Commit Graph

538 Commits

Author SHA1 Message Date
bcc2724bf6 sidh: use implementation with improved performance for ARMv8 2018-10-12 16:15:11 +01:00
Marten Seemann
6fcf1bc4c0 don't expect CertificateVerify when the client doesn't send any cert 2018-10-12 14:27:02 +01:00
ce53b126bc fix: client shouldn't use P751/x448 ID 2018-10-09 09:38:59 +01:00
3895b624f3 sidh: comment out P751/x448 2018-10-09 08:54:33 +01:00
d184bc0099 sidh: adds PQ secure KEX
* SIDH/P503-X25519
* adds interop tests
2018-10-09 08:46:13 +01:00
7c79cbefc5 sidh: API 2018-10-09 08:46:13 +01:00
ed36ba540a sidh: updates for Makefile 2018-10-09 08:46:13 +01:00
61bc4c1a09 moves methods from Config to Conn receives
generateKeyShare has nothing to do with Config receiver. It doesn't
configure anything. It has everything with connection so moved to Conn.
Making deriveECDHESecret also a method of Conn will make it possible to
access 'isClient' field.
2018-10-09 08:46:13 +01:00
07ad1769c3 fix: in TLSv1.3, the ALPN extension must be sent in EE
serverHandshakeState::readClientHello was setting selected ALPN protocol
always on hs.hello.alpnProtocol, which is specific to TLS 1.2 and older.
Because of that server was marshalling ALPN to SH instead of EE.
2018-09-16 23:33:49 +01:00
da110326f8 Swap TLS 1.3 to RFC 8446 2018-09-16 12:22:20 +01:00
Watson Ladd
7e1760cc7c Add EMS support to tls-tris
see RFC7627
2018-09-07 15:16:11 +01:00
58c559ba00 fix: mac calculation fails when subsequent packet is shorter
Before AEAD encryption data are stored in a buffer. Last possition
of this buffer store data type. When subsequent TLS record is shorter
than previous, the buffer is shrinked. This causes to remove data
type, which results in wrong MAC calculation. Only in case of TLS 1.3.
2018-09-06 12:08:56 +01:00
1678dc5074 cleanup: removes Committer interface 2018-09-04 18:49:23 +01:00
Marten Seemann
e20b4d2a9a don't generate a key share with Curve ID 0 in the ServerHello tests
0 is used as a sentinel value when determining if the key share should
be marshalled.
2018-08-26 12:02:05 +01:00
Marten Seemann
9919e0e977 fix the key_exchange length in the ClientHello and ServerHello tests
The marshaller correctly checks the key_exchange length, but the test
code sometimes generated empty key_exchanges.
2018-08-26 12:02:05 +01:00
Marten Seemann
e7a33a2dc3 cherry-pick https://go-review.googlesource.com/c/go/+/129755 2018-08-26 12:02:05 +01:00
81871bbad5
tls tris server: allow custom server keypairs (#128) 2018-08-19 20:59:43 +01:00
2bcf6466b4
removes old draft version indicators (#127) 2018-08-19 10:27:33 +01:00
Marten Seemann
40eb693877 remove support for generating draft 18-21 ServerHellos (#124) 2018-08-18 19:51:42 +01:00
242e89da1b refactoring of the tris test client 2018-08-15 17:50:01 +01:00
63ec8fff02 refactoring of the tris test server 2018-08-15 16:25:21 +01:00
a21fd9c1bc
refactors record encryption code (#122) 2018-08-13 11:45:26 +01:00
e81269b57e Revert "Small refactoring of record encryption code"
This reverts commit 1782162852.
2018-08-10 20:50:12 +01:00
1782162852 Small refactoring of record encryption code 2018-08-10 20:48:54 +01:00
ad86d61c42 Let's use constant instead of hardcoding values (same is done in bssl) 2018-08-10 18:45:48 +01:00
91a6fcebab Cleanup 2018-08-10 09:08:43 +01:00
Christopher Patton
a2fe2d9a71 DC draft-02, last minute change (#121)
* Drop DC test data for draft23

* DC: Change public key type

There was a last minute change to spec that changes the public key type
from a byte string of length at most 2^16 to a byte string of length at
most 2^24.
2018-08-10 08:34:10 +01:00
e77e39e7aa
server must NOT send version prior to TLS1.3 in supported_versions (#119)
As per 4.2.1, client must abort with illegal_parameter in case it
gets version 0x0303 or older in supported_versions extensions
2018-08-09 22:16:01 +01:00
d3e18f99e2
Minimal number of changes needed to udpate to draft-28 (#115)
* includes AD in authentication check of TLS records

As per 5.2 of TLS 1.3 draft-28, the additional data is record header.

