plan9front.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2018-01-06	libsec: remove asn1toDSApriv()	cinap_lenrek

2017-12-30	libsec: implement SPKI fingerprinting for okCertificate()	cinap_lenrek
	Instead of only using a hash over the whole certificate for white/black-listing, now we can also use a hash over the Subject Public Key Info (SPKI) field of the certificate which contians the public key algorithm and the public key itself. This allows certificates to be renewed independendtly of the public key. X509dump() now prints the public key thumbprint in addition to the certificate thumbprint. tlsclient will print the certificate when run with -D flag. okCertificate() will print the public key thumbprint in its error string when no match has been found.
2017-11-12	libsec: AES-NI support for amd64	cinap_lenrek
	Add assembler versions for aes_encrypt/aes_decrypt and the key setup using AES-NI instruction set. This makes aes_encrypt and aes_decrypt into function pointers which get initialized by the first call to setupAESstate(). Note that the expanded round key words are NOT stored in big endian order as with the portable implementation. For that reason the AESstate.ekey and AESstate.dkey fields have been changed to void* forcing an error when someone is accessing the roundkey words. One offender was aesXCBmac, which doesnt appear to be used and the code looks horrible so it has been deleted. The AES-NI implementation is for amd64 only as it requires the kernel to save/restore the FPU state across syscalls and pagefaults.
2017-10-29	libsec: rewrite aex_xts_encrypt()/aes_xts_decrypt()	cinap_lenrek
	the previous implementation was not portable at all, assuming little endian in gf_mulx() and that one can cast unaligned pointers to ulong in xor128(). also the error code is likely to be ignored, so better abort() when the length is not a multiple of the AES block size. we also pass in full AESstate structures now instead of the expanded key longs, so that we do not need to hardcode the number of rounds. this allows each indiviaul keys to be bigger than 128 bit.
2017-10-17	libsec: make sectorNumber argument for aes_xts routines uvlong	cinap_lenrek

2017-10-17	libsec: add AES CFB and AES OFB stream ciphers	cinap_lenrek

2017-10-16	ape/libsec: fix the build, bring ape libsec.h in sync with plan9 version	cinap_lenrek

2017-04-23	libsec: sha256 support for thumbprint files, use it in ssh as well	cinap_lenrek
	initThumbprints() now takes an application tag argument so x509 and ssh can coexist. the thumbprint entries can now hold both sha1 and sha256 hashes. okThumbprint() now takes a len argument for the hash length used. the new function okCertificate() hashes the certificate with both and checks for any matches. on failure, okCertificate() returns 0 and sets error string. we also check for include loops now in thumbfiles, limiting the number of includes to 8.
2017-02-10	ec(2), rsa(2): document X509toECpub(), X509ecdsaverify(), ↵	cinap_lenrek
	X509ecdsaverifydigest(), X509rsaverifydigest()
2017-02-10	libsec: make X509toECpub() return CN name like X509toRSApub()	cinap_lenrek

2017-01-12	libsec: implement extended 192-bit nonce xchacha variant and hchacha function	cinap_lenrek

2016-10-30	ape/libsec: add secp384r1 curve parameters for tls	cinap_lenrek

2016-07-10	libsec: add scrypt password based key derivation function	cinap_lenrek

2016-04-20	libsec: implement elliptic curve group operations in jacobian coordinate system	cinap_lenrek

2016-04-11	ape: add libauth, libbio, libmp and libsec as replacements for openssl	cinap_lenrek