a7f2818832
tls-socket: Allow configuring both minimum and maximum TLS versions
2021-02-12 11:45:44 +01:00
c4576a1f57
tls: Allow setting both minimum and maximum TLS versions
...
This allows to increase the initial minimum version and also prevents
sending a list of versions during retries when 1.3 was already
negotiated.
2021-02-12 11:45:44 +01:00
2b6565c236
tls-peer: Handle HelloRetryRequest
...
Adds support to handle retries with different DH group and/or a cookie
extension.
2021-02-12 11:45:44 +01:00
2271d67f07
tls-crypto: Add method to hash handshake data and use result as initial transcript
...
This is used for HelloRetryRequest.
2021-02-12 11:45:44 +01:00
64e63c68c8
tls-crypto: Destroy HKDF instance if keys are derived multiple times
...
This will be the case during a retry.
2021-02-12 11:45:44 +01:00
851b605e21
tls-peer: Refactor writing of extensions and use less hard-coded DH group
...
Note that this breaks connecting to many TLS 1.3 servers until we support
HelloRetryRequest as we now send a key_share for ECP_256 while still
proposing other groups, so many servers request to use CURVE_25519.
2021-02-12 11:45:44 +01:00
de31646a09
tls-peer: Refactor sending/processing finished message
...
Also fixes leaks.
2021-02-12 11:45:44 +01:00
44cda40d58
tls-peer: Simply ignore certificate request context
...
This SHALL be zero length for server authentication anyway.
2021-02-12 11:45:44 +01:00
bfa3178836
tls-peer: Use existing code to verify certificate and signature
2021-02-12 11:45:44 +01:00
c78b2bee5d
tls-peer: Refactor parsing of TLS extensions
...
Also adds proper error handling.
2021-02-12 11:45:44 +01:00
f0ed5f9125
tls-peer: Fix parsing of encrypted extensions
2021-02-12 11:45:44 +01:00
4c40a3d3f0
tls-peer: Fix parsing of intermediate CA certificates
2021-02-12 11:45:44 +01:00
2e1c0a2776
tls-crypto: Rename methods to calculate finished message
...
Instead of the version number use "legacy" for the one for earlier TLS
versions.
2021-02-12 11:45:44 +01:00
f116a4823f
tls-crypto: Use internal PRF of tls-hkdf to generate finished message
...
Also adds additional checks.
2021-02-12 11:45:44 +01:00
a9f661f52a
tls-hkdf: Add helper method to allocate data from the internal PRF
2021-02-12 11:45:44 +01:00
6a0ee0c23c
tls-hkdf: Cleanups and refactorings
...
The main refactoring is how secrets (PSK/DH) are handled.
2021-02-12 11:45:44 +01:00
de983a3cb9
tls-crypto: Simplify signature creation/verification
2021-02-12 11:45:44 +01:00
2921f43705
tls-crypto: Simplify handshake/application key derivation and rename methods
...
Also consistently change the ciphers outside of tls_crypto_t and
simplify key derivation in tls_peer_t and fix a memory leak.
2021-02-12 11:45:44 +01:00
fff1974012
tls-hkdf: Make labels enum a proper type
2021-02-12 11:45:44 +01:00
8495138d4a
tls-peer: Support x25519/448 for TLS 1.2
...
These DH groups don't use the point format prefix (RFC 8422 deprecated
any other format anyway). Since they are enumerated now, they can also
be used by servers for TLS 1.2.
2021-02-12 11:45:44 +01:00
3101120c75
tls-crypto: Enumerate x25519/448 and rename constant for consistency
2021-02-12 11:45:44 +01:00
53ba0801ac
tls-crypto: Simplify hash algorithm handling
2021-02-12 11:45:44 +01:00
43c8f950a7
tls-crypto: Delay instantiation of cipher suites
...
This way we can take into account the version set via setter on tls_t.
2021-02-12 11:45:44 +01:00
281766c5e6
tls-crypto: Filter TLS cipher suites by min/max version
...
There is no point proposing legacy (or future) cipher suites depending on
the proposed TLS versions. It was actually possible to negotiate and use
cipher suites only defined for TLS 1.2 with earlier TLS versions.
