Paul Bakker
8f4ddaeea9
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b
)
Conflicts:
ChangeLog
library/ssl_srv.c
library/ssl_tls.c
2013-04-16 18:09:45 +02:00
Paul Bakker
0ecdb23eed
Cleanup of the GCM code
...
Removed unused variable 'v'
orig_len and orig_add_len are now uint64_t to support larger than 2^29
data sizes
2013-04-09 11:36:42 +02:00
Paul Bakker
a280d0f2b9
Fixed compiler warning for possible uninitialized ret
2013-04-08 13:40:17 +02:00
Paul Bakker
27714b1aa1
Added Camellia ECDHE-based CBC ciphersuites
...
Added TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 and
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384
2013-04-07 23:07:12 +02:00
Paul Bakker
bfe671f2d5
Blowfish has default of 128-bit keysize in cipher layer
2013-04-07 22:35:44 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
37de6bec16
Const correctness added for asn1write functions
2013-04-07 13:11:31 +02:00
Paul Bakker
3b6a07b745
Prevented compiler warning on uninitialized end
2013-03-21 11:56:50 +01:00
Paul Bakker
d3edc86720
Moved writing of client extensions to separate functions in ssl_cli.c
2013-03-20 16:07:17 +01:00
Paul Bakker
a54e493bc0
Added ECDHE-based SHA256 and SHA384 ciphersuites
...
Added TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ciphersuites
2013-03-20 15:31:54 +01:00
Paul Bakker
b7149bcc90
Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF
2013-03-20 15:30:09 +01:00
Paul Bakker
41c83d3f67
Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS
...
Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included.
2013-03-20 14:39:14 +01:00
Paul Bakker
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
Paul Bakker
d589a0ddb6
Modified Makefiles to include new files and and config.h to PolarSSL standard
2013-03-13 16:30:17 +01:00
Paul Bakker
68884e3c09
Moved to advanced ciphersuite representation and more dynamic SSL code
2013-03-13 14:48:32 +01:00
Paul Bakker
c9118b433b
Renamed hash structures to ctx
2013-03-13 11:48:39 +01:00
Paul Bakker
09d67258a2
Modified to work in-place
2013-03-13 11:46:00 +01:00
Paul Bakker
92be97b8e6
Align data with future location based on IV size
2013-03-13 11:46:00 +01:00
Paul Bakker
07eb38ba31
Update ssl_hw_record_init() to receive keylen, ivlen and maclen as well
...
Added ssl_hw_record_activate()
2013-03-13 11:44:40 +01:00
Paul Bakker
c7878113cb
Do not set done in case of a fall-through
2013-03-13 11:44:40 +01:00
Paul Bakker
5bd422937a
Reverted commit 186751d9dd
and made out_hdr and out_msg back-to-back again
2013-03-13 11:44:40 +01:00
Paul Bakker
fae35f0601
Functions in cipher_wrap.c marked static
2013-03-13 10:33:51 +01:00
Paul Bakker
d1df02a8a3
Functions inside md_wrap.c now marked static
2013-03-13 10:31:31 +01:00
Paul Bakker
ac0fba5389
Added missing header for MD2 and made code compile with missing header
...
files
2013-03-13 10:28:40 +01:00
Paul Bakker
1bd3ae826c
Added md_process() to MD layer for generic internal access to hash
...
process functions
Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
2013-03-13 10:26:44 +01:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Paul Bakker
e81beda60f
The SSL session cache module (ssl_cache) now also retains peer_cert information (not the entire chain)
...
The real peer certificate is copied into a x509_buf in the
ssl_cache_entry and reinstated upon cache retrieval. The information
about the rest of the certificate chain is lost in the process.
As the handshake (and certificate verification) has already been
performed, no issue is foreseen.
2013-03-06 18:01:03 +01:00
Paul Bakker
78a8c71993
Re-added support for parsing and handling SSLv2 Client Hello messages
...
If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation.
2013-03-06 18:01:03 +01:00
Paul Bakker
37286a573b
Fixed net_bind() for specified IP addresses on little endian systems
2013-03-06 18:01:03 +01:00
Paul Bakker
926c8e49fe
Fixed possible NULL pointer exception in ssl_get_ciphersuite()
2013-03-06 18:01:03 +01:00
Paul Bakker
8804f69d46
Removed timing differences due to bad padding from RSA decrypt for
...
PKCS#1 v1.5 operations
2013-03-06 18:01:03 +01:00
Paul Bakker
a43231c5a5
Added support for custom labels when using rsa_rsaes_oaep_encrypt() or rsa_rsaes_oaep_decrypt()
2013-03-06 18:01:02 +01:00
Paul Bakker
b386913f8b
Split up the RSA PKCS#1 encrypt, decrypt, sign and verify functions
...
