| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-02-10 | libsec: revert asn1mpint(), rewrite rsa signature validation, cleanups | cinap_lenrek | |
| reverting asn1mpint() as all users really just expect unsigned integers here. also openssl seems to interpret rsa modulus as unsigned no matter what... so keeping it as it was before. handle nil cipher bytes in factotum_rsa_decrypt() due to pkcs1padbuf() failing. apply some lessions from intels berzerk paper: instead of parsing the decrypted digest info blob, we generate the *expected* blob's for all digest algorithms that match the digest size and compare the results. provide pkcs1 pad and unpad functions that consistently enforce minimum padding size and handles block types 1 and 2. | |||
| 2017-02-06 | libsec: handle signed asn.1 bigint to mpint conversion for x509 | cinap_lenrek | |
| 2017-02-06 | rsagen: prefer 65537 as the default exponent when elen == 0, otherwise pick ↵ | cinap_lenrek | |
| randomly | |||
| 2017-02-06 | libsec: fix mkbigint(), asn.1 uses two's compement signed representation | cinap_lenrek | |
| quick fix is to bias the rounding so the msb will always be zero. should write proper conversion code to actually deal with signed mpints... also for asn1mpint()... -- cinap | |||
| 2017-02-06 | libsec: check if modulus is too small for message in pkcs1padbuf() | cinap_lenrek | |
| 2017-02-06 | libsec: need PKCS#9 "Extension Request" attribute (rsareq()) | cinap_lenrek | |
| 2017-02-05 | libsec: have rsagen() always produce postive !dk to avoid confusion | cinap_lenrek | |
| 2017-01-15 | libsec: avoid temp variables in chacha/salsa ENCRYPT() macro | cinap_lenrek | |
| given that we only pass uchar* with constant offsets to the s and d arguments of ENCRYPT(), we do not need the temporary variables sp/dp and the compiler is smart enougth to combine the const offset with the ones from GET4() and PUT4() and emit single load and store instructions for the byte accesses. | |||
| 2017-01-12 | libsec: implement extended 192-bit nonce xchacha variant and hchacha function | cinap_lenrek | |
| 2016-12-28 | libsec: replace des based X9.17 genrandom() with chacha random number generator | cinap_lenrek | |
| 2016-11-17 | libsec: remove unused get32() function | cinap_lenrek | |
| 2016-11-17 | libsec: remove unused aes_setupDec | ftrvxmtrx | |
| 2016-10-30 | libsec: add secp384r1 curve parameters for tls | cinap_lenrek | |
| 2016-07-10 | libsec: add scrypt password based key derivation function | cinap_lenrek | |
| 2016-06-26 | chacha: calculate rounds in separate function (helps registerizer), get rid ↵ | cinap_lenrek | |
| of unrolled code | |||
| 2016-05-12 | auth/rsa2x509: generate x509v3 cert as extension field might not otherwise ↵ | cinap_lenrek | |
| not be expected | |||
| 2016-05-12 | auth/rsa2x509, auth/rsa2csr: allow appending SubjectAlternativeNames (SAN) ↵ | cinap_lenrek | |
| to multi-domain certificate generation | |||
| 2016-05-04 | retire the dec alpha port | cinap_lenrek | |
| 2016-04-22 | libsec: implement server side SCSV preventing silly client fallbacks | cinap_lenrek | |
| silly clients (web*) reconnect when the handshake failed with a lower protocol version, which allows downgrade attacks (POODLE). but instead of stopping this madness, they invented a new magic TLSID to indicate to the server that this connection attempt is a retry, and rely on the server to notice and stop them from sabotaging themselfs. | |||
| 2016-04-21 | libsec: order tlshand cipher suits by: keyexchange>=cipher>=hash, ignore ↵ | cinap_lenrek | |
| client preference client preference is usualy crazy, so just ignore it. we always want the diffie hellman suits before static rsa and prefer chacha over aes-gcm. | |||
| 2016-04-21 | libsec: remove affine coordinate point operations from ecc | cinap_lenrek | |
| we now just do point addtion in jacobian coordinate system, and convert the result to affine when s->z == nil. | |||
| 2016-04-20 | libsec: implement elliptic curve group operations in jacobian coordinate system | cinap_lenrek | |
| 2016-04-18 | libsec: implement server side ECDHE key exchange with secp256r1, move DH ↵ | cinap_lenrek | |
