Martin Willi
|
e6cce7ff0d
|
Prepend point format to ECDH public key
|
2010-09-06 15:37:51 +02:00 |
|
Martin Willi
|
e4fd2bb428
|
Log the selected (EC)DH group
|
2010-09-06 15:37:51 +02:00 |
|
Martin Willi
|
0f89143b84
|
Parse unsupported TLS Hello extensions properly
|
2010-09-06 15:37:51 +02:00 |
|
Martin Willi
|
6cf85b35a4
|
Added TLS extension identifiers from RFC 3546
|
2010-09-06 15:37:51 +02:00 |
|
Martin Willi
|
4e68c1cfdc
|
Do not propose (EC)DHE suites if we do not support them
|
2010-09-03 18:24:03 +02:00 |
|
Martin Willi
|
4254257f9d
|
Offer only algorithms/suites we have a registered public key backend for
|
2010-09-03 18:11:03 +02:00 |
|
Martin Willi
|
f9c0cf862c
|
Fixed key type of ECDHE_RSA groups
|
2010-09-03 17:24:39 +02:00 |
|
Martin Willi
|
3f7bb88ba3
|
Use a dynamic curve enumerator to list/convert TLS named curves
|
2010-09-03 17:24:23 +02:00 |
|
Martin Willi
|
f4c98ae664
|
Use ECDH group check where appropriate
|
2010-09-03 16:53:36 +02:00 |
|
Martin Willi
|
2066918da2
|
Add ECDHE enabled cipher suites, including ECDSA variants
|
2010-09-03 14:54:43 +02:00 |
|
Martin Willi
|
4cdade5aae
|
Select private key based on received cipher suites
|
2010-09-03 14:54:43 +02:00 |
|
Martin Willi
|
37a59a8fbf
|
Support for EC curve Hello extension, EC curve fallback
|
2010-09-03 14:54:43 +02:00 |
|
Martin Willi
|
141d7f7abd
|
Added server support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
|
Martin Willi
|
5fc7297e38
|
Added client support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
|
Martin Willi
|
691ca54db5
|
Added TLS EC curve type and name identifiers
|
2010-09-03 14:54:43 +02:00 |
|
Andreas Steffen
|
1972102e1e
|
fixed typo
|
2010-09-03 13:30:40 +02:00 |
|
Martin Willi
|
ccb65463e7
|
Check for queued TLS alerts after each handshake part
|
2010-09-03 09:33:15 +02:00 |
|
Andreas Steffen
|
c0071bde73
|
removed redundant debug output
|
2010-09-02 22:19:37 +02:00 |
|
Martin Willi
|
ef0a8e5892
|
Add DHE enabled RSA variants to the supported TLS suites
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
f14358a9b5
|
Added TLS server side support for DHE suites
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
da3f4a9fd0
|
Added TLS client side support for DHE suites
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
35d9c15d5e
|
Store a MODP group we use for each TLS suite
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
06109c4717
|
Implemented "signature algorithm" hello extension
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
731611c525
|
Added TLS extension identifiers
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
d29a82a9d4
|
Added generic TLS data sign/verify, hash/sig algorithm construction
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
60c4b3b545
|
Continue with a randomized premaster if decryption failed / version mismatches
|
2010-09-02 19:33:08 +02:00 |
|
Martin Willi
|
dbb7c0306c
|
Support different hash/sig algorithms in handshake signing, including ECDSA
|
2010-09-02 13:07:25 +02:00 |
|
Martin Willi
|
99dcaea9bd
|
Added TLS ClientCertificateType identifiers
