DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
986 Commits 15 Branches 0 Tags
Commit Graph

20 Commits

Author SHA1 Message Date
Michael Rash
f02cc0ddd2 Added HMAC support to GPG encryption modes, closes #58 2013-04-22 20:45:59 -04:00
Michael Rash
08c9cc0938 HMAC function rename for consistency 
Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.
 2013-03-29 20:42:44 -04:00
Michael Rash
6ecf6514c9 Enforce Rijndael and HMAC key length maximum sizes 
This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums.  In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes.  HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.
 2013-03-24 21:04:18 -04:00
Michael Rash
c5b5cba729 Added HMAC MD5 support (need test suite validation still) 2013-03-10 16:30:06 -04:00
Michael Rash
6882ac57ec add HMAC-SHA1 support 2013-03-10 14:56:39 -04:00
Michael Rash
7821e83dfc Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support 
Conflicts:
	client/fwknop.c
	lib/fko_hmac.c
 2013-03-10 14:32:07 -04:00
Michael Rash
22dde8eb35 SPA with HMAC SHA256 and SHA384 now works 
This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server.  One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas.  The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.
 2013-03-10 14:26:05 -04:00
Damien Stuart
6fa3be393c Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes and additions to the fko python module code. 2013-03-10 13:21:24 -04:00
Michael Rash
6f45b2c3b1 added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size 2013-03-09 23:27:08 -05:00
Michael Rash
44d05a6916 interim commit for supporting multiple HMAC digest types (# 45) 2013-03-07 23:14:48 -05:00
Michael Rash
39ca73a245 [test suite] added OpenSSL HMAC verification (closes #39) 2013-03-05 23:29:46 -05:00
Damien Stuart
6ecf81b16e First round if refactoring to clean up header dependencies. 2013-03-02 17:03:20 -05:00
Michael Rash
6c2b657bfe [libfko] free dynamically allocated resources for multiple libfko fcn calls 2013-02-21 22:44:33 -05:00
Michael Rash
ce18de4f84 make libfko pointers constant where possible 2013-02-12 22:39:39 -05:00
Michael Rash
30acf93b72 Memory leak fix for HMAC verification 
This commit commit fixes a memory leak in the HMAC verification code found with
the test suite running in valgrind mode.  Here is the './test-fwknop.pl --diff'
output showing fko_verify_hmac() removed from the flagged functions list:

 [+] fwknop functions (unique view):
-        8 : ???
-        3 : main
-        3 : pcap_capture
-        1 : incoming_spa
+        7 : ???
+        2 : pcap_capture
+        2 : main
         1 : pcap_compile
-        1 : fko_new_with_data
-        1 : strndup
-        1 : fko_verify_hmac

 [+] fwknop functions (with call line numbers):
-        8 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
-        3 : main (fwknopd.c:299)
-        1 : fko_new_with_data (fko_funcs.c:220)
-        1 : pcap_capture (pcap_capture.c:105)
-        1 : incoming_spa (incoming_spa.c:376)
-        1 : strndup (strndup.c:46)
+        7 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
+        2 : main (fwknopd.c:299)
         1 : pcap_compile (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
-        1 : pcap_capture (pcap_capture.c:226)
         1 : pcap_capture (pcap_capture.c:97)
-        1 : fko_verify_hmac (fko_hmac.c:54)
+        1 : pcap_capture (pcap_capture.c:105)
 2012-08-02 22:55:54 -04:00
Michael Rash
fd30a3491d minor variable rename LENGTH -> LEN, STRING_LENGTH -> STR_LEN 2012-07-29 21:57:05 -04:00
Michael Rash
a9cbd60327 [libfko] first HMAC-SHA256 implementation (includes test suite support) 2012-07-29 21:34:08 -04:00
Michael Rash
482e6f974c added msg_hmac_len and removed additional strlen() calls 2012-07-27 21:29:26 -04:00
Michael Rash
47e39272ed Make encrypt/decrypt code accept integer key lengths instead of using strlen() 
Now that encryptions keys and hmac keys may be acquired from /dev/random with
--key-gen (and base64 encoded), they may contain NULL bytes.  This emphasizes
the need to not leverage code that assumes C-style strings when making use of
key information.
 2012-07-10 21:44:06 -04:00
Michael Rash
92e403a242 added initial HMAC-SHA256 support for the client side 2012-07-02 23:50:45 -04:00