Commit Graph

562 Commits

Author SHA1 Message Date
cb643472ee Temporarily disable example 2019-04-05 14:09:31 +01:00
12f7b294ba Adds -race and go 1.12 2019-04-05 14:04:58 +01:00
180616d129 Fixes wrong command in travis 2019-04-05 14:04:55 +01:00
3c361d8664 Removes _dev 2019-04-05 14:01:32 +01:00
c1c7bfa053 Update README 2019-04-05 14:01:29 +01:00
7bbaf23cda Changes needed to make tris a separated lib 2019-04-05 13:42:58 +01:00
af21f3083c
Fix: always store client hello in ConnectionState (#161)
always store CH in ConnectionState

Fixes a bug. On a server side, ConnectionState.ClientHello was filled
only in case server was handling TLSv1.3
2019-03-13 12:10:20 +00:00
600d4dece5
Adds X25519-SIKEp503 key agreement (#159)
* removes useless variable

* [sike] Adds X25519-SIKEp503 with cSHAKE
2019-02-26 10:16:49 +00:00
a5d35123cc
[sike] Refactor key agreement in TLS 1.3 [PATCH 1/2] (#153)
Previously there where two methods used for key agreemnt
tls.Conn::generateKeyShare and tls.Conn::deriveDHESecret. Both were
used on client and server side. Boolean flag is used in order to
differentiate between key agreement performed on client and on server
side. Which sucks badly.
In order to implement shared secret agreement with KEM it is better to
add method which implements server specific key agreement and provide
default implementation which reuses tls.Conn::generateKeyShare followed
by tls.Conn::deriveDHESecret.
Now, it is possible for most of the DH-style key agreements to reuse
default implementation and for KEM-style key agreement to provide server
specific implementation.
2019-02-25 17:25:16 +00:00
7619b84b13
Fixes GH#154. Updates client certificates (#155) 2019-02-22 07:36:02 +00:00
76231e7564 SIDH: Implement test againt TLSv1.2
Tris tries to connect to BoringSSL over TLS 1.2 with X25519-SIDH
as prefered DH group. As this is not supported by BoringSSL it must
fall back to P-256 (second preference on the list)

Also refactors tris test client
2018-12-10 15:12:56 +00:00
334eee5310 SIDH: Align codepoints with the ones in latest version 2018-12-10 15:12:56 +00:00
1c0d342ecc boringssl: update to newest version 2018-12-10 15:12:56 +00:00
36f2800cb3 adds LICENSE 2018-10-25 21:47:18 +01:00
fab2c445b3 makefile: use named tags instead of commit numbers 2018-10-25 20:37:45 +01:00
c752e2e7a4 test: adds tests for rsa-pss signatures 2018-10-17 14:06:11 +01:00
Filippo Valsorda
d20745552c crypto/tls: expand docs on client-side session ticket support
Users are sometimes confused why session tickets are not enabled even if
SessionTicketsDisabled is false.

Change-Id: I3b783d2cf3eed693a3ad6acb40a8003db7e0b648
Reviewed-on: https://go-review.googlesource.com/117255
Reviewed-by: Adam Langley <agl@golang.org>
2018-10-17 14:06:11 +01:00
18024f59de crypto/tls: add examples for [Load]X509KeyPair
I was confused about how to start an HTTP server if the server
cert/key are in memory, not on disk. I thought it would be good to
show an example of how to use these two functions to accomplish that.

example-cert.pem and example-key.pem were generated using
crypto/tls/generate_cert.go.
2018-10-17 14:06:11 +01:00
Filippo Valsorda
4c970a6672 crypto/tls: parse certificate first in X509KeyPair to get better errors
parsePrivateKey can't return useful error messages because it does trial
decoding of multiple formats.  Try ParseCertificate first in case it
offers a useful error message.

Fixes #23591

Change-Id: I380490a5850bee593a7d2f584a27b2a14153d768
Reviewed-on: https://go-review.googlesource.com/90435
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
2018-10-17 14:06:11 +01:00
Kevin Burke
9fc345bd63 crypto/tls: handle errors in generate_cert.go
I don't expect these to hit often, but we should still alert users if
we fail to write the correct data to the file, or fail to close it.