| state in TlsSec structure, simplify implement ECDHE key exchange with secp256r1 on the server side, providing perfect forward secrecy (tho slowly). it is easier to just keep the ECDH/DH state in the TlsSec structure, which fits better with the grouping of the functions. we do the cleanup in tlsConnectionFree() now, so a lot of error handling logic could go away. reinvestigated some error paths and removed the ones that cannot error. move functions to fit the logical grouping. combine the code for signing handshake hashes (for client certs) and DH parameters. provide digestDHparams() function to be shared between server and client code. | |||
| 2016-04-17 | libsec: massive cleanup of tlshand.c | cinap_lenrek | |
| don't pass or generate sessionID's. this was never used nor actually implemented and leaks the process pid. get rid of version and random field duplications, move TlsSec structure into TlsConnection. make msgRecv() clear the message first, get rid of unneccesary msgClear() calls. | |||
| 2016-04-16 | libsec: fix memory leak of RSApub, avoid parsing certificate twice to ↵ | cinap_lenrek | |
| extract rsa public key instead of letting factotum_rsa_open() parse the certificate, we pass in the rsa public key which is then matched against the factotum keyring. this avoids parsing the x509 certificate twice. the sec->rsapub was not freed, so free it in tlsSecClose() | |||
| 2016-04-16 | libsec: recognize and decode PKCS#8 wrapped RSA private keys for auth/asn12rsa | cinap_lenrek | |
| example usage: auth/pemdecode 'PRIVATE KEY' test.pem | auth/asn12rsa | |||
| 2016-04-15 | libsec: x509: convert to UTF8 from BMPString and UNIString, reject \0 bytes | cinap_lenrek | |
| 2016-04-10 | libsec: make #include headers consistent | cinap_lenrek | |
| 2016-04-10 | libsec: dont use mips assembly routines for spim, wrong endianess | cinap_lenrek | |
| 2016-03-28 | libsec: fix tlsid for TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ↵ | cinap_lenrek | |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 the previous cipher id's where fore TLS_ECDH_* not TLS_ECDHE_*... sorry :( | |||
| 2016-03-23 | add portable AES-GCM (Galois/Counter Mode) implementation to libsec and devtls | cinap_lenrek | |
| 2016-03-12 | libsec: remove weakCipher[] array check as we do not support any of these ↵ | cinap_lenrek | |
| weak ciphers | |||
| 2016-03-01 | libsec: fix verifyDHparams() for version <= TLS1.1 | cinap_lenrek | |
| for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange message and the signature digest algorithm is fixed to md5+sha1 and we only support RSA signatures (TLS1.1 doesnt know about ECDSA). | |||
| 2016-02-19 | libsec: remove unused tlsSecKill() | cinap_lenrek | |
| 2016-02-18 | libsec: fix memset() size in tlsConnectionFree(), remove #include <bio.h> | cinap_lenrek | |
| 2016-02-17 | libsec: add libc.h include for aes_xts.c (drawterm) | cinap_lenrek | |
| 2016-02-11 | libsec: simplify pkcs1_decrypt() | cinap_lenrek | |
| 2016-02-11 | libsec: fix double free in pkcs1_decrypt(), handle bad epm length in ↵ | cinap_lenrek | |
| tlsSecRSAs(), cleanup | |||
| 2016-02-07 | libsec: fix missing error case unlock() in tlshands initCiphers() | cinap_lenrek | |
| 2016-02-06 | libsec: mpconv -> mpfmt | cinap_lenrek | |
| 2016-02-03 | libsec: refactor asn1 encoding of digest for rsa signatures, fix memory leak ↵ | cinap_lenrek | |
| in ecverify | |||
| 2016-02-01 | libsec: ecdsa client support for tlshand, cleanups | cinap_lenrek | |
| 2016-01-19 | libsec: add salsa20 stream cipher | cinap_lenrek | |
| 2016-01-06 | libsec: make sure theres no garbage after the asn.1 decode, cleanup | cinap_lenrek | |
| 2015-12-25 | libsec: implement TLS-PSK for tlsClient()/tlsServer() | cinap_lenrek | |
| 2015-12-21 | tls: implement chacha20/poly1305 aead cipher suits | cinap_lenrek | |
| 2015-12-16 | libsec: use tsmemcmp() when comparing hashes, use mpfield() for ecc, use ↵ | cinap_lenrek | |
| mptober() when right adjusting mpint to bytes | |||
| 2015-12-01 | libsec: fix genprime() to produce normalized result | cinap_lenrek | |
| this fixed bug "assert_failed_m-flags__mpnorm_since_283cc2200e34". | |||
| 2015-11-26 | libsec: add chacha20 poly1305 aead, allow 64 bit iv's for chacha, add tsmemcmp() | cinap_lenrek | |
| chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so setupChachastate() now takes a ivlen argument which sets the mode. add ccpoly_encrypt()/ccpoly_decrypt() routines. to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so adding tsmemcmp() to libsec. | |||
| 2015-10-22 | libsec: add chacha cipher (from charles forsyth) | cinap_lenrek | |
 |
index : plan9front.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |