Commit graph

514 commits

Author SHA1 Message Date
Paul Bakker 8f4ddaeea9 Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.

The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b)

Conflicts:
	ChangeLog
	library/ssl_srv.c
	library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker 0ecdb23eed Cleanup of the GCM code
Removed unused variable 'v'

orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
2013-04-09 11:36:42 +02:00
Paul Bakker a280d0f2b9 Fixed compiler warning for possible uninitialized ret 2013-04-08 13:40:17 +02:00
Paul Bakker 27714b1aa1 Added Camellia ECDHE-based CBC ciphersuites
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker bfe671f2d5 Blowfish has default of 128-bit keysize in cipher layer 2013-04-07 22:35:44 +02:00
Paul Bakker c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker 37de6bec16 Const correctness added for asn1write functions 2013-04-07 13:11:31 +02:00
Paul Bakker 3b6a07b745 Prevented compiler warning on uninitialized end 2013-03-21 11:56:50 +01:00
Paul Bakker d3edc86720 Moved writing of client extensions to separate functions in ssl_cli.c 2013-03-20 16:07:17 +01:00
Paul Bakker a54e493bc0 Added ECDHE-based SHA256 and SHA384 ciphersuites
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker b7149bcc90 Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF 2013-03-20 15:30:09 +01:00
Paul Bakker 41c83d3f67 Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker 00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker d589a0ddb6 Modified Makefiles to include new files and and config.h to PolarSSL standard 2013-03-13 16:30:17 +01:00
Paul Bakker 68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker c9118b433b Renamed hash structures to ctx 2013-03-13 11:48:39 +01:00
Paul Bakker 09d67258a2 Modified to work in-place 2013-03-13 11:46:00 +01:00
Paul Bakker 92be97b8e6 Align data with future location based on IV size 2013-03-13 11:46:00 +01:00
Paul Bakker 07eb38ba31 Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well
Added ssl_hw_record_activate()
2013-03-13 11:44:40 +01:00
Paul Bakker c7878113cb Do not set done in case of a fall-through 2013-03-13 11:44:40 +01:00
Paul Bakker 5bd422937a Reverted commit 186751d9dd and made out_hdr and out_msg back-to-back again 2013-03-13 11:44:40 +01:00
Paul Bakker fae35f0601 Functions in cipher_wrap.c marked static 2013-03-13 10:33:51 +01:00
Paul Bakker d1df02a8a3 Functions inside md_wrap.c now marked static 2013-03-13 10:31:31 +01:00
Paul Bakker ac0fba5389 Added missing header for MD2 and made code compile with missing header
files
2013-03-13 10:28:40 +01:00
Paul Bakker 1bd3ae826c Added md_process() to MD layer for generic internal access to hash
process functions

Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker 90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Paul Bakker e81beda60f The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.

As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker 78a8c71993 Re-added support for parsing and handling SSLv2 Client Hello messages
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.

It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker 37286a573b Fixed net_bind() for specified IP addresses on little endian systems 2013-03-06 18:01:03 +01:00
Paul Bakker 926c8e49fe Fixed possible NULL pointer exception in ssl_get_ciphersuite() 2013-03-06 18:01:03 +01:00
Paul Bakker 8804f69d46 Removed timing differences due to bad padding from RSA decrypt for
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker a43231c5a5 Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt() 2013-03-06 18:01:02 +01:00
Paul Bakker b386913f8b Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()

The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker 8ddb645ad3 Added conversion to int for a t_uint value to prevent compiler warnings
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker 3d2dc0f8e5 Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker e47b34bdc8 Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.

The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker 2ca8ad10a1 Made x509parse.c also work with missing hash header files 2013-02-19 13:17:38 +01:00
Paul Bakker 86f04f400b Fixed comment 2013-02-14 11:20:09 +01:00
Paul Bakker c0463502ff Fixed memory leak in ssl_free() and ssl_reset() for active session 2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard f35b739dff Add a few check for context validity. 2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard 424fda5d7b Add ecdh_calc_secret() 2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard 5cceb41d2c Add ecdh_{make,read}_public() 2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard 854fbd7ba2 Add ecdh_read_params(). 2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard 13724765b2 Add ecdh_make_server_params (untested yet) 2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard 63533e44c2 Create ecdh_context structure 2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard 98f51815d6 Fix ecp_tls_read_point's signature 2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard 7c145c6418 Fix ecp_tls_read_group's signature 2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard 46106a9d75 Add tests for (and fix bug in) ecp_tls_write_group 2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard 420f1eb675 Fix ecp_tls_write_point's signature 2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard b325887fad Add ecp_tls_write_group() 2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard 7e86025f32 Rename ecp_*_binary to ecp_point_*_binary 2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard d84895dc22 Supress 'format' argument to ecp_read_binary.
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard 0079405918 Add functions for read/write ECPoint records 2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard 1a96728964 Add function parsing a TLS ECParameters record 2013-02-09 17:53:31 +01:00
Paul Bakker c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Paul Bakker 40865c8e5d Added sending of alert messages in case of decryption failures as per RFC
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker d66f070d49 Disable debug messages that can introduce a timing side channel.
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker 4582999be6 Fixed timing difference resulting from badly formatted padding. 2013-02-02 19:04:13 +01:00
Paul Bakker 8fe40dcd7d Allow enabling of dummy error_strerror() to support some use-cases
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.

Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard 3aeb5a7192 Add ECDSA signature primitive. 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard b309ab2936 Add ECDSA sign primitive 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard 2aea1416f9 Add skeleton ecdsa.[ch] 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard 6545ca7bed Add ECDH primitives 2013-01-26 19:11:24 +01:00
Manuel Pégourié-Gonnard 0bad5c2381 Add skeleton ecdh.[ch] 2013-01-26 15:30:46 +01:00
Manuel Pégourié-Gonnard 45a035a9ac Add ecp_gen_keypair() 2013-01-26 14:42:45 +01:00
Paul Bakker 14c56a3378 Updated for PolarSSL 1.2.4 2013-01-25 17:11:37 +01:00
Paul Bakker 1961b709d8 Added ssl_handshake_step() to allow single stepping the handshake
process

Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker 9c94cddeae Correctly handle CertificateRequest with empty DN list in <= TLS 1.1 2013-01-22 14:21:49 +01:00
Paul Bakker cf4365f560 Updated error codes for ECP 2013-01-16 17:00:43 +01:00
Paul Bakker a95919b4c7 Added ECP files to Makefiles as well 2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard 5e402d88ea Added ecp_read_binary(). 2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard 37d218a8e3 Added support for writing points compressed 2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard e19feb5b46 Added ecp_write_binary(). 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard 1c33057a63 Added ecp_check_pubkey(). 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard 3680c82c5a Made choice of w safer and more optimal 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard cdd44324e9 Added ecp_normalize_many() for faster precompute() 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard b63f9e98f5 Made ecp_mul() faster and truly SPA resistant 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard 7652a593d6 Added a precompute() function for fast mult 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard 855560758c Added function preparing for faster multiplication 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 9674fd0d5e Added ecp_sub() as a variant of ecp_add() 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 1c2782cc7c Changed to jacobian coordinates everywhere 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 773ed546a2 Added a nbits member to ecp_group 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 4bdd47d2cb Multiplication by negative is now forbidden 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 8433824d5f Added fast mod_p192 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard 4712325777 Clarifications in comments; code cosmetics & style 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard dada4da33f Moved domain paramaters to ecp.c 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard 62aad14139 Added slot for fast modp, with mod_p521 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard 84d1aea1ac Now reducing mod p after every single operation 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard e0c16922f9 Point multiplication using Jacobian coordinates 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard 7e0adfbcc5 Replaced add_generic with add_mixed 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard 989c32bc3e Replaced double_generic with double_jac 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard 27b1ba8be0 Changed ecp_mul() to always add the same point 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard d070f51224 Started introducting Jacobian coordinates 2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard 4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard a5402fee04 Added ecp_use_known_dp() 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard efaa31e9ae Implemented multiplication 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard b4ab8a8137 Fixed memory leak due to typo 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard de532ee73f Implemented generic doubling 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard ab38b70816 Fixed add_generic 2013-01-16 16:31:50 +01:00