Commit Graph

2879 Commits

Author SHA1 Message Date
Andras Fekete a59a3d109f Explicit cast 2024-05-14 11:03:20 -04:00
Sean Parkinson b7eca574bb SSL/TLS: blind private key DER
When WOLFSSL_BLIND_PRIVATE_KEY is defined, blind the private key DER
encoding so that stored private key data is always changing.
2024-05-14 09:47:51 +10:00
Daniel Pouzzner 009ea6640b Merge pull request #7493 from SparkiDev/sm3_benchmark_fix
Benchmark, SM3: fix full hash testing
2024-05-13 19:22:22 -04:00
David Garske 29f7578a61 Merge pull request #7446 from julek-wolfssl/hostap
hostap update
2024-05-13 10:35:01 -07:00
Juliusz Sosinowicz 16ec3e52b7 Jenkins fixes 2024-05-08 10:35:42 +02:00
Juliusz Sosinowicz 6b47ebd66a Expose *_set_groups for TLS < 1.3
- Add test to make sure we fail on curve mismatch
2024-05-08 10:33:20 +02:00
Juliusz Sosinowicz 020bcd0043 Advertise all supported sigalgs by default 2024-05-08 10:33:20 +02:00
Juliusz Sosinowicz 66f72a258f Remove unused internal API 2024-05-08 10:33:20 +02:00
Juliusz Sosinowicz 77a7297c42 Filter cipher list on TLS version change 2024-05-08 10:33:20 +02:00
Juliusz Sosinowicz 06798ab8bf EAP-FAST
Implement PACs for EAP-FAST
- wolfSSL_set_session_ticket_ext_cb
- server side wolfSSL_set_session_secret_cb (tls <=1.2 only)
2024-05-08 10:33:20 +02:00
Juliusz Sosinowicz 14ce8ce198 Jenkins fixes 2024-05-07 11:46:36 +02:00
Sean Parkinson 1ddc552828 TLS, SM2: fix ecc key type
Set the curve explicitly if it is SM2.
Set the key type to signature algorithm to handle SM2.
2024-05-01 17:56:49 +10:00
JacobBarthelmeh 5aa39a6397 remove assumption of struct layout 2024-04-30 15:42:38 -06:00
Juliusz Sosinowicz c62faa048c Add secret logging callback to TLS <= 1.2 2024-04-25 17:11:07 +02:00
gojimmypi b1261f5471 Modify PlatformIO FreeRTOS include path, settings.h 2024-04-11 07:46:35 -07:00
JacobBarthelmeh a8415a7926 Merge pull request #7367 from mrdeep1/hello_verify_request
Support DTLS1.3 downgrade when using PSK
2024-04-09 16:17:59 -06:00
Sean Parkinson d96e5ec589 No match cipher suite alert type change
TLS 1.0/1.1/1.2 specifications require the of a return a handshake
failure alert when no cipher suites match.
TLS 1.3 specification requires the return of a "handshake_failure" or
"insufficient_security" fatal alert.

Change alert sent from "illegal_parameter" to "handshake_failure".
2024-04-08 11:25:50 +10:00
Daniel Pouzzner 7d66cc46ff Merge pull request #7375 from mrdeep1/fix_rpk
RPK: Define Certificates correctly for (D)TLS1.2
2024-04-05 15:48:25 -04:00
Anthony Hu cf2f58bfdf Merge pull request #7395 from douzzer/20240403-RPK-cleanups
20240403-RPK-cleanups
2024-04-05 13:43:15 -04:00
Daniel Pouzzner cdf2504612 fixes for non-portable (endian-sensitive) code patterns around word16 in TLS layer. 2024-04-05 10:42:05 -05:00
Daniel Pouzzner 747755b3c4 fixes for analyzer carps around HAVE_RPK:
fix clang-analyzer-deadcode.DeadStores in src/tls.c TLSX_ClientCertificateType_GetSize();

fix clang-analyzer-deadcode.DeadStores in tests/api.c test_tls13_rpk_handshake();

fix null pointer to XMEMCPY() in src/internal.c CopyDecodedName().
2024-04-04 00:15:01 -05:00
Tobias Frauenschläger 136eaae4f1 Improvements to dual alg certificates
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-04-01 17:37:03 -04:00
Jon Shallow a0f3933881 Support (D)TLS1.3 downgrade when using PSK
DTLS Server:
examples/server/server -v3 -u -s

