… | |
… | |
65 | */ |
65 | */ |
66 | |
66 | |
67 | #define PROTOCOL_MAJOR 1 |
67 | #define PROTOCOL_MAJOR 1 |
68 | #define PROTOCOL_MINOR 0 |
68 | #define PROTOCOL_MINOR 0 |
69 | |
69 | |
|
|
70 | #define SERIAL_SIZE 16 |
|
|
71 | |
70 | #define SEED_SIZE 64 // how many octets to seed rng with |
72 | #define SEED_SIZE 64 // how many octets to seed rng with |
71 | |
73 | |
72 | #define HKDF_SALT 32 |
74 | #define RSA_OAEP_SIZE 41 |
73 | #define IKM_SIZE 32 |
75 | |
|
|
76 | #define HKDF_XTR_HASH EVP_sha512 |
|
|
77 | #define HKDF_PRF_HASH EVP_sha256 |
|
|
78 | |
|
|
79 | #define HKDF_SALT 32 // how many bytes for the hkdf salt |
74 | |
80 | |
75 | #define RSA_KEYLEN (RSABITS >> 3) |
81 | #define RSA_KEYLEN (RSABITS >> 3) |
76 | |
82 | |
77 | #define AUTH_DIGEST ENABLE_AUTH |
83 | #define AUTH_DIGEST ENABLE_AUTH |
78 | #define AUTH_SIZE (HASH_SIZE (AUTH_DIGEST)) |
84 | #define AUTH_SIZE (HASH_SIZE (AUTH_DIGEST)) |
79 | #define AUTH_TTL 12 // challenge bytes timeout after n seconds of non-use |
85 | #define AUTH_TTL 12 // challenge bytes timeout after n seconds of non-use |
80 | |
86 | |
81 | #define CIPHER ENABLE_CIPHER |
87 | #define CIPHER ENABLE_CIPHER |
82 | #define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) |
88 | #define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) |
|
|
89 | #define CIPHER_IKMSIZE CIPHER_KEYSIZE * 2 // randomness in rsa challenge |
83 | |
90 | |
84 | #define MAC_DIGEST ENABLE_DIGEST |
91 | #define MAC_DIGEST ENABLE_HMAC |
85 | #define MAC_KEYSIZE HASH_SIZE (ENABLE_DIGEST) // number of bits used for the HMAC key |
92 | #define MAC_KEYSIZE HASH_SIZE (ENABLE_HMAC) // number of bits used for the HMAC key |
|
|
93 | #define MAC_IKMSIZE MAC_KEYSIZE * 2 // randomness in rsa challenge |
86 | |
94 | |
87 | #define WINDOWSIZE 512 // sliding window size |
95 | #define WINDOWSIZE 512 // sliding window size |
88 | #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) |
96 | #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) |
89 | |
97 | |
90 | // hdr seq len hmac MAC MAC |
98 | // hdr seq len hmac MAC MAC |