Change-Id: I33774e94108f7f18ed655ade8cca229b1993d4d2
Reviewed-on: https://go-review.googlesource.com/91456
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-10-17 14:06:11 +01:00
86b0aecf5e go 1.11: Switch to GO 1.11
Minimal amount of changes needed to switch to GO 1.11
* crypto/internal/cipherhw was removed and internal/cpu was introduced
* wrong code formatting in handhsake_server_test.go was breaking
  the build
2018-10-17 14:06:11 +01:00
8da51abeca sidh: operability tests with BoringSSL
Implements two tests for SIDH/P503-X25519 interoperability. BoringSSL
initiates connection to TRIS and TRIS initiates connection to BoringSSL.
SIDH server always listens on port 7443
2018-10-15 14:55:49 +01:00
96db6f14d8 sidh: sidh support in boringssl 2018-10-15 14:55:49 +01:00
cb67de3e1f
sidh: use version with improved vendoring (#144) 2018-10-12 20:17:03 +01:00
bcc2724bf6 sidh: use implementation with improved performance for ARMv8 2018-10-12 16:15:11 +01:00
Marten Seemann
6fcf1bc4c0 don't expect CertificateVerify when the client doesn't send any cert 2018-10-12 14:27:02 +01:00
ce53b126bc fix: client shouldn't use P751/x448 ID 2018-10-09 09:38:59 +01:00
3895b624f3 sidh: comment out P751/x448 2018-10-09 08:54:33 +01:00
d184bc0099 sidh: adds PQ secure KEX
* SIDH/P503-X25519
* adds interop tests
2018-10-09 08:46:13 +01:00
7c79cbefc5 sidh: API 2018-10-09 08:46:13 +01:00
ed36ba540a sidh: updates for Makefile 2018-10-09 08:46:13 +01:00
61bc4c1a09 moves methods from Config to Conn receives
generateKeyShare has nothing to do with Config receiver. It doesn't
configure anything. It has everything with connection so moved to Conn.
Making deriveECDHESecret also a method of Conn will make it possible to
access 'isClient' field.
2018-10-09 08:46:13 +01:00
07ad1769c3 fix: in TLSv1.3, the ALPN extension must be sent in EE
serverHandshakeState::readClientHello was setting selected ALPN protocol
always on hs.hello.alpnProtocol, which is specific to TLS 1.2 and older.
Because of that server was marshalling ALPN to SH instead of EE.
2018-09-16 23:33:49 +01:00
da110326f8 Swap TLS 1.3 to RFC 8446 2018-09-16 12:22:20 +01:00
Watson Ladd
7e1760cc7c Add EMS support to tls-tris
see RFC7627
2018-09-07 15:16:11 +01:00
58c559ba00 fix: mac calculation fails when subsequent packet is shorter
Before AEAD encryption data are stored in a buffer. Last possition
of this buffer store data type. When subsequent TLS record is shorter
than previous, the buffer is shrinked. This causes to remove data
type, which results in wrong MAC calculation. Only in case of TLS 1.3.
2018-09-06 12:08:56 +01:00
1678dc5074 cleanup: removes Committer interface 2018-09-04 18:49:23 +01:00
Marten Seemann
e20b4d2a9a don't generate a key share with Curve ID 0 in the ServerHello tests
0 is used as a sentinel value when determining if the key share should
be marshalled.
2018-08-26 12:02:05 +01:00
Marten Seemann
9919e0e977 fix the key_exchange length in the ClientHello and ServerHello tests
The marshaller correctly checks the key_exchange length, but the test
code sometimes generated empty key_exchanges.
2018-08-26 12:02:05 +01:00
Marten Seemann
e7a33a2dc3 cherry-pick https://go-review.googlesource.com/c/go/+/129755 2018-08-26 12:02:05 +01:00
81871bbad5
tls tris server: allow custom server keypairs (#128) 2018-08-19 20:59:43 +01:00
2bcf6466b4
removes old draft version indicators (#127) 2018-08-19 10:27:33 +01:00
Marten Seemann
40eb693877 remove support for generating draft 18-21 ServerHellos (#124) 2018-08-18 19:51:42 +01:00
242e89da1b refactoring of the tris test client 2018-08-15 17:50:01 +01:00
63ec8fff02 refactoring of the tris test server 2018-08-15 16:25:21 +01:00
a21fd9c1bc
refactors record encryption code (#122) 2018-08-13 11:45:26 +01:00
e81269b57e Revert "Small refactoring of record encryption code"
This reverts commit 1782162852.
2018-08-10 20:50:12 +01:00
1782162852 Small refactoring of record encryption code 2018-08-10 20:48:54 +01:00
ad86d61c42 Let's use constant instead of hardcoding values (same is done in bssl) 2018-08-10 18:45:48 +01:00
91a6fcebab Cleanup 2018-08-10 09:08:43 +01:00