2021-02-12 11:45:44 +01:00
436571b2f0
tls-crypto: Correctly filter cipher suites based on PRF algorithms
...
The previous check operated on the first array element.
2021-02-12 11:45:44 +01:00
b7ea969b32
tls-crypto: Use correct key length for ChaCha20/Poly1305
2021-02-12 11:45:44 +01:00
ba3c90ded1
libtls: Some code style fixes
2021-02-12 11:45:44 +01:00
7a2b02667c
libtls: Implement TLS 1.3 handshake on client-side
...
The code is a minimal handshake with the HelloRetryRequest message
implementation missing.
Can be tested with an OpenSSL server running TLS 1.3. The server must
be at least version 1.1.1 (September 2018).
Co-authored-by: ryru <pascal.knecht@hsr.ch>
2021-02-12 11:45:44 +01:00
02d7405512
libtls: Implement HKDF for TLS 1.3
...
TLS 1.3 uses HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
as defined in RFC 5869 to compute traffic secrets.
Co-authored-by: bytinbit <meline.sieber@hsr.ch>
2021-02-12 11:45:44 +01:00
3d83d348f4
libtls: Add support to run unit tests with a custom plugin list
2021-02-12 11:45:44 +01:00
818dc86568
libtls: Add TLS 1.3 implementation of tls_aead_t
...
The key material, in particular the nonce/IV, is derived differently and
the IV is also generated in a different way. Additionally, the actual
content type is encrypted and there may be optional padding to mask the
actual size of the encrypted data.
2021-02-12 11:45:44 +01:00
ba2bcdd882
libtls: Allow tls_aead_t to change the content type
...
The actual content type is encrypted with TLS 1.3, the type in the record
header is always Application Data.
2021-02-12 11:45:44 +01:00
ed1ba70894
libtls: Enable code coverage
...
While the test runner was already correctly set up, the library itself
was not and no coverage was reported for any of its files.
2020-09-09 13:25:30 +02:00
6987f6b3eb
unit-tests: Update expired certificates for TLS tests
2020-03-25 15:31:07 +01:00
479c85d569
libtls: Remove unused variable in TLS socket implementation
...
Not used anymore since c43e8fdec4
2020-03-06 10:30:16 +01:00
d5cf2d1f85
tls-crypto: Fix usage of chunk_from_chars()
...
See 8ea13bbc5c#3249 .
2020-01-30 18:18:06 +01:00
e438915e62
tls-prf: Remove unused/undeclared argument in TLS 1.0/1.1 PRF constructor
2020-01-28 15:32:43 +01:00
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
2ad1df9571
Replace 'inacceptable' with the more common 'unacceptable'
2018-06-28 18:46:42 +02:00
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
024b979522
certificate: Return signature scheme and parameters from issued_by() method
...
This also required some include restructuring (avoid including library.h
in headers) to avoid unresolvable circular dependencies.
2017-11-08 16:48:10 +01:00
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
a413571f3b
public-key: Add optional parameters argument to verify() method
2017-11-08 16:48:10 +01:00
ca280574ba
Fixed some typos, courtesy of codespell
2017-08-07 17:22:01 +02:00
525cc46cab
Change interface for enumerator_create_filter() callback
...
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
2017-05-26 13:56:44 +02:00
67849f4972
libtls: Replace expired certificates for unit tests
...
Only the tests with client authentication failed, the client accepted
the trusted self-signed certificate even when it was expired. On the
server the lookup (based on the pre-configured SAN) first found the ECDSA
cert, which it dismissed for the RSA authentication the client used, and
since only the first "pretrusted" cert is considered the following RSA
cert was verified more thoroughly.
The lookup on the client always uses the full DN of the server certificate
not the pre-configured identity so it found the correct certificate on
the first try.
2017-03-24 10:46:14 +01:00
1003cf2330
Fixed some typos, courtesy of codespell
2017-03-23 18:29:18 +01:00
40f2589abf
gmp: Support of SHA-3 RSA signatures
2016-09-22 17:34:31 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner