summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-11-02Convert ghash to the new crypto algorithm schemeMatthias Schiffer
2013-11-02Convert aes128-gcm into a generic gcm methodMatthias Schiffer
2013-11-02Allow flexible specification of methods provided by an implementationMatthias Schiffer
2013-11-02Correctly handle ciphers without implementationMatthias Schiffer
2013-11-02Implement the first step towards a more flexible way to support crypto methodsMatthias Schiffer
2013-11-01The attribute is called aligned, not alignMatthias Schiffer
2013-11-01Use HKDF for handshake keys as wellMatthias Schiffer
2013-11-01Use HKDF to derive the session keysMatthias Schiffer
2013-11-01Add missing const attribute to secret argument of the session init functionsMatthias Schiffer
2013-11-01Implement new session init APIMatthias Schiffer
2013-10-31Implement HKDFMatthias Schiffer
2013-10-31ec25519-fhmqvc: generate compat keys only when neededMatthias Schiffer
2013-10-31ec25519-fhmqvc: don't use separate keypairs as initiator and responderMatthias Schiffer
This reverts commit 81a329682b2035dc56f7c6c21815bac590f34b52. As many handshake parameters depend on the handshake direction, crossed handshakes will generate completely different keys anyways.
2013-10-31Revert "ec25519-fhmqvc: make the new shared handshake key two hashes long ↵Matthias Schiffer
(only the first half is used for now)" This reverts commit cfc057a7e8ea858ee286d8f49a8899d4e826c779.
2013-10-31ec25519-fhmqvc: make the new shared handshake key two hashes long (only the ↵Matthias Schiffer
first half is used for now)
2013-10-31ec25519-fhmqvc: add a new shared handshake key field (which is equivalent to ↵Matthias Schiffer
the compat one for now)
2013-10-31More compat renamingMatthias Schiffer
2013-10-31ec25519-fhmqvc: some more refactoringMatthias Schiffer
2013-10-31ec25519-fhmqvc: some more handshake refactoringMatthias Schiffer
2013-10-31Rename session_init to session_init_compat to prepare for the upcoming new ↵Matthias Schiffer
key derivation scheme
2013-10-31Change error subcode for unsupported method from method name to method listMatthias Schiffer
When two peers don't support a common method, fastd should notice this in the list stage, so the method list subcode is correct. The method name subcode was a legacy of the 0.4 compatiblity code.
2013-10-31Don't delay initial handshakes when no peer limit is setMatthias Schiffer
2013-10-30ec25519-fhmqvc: get rid of duplicate code in shared handshake key generationMatthias Schiffer
2013-10-30ec25519-fhmqvc: include either T or TLV_MAC in handshake finish, but not bothMatthias Schiffer
2013-10-30Add fastd_handshake_add_zero functionMatthias Schiffer
2013-10-30ec25519-fhmqvc: add secure_handshake helper functionMatthias Schiffer
2013-10-30Separate ec25519-fhmqvc into multiple source filesMatthias Schiffer
2013-10-29Correctly terminate method listMatthias Schiffer
2013-10-29Rename fastd_parse_method_name to fastd_method_get_by_nameMatthias Schiffer
2013-10-29Generate method list automagicallyMatthias Schiffer
2013-10-29config: iterate over configured methods only in configure_method_parameters()Matthias Schiffer
2013-10-29handshake: get_method() code simplificationMatthias Schiffer
2013-10-29Drop compatiblity code for fastd 0.4Matthias Schiffer
2013-10-29Handle methods as stringsMatthias Schiffer
2013-10-29Allow using libsodium instead of NaClMatthias Schiffer
As libsodium has some strange include files (like a version.h), we try to use absolute include paths whenever possible in fastd now and rename our generated headers.
2013-10-28Unify duplicate code in xsalsa20-poly1305 and aes128-gcm methodsMatthias Schiffer
2013-10-28Organize method and protocol source files into distinct source directoriesMatthias Schiffer
2013-10-24Fix maybe-uninitialized warningMatthias Schiffer
2013-10-20Don't print fastd version from handshake requests when secure handshakes are ↵Matthias Schiffer
set, instead print it on handshake finish
2013-10-20Warn when no encryption method is setMatthias Schiffer
2013-10-20Don't send chosen method name when it doesn't matterMatthias Schiffer
2013-10-20Align handshake bufferMatthias Schiffer
2013-10-20Always check for mode and protocol mismatchesMatthias Schiffer
This was accidentially disabled in the previous commit for initial handshake requests.
2013-10-20Refactor handshake code, prevent downgrade attacksMatthias Schiffer
2013-10-19Rename RECORD_HANDSHAKE_MAC to RECORD_TLV_MACMatthias Schiffer
2013-10-19Authenticate the TLV records onlyMatthias Schiffer
2013-10-19Use the rsv2 field in the handshake header as an optional length field to ↵Matthias Schiffer
facilitate future extensions
2013-10-19Get rid of packet.hMatthias Schiffer
2013-10-19Add a HMAC to authenticate all handshake TLVMatthias Schiffer
2013-10-18Generalize SHA256 functions to work with arbitrary inputsMatthias Schiffer