Guus Sliepen
8ace7f3e57
Add ECDSA key generation.
2011-07-03 22:15:00 +02:00
Guus Sliepen
c385d11533
Cleanups in ECDH code.
2011-07-03 22:13:34 +02:00
Guus Sliepen
895f868714
No need to keep around pointers to EC_GROUP.
2011-07-03 21:21:37 +02:00
Guus Sliepen
82f00ea07b
Use PRF.
2011-07-03 15:59:49 +02:00
Guus Sliepen
feb3f22fff
Add PRF to derive key material from the ECDH shared secret.
...
It is modelled after the pseudorandom function from RFC4346 (TLS 1.1), the only
significant change is the use of SHA512 and Whirlpool instead of MD5 and SHA1.
2011-07-03 15:26:58 +02:00
Guus Sliepen
8dfa072733
Support ECDH key exchange.
...
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
2011-07-03 13:17:28 +02:00
Guus Sliepen
ee8a214318
Preliminary implementation of Elliptic Curve Diffie-Hellman Ephemeral key exchange.
2011-06-27 21:52:23 +02:00
Sven-Haegar Koch
f4010694b3
sparse fixup: warning: non-ANSI function declaration of function '...'
2011-05-28 15:24:39 +02:00
Guus Sliepen
76b41ba20d
Add missing return statement.
2010-04-17 12:33:36 +02:00
Guus Sliepen
c845bc109c
Fix packet authentication.
...
This wasn't working at all, since we didn't do HMAC but just a plain hash.
Also, verification of packets failed because it was checking the whole packet,
not the packet minus the HMAC.
2009-12-18 01:15:25 +01:00
Guus Sliepen
761517c21c
Update FSF address in files not covered by the merge.
2009-09-29 15:33:58 +02:00
Guus Sliepen
07a560eab6
Drop localisation and checkpoint tracing in files not covered by the merge.
2009-09-29 15:19:55 +02:00
Guus Sliepen
7ea85043ac
Merge branch 'master' into 1.1
...
Conflicts:
NEWS
configure.in
lib/Makefile.am
lib/pidfile.c
lib/pidfile.h
lib/utils.c
po/POTFILES.in
po/nl.po
src/Makefile.am
src/bsd/device.c
src/conf.c
src/connection.c
src/cygwin/device.c
src/edge.c
src/event.c
src/graph.c
src/linux/device.c
src/meta.c
src/mingw/device.c
src/net.c
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/process.c
src/protocol.c
src/protocol_auth.c
src/protocol_edge.c
src/protocol_key.c
src/protocol_misc.c
src/protocol_subnet.c
src/raw_socket/device.c
src/route.c
src/solaris/device.c
src/subnet.c
src/tincd.c
src/uml_socket/device.c
2009-09-29 14:55:29 +02:00
Guus Sliepen
4124b9682f
Handle truncated message authentication codes.
2009-06-06 19:04:04 +02:00
Guus Sliepen
5a132550de
Merge branch 'master' into 1.1
...
Conflicts:
doc/tincd.8.in
lib/pidfile.c
src/graph.c
src/net.c
src/net.h
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/netutl.c
src/node.c
src/node.h
src/protocol_auth.c
src/protocol_key.c
src/tincd.c
2009-06-05 23:14:13 +02:00
Guus Sliepen
551cd19406
Move RSA key generation into the wrappers.
2008-12-14 12:47:26 +00:00
Scott Lamb
1fd1d5bd93
const correctness
...
cipher_encrypt and cipher_decrypt should take "const void *" data
2007-07-20 20:10:46 +00:00
Guus Sliepen
1b8f891836
Finish crypto wrapping. Also provide wrappers for OpenSSL.
...
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
2007-05-23 13:45:49 +00:00
