DragonFly BSD
DragonFly commits List (threaded) for 2012-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: hammer2 hammer2 - Implement aes_256_cbc session encryption


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 12 May 2012 17:54:50 -0700 (PDT)

commit 5cf97ec5e50db147a4b71da930cbf41b7ce49b95
Author: Matthew Dillon <dillon@apollo.backplane.com>
Date:   Sat May 12 17:43:17 2012 -0700

    hammer2 - Implement aes_256_cbc session encryption
    
    * The AES session key and initial iv[] are transmitted in the public key
      exchange.
    
    * The actual AES session key and initial iv[] is the data received XOR'd
      with the data sent, so if the public key exchange is broken (even if
      the verifier succeeds), the rest of the session will die a horrible
      death.
    
    * We use aes_256_cbc and in addition to the iv[] being adjusted by the
      data in-flight we also inject some random data in each message header
      to mix iv[] up even more than it would be normally.
    
    * We also check the message sequence number, which is embedded in the
      random data (the raw msg header's salt field), though the iv[] should
      catch any replays.
    
    * NOTE: Verifier is still weak, but the session key and iv[] exchange
     	is very strong.

Summary of changes:
 sbin/hammer2/cmd_rsa.c |    3 -
 sbin/hammer2/crypto.c  |  175 ++++++++++++++++++++++++++++++++++++++++++++----
 sbin/hammer2/hammer2.h |    8 ++
 sbin/hammer2/msg.c     |   74 +++++++++++++++-----
 sbin/hammer2/network.h |   28 +++++++-
 5 files changed, 251 insertions(+), 37 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5cf97ec5e50db147a4b71da930cbf41b7ce49b95


-- 
DragonFly BSD source repository



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]