|
2010-09-02 13:07:24 +02:00 |
|
Martin Willi
|
9dd2ca924e
|
Added TLS specific Hash and Signature Algorithm identifiers
|
2010-09-02 13:07:24 +02:00 |
|
Martin Willi
|
ea6d7cb4be
|
Fixed typos in tls_writer method descriptions
|
2010-09-02 13:07:24 +02:00 |
|
Andreas Steffen
|
54cba78573
|
cosmetics in debug output
|
2010-09-01 14:30:14 +02:00 |
|
Andreas Steffen
|
5fb1311b2a
|
clarified debug output
|
2010-08-31 23:22:39 +02:00 |
|
Andreas Steffen
|
c3024a0848
|
fixed typo
|
2010-08-31 21:42:14 +02:00 |
|
Martin Willi
|
93709d1093
|
Do not process any more TLS handshake messages on fatal alerts
|
2010-08-31 18:10:24 +02:00 |
|
Martin Willi
|
c811479986
|
Strictly check if the server certificate matches the TLS server identity
|
2010-08-31 18:10:23 +02:00 |
|
Martin Willi
|
f9fc5f2045
|
Added strongswan.conf options for EAP-TLS/TTLS fragment size
|
2010-08-31 16:17:01 +02:00 |
|
Martin Willi
|
743f94067e
|
Support processing of partial TLS record headers
|
2010-08-31 16:17:01 +02:00 |
|
Martin Willi
|
877c910f04
|
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
|
2010-08-31 16:16:58 +02:00 |
|
Martin Willi
|
ecd98efa9d
|
Support output fragmentation of TLS records
|
2010-08-31 15:54:37 +02:00 |
|
Martin Willi
|
ce1af73907
|
Implemented buffering of partial records in TLS stack
|
2010-08-31 15:35:29 +02:00 |
|
Martin Willi
|
d169aab35e
|
Log TLS handshake subtypes as handshakes
|
2010-08-31 15:35:29 +02:00 |
|
Tobias Brunner
|
0433b4172b
|
Typo in doxygen comment fixed.
|
2010-08-30 10:49:32 +02:00 |
|
Martin Willi
|
2bf0e74c38
|
Prefer AES/Camellia suites over 3DES/NULL encryption
|
2010-08-25 18:30:09 +02:00 |
|
Martin Willi
|
a596006e3f
|
Send TLS alerts for errors in TLS handshake building
|
2010-08-25 18:24:27 +02:00 |
|
Martin Willi
|
ee88ddd6aa
|
Refactored fragment building, use correct TLS content type for non-first fragments
|
2010-08-25 18:04:59 +02:00 |
|
Martin Willi
|
17102f7b58
|
Added a simple high level TLS wrapper for sockets
|
2010-08-25 12:52:53 +02:00 |
|
Martin Willi
|
bd23b9086e
|
Initialize output chunk before appending data to it
|
2010-08-25 12:43:21 +02:00 |
|
Martin Willi
|
69e8bb2e8d
|
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
|
2010-08-24 11:34:43 +02:00 |
|
Martin Willi
|
a2c1235969
|
Skip the close notify if application layer completes successfully
|
2010-08-24 10:30:24 +02:00 |
|
Andreas Steffen
|
c1a929daa7
|
removed some redundant debug output
|
2010-08-24 09:02:51 +02:00 |
|
Martin Willi
|
bda7d9d940
|
Added generic TLS purposes
|
2010-08-24 08:45:49 +02:00 |
|
Martin Willi
|
c5142f110e
|
Check if the application layer has completed successfully
|
2010-08-24 08:45:49 +02:00 |
|
Martin Willi
|
1475800080
|
Moved TLS record parsing/generation to tls.c
|
2010-08-24 08:45:49 +02:00 |
|
Martin Willi
|
c310881a11
|
Added a TLS purpose for EAP-TTLS with client authentication
|
2010-08-23 15:13:48 +02:00 |
|
Martin Willi
|
e6f3ef1330
|
Implemented TLS Alert handling
|
2010-08-23 15:13:37 +02:00 |
|
Martin Willi
|
f154e30431
|
Verify negotiated TLS version
