1. 20 Mar, 2017 1 commit
    • Guillaume Roguez's avatar
      Fix DhParams copy-assignment and copy-constructor · a17755c6
      Guillaume Roguez authored
      DhParams copy-assignement was implemented as non-op operator.
      This is weird for a copy to do nothing!
      No intends are indicated to help.
      Seems only done to help MSVC compiler, but this is WRONG
      and cause a SECURITY FAILURE as the DhParam is not set
      as supposed to be.
      Consequence observed on UWP daemon: the anonymous connection
      cannot be done and the certificate is always send in cleartext.
      The fix consists in using the dedicated gnutls API
      to copy correctly the internal dh_params C structure.
      This is used to implement copy-assignement and copy-constructor
      Reviewed-by: Andreas Traczyk's avatarAndreas Traczyk <andreas.traczyk@savoirfairelinux.com>
      Change-Id: I49d3a3fd2c0a2ed5fde0bd251efbad589c830c70
  2. 24 Feb, 2017 1 commit
    • Guillaume Roguez's avatar
      sip: fix sip call crash · 89ba505b
      Guillaume Roguez authored
      MTU discovery was only implemented into TLS secured ICE transport,
      not in other sip transport.
      This wasn't taken in account and causes crashes when SIP call (TLS or not)
      are made.
      We fix the problem by detecting the transport type at various stage
      and calling correct API (or use default values as in the case of MTU).
      Change-Id: Id256a718ca8265a7295085fab8db9cf8e4c99683
  3. 15 Feb, 2017 1 commit
    • Olivier SOLDANO's avatar
      Path MTU discovery implementation · 29ae5d8a
      Olivier SOLDANO authored
      This implementation uses gnutls dtls heartbeat API to test path MTU.
      heartbeat allowing messages with automated response in a datagram,
      the application is able to guess the MTU via a timeout in the heartbeat.
      (timeout on packet sent and no response, implies that the MTU is lower
      than the lost payload.)
      To minimize false positives (a response is lost for example), each attempt
      triggers one retry on the first timeout.
      This version ensures a minimal MTU of 512 bytes will be returned in
      case of any failure in the procedure.
      For retrocompatibility with non heartbeat capable clients,
      a fallback MTU is set at 1280.
      Change-Id: Ib9a7f63a70e8bdad239d8fc103779a0f2c387e87
      Reviewed-by: Andreas Traczyk's avatarAndreas Traczyk <andreas.traczyk@savoirfairelinux.com>
  4. 23 Jan, 2017 1 commit
  5. 11 Jan, 2017 1 commit
  6. 05 Jan, 2017 1 commit
  7. 23 Jun, 2016 2 commits
    • Guillaume Roguez's avatar
      security: re-enable anonymous gnutls handshake · 46285595
      Guillaume Roguez authored
      This patch imports a gnutls upstream patch to fix the DTLS packet
      re-ordering and re-enable our anonymous call feature.
      We bump gnutls at least on 3.4.14, even if not published yet,
      as the upstream patch will not be available since this version.
      We continue to use the 3.4.10 release to apply our local patch.
      We force also our contrib nettle to be build as some distributions
      do not compile this library as we need to.
      Change-Id: I3238993d56b41258f214cfaba7230dcd0538c5d2
      Tuleap: #788
    • Guillaume Roguez's avatar
      security: fix crashes during DH generation · 74151247
      Guillaume Roguez authored
      When DH parameters are generated an error can occures
      and an empty (default constructed) DH params instance
      is returned.
      This causes a crashes into ring account code that not
      handles such case.
      This patch fixes this issue by adding operator bool()
      method to DH params and checking if not false when
      trying to save them.
      Note: If no DH params are generated, the empty instance
      is given up to the TlsSession object.
      Check if your cipher suite could handle empty DH params!
      Change-Id: I98c9c0317f4b8cb107ea0bca5f94b69321cbba76
      Tuleap: #792
  8. 16 Jun, 2016 1 commit
    • Guillaume Roguez's avatar
      tls: remove async_send() and add send() API · 82ebcf8f
      Guillaume Roguez authored
      async_send() method was needed for SipsTransport class.
      But it's a dedicated behavior of PJSIP.
      To have a clean generic TlsSession class, this method was removed
      and a new synchronous send() method replace it.
      SipsTransport has been modified to implement the asynchronous
      send behavior requested by PJSIP.
      Change-Id: I3a68e36a33beab30cad19967d39f20598589ec30
      Tuleap: #660
  9. 03 Jun, 2016 1 commit
    • Guillaume Roguez's avatar
      tls: revert anonymous certificate exchange · 9e053207
      Guillaume Roguez authored
      If an encrypted packet used during the encrypted
      handshake steps to initialize a secure channel with a peer
      is re-ordered due to the network, gnutls is not able to
      process the handshake correctly.
      This prevents any calls to be established
      (SIP channel goes over such connection).
      This patch reverts the anonymous handshake to let only
      the non-encrypted certificate exchange system.
      This is less anonymous as certificates are exchanged in
      plain-text format.
      The revert consisting to add an option to enable or not the
      anonymous certificate exchange. This option is set to false
      (non-enabled) by default.
      Now, TLS 1.3 should resolve this situation.
      So it's not a definitive patch.
      Change-Id: I3214efae1b69e44967a67a628cc690d8e95c9e40
      Tuleap: #572
  10. 10 May, 2016 1 commit
    • Guillaume Roguez's avatar
      tls: add getMaxPayload() method to TlsSession · 56ec56f7
      Guillaume Roguez authored
      This method returns the maximal number of user data bytes
      that one encrypted packet can transport.
      After this number, data are split in as many as smaller packet possible
      to not exceed this size.
      Change-Id: I5f88c4ac1f830ed78b2ecaca2f30257c874a2a13
      Tuleap: #660
  11. 06 May, 2016 1 commit
  12. 24 Mar, 2016 1 commit
    • Guillaume Roguez's avatar
      security: use anon+certificate authentification · 65e35da8
      Guillaume Roguez authored
      The TLS handshaking using certificate authentification leaks
      them: they are exchanged before cryptographic parameters,
      so the are in plaintext. This is an issue in TLS protocol itself.
      So this patch implements a new method to make a crypted channel
      first, then uses it to exchange certificates and permit trusted
      authentification based on certificates.
      This implementation is backware compatible.
      This is implies that old daemon can continue to work with patched one,
      but in such case certificates are leaked!
      Change-Id: Id5906df37b29bb938abdcdf25b875052527437e8
      Tuleap: #494
  13. 23 Mar, 2016 1 commit
  14. 16 Mar, 2016 1 commit
    • Adrien Béraud's avatar
      crypto: save dh params · fbdc7b24
      Adrien Béraud authored
      Diffie-Hellman parameters can take a few seconds to compute,
      during this time a CPU core will be fully used. This leads
      to high power consumption on startup, which can be problematic
      for mobile devices.
      This patch introduces saving DH params to the persistent cache
      to avoid regenerating them too often.
      The file modification time is used to know the age of the
      parameters. DH params can be reused for up to 3 days.
      * Intoduce writeTime to know a file modification time
      * Introduce to_wstring to convert filenames to the Windows format
      * Introduce a DhParams structure to handle serialization
      Tuleap: #452
      Change-Id: Iaea9cf24d922fc6cfc542f8fa7b0c208ebc141d2
  15. 15 Feb, 2016 1 commit
    • Guillaume Roguez's avatar
      security: extract TLS session from SipsIceTransport · c8f451e4
      Guillaume Roguez authored
      TLS session (class handling gnutls session client/server) has
      to be extracted from SipsIceTransport class.
      This last is PJSIP transport related, but we need TLS session
      to securise other kind of network socket.
      This extract has moslty re-written all previous classes
      has the global working model has change.
      This also introduces:
      - flood protection in server SYN cookie state
      - better FSM model in TLS session
      - network statistics recording
      - simplify SipsIceTransport design
      - ICE fixes to not block in waitForData() if ICE is stopped
      - integrate Diffie-Hellman params generation from RingAccount
      Change-Id: I32cf1f0c82dee548912d9efdaca5a4447ab05ec7
      Tuleap: #106