Tobias Brunner
a7f2818832
tls-socket: Allow configuring both minimum and maximum TLS versions
2021-02-12 11:45:44 +01:00
Tobias Brunner
c4576a1f57
tls: Allow setting both minimum and maximum TLS versions
...
This allows to increase the initial minimum version and also prevents
sending a list of versions during retries when 1.3 was already
negotiated.
2021-02-12 11:45:44 +01:00
Tobias Brunner
2b6565c236
tls-peer: Handle HelloRetryRequest
...
Adds support to handle retries with different DH group and/or a cookie
extension.
2021-02-12 11:45:44 +01:00
Tobias Brunner
2271d67f07
tls-crypto: Add method to hash handshake data and use result as initial transcript
...
This is used for HelloRetryRequest.
2021-02-12 11:45:44 +01:00
Tobias Brunner
64e63c68c8
tls-crypto: Destroy HKDF instance if keys are derived multiple times
...
This will be the case during a retry.
2021-02-12 11:45:44 +01:00
Tobias Brunner
851b605e21
tls-peer: Refactor writing of extensions and use less hard-coded DH group
...
Note that this breaks connecting to many TLS 1.3 servers until we support
HelloRetryRequest as we now send a key_share for ECP_256 while still
proposing other groups, so many servers request to use CURVE_25519.
2021-02-12 11:45:44 +01:00
Tobias Brunner
de31646a09
tls-peer: Refactor sending/processing finished message
...
Also fixes leaks.
2021-02-12 11:45:44 +01:00
Tobias Brunner
44cda40d58
tls-peer: Simply ignore certificate request context
...
This SHALL be zero length for server authentication anyway.
2021-02-12 11:45:44 +01:00
Tobias Brunner
bfa3178836
tls-peer: Use existing code to verify certificate and signature
2021-02-12 11:45:44 +01:00
Tobias Brunner
c78b2bee5d
tls-peer: Refactor parsing of TLS extensions
...
Also adds proper error handling.
2021-02-12 11:45:44 +01:00
Tobias Brunner
f0ed5f9125
tls-peer: Fix parsing of encrypted extensions
2021-02-12 11:45:44 +01:00
Tobias Brunner
4c40a3d3f0
tls-peer: Fix parsing of intermediate CA certificates
2021-02-12 11:45:44 +01:00
Tobias Brunner
2e1c0a2776
tls-crypto: Rename methods to calculate finished message
...
Instead of the version number use "legacy" for the one for earlier TLS
versions.
2021-02-12 11:45:44 +01:00
Tobias Brunner
f116a4823f
tls-crypto: Use internal PRF of tls-hkdf to generate finished message
...
Also adds additional checks.
2021-02-12 11:45:44 +01:00
Tobias Brunner
a9f661f52a
tls-hkdf: Add helper method to allocate data from the internal PRF
2021-02-12 11:45:44 +01:00
Tobias Brunner
6a0ee0c23c
tls-hkdf: Cleanups and refactorings
...
The main refactoring is how secrets (PSK/DH) are handled.
2021-02-12 11:45:44 +01:00
Tobias Brunner
de983a3cb9
tls-crypto: Simplify signature creation/verification
2021-02-12 11:45:44 +01:00
Tobias Brunner
2921f43705
tls-crypto: Simplify handshake/application key derivation and rename methods
...
Also consistently change the ciphers outside of tls_crypto_t and
simplify key derivation in tls_peer_t and fix a memory leak.
2021-02-12 11:45:44 +01:00
Tobias Brunner
fff1974012
tls-hkdf: Make labels enum a proper type
2021-02-12 11:45:44 +01:00
Tobias Brunner
8495138d4a
tls-peer: Support x25519/448 for TLS 1.2
...
These DH groups don't use the point format prefix (RFC 8422 deprecated
any other format anyway). Since they are enumerated now, they can also
be used by servers for TLS 1.2.
2021-02-12 11:45:44 +01:00
Tobias Brunner
3101120c75
tls-crypto: Enumerate x25519/448 and rename constant for consistency
2021-02-12 11:45:44 +01:00
Tobias Brunner
53ba0801ac
tls-crypto: Simplify hash algorithm handling
2021-02-12 11:45:44 +01:00
Tobias Brunner
43c8f950a7
tls-crypto: Delay instantiation of cipher suites
...
This way we can take into account the version set via setter on tls_t.
2021-02-12 11:45:44 +01:00
Tobias Brunner
281766c5e6
tls-crypto: Filter TLS cipher suites by min/max version
...
There is no point proposing legacy (or future) cipher suites depending on
the proposed TLS versions. It was actually possible to negotiate and use
cipher suites only defined for TLS 1.2 with earlier TLS versions.