DTLS Client:
examples/client/client -vd -g -u -s

TLS Server:
examples/server/server -v3 -s

TLS Client:
examples/client/client -vd -g -s

Support checking for DTLS1.2 Hello Verify Request when using PSK.

Unset options.tls1_3 when handling a DTLS1.2 Hello Verify Request.

Unset options.tls1_3 when handling a (D)TLS1.2 Server Hello to stop
checking of Encrypted Client Hello

Requires ./configure --enable-all --enable-dtls13

Add in tests for DTLS1.3 and TLS1.3 downgrade when using PSK.
2024-03-29 18:04:30 +00:00
Daniel Pouzzner 038be95a4a wolfssl/wolfcrypt/types.h: add WC_SAFE_SUM_WORD32().
src/internal.c: mitigations for potential integer overflows in figuring allocation sizes.
2024-03-29 11:45:11 -05:00
Jon Shallow f2e6f49721 RPK: Define Certificates correctly for (D)TLS1.2
As per https://datatracker.ietf.org/doc/html/rfc7250#section-3 Figure 1,
the RPK is a single ASN.1_subjectPublicKeyInfo, whereas X509 certificates
etc. are transmitted as a certificate list (even if there is only 1).

This is for (D)TLS1.2 transfers, and this PR fixes this.

As per https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2 all
certificates (both RPK and Z509) are transferred using a certificate list.

Update examples client to support RPK certificates.

For testing:-
Server:
$ gnutls-serv --http --x509fmtder --priority NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK --rawpkfile certs/server-keyPub.der --rawpkkeyfile certs/server-key.der

Client:
$ examples/client/client -g -p 5556 -c certs/client-keyPub.der -k certs/client-key.der --rpk --files-are-der
2024-03-28 17:58:02 +00:00
David Garske 85c22abe4e Fix for Zephyr TimeNowInMilliseconds. Resolves issue with TLS v1.3 server and session tickets time (uptime in sim < 1000 ms was being made 0). 2024-03-18 08:14:40 -07:00
David Garske 11303ab796 Support for Public Key (PK) callbacks with PSK in TLS v1.2 and TLS v1.3 (client and server). ZD 17383 2024-03-08 12:21:06 -08:00
Juliusz Sosinowicz 44de6dfdd3 Return correct values in get_signature APIs and write tests 2024-02-16 11:32:22 +01:00
Marco Oliverio c8f3a8f14b fix: negotiate handshake until the end in wolfSSL_read/wolfSSL_write (#7237)
* tls: negotiate until hs is complete in wolfSSL_read/wolfSSL_write

Don't rely on ssl->options.handShakeSate == HANDSHAKE_DONE to check if
negotiation is needed. wolfSSL_Connect() or wolfSSL_Accept() job may not yet be
completed and/or some messages may be waiting in the buffer because of
non-blocking I/O.

* tests: test case for handshake with wolfSSL_read()/wolfSSL_write()

* doc: clarify wolfSSL_write()

* internal.c: rename: need_negotiate -> ssl_in_handshake
2024-02-15 13:48:19 -08:00
Sean Parkinson 3b6a7691c5 Merge pull request #7235 from julek-wolfssl/gh/7228
Send alert on bad psk binder
2024-02-14 07:24:52 +10:00
Juliusz Sosinowicz bd32dfd282 Send alert on bad psk binder
Issue reported in https://github.com/wolfSSL/wolfssl/pull/7228
2024-02-09 16:12:04 +01:00
gojimmypi bf29066d70 Add wolfSSL debug messages 2024-02-08 17:22:36 -08:00
Juliusz Sosinowicz 8bddeb10c7 DTLS sequence number and cookie fixes
- dtls: check that the cookie secret is not emtpy
- Dtls13DoDowngrade -> Dtls13ClientDoDowngrade
- dtls: generate both 1.2 and 1.3 cookie secrets in case we downgrade
- dtls: setup sequence numbers for downgrade
- add dtls downgrade sequence number check test