Split rsa_pkcs1_encrypt() into rsa_rsaes_oaep_encrypt() and
rsa_rsaes_pkcs1_v15_encrypt()
Split rsa_pkcs1_decrypt() into rsa_rsaes_oaep_decrypt() and
rsa_rsaes_pkcs1_v15_decrypt()
Split rsa_pkcs1_sign() into rsa_rsassa_pss_sign() and
rsa_rsassa_pkcs1_v15_sign()
Split rsa_pkcs1_verify() into rsa_rsassa_pss_verify() and
rsa_rsassa_pkcs1_v15_verify()
The original functions exist as generic wrappers to these functions.
2013-03-06 18:01:02 +01:00
Paul Bakker
8ddb645ad3
Added conversion to int for a t_uint value to prevent compiler warnings
...
On 64-bit platforms t_uint can be larger than int resulting in compiler
warnings on some platforms (MS Visual Studio)
2013-03-06 18:00:54 +01:00
Paul Bakker
3d2dc0f8e5
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
...
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.
Found by Yawning Angel
2013-02-28 10:55:39 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
Paul Bakker
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Manuel Pégourié-Gonnard
f35b739dff
Add a few check for context validity.
2013-02-11 22:12:39 +01:00
Manuel Pégourié-Gonnard
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
13724765b2
Add ecdh_make_server_params (untested yet)
2013-02-10 15:01:54 +01:00
Manuel Pégourié-Gonnard
63533e44c2
Create ecdh_context structure
2013-02-10 14:22:44 +01:00
Manuel Pégourié-Gonnard
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
b325887fad
Add ecp_tls_write_group()
2013-02-10 12:06:19 +01:00
Manuel Pégourié-Gonnard
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
0079405918
Add functions for read/write ECPoint records
2013-02-09 19:00:07 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
8fe40dcd7d
Allow enabling of dummy error_strerror() to support some use-cases
...
Enable a dummy error function to make use of error_strerror() in
third party libraries easier.
Disable if you run into name conflicts and want to really remove the
error_strerror()
2013-02-02 12:43:08 +01:00
Manuel Pégourié-Gonnard
3aeb5a7192
Add ECDSA signature primitive.
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
b309ab2936
Add ECDSA sign primitive
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
2aea1416f9
Add skeleton ecdsa.[ch]
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
6545ca7bed
Add ECDH primitives
2013-01-26 19:11:24 +01:00
Manuel Pégourié-Gonnard
0bad5c2381
Add skeleton ecdh.[ch]
2013-01-26 15:30:46 +01:00
Manuel Pégourié-Gonnard
45a035a9ac
Add ecp_gen_keypair()
2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
9c94cddeae
Correctly handle CertificateRequest with empty DN list in <= TLS 1.1
2013-01-22 14:21:49 +01:00
Paul Bakker
cf4365f560
Updated error codes for ECP
2013-01-16 17:00:43 +01:00
Paul Bakker
a95919b4c7
Added ECP files to Makefiles as well
2013-01-16 17:00:05 +01:00
Manuel Pégourié-Gonnard
5e402d88ea
Added ecp_read_binary().
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3
Added support for writing points compressed
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46
Added ecp_write_binary().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63
Added ecp_check_pubkey().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
3680c82c5a
Made choice of w safer and more optimal
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
cdd44324e9
Added ecp_normalize_many() for faster precompute()
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5
Made ecp_mul() faster and truly SPA resistant
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
7652a593d6
Added a precompute() function for fast mult
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
855560758c
Added function preparing for faster multiplication
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
b4a310b472
Added a selftest about SPA resistance
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e
Added ecp_sub() as a variant of ecp_add()
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c
Changed to jacobian coordinates everywhere
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
773ed546a2
Added a nbits member to ecp_group
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb
Multiplication by negative is now forbidden
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f
Added fast mod_p192
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4712325777
Clarifications in comments; code cosmetics & style
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
dada4da33f
Moved domain paramaters to ecp.c
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
62aad14139
Added slot for fast modp, with mod_p521
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
84d1aea1ac
Now reducing mod p after every single operation
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
e0c16922f9
Point multiplication using Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
7e0adfbcc5
Replaced add_generic with add_mixed
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
989c32bc3e
Replaced double_generic with double_jac
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
27b1ba8be0
Changed ecp_mul() to always add the same point
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
d070f51224
Started introducting Jacobian coordinates
2013-01-16 16:31:51 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c
Moved tests from selftest to tests/test_suite_ecp
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
a5402fee04
Added ecp_use_known_dp()
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
efaa31e9ae
Implemented multiplication
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
b4ab8a8137
Fixed memory leak due to typo
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
de532ee73f
Implemented generic doubling
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
ab38b70816
Fixed add_generic
2013-01-16 16:31:50 +01:00