | | | | | | No need to strictly require it, and some applications may only want system RNG or RDRAND.
* | Fix TLS testJack Lloyd2016-11-181-4/+4
|/ | | | | It is allowable to request the maximum length, just not more than it. Found after about 22K runs of the TLS tests.
* This range check was in the wrong directionJack Lloyd2016-11-171-1/+1
|
* Add OIDs for SHA-3 and SHA-3 signature algorithmsJack Lloyd2016-11-172-2/+77
| | | | | Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
* Don't strictly require ffi in modern policyJack Lloyd2016-11-171-3/+2
|
* Merge GH #727 Tests for KDF::nameJack Lloyd2016-11-1612-35/+36
|\
| * KDF1 uses a hash function onlyRené Korthaus2016-11-161-1/+1
| |
| * Add a test for KDF::name()René Korthaus2016-11-1512-35/+36
| | | | | | | | | | | | This required fixing some test vectors that previously omitted the MAC, defaulting to HMAC, that used the SHA-1 alias to SHA-160, and fixing X942_PRF::name().
* | Fix TLS client next protocol handlingJack Lloyd2016-11-161-1/+2
| | | | | | | | [ci skip]
* | Fix incompatability with (some) common TLS stackJack Lloyd2016-11-164-15/+26
| | | | | | | | | | | | | | | | Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
* | Add a script to test TLS compat with major sitesJack Lloyd2016-11-163-0/+113
| |
* | Add new TLS callback for when session is activatedJack Lloyd2016-11-162-0/+8
| | | | | | | | | | | | The current session established cb happens before the session is activated, so it is not possible to send application data in response to the connection being made.
* | Fix inverted conditionalJack Lloyd2016-11-161-1/+2
| |
* | Disable ffi on cross builds.Jack Lloyd2016-11-161-1/+1
| | | | | | | | | | Not really needed (don't have a cross python to run) and avoids the unfortunate random test failures.
* | Fix TLS corruption tests.Jack Lloyd2016-11-152-8/+11
| | | | | | | | | | | | | | | | | | There is a simple bit flip corruption test for the TLS stack: we shouldn't negotiate correctly if any random bit gets flipped. But it turns out this is not entirely true as the record layer version field is effectively ignored except for distinguishing TLS vs DTLS. So a small bitflip in that field is sometimes ignored, causing the test to fail. Make sure we modify something in the body instead.
* | Add negative tests for cipher mode paddingJack Lloyd2016-11-152-52/+107
|/
* Merge GH #724 Add ESP (IPsec) CBC padding modeJack Lloyd2016-11-154-1/+102
|\
| * Update ISO standard for OneAndZeros_PaddingRené Korthaus2016-11-151-1/+1
| |
| * Check all padding bytes in ESP_Padding::unpad()René Korthaus2016-11-152-4/+24
| |
| * Check all ESP padding bytes during unpadRené Korthaus2016-11-141-12/+11
| |
| * Add ESP block cipher padding from RFC 4303René Korthaus2016-11-143-1/+83
| | | | | | | | | | ESP padding is one of the recommended padding methods from BSI-TR-02102-1.
* | Add test vectors for HKDF-Expand and HKDF-ExtractRené Korthaus2016-11-152-24/+142
| |
* | Add full HKDF implementationRené Korthaus2016-11-124-46/+134
|/ | | | | | | | | | Adds the full HKDF as class HKDF, renames the existing HKDF, which only implemented the expansion step, to HKDF_Expand and adds the extraction step as HKDF_Extract. The latter two are usually only used seperately in protocols such as TLS. A normal user would go for the full HKDF.
* Add params to XMSS test inputsJack Lloyd2016-11-123-47/+53
| | | | | | | This prevents the test suite from globbing all the XMSS tests together under "XMSS/Raw"; since XMSS ignores the padding anyway, pretend the param string is the padding which causes the normal logic in the signature test code to do the right thing.
* Remove unused Key_Type typedefsJack Lloyd2016-11-122-4/+0
| | | | [ci skip]
* Remove unused variable from testsJack Lloyd2016-11-122-8/+0
|