Tobias Brunner
11a4687930
libtls: Add control flags and replace GENERIC_NULLOK purpose with one
2021-02-18 15:10:29 +01:00
Tobias Brunner
a60e248b0d
libtls: Increase default min version to 1.2
...
The older versions are generally considered deprecated (there is an
Internet-Draft that aims to do that formally).
2021-02-12 14:35:23 +01:00
Pascal Knecht
dc9f6c68df
libtls: Add downgrade protection for TLS 1.3 and TLS 1.2
...
Section 4.1.3 in RFC 8446 defines a new downgrade protection mechanism
that also affects TLS 1.2.
2021-02-12 14:35:23 +01:00
Tobias Brunner
92aef122c3
libtls: Reduce default max version to 1.2
...
Using TLS 1.3 with various EAP methods is not yet fully standardized, so we
don't enable it by default yet.
2021-02-12 14:35:23 +01:00
Tobias Brunner
663969ddf7
libtls: Make min/max TLS version configurable
...
Except for the tls_test tool, the versions now default to those
configured in strongswan.conf.
2021-02-12 14:35:23 +01:00
Pascal Knecht
f81c04e9e3
libtls: Add missing cipher suite and TLS extension constants
...
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- Encrypt then MAC
- Extended master secret
- Session ticket
and also add missing suites in the unit test.
2021-02-12 14:35:23 +01:00
Tobias Brunner
c4576a1f57
tls: Allow setting both minimum and maximum TLS versions
...
This allows to increase the initial minimum version and also prevents
sending a list of versions during retries when 1.3 was already
negotiated.
2021-02-12 11:45:44 +01:00
Tobias Brunner
2b6565c236
tls-peer: Handle HelloRetryRequest
...
Adds support to handle retries with different DH group and/or a cookie
extension.
2021-02-12 11:45:44 +01:00
bytinbit
7a2b02667c
libtls: Implement TLS 1.3 handshake on client-side
...
The code is a minimal handshake with the HelloRetryRequest message
implementation missing.
Can be tested with an OpenSSL server running TLS 1.3. The server must
be at least version 1.1.1 (September 2018).
Co-authored-by: ryru <pascal.knecht@hsr.ch>
2021-02-12 11:45:44 +01:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Martin Willi
666c552381
libtls: Add getters for TLS handshake authentication details
2015-03-03 14:08:00 +01:00
Martin Willi
970378c557
libtls: Don't send TLS close notifies in EAP after application succeeds
...
With the introduction of PT-TLS, we started sending TLS close notifies after
the application layer completes (7bbf7aa9
). While this makes sense for TCP based
transports, it is not required in EAP methods. In EAP, handshake completion
can be directly signaled using the outer EAP-SUCCESS message. This also saves
one round-trip in the EAP exchange.
Windows 7/8 does not seem to like TLS close notifies at all in EAP, and either
stalls (EAP-TTLS) or disconnects (PEAP).
Fixes #556 .
2015-02-19 11:29:07 +01:00
Martin Willi
e2bf45a491
tls: Move variable sized tls_record_t struct to end of tls_t data
...
clang complains about the the non-last variable length member.
2014-05-16 15:42:07 +02:00
Martin Willi
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
Martin Willi
f93497507f
tls: Check for minimal TLS record length before each record iteration
...
Fixes fragment reassembling if a buffer contains more than one record, but
the last record contains a partial TLS record header. Thanks to Nick Saunders
and Jamil Nimeh for identifying this issue and providing a fix for it.
2014-03-31 15:56:12 +02:00
Tobias Brunner
409adef43c
libtls: Move settings to <ns>.tls with fallback to libtls
2014-02-12 14:34:32 +01:00
Martin Willi
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
Andreas Steffen
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Martin Willi
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
Andreas Steffen
e7cb8f9b37
added dummy libtls_init() function needed for integrity testing
2011-11-08 20:27:17 +01:00
Andreas Steffen
a9ee43e96a
added TLS renegotiation_info extension
2011-04-14 16:54:46 +02:00
Andreas Steffen
1bee89d339
added TLS_PURPOSE_EAP_PEAP
2011-04-05 18:16:28 +02:00
Martin Willi
6cf85b35a4
Added TLS extension identifiers from RFC 3546
2010-09-06 15:37:51 +02:00
Martin Willi
37a59a8fbf
Support for EC curve Hello extension, EC curve fallback
2010-09-03 14:54:43 +02:00
Andreas Steffen
c0071bde73
removed redundant debug output
2010-09-02 22:19:37 +02:00
Martin Willi
731611c525
Added TLS extension identifiers
2010-09-02 19:33:08 +02:00
Andreas Steffen
5fb1311b2a
clarified debug output
2010-08-31 23:22:39 +02:00
Martin Willi
743f94067e
Support processing of partial TLS record headers
2010-08-31 16:17:01 +02:00
Martin Willi
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
Martin Willi
ce1af73907
Implemented buffering of partial records in TLS stack
2010-08-31 15:35:29 +02:00
Martin Willi
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00
Martin Willi
bd23b9086e
Initialize output chunk before appending data to it
2010-08-25 12:43:21 +02:00
Martin Willi
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
Martin Willi
c5142f110e
Check if the application layer has completed successfully
2010-08-24 08:45:49 +02:00
Martin Willi
1475800080
Moved TLS record parsing/generation to tls.c
2010-08-24 08:45:49 +02:00
Martin Willi
e6f3ef1330
Implemented TLS Alert handling
2010-08-23 15:13:37 +02:00
Martin Willi
f154e30431
Verify negotiated TLS version
2010-08-23 09:47:03 +02:00
Martin Willi
96b2fbcc2c
Introducing simple purposes for the TLS stack, switches various options
2010-08-20 15:09:08 +02:00
Andreas Steffen
b51ac45c48
optional certificate-based peer authentication on TLS server side
2010-08-15 13:02:57 +02:00
Andreas Steffen
1327839da8
added generic TLS application data handler and specific EAP-TTLS instantiation
2010-08-12 23:58:54 +02:00
Andreas Steffen
a6444fcdd4
EAP-TLS and EAP-TTLS use different constant MSK PRF label
2010-08-07 11:26:04 +02:00
Martin Willi
0f82a47063
Moved TLS stack to its own library
2010-08-03 15:39:26 +02:00