2021-02-12 11:45:44 +01:00
Tobias Brunner
436571b2f0
tls-crypto: Correctly filter cipher suites based on PRF algorithms
...
The previous check operated on the first array element.
2021-02-12 11:45:44 +01:00
Tobias Brunner
b7ea969b32
tls-crypto: Use correct key length for ChaCha20/Poly1305
2021-02-12 11:45:44 +01:00
Tobias Brunner
ba3c90ded1
libtls: Some code style fixes
2021-02-12 11:45:44 +01:00
bytinbit
7a2b02667c
libtls: Implement TLS 1.3 handshake on client-side
...
The code is a minimal handshake with the HelloRetryRequest message
implementation missing.
Can be tested with an OpenSSL server running TLS 1.3. The server must
be at least version 1.1.1 (September 2018).
Co-authored-by: ryru <pascal.knecht@hsr.ch>
2021-02-12 11:45:44 +01:00
Pascal K
02d7405512
libtls: Implement HKDF for TLS 1.3
...
TLS 1.3 uses HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
as defined in RFC 5869 to compute traffic secrets.
Co-authored-by: bytinbit <meline.sieber@hsr.ch>
2021-02-12 11:45:44 +01:00
Tobias Brunner
3d83d348f4
libtls: Add support to run unit tests with a custom plugin list
2021-02-12 11:45:44 +01:00
Tobias Brunner
818dc86568
libtls: Add TLS 1.3 implementation of tls_aead_t
...
The key material, in particular the nonce/IV, is derived differently and
the IV is also generated in a different way. Additionally, the actual
content type is encrypted and there may be optional padding to mask the
actual size of the encrypted data.
2021-02-12 11:45:44 +01:00
Tobias Brunner
ba2bcdd882
libtls: Allow tls_aead_t to change the content type
...
The actual content type is encrypted with TLS 1.3, the type in the record
header is always Application Data.
2021-02-12 11:45:44 +01:00
Tobias Brunner
ed1ba70894
libtls: Enable code coverage
...
While the test runner was already correctly set up, the library itself
was not and no coverage was reported for any of its files.
2020-09-09 13:25:30 +02:00
Tobias Brunner
6987f6b3eb
unit-tests: Update expired certificates for TLS tests
2020-03-25 15:31:07 +01:00
Tobias Brunner
479c85d569
libtls: Remove unused variable in TLS socket implementation
...
Not used anymore since c43e8fdec4
("Block TLS read when sending data,
but have to wait for the handshake data first").
2020-03-06 10:30:16 +01:00
Tobias Brunner
d5cf2d1f85
tls-crypto: Fix usage of chunk_from_chars()
...
See 8ea13bbc5c
for details.
References #3249 .
2020-01-30 18:18:06 +01:00
Tobias Brunner
e438915e62
tls-prf: Remove unused/undeclared argument in TLS 1.0/1.1 PRF constructor
2020-01-28 15:32:43 +01:00
Tobias Brunner
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
Tobias Brunner
2ad1df9571
Replace 'inacceptable' with the more common 'unacceptable'
2018-06-28 18:46:42 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
024b979522
certificate: Return signature scheme and parameters from issued_by() method
...
This also required some include restructuring (avoid including library.h
in headers) to avoid unresolvable circular dependencies.
2017-11-08 16:48:10 +01:00
Tobias Brunner
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
Tobias Brunner
a413571f3b
public-key: Add optional parameters argument to verify() method
2017-11-08 16:48:10 +01:00
Tobias Brunner
ca280574ba
Fixed some typos, courtesy of codespell
2017-08-07 17:22:01 +02:00
Tobias Brunner
525cc46cab
Change interface for enumerator_create_filter() callback
...
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
2017-05-26 13:56:44 +02:00
Tobias Brunner
67849f4972
libtls: Replace expired certificates for unit tests
...
Only the tests with client authentication failed, the client accepted
the trusted self-signed certificate even when it was expired. On the
server the lookup (based on the pre-configured SAN) first found the ECDSA
cert, which it dismissed for the RSA authentication the client used, and
since only the first "pretrusted" cert is considered the following RSA
cert was verified more thoroughly.
The lookup on the client always uses the full DN of the server certificate
not the pre-configured identity so it found the correct certificate on
the first try.
2017-03-24 10:46:14 +01:00
Tobias Brunner
1003cf2330
Fixed some typos, courtesy of codespell
2017-03-23 18:29:18 +01:00
Andreas Steffen
40f2589abf
gmp: Support of SHA-3 RSA signatures
2016-09-22 17:34:31 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00