b886dad498
tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD found
2014-03-31 15:56:12 +02:00
48d6b57c30
tls: Offer TLS signature schemes in ClientHello in order of preference
...
Additionally, we now query plugin features to find out what schemes we exactly
support.
2014-03-31 15:56:12 +02:00
d06890d6e2
tls: Define AES-GCM cipher suites from RFC 5288/5289
2014-03-31 15:56:12 +02:00
f0f301170b
tls: Implement the TLS AEAD abstraction for real AEAD modes
2014-03-31 15:56:12 +02:00
d3204677ba
tls: Separate TLS protection to abstracted AEAD modes
...
To better separate the code path for different TLS versions and modes of
operation, we introduce a TLS AEAD abstraction. We provide three implementations
using traditional transforms, and get prepared for TLS AEAD modes.
2014-03-31 15:56:12 +02:00
409adef43c
libtls: Move settings to <ns>.tls with fallback to libtls
2014-02-12 14:34:32 +01:00
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
5a8dd63433
fixed typo
2013-03-27 22:56:37 +01:00
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
807f2facd0
Request a TLS client certificate even if no peer identity is given
...
This allows a peer to perform client authentication if it wants, but skip
it if not.
2013-02-28 16:46:08 +01:00
257c80cb5b
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
2013-02-28 16:46:08 +01:00
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
435348f406
Send TLS close notify during tls_socket_t destruction
2013-01-15 17:43:05 +01:00
7bbf7aa97a
Send TLS close notify if application returns SUCCESS
2013-01-15 17:43:05 +01:00
c43e8fdec4
Block TLS read when sending data, but have to wait for the handshake data first
2013-01-15 17:43:05 +01:00
ee90c78998
Use a more POSIXy tls_socket interface with more flexibility.
...
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
2013-01-15 17:43:05 +01:00
07f826af67
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
2012-11-28 10:20:14 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
1407a0026f
Added missing break when building TLS cipher suites
2012-09-28 18:55:40 +02:00
ab2c989c32
Don't allow NULL encryption with PEAP
2012-09-12 13:19:52 +02:00
acada66a35
Use memmove on overlapping regions, and operate with correct sizeof()
2012-09-12 13:19:52 +02:00
fb3cf1b708
Whitespace cleanups in tls_eap
2012-09-12 13:19:52 +02:00
02cabd0f26
Check if TLS handshake received Finished before processing application data
2012-08-09 12:10:41 +02:00
2df12b4c57
Fix tls_prf bug introduced with bc474883
2012-07-17 11:33:05 +02:00
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
ce73fc19db
Add a return value to crypter_t.set_key()
2012-07-16 14:53:38 +02:00
3b96189a2a
Add a return value to crypter_t.decrypt()
2012-07-16 14:53:38 +02:00
e35abbe588
Add a return value to crypter_t.encrypt
2012-07-16 14:53:37 +02:00
bb5eb15ccc
Check rng return value when generating TLS session identifiers
2012-07-16 14:53:37 +02:00
126eb2af59
Check rng return value when generating secrets and IVs in libtls
2012-07-16 14:53:37 +02:00
f3ca96b2bf
Add a return value to prf_t.set_key()
2012-07-16 14:53:34 +02:00
bc47488323
Add a return value to prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
e7d98b8c99
Add a return value to tls_prf_t.set_key()
2012-07-16 14:53:33 +02:00
97b30b93b0
Add a return value to tls_prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
9020f7d0b9
Add a return value to tls_crypto_t.derive_secrets()
2012-07-16 14:53:33 +02:00
2e96de60a8
Add a return value to signer_t.get_signature()
2012-07-16 14:53:33 +02:00
cbfbba7d86
Add a return value to signer_t.allocate_signature()
2012-07-16 14:53:32 +02:00
6245edf37e
eliminate message length field in EAP-TNC
2012-07-11 17:09:05 +02:00
c36680962c
allow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS
2012-07-11 17:09:04 +02:00
dfe82160e4
some tls_eap optimizations
2012-07-11 17:09:04 +02:00
3bd452f8f3
max_message_count = 0 disables limit
2012-07-11 17:09:04 +02:00
da67c37d65
log invalid TLS packet length
2012-07-11 17:09:04 +02:00
b188f23199
Install dev headers only if --with-dev-headers= option is set
2012-07-11 11:16:31 +02:00
2a6bcbbdee
Install libtls development headers
2012-07-11 10:51:01 +02:00
ae10ee6d0b
Double check if a cached suite is available, overwrite any old suite state
2012-02-07 11:42:57 +01:00
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00
06c150365d
Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion
2012-02-07 10:54:53 +01:00
1dabf5bfc7
Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same
2012-02-07 10:54:53 +01:00
3a87c89b1b
Added a tls_socket_t.splice method to wrap a file descriptor into TLS
2011-12-31 13:14:49 +01:00
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
ca5767621b
Implemented a TLS session cache
2011-12-31 13:14:49 +01:00
703c0db894
Check for cipherspec changes after each handshake message
2011-12-31 13:14:49 +01:00
4caa380625
Separated cipherspec checking and switching, allowing us to defer the second
2011-12-31 13:14:49 +01:00
84da59f609
Be less verbose about TLS extensions
2011-12-24 14:14:25 +01:00
ed57dfca3f
In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
2011-12-24 12:42:28 +01:00
6b01216422
Added a getter for the tls_socket file descriptor
2011-12-24 12:42:25 +01:00
e7cb8f9b37
added dummy libtls_init() function needed for integrity testing
2011-11-08 20:27:17 +01:00
5976e149eb
Don't allocate extra memory to MAC the TLS header
2011-09-28 17:32:23 +02:00
b79bb79a66
Verify TLS MAC even if padding is invalid to prevent timing attacks
2011-09-28 17:16:09 +02:00
18c4d010f4
Install and use libtls as dynamic library, as we have our private libdir now
2011-08-08 13:41:09 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
7e82d26dd8
fixed type
2011-05-31 15:46:51 +02:00
deed58393d
raw TLS debug output
2011-05-29 10:36:41 +02:00
4b06f9f265
debug type is EAP_TLS
2011-04-21 21:04:11 +02:00
2778b6644b
do not include length field in non-fragmented EAP-PEAP packets
2011-04-21 19:52:49 +02:00
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe3e2419ebe317ce69b47a
2011-04-21 13:35:31 +02:00
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
2db8b58f62
Continue without client authentication if no matching certificate found
2011-04-14 20:02:12 +02:00
6a8f1a578f
Ignore TLS certificate requests as peer if peer authentication disabled
2011-04-14 20:02:12 +02:00
1c21f47a06
Send TLS Server Name Indication as peer if server identity is a FQDN
2011-04-14 20:02:12 +02:00
eea2bdb203
Fix tls_writer wrap functions
2011-04-14 20:02:11 +02:00
a9ee43e96a
added TLS renegotiation_info extension
2011-04-14 16:54:46 +02:00
1bee89d339
added TLS_PURPOSE_EAP_PEAP
2011-04-05 18:16:28 +02:00
6f69fb0134
implemented get|set_identifier() for tls_eap_t
2011-04-05 18:14:58 +02:00
84545f6e7c
Some typos fixed.
2011-02-07 11:39:41 +01:00
8118707845
Increase tls_writer buffer by at least 4 bytes
2011-01-19 14:41:59 +01:00
f10e72341c
cast enumerated algorithm type as int
2010-12-18 20:24:53 +01:00
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
58d73d38bc
output TLS-independent error messages
2010-12-05 14:55:18 +01:00
4d178affbb
call is_complete() if tls protocol returns with SUCCESS
2010-11-16 11:52:06 +01:00
0cfdbaff2c
set EAP-TTLS/TNC version also in acknowledgement packets
2010-10-04 14:39:49 +02:00
89821331e0
Do not change cipherspec while we have buffered handshake fragments pending
2010-09-09 14:27:41 +02:00
3b7eb3a9f4
added explanatory comments
2010-09-09 08:57:13 +02:00
de29e3a683
max max_message_count configurable and move it into tls_eap_t
2010-09-08 12:58:45 +02:00
99b0f633c2
handle TLS_PURPOSE_EAP_TNC
2010-09-08 12:58:45 +02:00
51b385d44d
moved tls_t existance test into tls_eap_create() again
2010-09-08 11:09:11 +02:00
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
7b3c01845f
Read the compression type byte for EC groups, only
2010-09-08 10:35:29 +02:00
31c65eb362
Include ec_point_format extension in ClientHello
2010-09-06 18:51:38 +02:00
02281c87a4
Added TLS specific EC point formats
2010-09-06 18:42:43 +02:00
ec7d4e70d3
