Commit graph

650 commits

Author SHA1 Message Date
Paul Bakker 7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker 77e23fb0e0 Move *_pemify() function to PEM module 2013-09-15 20:03:26 +02:00
Paul Bakker 40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker 2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Paul Bakker 4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Paul Bakker c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker 1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard 92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard 989ed38de2 Make CBC an option, step 2: cipher layer 2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard f7dc378ead Make CBC an option, step 1: ssl ciphersuites 2013-09-13 15:37:03 +02:00
Manuel Pégourié-Gonnard 4fe9200f47 Fix memory leak in GCM by adding gcm_free() 2013-09-13 13:45:58 +02:00
Paul Bakker 9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard 0237620a78 Fix some dependencies declaration 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 53c642504e Use PK internally for x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard 6de63e480d Add EC support to x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard edda9041fc Adapt asn1_write_algorithm_identifier() to params 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard 3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard e1f821a6eb Adapt x509write_pubkey interface to use PK
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 8053da4057 x509write_csr() now fully using PK internally 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard 5353a03eb9 x509write_csr using PK internally (WIP) 2013-09-12 11:57:00 +02:00
Paul Bakker dcbfdcc177 Updated doxygen documentation in header files and HTML pages 2013-09-10 16:16:50 +02:00
Paul Bakker c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker 36b7e1efe7 Merged GCM refactoring into development
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Manuel Pégourié-Gonnard ea53a55c0f Refactor to prepare for RSA blinding optimisation 2013-09-10 13:55:35 +02:00
Paul Bakker 1c3853b953 oid_get_oid_by_*() now give back oid length as well 2013-09-10 11:43:44 +02:00
Paul Bakker 7db0109436 Made POLARSSL_MD_MAX_SIZE dependent on POLARSSL_SHA512_C 2013-09-10 11:10:57 +02:00
Paul Bakker eba3ccf785 Typo in config.h 2013-09-09 15:56:09 +02:00
Paul Bakker f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker cdda097507 Fixed doxygen documentation in asn1.h (added \brief) 2013-09-09 12:51:29 +02:00
Paul Bakker 52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker 5f45e62afe Migrated from x509_req_name to asn1_named_data structure 2013-09-09 12:02:36 +02:00
Paul Bakker c547cc992e Added generic asn1_free_named_data_list() 2013-09-09 12:01:23 +02:00
Paul Bakker 59ba59fa30 Generalized x509_set_extension() behaviour to asn1_store_named_data() 2013-09-09 11:34:44 +02:00
Paul Bakker 43aff2aec4 Moved GCM to use cipher layer instead of AES directly 2013-09-09 00:10:27 +02:00
Paul Bakker f46b6955e3 Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode) 2013-09-09 00:08:26 +02:00
Paul Bakker 5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard 032c34e206 Don't use DH blinding for ephemeral DH 2013-09-07 13:06:27 +02:00
Manuel Pégourié-Gonnard 337b29c334 Test and document EC blinding overhead 2013-09-07 11:52:27 +02:00
Paul Bakker 15162a054a Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker 329def30c5 Added asn1_write_bool() 2013-09-06 16:34:38 +02:00
Paul Bakker 9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Manuel Pégourié-Gonnard 7da0a38d43 Rm some includes that are now useless 2013-09-05 17:06:11 +02:00
Manuel Pégourié-Gonnard b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard 226d5da1fc GCM ciphersuites partially using cipher layer 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard 143b5028a5 Implement DH blinding 2013-09-04 16:29:59 +02:00
Paul Bakker c049955b32 Merged new cipher layer enhancements 2013-09-04 16:12:55 +02:00
Manuel Pégourié-Gonnard 2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard ce4112538c Fix RC4 key length in cipher 2013-09-04 12:29:26 +02:00
Manuel Pégourié-Gonnard 83f3fc0d77 Add AES-192-GCM 2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard 43a4780b03 Ommit AEAD functions if GCM not defined 2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard 2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard a235b5b5bd Fix iv_len interface.
