7bef106e82
aes128-ctr: allocate only one piece of memory for the key state
2013-11-16 20:01:58 +01:00
bc9addd994
generic-gcm: fix a GCC uninitialized-use warning
2013-11-16 17:27:47 +01:00
00e4aab6d1
blowfish-ctr: some optimizations to the builtin implementation
2013-11-16 17:23:22 +01:00
3d00ddf296
Allow using blowfish from OpenSSL on systems where it's available anyways
2013-11-15 21:52:45 +01:00
efdd366144
config: move check for no configured method
...
First check all error conditions before getting to the warnings (this is
important for --generate-key).
Also, downgrade the exit_bug to exit_error if method `null' is not supported.
2013-11-15 05:49:37 +01:00
0504f57c91
methods/common: decrease nonce length to 6, add flags byte
2013-11-15 05:44:02 +01:00
bef39b7283
Ensure sessions are invalidated before the nonce wraps
...
While it isn't realistic for the nonce to wrap in less than one hour, it's
better to check for this.
2013-11-14 23:16:43 +01:00
b05b3f3235
Move test for initiator in the session refresh check from protocol to method
2013-11-14 21:13:58 +01:00
2fb08c6455
CMake: add LINK_LIBRARIES workaround for old CMake versions
2013-11-07 18:09:32 +01:00
d971fce38b
CMake: really avoid target_include_directories
2013-11-07 17:53:30 +01:00
5cea3ff829
CMake: avoid target_include_directories command to stay compatible with CMake 2.8.9
2013-11-07 17:49:55 +01:00
bbd42ca7a9
blowfish-ctr: use the whole 56-byte key
2013-11-06 15:07:53 +01:00
cb42b5b1fa
Generalize cipher/MAC key/IV lengths
2013-11-05 16:29:57 +01:00
4f9b5d66bc
Add simple blowfish-ctr cipher implementation
2013-11-04 17:09:09 +01:00
77b4733272
Include protocol as a static library as well
2013-11-03 13:16:16 +01:00
b117a60e81
Allow building without NaCl again
2013-11-03 11:12:42 +01:00
7fe38b0200
Fix disabling modules
2013-11-03 10:32:00 +01:00
eabbb5eb36
Improve build system for ciphers and MACs as well
2013-11-03 03:34:00 +01:00
e7893cc54f
Even nicer method specification
2013-11-03 02:20:09 +01:00
d04123c9ed
Make adding new methods a bit nicer
2013-11-02 21:06:23 +01:00
8764a80ac0
More CMake cleanup and fixes
2013-11-02 18:28:22 +01:00
38b7d50694
Separate cmake files
2013-11-02 17:47:20 +01:00
cd47acaf3c
Move a few prototypes from fastd.h into a new config.h
2013-11-02 16:57:11 +01:00
a77ec603a7
Move all generated headers to the src subdir
2013-11-02 16:31:42 +01:00
323dd35f9f
Change error message for methods from invalid' to unsupported'
2013-11-02 16:10:12 +01:00
01aaf17ea9
Remove old defines from fastd_config.h
2013-11-02 16:08:24 +01:00
0eeac967a3
Algorithms without implementation aren't available
2013-11-02 16:07:12 +01:00
4496be6e29
Convert ghash to the new crypto algorithm scheme
2013-11-02 16:01:16 +01:00
20a95ef273
Convert aes128-gcm into a generic gcm method
2013-11-02 14:34:01 +01:00
7a3c8bee42
Allow flexible specification of methods provided by an implementation
2013-11-02 13:42:55 +01:00
f2c2f2926b
Correctly handle ciphers without implementation
2013-11-02 13:23:12 +01:00
20ee3b5a4f
Implement the first step towards a more flexible way to support crypto methods
2013-11-02 04:32:18 +01:00
de66ca829d
The attribute is called aligned, not align
2013-11-01 01:25:03 +01:00
f5127d2231
Use HKDF for handshake keys as well
2013-11-01 01:21:19 +01:00
4594bcfb83
Use HKDF to derive the session keys
2013-11-01 01:02:44 +01:00
f0de72ae8d
Add missing const attribute to secret argument of the session init functions
2013-11-01 00:59:13 +01:00
310cc1260f
Implement new session init API
2013-11-01 00:25:06 +01:00
542861816d
Implement HKDF
2013-10-31 23:11:00 +01:00
66a953a83f
ec25519-fhmqvc: generate compat keys only when needed
2013-10-31 05:59:13 +01:00
f6c37dc0ea
ec25519-fhmqvc: don't use separate keypairs as initiator and responder
...
This reverts commit 81a329682b
2013-10-31 05:41:00 +01:00
448abc56cd
Revert "ec25519-fhmqvc: make the new shared handshake key two hashes long (only the first half is used for now)"
...
This reverts commit cfc057a7e8
2013-10-31 04:53:19 +01:00
cfc057a7e8
ec25519-fhmqvc: make the new shared handshake key two hashes long (only the first half is used for now)
2013-10-31 04:45:11 +01:00
738fbdecdc
ec25519-fhmqvc: add a new shared handshake key field (which is equivalent to the compat one for now)
2013-10-31 03:14:52 +01:00
40ad5f5fcc
More compat renaming
2013-10-31 03:07:19 +01:00
6e7882ebd4
ec25519-fhmqvc: some more refactoring
2013-10-31 02:35:29 +01:00
39db0b8278
ec25519-fhmqvc: some more handshake refactoring
2013-10-31 01:41:31 +01:00
58ec26f6b7
Rename session_init to session_init_compat to prepare for the upcoming new key derivation scheme
2013-10-31 01:28:22 +01:00
763401c89d
Change error subcode for unsupported method from method name to method list
...
When two peers don't support a common method, fastd should notice this in the
list stage, so the method list subcode is correct.
The method name subcode was a legacy of the 0.4 compatiblity code.
2013-10-31 01:03:48 +01:00
467d1f15ea
Don't delay initial handshakes when no peer limit is set
2013-10-31 00:09:52 +01:00
6f7106a755
ec25519-fhmqvc: get rid of duplicate code in shared handshake key generation
2013-10-30 23:48:04 +01:00
