7a3c8bee42
Allow flexible specification of methods provided by an implementation
2013-11-02 13:42:55 +01:00
f2c2f2926b
Correctly handle ciphers without implementation
2013-11-02 13:23:12 +01:00
20ee3b5a4f
Implement the first step towards a more flexible way to support crypto methods
2013-11-02 04:32:18 +01:00
de66ca829d
The attribute is called aligned, not align
2013-11-01 01:25:03 +01:00
f5127d2231
Use HKDF for handshake keys as well
2013-11-01 01:21:19 +01:00
4594bcfb83
Use HKDF to derive the session keys
2013-11-01 01:02:44 +01:00
f0de72ae8d
Add missing const attribute to secret argument of the session init functions
2013-11-01 00:59:13 +01:00
310cc1260f
Implement new session init API
2013-11-01 00:25:06 +01:00
542861816d
Implement HKDF
2013-10-31 23:11:00 +01:00
66a953a83f
ec25519-fhmqvc: generate compat keys only when needed
2013-10-31 05:59:13 +01:00
f6c37dc0ea
ec25519-fhmqvc: don't use separate keypairs as initiator and responder
...
This reverts commit 81a329682b
2013-10-31 05:41:00 +01:00
448abc56cd
Revert "ec25519-fhmqvc: make the new shared handshake key two hashes long (only the first half is used for now)"
...
This reverts commit cfc057a7e8
2013-10-31 04:53:19 +01:00
cfc057a7e8
ec25519-fhmqvc: make the new shared handshake key two hashes long (only the first half is used for now)
2013-10-31 04:45:11 +01:00
738fbdecdc
ec25519-fhmqvc: add a new shared handshake key field (which is equivalent to the compat one for now)
2013-10-31 03:14:52 +01:00
40ad5f5fcc
More compat renaming
2013-10-31 03:07:19 +01:00
6e7882ebd4
ec25519-fhmqvc: some more refactoring
2013-10-31 02:35:29 +01:00
39db0b8278
ec25519-fhmqvc: some more handshake refactoring
2013-10-31 01:41:31 +01:00
58ec26f6b7
Rename session_init to session_init_compat to prepare for the upcoming new key derivation scheme
2013-10-31 01:28:22 +01:00
763401c89d
Change error subcode for unsupported method from method name to method list
...
When two peers don't support a common method, fastd should notice this in the
list stage, so the method list subcode is correct.
The method name subcode was a legacy of the 0.4 compatiblity code.
2013-10-31 01:03:48 +01:00
467d1f15ea
Don't delay initial handshakes when no peer limit is set
2013-10-31 00:09:52 +01:00
6f7106a755
ec25519-fhmqvc: get rid of duplicate code in shared handshake key generation
2013-10-30 23:48:04 +01:00
63b97e9a73
ec25519-fhmqvc: include either T or TLV_MAC in handshake finish, but not both
2013-10-30 22:59:13 +01:00
601efec8e9
Add fastd_handshake_add_zero function
2013-10-30 22:41:20 +01:00
658c83870a
ec25519-fhmqvc: add secure_handshake helper function
2013-10-30 22:35:17 +01:00
19bdfda6a2
Separate ec25519-fhmqvc into multiple source files
2013-10-30 19:46:43 +01:00
641422da88
Correctly terminate method list
2013-10-29 21:48:13 +01:00
020bb327dd
Rename fastd_parse_method_name to fastd_method_get_by_name
2013-10-29 20:47:17 +01:00
8df7ea375d
Generate method list automagically
2013-10-29 20:28:26 +01:00
96a14063ce
config: iterate over configured methods only in configure_method_parameters()
2013-10-29 19:09:55 +01:00
c13bdcefe7
handshake: get_method() code simplification
2013-10-29 18:26:34 +01:00
72e3f6532a
Drop compatiblity code for fastd 0.4
2013-10-29 17:00:38 +01:00
4356714142
Handle methods as strings
2013-10-29 15:33:14 +01:00
bb324029ad
Allow using libsodium instead of NaCl
...
As libsodium has some strange include files (like a version.h), we try to use
absolute include paths whenever possible in fastd now and rename our generated
headers.
2013-10-29 03:45:34 +01:00
fc8c8d82f0
Unify duplicate code in xsalsa20-poly1305 and aes128-gcm methods
2013-10-28 18:31:02 +01:00
095ca93d81
Organize method and protocol source files into distinct source directories
2013-10-28 16:59:42 +01:00
5f6177e00f
Fix maybe-uninitialized warning
2013-10-24 21:02:53 +02:00
004ae15c55
Don't print fastd version from handshake requests when secure handshakes are set, instead print it on handshake finish
2013-10-20 20:18:26 +02:00
115de59c32
Warn when no encryption method is set
2013-10-20 19:17:49 +02:00
78c5d1284c
Don't send chosen method name when it doesn't matter
2013-10-20 17:08:04 +02:00
b3c602a025
Align handshake buffer
2013-10-20 03:03:05 +02:00
90eeceb9ed
Always check for mode and protocol mismatches
...
This was accidentially disabled in the previous commit for initial handshake
requests.
2013-10-20 02:55:38 +02:00
8cbd59792e
Refactor handshake code, prevent downgrade attacks
2013-10-20 02:37:04 +02:00
e4afa04870
Rename RECORD_HANDSHAKE_MAC to RECORD_TLV_MAC
2013-10-19 18:09:44 +02:00
18a3a6468e
Authenticate the TLV records only
2013-10-19 17:57:23 +02:00
0ce0b04490
Use the rsv2 field in the handshake header as an optional length field to facilitate future extensions
2013-10-19 17:37:09 +02:00
c03f985b99
Get rid of packet.h
2013-10-19 17:12:49 +02:00
7982387d5f
Add a HMAC to authenticate all handshake TLV
2013-10-19 15:54:46 +02:00
6d8aa57c02
Generalize SHA256 functions to work with arbitrary inputs
2013-10-18 16:18:20 +02:00
5a025b23be
Use the default delay before a handshake is sent when the local address is invalid
...
Sending it right away will make crossed handshakes more probable which is
especially painful when roaming, so it's better to add the delay.
2013-10-17 00:12:15 +02:00
8ff7026b0e
Add `secure handshakes' option (without effect for now)
...
Not setting the option produces a warning (so not having it set is deprecated
now), so we can change the default from no to yes in a few release cycles.
2013-10-16 20:37:16 +02:00