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard 9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard e09d2f8261 Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Paul Bakker eb851f6cd5 Merged current cipher enhancements for ARC4 and AES-GCM 2013-09-01 15:49:38 +02:00
Manuel Pégourié-Gonnard 9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Paul Bakker da02a7f45e AES_CBC ciphersuites now run purely via cipher layer 2013-08-31 17:25:14 +02:00
Manuel Pégourié-Gonnard b5e85885de Handle NULL as a stream cipher for more uniformity 2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard 37e230c022 Add arc4 support in the cipher layer 2013-08-30 17:11:28 +02:00
Paul Bakker f451bac000 Blinding RSA only active when f_rng is provided 2013-08-30 15:48:53 +02:00
Paul Bakker 48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker 548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Manuel Pégourié-Gonnard c852a68b96 More robust selection of ctx_enc size 2013-08-28 13:13:30 +02:00
Paul Bakker 577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard acc7505a35 Temporary fix for size of cipher contexts 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard db77175e99 Make ecdsa_verify() return value more explicit 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard 2fb15f694c Un-rename ssl_set_own_cert_alt() 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard c6b6803dcf Add forgotten "inline" keyword 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard e511ffca50 Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard bfe32efb9b pk_{sign,verify}() now accept hash_len = 0 2013-08-27 22:21:21 +02:00
Manuel Pégourié-Gonnard a20c58c6f1 Use convert functions for SSL_SIG_* and SSL_HASH_* 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 51be559c53 Fix PKCS#11 deps: now goes through PK 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard c40b4c3708 Add configuration item for the PK module 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 0d42049440 Merge code for RSA and ECDSA in SSL 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 070cc7fd21 Use the new PK RSA-alt interface 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 12c1ff0ecb Add RSA-alt to the PK layer 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard a2d3f22007 Add and use pk_encrypt(), pk_decrypt() 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 8df2769178 Introduce pk_sign() and use it in ssl 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Manuel Pégourié-Gonnard 09edda888e Check key type against selected key exchange 2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard 32ea60a127 Declare ECDSA key exchange and ciphersuites
Also fix bug in ssl_list_ciphersuites().

For now, disable it on server.
Client will offer it but fail if server selects it.
2013-08-27 22:21:19 +02:00
Manuel Pégourié-Gonnard 0b03200e96 Add server-side support for ECDSA client auth 2013-08-27 22:21:19 +02:00
Paul Bakker 0be444a8b1 Ability to disable server_name extension (RFC 6066) 2013-08-27 21:55:01 +02:00
Paul Bakker d2f068e071 Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2 individually 2013-08-27 21:19:20 +02:00
Paul Bakker fb08fd2e23 Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available 2013-08-27 15:06:54 +02:00
Paul Bakker 9852d00de6 Moved asn1write funtions to use asn1_write_raw_buffer() 2013-08-26 17:56:37 +02:00
Paul Bakker 7accbced87 Doxygen documentation added to asn1write.h 2013-08-26 17:37:18 +02:00
Paul Bakker f3df61ad10 Generalized PEM writing in x509write module for RSA keys as well 2013-08-26 17:37:18 +02:00
Paul Bakker 135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker 1c0e550e21 Added support for Netscape Certificate Types in CSR writing
Further generalization of extension adding / replacing in the CSR
structure
2013-08-26 17:37:18 +02:00
Paul Bakker e5eae76bf0 Generalized the x509write_csr_set_key_usage() function and key_usage
storage
2013-08-26 17:37:18 +02:00
Paul Bakker 6db915b5a9 Added asn1_write_raw_buffer() 2013-08-26 17:37:17 +02:00
Manuel Pégourié-Gonnard 5151b45aa1 Minor comment fixes 2013-08-26 14:31:20 +02:00
Manuel Pégourié-Gonnard 38d1eba3b5 Move verify_result from ssl_context to session 2013-08-26 14:26:02 +02:00
Paul Bakker fde4270186 Added support for writing key_usage extension 2013-08-25 14:47:27 +02:00
Paul Bakker 598e450538 Added asn1_write_bitstring() and asn1_write_octet_string() 2013-08-25 14:46:39 +02:00
Paul Bakker ef0ba55a78 Removed old X509 write data from x509.h 2013-08-25 11:48:10 +02:00
Paul Bakker f677466d9a Doxygen documentation added to x509write.h 2013-08-25 11:47:51 +02:00
Paul Bakker 0e06c0fdb4 Assigned error codes to the error defines 2013-08-25 11:21:30 +02:00
Paul Bakker 82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker 8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard fff80f8879 PK: use NULL for unimplemented operations 2013-08-20 20:46:05 +02:00
Manuel Pégourié-Gonnard f73da02962 PK: change pk_verify arguments (md_info "optional") 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard ab46694558 Change pk_set_type to pk_init_ctx for consistency 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 15699380e5 Small PK cleanups
- better error codes
- rm now-useless include
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 3fb5c5ee1c PK: rename members for consistency CIPHER, MD
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 09162ddcaa PK: reuse some eckey functions for ecdsa
Also add some forgotten 'static' while at it.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard c6ac8870d5 Nicer interface between PK and debug.
