j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Support ECDH key exchange.

Browse source 
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
This commit is contained in:
Guus Sliepen 2011-07-03 13:17:28 +02:00
parent ee8a214318
commit 8dfa072733
3 changed files with 122 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/openssl/ecdh.h
View file

@ -23,6 +23,7 @@
#include <openssl/ecdh.h>
#define ECDH_SIZE 67
#define ECDH_SHARED_SIZE 66
typedef EC_KEY *ecdh_t;