Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AES-256-GCM support to the new protocol #360

Open
wants to merge 10 commits into
base: 1.1
Choose a base branch
from
Open

Add AES-256-GCM support to the new protocol #360

wants to merge 10 commits into from

Conversation

gsliepen
Copy link
Owner

No description provided.

@gsliepen gsliepen force-pushed the feature/alt-ciphersuite branch from 9669def to 485108a Compare April 10, 2022 12:30
@gsliepen gsliepen force-pushed the feature/alt-ciphersuite branch from 485108a to f4db140 Compare April 21, 2022 18:41
@gsliepen gsliepen mentioned this pull request May 22, 2022
Draft
@gsliepen gsliepen added enhancement New feature requests or performance improvement. 1.1 Issue related to Tinc 1.1 labels May 26, 2022
@gsliepen gsliepen added this to the 1.1.0 milestone May 26, 2022
gsliepen added 10 commits May 29, 2022 16:23
@gsliepen
Add AES-256-GCM support to SPTPS.
ad2e8db 
This also adds a simple cipher suite negotiation, where peers announce the
ciphers they support, and their preferred cipher. Since we need to bump the
SPTPS version anyway, also prefer little endian over network byte order.
@gsliepen
Add cipher suite selection options to sptps_test.
ed98069
@gsliepen
Let sptps_speed benchmark all cipher suites.
28b8e10
@gsliepen
If we link with OpenSSL, use it for Chacha20-Poly1305 as well.
9ce0023
@gsliepen
Update the built-in Chacha20-Poly1305 code to an RFC 7539 complaint v…
63df213 
…ersion.

This is necessary so our copy of Chacha20-Poly1305 is compatible with that
of many other crypto libraries.

This code is made by Grigori Goronz, but is heavily based on the code from
D.J. Bernstein's ref10 implementation used before.
@gsliepen
Ensure we are compatible with LibreSSL.
79809c5
@gsliepen
Fix infinite loop on SPTPS errors when running sptps_test in datagram…
e65df66 
… mode.
@gsliepen
Fix documentation of default cipher algorithm used for the legacy pro…
ee997c8 
…tocol.
@gsliepen
Make the ExperimentalProtocol option obsolete.
4f48176 
Remove mentions of it from the documentation, but keep supporting the
option for now, as this makes it easier to test compatibility with the
legacy protocol.
@gsliepen
Move poly1305_get_tag() into poly1305.c, hide poly1305_init().
e994222 
The crypto library on Windows exposes a symbol named poly1305_init(),
which clashes with ours. We can avoid this by moving poly1305_get_tag()
to poly1305.[ch], where it belongs better, and this allows us to make
all the lower-level Poly1305 functions static.

Also remove the support for associated data while we are at it, since we
are never using it.
@gsliepen gsliepen force-pushed the feature/alt-ciphersuite branch from f4db140 to e994222 Compare May 29, 2022 16:06
@hg hg mentioned this pull request Jun 9, 2022
Open
@splitice
Copy link
Contributor

This is still a big blocker for us in moving to 1.1 from 1.0

It looks like there is now cipher selection / negotiation. Whats blocking?

The test logs don't exist any more so perhaps @gsliepen can enlighten.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.1 Issue related to Tinc 1.1 enhancement New feature requests or performance improvement.
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@gsliepen @splitice