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard b3d9187cea PK: add nice interface functions
Also fix a const-corectness issue.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 765db07dfb PK: use alloc and free function pointers 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 3053f5bcb4 Get rid of pk_wrap_rsa() 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard f8c948a674 Add name and get_size() members in PK 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard 835eb59c6a PK: fix support for ECKEY_DH 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard f18c3e0378 Add a PK can_do() method and simplify code 2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard d73b3c13be PK: use wrappers and function pointers for verify 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard f499993cb2 Add ecdsa_from_keypair()
Also fix bug/limitation in mpi_copy: would segfault if src just initialised
and not set to a value yet. (This case occurs when copying a context which
contains only the public part of the key, eg.)
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard cc0a9d040d Fix const-correctness of rsa_*_verify() 2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard 211a64c79f Add eckey to ecdsa conversion in the PK layer 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard e09631b7c4 Create ecp_group_copy() and use it 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard aa431613b3 Add ecdsa example program 2013-08-20 20:08:29 +02:00
Manuel Pégourié-Gonnard 8eebd012b9 Add an ecdsa_genkey() function 2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard 4846f5ecbc ecdsa now depends on ASN.1 parse & write 2013-08-20 20:04:16 +02:00
Manuel Pégourié-Gonnard b694b4896c Add ecdsa_{read,write}_signature() 2013-08-20 20:04:16 +02:00
Paul Bakker 04784f57e4 Added config check for SSL/TLS module that depends on cipher layer 2013-08-19 13:31:39 +02:00
Paul Bakker 59da0a46a4 Added config check for POLARSSL_SSL_SESSION_TICKETS 2013-08-19 13:27:17 +02:00
Manuel Pégourié-Gonnard 298aae4524 Adapt core OID functions to embeded null bytes 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard 56a487a17f Minor ecdsa cleanups
- point_format is of no use
- d was init'ed and free'd twice
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard 0b2726732e Fix ifdef conditions for EC-related extensions.
Was alternatively ECP_C and ECDH_C.
2013-08-16 13:56:17 +02:00
Manuel Pégourié-Gonnard 5734b2d358 Actually use the point format selected for ECDH 2013-08-16 13:56:16 +02:00
Paul Bakker 1f2bc6238b Made support for the truncated_hmac extension configurable 2013-08-15 13:45:55 +02:00
Paul Bakker 05decb24c3 Made support for the max_fragment_length extension configurable 2013-08-15 13:33:48 +02:00
Paul Bakker 606b4ba20f Session ticket expiration checked on server 2013-08-15 11:42:48 +02:00
Paul Bakker a503a63b85 Made session tickets support configurable from config.h 2013-08-14 14:26:03 +02:00
Manuel Pégourié-Gonnard 56dc9e8bba Authenticate session tickets. 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 990c51a557 Encrypt session tickets 2013-08-14 14:08:07 +02:00
Manuel Pégourié-Gonnard 779e42982c Start adding ticket keys (only key_name for now) 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard aa0d4d1aff Add ssl_set_session_tickets() 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard 06650f6a37 Fix reusing session more than once 2013-08-14 14:08:06 +02:00
Manuel Pégourié-Gonnard a5cc6025e7 Parse NewSessionTicket message 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 60182ef989 ssl_cli: write & parse session ticket extension 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 75d440192c Introduce ticket field in session structure 2013-08-14 14:08:04 +02:00
Manuel Pégourié-Gonnard 747180391d Add ssl_get_session() to save session on client 2013-08-14 14:08:03 +02:00
Paul Bakker 48e93c84b7 Made padding modes configurable from config.h 2013-08-14 14:02:48 +02:00