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
2010-09-06 18:37:24 +02:00
fe559b5156
Accept TLS records with zero-length plaintext
2010-09-06 17:04:59 +02:00
adb913adeb
Added strongswan.conf option to filter for specific TLS suites
2010-09-06 16:51:11 +02:00
24a5b935e7
Added strongswan.conf options to filter cipher suites by specific algorithms
2010-09-06 16:51:04 +02:00
a03eebdf93
Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
2010-09-06 16:50:54 +02:00
e6cce7ff0d
Prepend point format to ECDH public key
2010-09-06 15:37:51 +02:00
e4fd2bb428
Log the selected (EC)DH group
2010-09-06 15:37:51 +02:00
0f89143b84
Parse unsupported TLS Hello extensions properly
2010-09-06 15:37:51 +02:00
6cf85b35a4
Added TLS extension identifiers from RFC 3546
2010-09-06 15:37:51 +02:00
4e68c1cfdc
Do not propose (EC)DHE suites if we do not support them
2010-09-03 18:24:03 +02:00
4254257f9d
Offer only algorithms/suites we have a registered public key backend for
2010-09-03 18:11:03 +02:00
f9c0cf862c
Fixed key type of ECDHE_RSA groups
2010-09-03 17:24:39 +02:00
3f7bb88ba3
Use a dynamic curve enumerator to list/convert TLS named curves
2010-09-03 17:24:23 +02:00
f4c98ae664
Use ECDH group check where appropriate
2010-09-03 16:53:36 +02:00
2066918da2
Add ECDHE enabled cipher suites, including ECDSA variants
2010-09-03 14:54:43 +02:00
4cdade5aae
Select private key based on received cipher suites
2010-09-03 14:54:43 +02:00
37a59a8fbf
Support for EC curve Hello extension, EC curve fallback
2010-09-03 14:54:43 +02:00
141d7f7abd
Added server support for ECDHE key exchange
2010-09-03 14:54:43 +02:00
5fc7297e38
Added client support for ECDHE key exchange
2010-09-03 14:54:43 +02:00
691ca54db5
Added TLS EC curve type and name identifiers
2010-09-03 14:54:43 +02:00
1972102e1e
fixed typo
2010-09-03 13:30:40 +02:00
ccb65463e7
Check for queued TLS alerts after each handshake part
2010-09-03 09:33:15 +02:00
c0071bde73
removed redundant debug output
2010-09-02 22:19:37 +02:00
ef0a8e5892
Add DHE enabled RSA variants to the supported TLS suites
2010-09-02 19:33:08 +02:00
f14358a9b5
Added TLS server side support for DHE suites
2010-09-02 19:33:08 +02:00
da3f4a9fd0
Added TLS client side support for DHE suites
2010-09-02 19:33:08 +02:00
35d9c15d5e
Store a MODP group we use for each TLS suite
2010-09-02 19:33:08 +02:00
06109c4717
Implemented "signature algorithm" hello extension
2010-09-02 19:33:08 +02:00
731611c525
Added TLS extension identifiers
2010-09-02 19:33:08 +02:00
d29a82a9d4
Added generic TLS data sign/verify, hash/sig algorithm construction
2010-09-02 19:33:08 +02:00
60c4b3b545
Continue with a randomized premaster if decryption failed / version mismatches
2010-09-02 19:33:08 +02:00
dbb7c0306c
Support different hash/sig algorithms in handshake signing, including ECDSA
2010-09-02 13:07:25 +02:00
99dcaea9bd
Added TLS ClientCertificateType identifiers
2010-09-02 13:07:24 +02:00
9dd2ca924e
Added TLS specific Hash and Signature Algorithm identifiers
2010-09-02 13:07:24 +02:00
ea6d7cb4be
Fixed typos in tls_writer method descriptions
2010-09-02 13:07:24 +02:00
54cba78573
cosmetics in debug output
2010-09-01 14:30:14 +02:00
5fb1311b2a
clarified debug output
2010-08-31 23:22:39 +02:00
c3024a0848
fixed typo
2010-08-31 21:42:14 +02:00
93709d1093
Do not process any more TLS handshake messages on fatal alerts
2010-08-31 18:10:24 +02:00
c811479986
Strictly check if the server certificate matches the TLS server identity
2010-08-31 18:10:23 +02:00
f9fc5f2045
Added strongswan.conf options for EAP-TLS/TTLS fragment size
2010-08-31 16:17:01 +02:00
743f94067e
Support processing of partial TLS record headers
2010-08-31 16:17:01 +02:00
877c910f04
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
2010-08-31 16:16:58 +02:00
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
ce1af73907
Implemented buffering of partial records in TLS stack
2010-08-31 15:35:29 +02:00
d169aab35e
Log TLS handshake subtypes as handshakes
2010-08-31 15:35:29 +02:00
0433b4172b
Typo in doxygen comment fixed.
