DragonFly commits List (threaded) for 2012-05
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
git: hammer2 hammer2 - Implement aes_256_cbc session encryption
commit 5cf97ec5e50db147a4b71da930cbf41b7ce49b95
Author: Matthew Dillon <dillon@apollo.backplane.com>
Date: Sat May 12 17:43:17 2012 -0700
hammer2 - Implement aes_256_cbc session encryption
* The AES session key and initial iv[] are transmitted in the public key
exchange.
* The actual AES session key and initial iv[] is the data received XOR'd
with the data sent, so if the public key exchange is broken (even if
the verifier succeeds), the rest of the session will die a horrible
death.
* We use aes_256_cbc and in addition to the iv[] being adjusted by the
data in-flight we also inject some random data in each message header
to mix iv[] up even more than it would be normally.
* We also check the message sequence number, which is embedded in the
random data (the raw msg header's salt field), though the iv[] should
catch any replays.
* NOTE: Verifier is still weak, but the session key and iv[] exchange
is very strong.
Summary of changes:
sbin/hammer2/cmd_rsa.c | 3 -
sbin/hammer2/crypto.c | 175 ++++++++++++++++++++++++++++++++++++++++++++----
sbin/hammer2/hammer2.h | 8 ++
sbin/hammer2/msg.c | 74 +++++++++++++++-----
sbin/hammer2/network.h | 28 +++++++-
5 files changed, 251 insertions(+), 37 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5cf97ec5e50db147a4b71da930cbf41b7ce49b95
--
DragonFly BSD source repository
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]