![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Florian Forster <octo@leeloo.lan.home.verplant.org> | |
| Fri, 10 Apr 2009 23:08:40 +0000 (01:08 +0200) | ||
| committer | Florian Forster <octo@leeloo.lan.home.verplant.org> | |
| Fri, 10 Apr 2009 23:08:40 +0000 (01:08 +0200) | ||
| commit | 6c4006c26484b1b28d59d4e65623b96ac0767919 | |
| tree | 29dfcc9909b2a47d4f3f5e48074075330aac9ea9 | tree | snapshot |
| parent | 03930221c60cbe148d32a1350e6464038a5bb6bf | commit | diff |
network plugin: Implement signing and encryption of network traffic.
The patch adds shared secret signing and encryption of network traffic.
Currently, there are three “security levels”:
- Encrypt
Encrypt outgoing data and only accept encrypted data when receiving.
- Sign
Outgoing data is signed; signed and encrypted data is accepted when
receiving.
- None
Send without any cryptography and accept anything when receiving.
The security level and shared secret can be set per-socket, so that
forwarding instances can re-encrypt and similar goodies.
The libgcrypt library is used to calculate hashes, encrypt and decrypt,
see <http://www.gnu.org/software/libgcrypt/>. I tested compiling the
`network' plugin without libgcrypt afterwards, but haven't tested this
much yet.
Algorithms used are SHA-256 for signing and AES-256 in ECB mode /
SHA-224 when encrypting. Also, SHA-256 is used to get the 32 byte key
for AES-256 from the user-supplied secret.
The patch adds shared secret signing and encryption of network traffic.
Currently, there are three “security levels”:
- Encrypt
Encrypt outgoing data and only accept encrypted data when receiving.
- Sign
Outgoing data is signed; signed and encrypted data is accepted when
receiving.
- None
Send without any cryptography and accept anything when receiving.
The security level and shared secret can be set per-socket, so that
forwarding instances can re-encrypt and similar goodies.
The libgcrypt library is used to calculate hashes, encrypt and decrypt,
see <http://www.gnu.org/software/libgcrypt/>. I tested compiling the
`network' plugin without libgcrypt afterwards, but haven't tested this
much yet.
Algorithms used are SHA-256 for signing and AES-256 in ECB mode /
SHA-224 when encrypting. Also, SHA-256 is used to get the 32 byte key
for AES-256 from the user-supplied secret.
| configure.in | diff | blob | history | |
| src/Makefile.am | diff | blob | history | |
| src/collectd.conf.pod | diff | blob | history | |
| src/network.c | diff | blob | history | |
| src/network.h | diff | blob | history |