ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,776 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Pascal Knecht 6b23543abd tls-crypto: Move AEAD ownership to the protection layer 
This separates key derivation from key switching.
 2021-02-12 14:35:23 +01:00
Tobias Brunner ba3c90ded1 libtls: Some code style fixes 2021-02-12 11:45:44 +01:00
bytinbit 7a2b02667c libtls: Implement TLS 1.3 handshake on client-side 
The code is a minimal handshake with the HelloRetryRequest message
implementation missing.
Can be tested with an OpenSSL server running TLS 1.3. The server must
be at least version 1.1.1 (September 2018).

Co-authored-by: ryru <pascal.knecht@hsr.ch>
 2021-02-12 11:45:44 +01:00
Tobias Brunner ba2bcdd882 libtls: Allow tls_aead_t to change the content type 
The actual content type is encrypted with TLS 1.3, the type in the record
header is always Application Data.
 2021-02-12 11:45:44 +01:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Martin Willi 780bf2b8e9 libtls: Check for CHANGE_CIPHER_SPEC type only if upper layer returns NEED_MORE 
A type is returned only if upper layers successfully created a record, that is
returns NEED_MORE. If we do not check for the return value, we might check a
previous record or the uninitialized type variable and falsely reset the
sequence number.
 2015-01-12 14:18:24 +01:00
Martin Willi d3204677ba tls: Separate TLS protection to abstracted AEAD modes 
To better separate the code path for different TLS versions and modes of
operation, we introduce a TLS AEAD abstraction. We provide three implementations
using traditional transforms, and get prepared for TLS AEAD modes.
 2014-03-31 15:56:12 +02:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Martin Willi 3b96189a2a Add a return value to crypter_t.decrypt() 2012-07-16 14:53:38 +02:00
Martin Willi e35abbe588 Add a return value to crypter_t.encrypt 2012-07-16 14:53:37 +02:00
Tobias Brunner 126eb2af59 Check rng return value when generating secrets and IVs in libtls 2012-07-16 14:53:37 +02:00
Martin Willi 2e96de60a8 Add a return value to signer_t.get_signature() 2012-07-16 14:53:33 +02:00
Martin Willi cbfbba7d86 Add a return value to signer_t.allocate_signature() 2012-07-16 14:53:32 +02:00
Martin Willi 5976e149eb Don't allocate extra memory to MAC the TLS header 2011-09-28 17:32:23 +02:00
Martin Willi b79bb79a66 Verify TLS MAC even if padding is invalid to prevent timing attacks 2011-09-28 17:16:09 +02:00
Tobias Brunner f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Martin Willi fe559b5156 Accept TLS records with zero-length plaintext 2010-09-06 17:04:59 +02:00
Martin Willi e6f3ef1330 Implemented TLS Alert handling 2010-08-23 15:13:37 +02:00
Martin Willi 3c19b3461f Introducing a dedicated debug message group for libtls 2010-08-23 09:47:03 +02:00
Martin Willi 3102d8669d Use IV length of a crypter instead of block size for IV calculations 2010-08-13 17:11:53 +02:00
Andreas Steffen b62e9a30ce fixed sequence numbering and iv of TLS protection layer 2010-08-12 23:58:54 +02:00
Martin Willi 0f82a47063 Moved TLS stack to its own library 2010-08-03 15:39:26 +02:00