summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-11-18Some work towards a composable GMAC methodMatthias Schiffer
2013-11-18generic-gcm: the method state itself doesn't hold any keys anymore, so we ↵Matthias Schiffer
don't need to secure_memzero it
2013-11-18generic-gcm: cipher_get returns a booleanMatthias Schiffer
2013-11-17Add null cipherMatthias Schiffer
2013-11-17Revert bytewise ghash implementationMatthias Schiffer
The performance gain is negligible, and OpenSSL avoids a bytewise implementation to mitigate timing attacks. This reverts commits d4916544299c28c4fb16da6d3306eea0a6d5d79f and 1b06460aa967e3afcfa6fc8d664874134ab6c739.
2013-11-16ghash: builtin: use bytewise lookup tableMatthias Schiffer
2013-11-16Add "tiny" copy of the builtin ghash implementationMatthias Schiffer
2013-11-16fastd_buffer_alloc: fix output of error message if posix_memalign failsMatthias Schiffer
2013-11-16aes128-ctr: allocate only one piece of memory for the key stateMatthias Schiffer
2013-11-16generic-gcm: fix a GCC uninitialized-use warningMatthias Schiffer
2013-11-16blowfish-ctr: some optimizations to the builtin implementationMatthias Schiffer
2013-11-15Allow using blowfish from OpenSSL on systems where it's available anywaysMatthias Schiffer
2013-11-15config: move check for no configured methodMatthias Schiffer
First check all error conditions before getting to the warnings (this is important for --generate-key). Also, downgrade the exit_bug to exit_error if method `null' is not supported.
2013-11-15methods/common: decrease nonce length to 6, add flags byteMatthias Schiffer
2013-11-14Ensure sessions are invalidated before the nonce wrapsMatthias Schiffer
While it isn't realistic for the nonce to wrap in less than one hour, it's better to check for this.
2013-11-14Move test for initiator in the session refresh check from protocol to methodMatthias Schiffer
2013-11-07CMake: add LINK_LIBRARIES workaround for old CMake versionsMatthias Schiffer
2013-11-07CMake: really avoid target_include_directoriesMatthias Schiffer
2013-11-07CMake: avoid target_include_directories command to stay compatible with ↵Matthias Schiffer
CMake 2.8.9
2013-11-06blowfish-ctr: use the whole 56-byte keyMatthias Schiffer
2013-11-05Generalize cipher/MAC key/IV lengthsMatthias Schiffer
2013-11-04Add simple blowfish-ctr cipher implementationMatthias Schiffer
2013-11-03Include protocol as a static library as wellMatthias Schiffer
2013-11-03Allow building without NaCl againMatthias Schiffer
2013-11-03Fix disabling modulesMatthias Schiffer
2013-11-03Improve build system for ciphers and MACs as wellMatthias Schiffer
2013-11-03Even nicer method specificationMatthias Schiffer
2013-11-02Make adding new methods a bit nicerMatthias Schiffer
2013-11-02More CMake cleanup and fixesMatthias Schiffer
2013-11-02Separate cmake filesMatthias Schiffer
2013-11-02Move a few prototypes from fastd.h into a new config.hMatthias Schiffer
2013-11-02Move all generated headers to the src subdirMatthias Schiffer
2013-11-02Change error message for methods from `invalid' to `unsupported'Matthias Schiffer
2013-11-02Remove old defines from fastd_config.hMatthias Schiffer
2013-11-02Algorithms without implementation aren't availableMatthias Schiffer
2013-11-02Convert ghash to the new crypto algorithm schemeMatthias Schiffer
2013-11-02Convert aes128-gcm into a generic gcm methodMatthias Schiffer
2013-11-02Allow flexible specification of methods provided by an implementationMatthias Schiffer
2013-11-02Correctly handle ciphers without implementationMatthias Schiffer
2013-11-02Implement the first step towards a more flexible way to support crypto methodsMatthias Schiffer
2013-11-01The attribute is called aligned, not alignMatthias Schiffer
2013-11-01Use HKDF for handshake keys as wellMatthias Schiffer
2013-11-01Use HKDF to derive the session keysMatthias Schiffer
2013-11-01Add missing const attribute to secret argument of the session init functionsMatthias Schiffer
2013-11-01Implement new session init APIMatthias Schiffer
2013-10-31Implement HKDFMatthias Schiffer
2013-10-31ec25519-fhmqvc: generate compat keys only when neededMatthias Schiffer
2013-10-31ec25519-fhmqvc: don't use separate keypairs as initiator and responderMatthias Schiffer
This reverts commit 81a329682b2035dc56f7c6c21815bac590f34b52. As many handshake parameters depend on the handshake direction, crossed handshakes will generate completely different keys anyways.
2013-10-31Revert "ec25519-fhmqvc: make the new shared handshake key two hashes long ↵Matthias Schiffer
(only the first half is used for now)" This reverts commit cfc057a7e8ea858ee286d8f49a8899d4e826c779.
2013-10-31ec25519-fhmqvc: make the new shared handshake key two hashes long (only the ↵Matthias Schiffer
first half is used for now)