0dc80d2...
by
Michael Brown <email address hidden>
[tls] Add ECDHE cipher suites
Signed-off-by: Michael Brown <email address hidden>
8f6a939...
by
Michael Brown <email address hidden>
[tls] Make key exchange algorithms selectable via build configuration
Allow the choice of key exchange algorithms to be controlled via build
configuration options in config/crypto.h, as is already done for the
choices of public-key algorithms, cipher algorithms, and digest
algorithms.
Signed-off-by: Michael Brown <email address hidden>
a881a26...
by
Michael Brown <email address hidden>
[crypto] Add X25519 OID-identified algorithm and TLS named curve
Signed-off-by: Michael Brown <email address hidden>
b234226...
by
Michael Brown <email address hidden>
[tls] Add support for Ephemeral Elliptic Curve Diffie-Hellman key exchange
Add support for the Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)
key exchange algorithm.
Signed-off-by: Michael Brown <email address hidden>
8e2469c...
by
Michael Brown <email address hidden>
[tls] Split out Diffie-Hellman parameter signature verification
DHE and ECDHE use essentially the same mechanism for verifying the
signature over the Diffie-Hellman parameters, though the format of the
parameters is different between the two methods.
Split out the verification of the parameter signature so that it may
be shared between the DHE and ECDHE key exchange algorithms.
Signed-off-by: Michael Brown <email address hidden>
989dbe0...
by
Michael Brown <email address hidden>
[tls] Generate key material after sending ClientKeyExchange
The construction of the key material for the pending cipher suites
from the TLS master secret must happen regardless of which key
exchange algorithm is in use, and the key material is not required to
send the ClientKeyExchange handshake (which is sent before changing
cipher suites).
Centralise the call to tls_generate_keys() after performing key
exchange via the selected algorithm.
Signed-off-by: Michael Brown <email address hidden>
6f70e8b...
by
Michael Brown <email address hidden>
[tls] Restructure construction of ClientHello message
Define an individual local structure for each extension and a single
structure for the list of extensions. This makes it viable to add
extensions such as the Supported Elliptic Curves extension, which must
not be present if the list of curves is empty.
Signed-off-by: Michael Brown <email address hidden>
17135c8...
by
Michael Brown <email address hidden>
[crypto] Add an abstraction of an elliptic curve
Define an abstraction of an elliptic curve with a fixed generator and
one supported operation (scalar multiplication of a curve point).
Signed-off-by: Michael Brown <email address hidden>
27398f1...
by
Michael Brown <email address hidden>
[crypto] Check for all-zeros result from X25519 key exchange
RFC7748 states that it is entirely optional for X25519 Diffie-Hellman
implementations to check whether or not the result is the all-zero
value (indicating that an attacker sent a malicious public key with a
small order). RFC8422 states that implementations in TLS must abort
the handshake if the all-zero value is obtained.
Return an error if the all-zero value is obtained, so that the TLS
code will not require knowledge specific to the X25519 curve.
Signed-off-by: Michael Brown <email address hidden>
