63b97e9a73
ec25519-fhmqvc: include either T or TLV_MAC in handshake finish, but not both
2013-10-30 22:59:13 +01:00
601efec8e9
Add fastd_handshake_add_zero function
2013-10-30 22:41:20 +01:00
658c83870a
ec25519-fhmqvc: add secure_handshake helper function
2013-10-30 22:35:17 +01:00
19bdfda6a2
Separate ec25519-fhmqvc into multiple source files
2013-10-30 19:46:43 +01:00
641422da88
Correctly terminate method list
2013-10-29 21:48:13 +01:00
020bb327dd
Rename fastd_parse_method_name to fastd_method_get_by_name
2013-10-29 20:47:17 +01:00
8df7ea375d
Generate method list automagically
2013-10-29 20:28:26 +01:00
96a14063ce
config: iterate over configured methods only in configure_method_parameters()
2013-10-29 19:09:55 +01:00
c13bdcefe7
handshake: get_method() code simplification
2013-10-29 18:26:34 +01:00
72e3f6532a
Drop compatiblity code for fastd 0.4
2013-10-29 17:00:38 +01:00
4356714142
Handle methods as strings
2013-10-29 15:33:14 +01:00
bb324029ad
Allow using libsodium instead of NaCl
...
As libsodium has some strange include files (like a version.h), we try to use
absolute include paths whenever possible in fastd now and rename our generated
headers.
2013-10-29 03:45:34 +01:00
fc8c8d82f0
Unify duplicate code in xsalsa20-poly1305 and aes128-gcm methods
2013-10-28 18:31:02 +01:00
095ca93d81
Organize method and protocol source files into distinct source directories
2013-10-28 16:59:42 +01:00
5f6177e00f
Fix maybe-uninitialized warning
2013-10-24 21:02:53 +02:00
004ae15c55
Don't print fastd version from handshake requests when secure handshakes are set, instead print it on handshake finish
2013-10-20 20:18:26 +02:00
115de59c32
Warn when no encryption method is set
2013-10-20 19:17:49 +02:00
78c5d1284c
Don't send chosen method name when it doesn't matter
2013-10-20 17:08:04 +02:00
b3c602a025
Align handshake buffer
2013-10-20 03:03:05 +02:00
90eeceb9ed
Always check for mode and protocol mismatches
...
This was accidentially disabled in the previous commit for initial handshake
requests.
2013-10-20 02:55:38 +02:00
8cbd59792e
Refactor handshake code, prevent downgrade attacks
2013-10-20 02:37:04 +02:00
e4afa04870
Rename RECORD_HANDSHAKE_MAC to RECORD_TLV_MAC
2013-10-19 18:09:44 +02:00
18a3a6468e
Authenticate the TLV records only
2013-10-19 17:57:23 +02:00
0ce0b04490
Use the rsv2 field in the handshake header as an optional length field to facilitate future extensions
2013-10-19 17:37:09 +02:00
c03f985b99
Get rid of packet.h
2013-10-19 17:12:49 +02:00
7982387d5f
Add a HMAC to authenticate all handshake TLV
2013-10-19 15:54:46 +02:00
6d8aa57c02
Generalize SHA256 functions to work with arbitrary inputs
2013-10-18 16:18:20 +02:00
5a025b23be
Use the default delay before a handshake is sent when the local address is invalid
...
Sending it right away will make crossed handshakes more probable which is
especially painful when roaming, so it's better to add the delay.
2013-10-17 00:12:15 +02:00
8ff7026b0e
Add `secure handshakes' option (without effect for now)
...
Not setting the option produces a warning (so not having it set is deprecated
now), so we can change the default from no to yes in a few release cycles.
2013-10-16 20:37:16 +02:00
118ebb9d65
Initiate handshake when a packet can't be sent because the local address is invalid
2013-10-16 18:33:51 +02:00
4c188ac861
Fix fast roaming when local IP address has changed
2013-10-16 12:07:45 +02:00
ecebe8a755
New development cycle
2013-10-16 12:07:32 +02:00
84e3d7a16b
fastd v10
2013-10-11 16:32:12 +02:00
4a7d1acb59
Fix source address choice for IPv4 on Linux
2013-10-04 09:10:03 +02:00
9d950241cd
Invalidate null sessions when they are superseded
2013-09-30 22:15:54 +02:00
6ed43cdc22
fastd v9
2013-09-07 17:30:46 +02:00
467cc0f6c2
Change directory to / when privileges are dropped or the user is changed
2013-09-06 17:13:34 +02:00
02c1cb4ce2
Add packet/byte statistics
2013-09-03 21:53:45 +02:00
f0fa4e0c90
Demote some sendmsg warnings to debug and debug2 levels
2013-08-30 12:57:25 +02:00
7f33ccb920
Don't initialize monotone timestamps with zero
...
The monotone timestamp is near zero on linux systems, confusing fastd.
2013-08-29 19:04:31 +02:00
620f1cd45f
Replace old task queue
...
The handshakes are now schedules in a doubly-linked list that is maintained as a
part of the peer structure.
2013-08-29 11:53:34 +02:00
dcaf41a18e
Simplify keepalive sending
...
By using a global keepalive timer, the O(n) keepalive queue purge operation on
every send operation is avoided.
2013-08-29 00:45:13 +02:00
2343f5329c
ec25519: ensure old sessions are invalidated quickly after a new one has been established
2013-08-28 19:54:11 +02:00
6e63479b03
Remote unused fastd_task_replace_peer()
2013-08-28 15:50:37 +02:00
72b8ec6a93
ec25519: ensure that there is always a handshake enqueued after sending a handshake finish
...
This ensures that the handshake is repeated in case the finish packet is lost.
2013-08-28 15:45:43 +02:00
1b9709bae3
ec25519: reset peers as soon as their current session times out
2013-08-28 15:45:35 +02:00
3a3d423920
Cancel the session establishment earlier when the address can't be claimed by the peer
...
There is no reason to run through all the session establishment just to cancel
it a moment later.
2013-08-28 14:13:44 +02:00
738639cf71
Introduce constants for tristate values
2013-08-28 13:39:18 +02:00
81bff2df03
Introduce new log level debug2 for potentially very frequent messages
2013-08-27 17:57:06 +02:00
e91f17de87
options: change config error' to command line error' messages
2013-08-26 14:57:39 +02:00