* tests: Update tests in order to support draft-28

* Interoperability: Updates NSS and BoringSSL versions to the
  one supporting draft-28
* Bogo: Updates revision number to use tests for draft-28
* FIX: makefile was using test-compat target instead of
  test-interop

* DC test: constify

* Use binary interface to encode in big-endian
2018-08-09 20:47:50 +01:00
Christopher Patton
0d6e4561a6 Add DC test data for tls13draft28 and tls13rfc (#117)
The test in subcerts_test.go only passes if maxVersion ==
VersionTLS13Draft23. This is because DCs are cryptographically bound to
the protocol version on the wire. To work around this as we move towards
the RFC, this PR adds test data for VersionTLS13Draft28 and VersionTLS13
and uses maxVersion to pick which data to load.  # Please enter the
commit message for your changes. Lines starting
2018-08-09 19:47:38 +01:00
Christopher Patton
174a68a0fb Update implementation of draft-ietf-tls-subcerts to draft 02 (#108)
Drops support for delegated credentials with TLS 1.2 and adds the
protocol version and signature algorithm to the credential structure.
2018-08-09 19:24:40 +01:00
77d1fbf262 Don't use VersionTLS13DraftXX anywhere 2018-08-07 19:22:54 +01:00
Christopher Patton
c5280001a4 Remove delegated credential minting from the API
What's left are the minimal API changes required to use the delegated
credential extension in the TLS handshake.
2018-07-27 19:12:28 +01:00
Christopher Patton
1ea9624098 Use static test data for testing delegated credentials
This removes dependency on NewDelegatedCredential from tris.
2018-07-27 19:12:28 +01:00
Brendan Mc
22d6deb0e7
Merge pull request #95 from cjpatton/subcerts
Delegated credentials for TLS
2018-07-03 10:09:26 -07:00
Christopher Patton
84fe9084cd Implement the delegated_credential extension for TLS
This complies with the standard, currently an Internet draft:
https://tlswg.github.io/tls-subcerts/draft-ietf-tls-subcerts.html

It also adds a minimal interface for generating new delegated
credentials.
2018-07-03 09:57:54 -07:00
Christopher Patton
963d5877be Refactor the keyAgreement interface
It's sufficient to pass in the *tls.Certificate (resp.
*x509.Certificate) to the server functions (resp. client funcctions),
but not necessary; the existing keyAgreement implementations only makes
use of the private key (resp. public key). Moreover, this change is
necessary for implementing the delegated credentials extension, which
replaces the private key (resp. public key) used in the handshake.
2018-06-29 08:57:57 -07:00
3ff71dcdc5 tests: enable client authentication in bogo 2018-06-29 08:12:15 +01:00
6e4abe2d07 TLSv1.3 draft-23: align tests
* Changes tests so that they pass with draft-23
* BoringSSL interoperability: uses code at most recent commit. It uses
  "-tls13-variant draft23" flag to indicate compatibility with draft23
* NSS interoperability: Uses release 3.35
* PicoTLS interoperability: blocked. Doesn't seem to implement draft23
* Uses updated bogo from
  https://github.com/henrydcase/crypto-tls-bogo-shim
2018-06-29 07:47:50 +01:00
03138ec18e TLSv1.3 -draft23: Implementation of signature_algorithms_cert
Tris uses signature_algorithms_cert in order to advertise that it
doesn't support RSA-PSS. See GH#86 for more detailed discussion.
2018-06-29 07:47:50 +01:00
5bdf1af124 TLS1.3 -draft23: Renumber key_share 2018-06-29 07:47:50 +01:00
Evan Klitzke
67bc308e04 Update client SCT list during TLS 1.3 handshake, fixes #76 2018-06-28 23:24:26 +01:00
b1d6c0aeaa Change function name verifyPeerCertificate->verifyPeerHandshakeSignature 2018-06-27 19:41:50 +01:00
91d6db578b CI: Fail build if code is wrongly formatted 2018-06-26 09:56:45 +01:00
b6af4dd343 Code formatting for handshake_server_test.go 2018-06-26 09:56:45 +01:00
3f720fc50c Code formatting for TRIS test client and server 2018-06-26 09:56:45 +01:00
Brendan Mc
9557e92e52
Merge pull request #97 from henrydcase/fix_name
Fixes function name
2018-06-19 09:23:58 -07:00
Brendan Mc
b9d61edfd5
Merge pull request #96 from henrydcase/fmt2
Applies go fmt to all the code
2018-06-19 09:23:46 -07:00
51a4ff64d8 Fixes function name 2018-06-19 11:24:08 +01:00
4b1b463735 Applies go fmt to all the code 2018-06-19 11:17:19 +01:00