2010-08-30 10:49:32 +02:00
2bf0e74c38
Prefer AES/Camellia suites over 3DES/NULL encryption
2010-08-25 18:30:09 +02:00
a596006e3f
Send TLS alerts for errors in TLS handshake building
2010-08-25 18:24:27 +02:00
ee88ddd6aa
Refactored fragment building, use correct TLS content type for non-first fragments
2010-08-25 18:04:59 +02:00
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00
bd23b9086e
Initialize output chunk before appending data to it
2010-08-25 12:43:21 +02:00
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
a2c1235969
Skip the close notify if application layer completes successfully
2010-08-24 10:30:24 +02:00
c1a929daa7
removed some redundant debug output
2010-08-24 09:02:51 +02:00
bda7d9d940
Added generic TLS purposes
2010-08-24 08:45:49 +02:00
c5142f110e
Check if the application layer has completed successfully
2010-08-24 08:45:49 +02:00
1475800080
Moved TLS record parsing/generation to tls.c
2010-08-24 08:45:49 +02:00
c310881a11
Added a TLS purpose for EAP-TTLS with client authentication
2010-08-23 15:13:48 +02:00
e6f3ef1330
Implemented TLS Alert handling
2010-08-23 15:13:37 +02:00
f154e30431
Verify negotiated TLS version
2010-08-23 09:47:03 +02:00
3c19b3461f
Introducing a dedicated debug message group for libtls
2010-08-23 09:47:03 +02:00
0bcef5fe7a
Streamlined TLS debugging output
2010-08-23 09:45:33 +02:00
56a1167b07
fixed build_cipher_suite_list()
2010-08-21 12:52:55 +02:00
96b2fbcc2c
Introducing simple purposes for the TLS stack, switches various options
2010-08-20 15:09:08 +02:00
6e413d9ce9
Added more TLS cipher suites we already support
2010-08-20 12:11:21 +02:00
a2bfc45bfd
Build TLS cipher suite list in a generic fashion
2010-08-20 12:11:21 +02:00
fd86fb5183
removed debug output for TLS application data
2010-08-19 07:27:30 +02:00
ee346b54c1
add TLS handshake packet size to debug output
2010-08-18 22:07:27 +02:00
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
714d0bfd37
Only include certificates with CA flag in TLS cert request
2010-08-16 09:20:19 +02:00
b51ac45c48
optional certificate-based peer authentication on TLS server side
2010-08-15 13:02:57 +02:00
c4347aa86e
do not dump tls application data any more
2010-08-13 21:21:49 +02:00
3102d8669d
Use IV length of a crypter instead of block size for IV calculations
2010-08-13 17:11:53 +02:00
3a15a02a58
set TLS record type before state change to STATE_FINISHED_SENT
2010-08-13 00:31:45 +02:00
b62e9a30ce
fixed sequence numbering and iv of TLS protection layer
2010-08-12 23:58:54 +02:00
1327839da8
added generic TLS application data handler and specific EAP-TTLS instantiation
2010-08-12 23:58:54 +02:00
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
a6444fcdd4
EAP-TLS and EAP-TTLS use different constant MSK PRF label
2010-08-07 11:26:04 +02:00
b4d30a425e
support server authentication only for EAP-TTLS
2010-08-07 11:26:04 +02:00
37d2d7e158
Whitespace cleanups
2010-08-05 13:58:49 +02:00
e85bca7f22
Use certificate subject to get a public key of the TLS server
2010-08-05 13:13:45 +02:00
edb82ab8ae
Some Doxygen fixes.
2010-08-05 11:53:53 +02:00
7ea87db00d
added some more TLS debug output
2010-08-05 09:51:05 +02:00
7030e3950a
fixed type in cipher suite list build
2010-08-05 01:26:10 +02:00
4657b3a42a
log selected TLS version and cipher suite
2010-08-05 01:21:59 +02:00
289c9ac3d7
log TLS handshake messages in debug level 2
2010-08-04 16:55:55 +02:00
0f82a47063
Moved TLS stack to its own library
2010-08-03 15:39:26 +02:00
Martin Willi