Fixes ZD17314
2024-02-05 16:09:03 +01:00
Sean Parkinson 13591dcae8 Regression testing fixes
internal.c: NO_CERT, privateKeySz not used.
./configure --disable-shared --disable-asn --disable-rsa --disable-ecc
--enable-psk

sp_int.c: fix when sp_gcm is available
./configure --disable-shared  --disable-shared --disable-ecc
--disable-dh --disable-aes --disable-aesgcm --disable-sha512
--disable-sha384 --disable-sha --disable-poly1305 --disable-chacha
--disable-md5 --disable-sha3 --enable-cryptonly --disable-inline
--enable-rsavfy --disable-asn --disable-oaep --disable-rng
--disable-filesystem --enable-sp=rsa2048 --disable-sp-asm
--enable-sp-math
2024-01-29 23:05:46 +10:00
JacobBarthelmeh eb1fff3ad3 Merge pull request #7141 from julek-wolfssl/zd/17249
EarlySanityCheckMsgReceived: version_negotiated should always be checked
2024-01-22 12:18:57 -08:00
JacobBarthelmeh 0c150d2391 Merge pull request #7150 from dgarske/getenv
Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV`
2024-01-22 08:33:24 -08:00
David Garske 76550465bd Fixes build with NO_STDIO_FILESYSTEM defined. 2024-01-19 12:49:53 -08:00
Juliusz Sosinowicz 1288d71132 Address code review 2024-01-19 15:59:22 +01:00
Juliusz Sosinowicz f6ef146149 EarlySanityCheckMsgReceived: version_negotiated should always be checked
Multiple handshake messages in one record will fail the MsgCheckBoundary() check on the client side when the client is set to TLS 1.3 but allows downgrading.
  --> ClientHello
  <-- ServerHello + rest of TLS 1.2 flight
  Client returns OUT_OF_ORDER_E because in TLS 1.3 the ServerHello has to be the last message in a record. In TLS 1.2 the ServerHello can be in the same record as the rest of the server's first flight.
2024-01-19 14:57:35 +01:00
Juliusz Sosinowicz afd0e5af4e Refactor haveAnon into useAnon
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
2024-01-19 14:53:33 +01:00
Juliusz Sosinowicz b8b847bbcf Allow SetCipherList to operate on SSL without modifying on SSL_CTX 2024-01-19 14:53:28 +01:00
David Garske ac81d9d29c Merge pull request #7110 from Frauschi/pq_secure_element
PQC: add CryptoCb support for PQC algorithms
2024-01-18 13:29:28 -08:00
Anthony Hu 9be390250d Adding support for dual key/signature certificates. (#7112)
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
2024-01-18 13:20:57 -08:00
Tobias Frauenschläger 4d259da60a PQC: CryptoCb support for KEM algorithm Kyber
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-18 17:02:49 +01:00
Tobias Frauenschläger 8e6d151403 PQC: CryptoCb support for signature algorithms
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-18 17:02:38 +01:00
John Safranek 746ffac84a ECDHE-PSK with x25519
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
   is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
2024-01-16 15:18:05 -08:00
Juliusz Sosinowicz 14c812cdb7 Code review
Add server side check
2024-01-04 13:19:44 +01:00
Juliusz Sosinowicz 5bdcfaa5d0 server: allow reading 0-RTT data after writing 0.5-RTT data 2024-01-04 13:19:44 +01:00
Daniel Pouzzner 9db20774d8 Merge pull request #7099 from jpbland1/tls13-bounds-check
TLS13 padding bounds check
2024-01-04 01:09:36 -05:00
John Bland b37716f5ce refactor and remove word16 index 2024-01-03 19:19:13 -05:00