|
2010-08-23 09:47:03 +02:00 |
|
Martin Willi
|
3c19b3461f
|
Introducing a dedicated debug message group for libtls
|
2010-08-23 09:47:03 +02:00 |
|
Martin Willi
|
0bcef5fe7a
|
Streamlined TLS debugging output
|
2010-08-23 09:45:33 +02:00 |
|
Andreas Steffen
|
56a1167b07
|
fixed build_cipher_suite_list()
|
2010-08-21 12:52:55 +02:00 |
|
Martin Willi
|
96b2fbcc2c
|
Introducing simple purposes for the TLS stack, switches various options
|
2010-08-20 15:09:08 +02:00 |
|
Martin Willi
|
6e413d9ce9
|
Added more TLS cipher suites we already support
|
2010-08-20 12:11:21 +02:00 |
|
Martin Willi
|
a2bfc45bfd
|
Build TLS cipher suite list in a generic fashion
|
2010-08-20 12:11:21 +02:00 |
|
Andreas Steffen
|
fd86fb5183
|
removed debug output for TLS application data
|
2010-08-19 07:27:30 +02:00 |
|
Andreas Steffen
|
ee346b54c1
|
add TLS handshake packet size to debug output
|
2010-08-18 22:07:27 +02:00 |
|
Martin Willi
|
ba31fe1fd6
|
Use a seperate section for each nested struct member in INIT macro
|
2010-08-18 12:15:03 +02:00 |
|
Martin Willi
|
714d0bfd37
|
Only include certificates with CA flag in TLS cert request
|
2010-08-16 09:20:19 +02:00 |
|
Andreas Steffen
|
b51ac45c48
|
optional certificate-based peer authentication on TLS server side
|
2010-08-15 13:02:57 +02:00 |
|
Andreas Steffen
|
c4347aa86e
|
do not dump tls application data any more
|
2010-08-13 21:21:49 +02:00 |
|
Martin Willi
|
3102d8669d
|
Use IV length of a crypter instead of block size for IV calculations
|
2010-08-13 17:11:53 +02:00 |
|
Andreas Steffen
|
3a15a02a58
|
set TLS record type before state change to STATE_FINISHED_SENT
|
2010-08-13 00:31:45 +02:00 |
|
Andreas Steffen
|
b62e9a30ce
|
fixed sequence numbering and iv of TLS protection layer
|
2010-08-12 23:58:54 +02:00 |
|
Andreas Steffen
|
1327839da8
|
added generic TLS application data handler and specific EAP-TTLS instantiation
|
2010-08-12 23:58:54 +02:00 |
|
Martin Willi
|
33ddaaabec
|
Added support for different encryption schemes to private/public keys
|
2010-08-10 18:46:30 +02:00 |
|
Andreas Steffen
|
a6444fcdd4
|
EAP-TLS and EAP-TTLS use different constant MSK PRF label
|
2010-08-07 11:26:04 +02:00 |
|
Andreas Steffen
|
b4d30a425e
|
support server authentication only for EAP-TTLS
|
2010-08-07 11:26:04 +02:00 |
|
Martin Willi
|
37d2d7e158
|
Whitespace cleanups
|
2010-08-05 13:58:49 +02:00 |
|
Martin Willi
|
e85bca7f22
|
Use certificate subject to get a public key of the TLS server
|
2010-08-05 13:13:45 +02:00 |
|
Tobias Brunner
|
edb82ab8ae
|
Some Doxygen fixes.
|
2010-08-05 11:53:53 +02:00 |
|
Andreas Steffen
|
7ea87db00d
|
added some more TLS debug output
|
2010-08-05 09:51:05 +02:00 |
|
Andreas Steffen
|
7030e3950a
|
fixed type in cipher suite list build
|
2010-08-05 01:26:10 +02:00 |
|
Andreas Steffen
|
4657b3a42a
|
log selected TLS version and cipher suite
|
2010-08-05 01:21:59 +02:00 |
|
Andreas Steffen
|
289c9ac3d7
|
log TLS handshake messages in debug level 2
|
2010-08-04 16:55:55 +02:00 |
|
Martin Willi
|
0f82a47063
|
Moved TLS stack to its own library
|
2010-08-03 15:39:26 +02:00 |