Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-01-26 | doc: update handshake protocol documentation | Matthias Schiffer | |
2015-01-26 | Add preliminary fastd v17 release notes | Matthias Schiffer | |
2015-01-26 | Bump required libuecc version | Matthias Schiffer | |
2015-01-26 | doc: add build documentation | Matthias Schiffer | |
2015-01-26 | doc: remove now unused pmtu option | Matthias Schiffer | |
2015-01-23 | ec25519-fhmqvc: comment update | Matthias Schiffer | |
2015-01-23 | ec25519-fhmqvc: add sender's public key to a few debug messages | Matthias Schiffer | |
2015-01-23 | ec25519-fhmqvc: use new hexdump logging feature for unknown keys | Matthias Schiffer | |
2015-01-23 | Add hexdump support to fastd logging functions | Matthias Schiffer | |
2015-01-22 | ec25519-fhmqvc: use reduced-bitlength scalar multiplication | Matthias Schiffer | |
The values d and e will only use 128bits, so speed up the scalar multiplication by using the new reduced-bitlength scalar multiplication functions. This change requires the current development version of libuecc. | |||
2015-01-21 | Downgrade "verification failed" message from verbose to debug2 | Matthias Schiffer | |
This message will be printed for every packet in severe reordering situtations, so better not print it by default. In the future, we'll need a rate limiting mechanism... | |||
2015-01-21 | Fix handling of severe packet reordering | Matthias Schiffer | |
fastd would incorrectly mark wrong sequence numbers as seen when reordering by more than 64 sequence numbers had occured. | |||
2015-01-21 | Always disable PMTU discovery | Matthias Schiffer | |
fastd currently can't fragment packets anyways, so it doesn't make any sense to perform PMTU discovery. This makes the config option `pmtu' a no-op. | |||
2015-01-20 | handshake: delay method parsing until the sender key has been handled | Matthias Schiffer | |
Otherwise fastd won't use the correct peer group's method list for handshakes incoming on generic sockets. | |||
2015-01-20 | Another comment fix | Matthias Schiffer | |
2015-01-20 | Implement new hash table to keep track of unknown peers handshakes have been ↵ | Matthias Schiffer | |
sent to This should significantly reduce the number of handshakes sent after restarting fastd with many active connections. | |||
2015-01-17 | Never create sockets for an address family without matching binds | Matthias Schiffer | |
2015-01-16 | Comment typo fixes | Matthias Schiffer | |
2015-01-14 | Refactor handling of platforms without user/group settings (Android) | Matthias Schiffer | |
2015-01-14 | Update OpenWrt scripts | Matthias Schiffer | |
2015-01-14 | Update copyright years | Matthias Schiffer | |
2015-01-14 | android_ctrl_sock: include and whitespace cleanup | Matthias Schiffer | |
2015-01-14 | Add Android 4.1+ support. See doc/README-Android.md for build HOWTO. | Rick Lei | |
* Update CMake files to work with android-cmake * Use unix domain socket for communicating with Android GUI * May also run standalone but requires rooted Android device | |||
2015-01-14 | Reset all connections on SIGUSR2 | Matthias Schiffer | |
2015-01-14 | Allow to configure methods per peer group | Matthias Schiffer | |
2015-01-13 | doc: add example C code to read status socket | Matthias Schiffer | |
2015-01-12 | doc: add information about a new paper on FHMQV | Matthias Schiffer | |
2015-01-12 | README: add a hint to the Sphinx documentation | Matthias Schiffer | |
2015-01-12 | Make MTU mismatches fatal | Matthias Schiffer | |
As fastd calculates its receive buffer sizes based on the MTU, not matching MTUs is bound to cause issues anyways, so let's fail completely. | |||
2015-01-11 | doc: move comments from generated source files to headers | Matthias Schiffer | |
Unfortunately, Doxygen stopped interpreting the .c.in files as C source files a while ago. Move the comments to the header files to avoid the Doxygen warnings. | |||
2015-01-11 | More doxygen fixes | Matthias Schiffer | |
I keep forgetting this... | |||
2015-01-11 | config: allow ipv4/ipv6 keywords before static addresses | Matthias Schiffer | |
2015-01-10 | poll: more include cleanup | Matthias Schiffer | |
2015-01-10 | poll:remove sys/signal.h include | Matthias Schiffer | |
This had been added accidentially. | |||
2015-01-09 | Comment typo fix | Matthias Schiffer | |
2015-01-09 | ec25519-fhmqvc: don't check group order of peers' public keys | Matthias Schiffer | |
Skipping this check will significantly speed up startup with many peers. As we now do embedded group order verification, an attacker can't gain anything from small-subgroup attacks, so skipping the check isn't a security issue. | |||
2015-01-09 | ec25519-fhmqvc: optimize handshake by using embedded group element verification | Matthias Schiffer | |
Using the embedded group element verification allows us to get away without explicit verification, thus needing one scalar multiplication less. This reduces the number of expensive operations needed for a handshake to three: one Galois field square root (for key unpacking) and two scalar multiplications. For this optimization to be secure, private keys must be divisible by 8. This is the case for all keys generated with all but extremely old versions of fastd (pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse to start now. | |||
2015-01-09 | Move protocol-specific TLV specifications to main handshake record enum | Matthias Schiffer | |
2015-01-09 | poll: define SYS_epoll_pwait if it isn't available | Matthias Schiffer | |
2015-01-09 | ec25519-fhmqvc: unpack peers' keys only once | Matthias Schiffer | |
2015-01-09 | poll: directly call epoll_pwait syscall instead of using the libc wrapper | Matthias Schiffer | |
There are systems without the wrapper (e.g. older Android versions), and the wrapper is broken in some versions of uClibc. | |||
2015-01-09 | More comment fixes | Matthias Schiffer | |
2015-01-09 | Add support for a new big-endian handshake format | Matthias Schiffer | |
Because of strange dicisions in the past, fastd currently uses little endian type and length values in its handshake. As the common network byte order is big endian, changing the handshake format would be preferable. This commit adds support for a new big-endian handshake. For now, fastd will continue to send little-endian handshakes so ensure backwarts compatiblity, but if it receives a big-endian handshake, it will respond with a big-endian one. | |||
2015-01-08 | ecc25519-fhmqvc: add doxygen comments to the key check functions | Matthias Schiffer | |
2015-01-06 | status socket: better error messages on bind errors | Matthias Schiffer | |
2015-01-06 | ec25519-fhmqvc: additional key checks | Matthias Schiffer | |
Until now, it wasn't checked if a public key was the identity element. I don't think this mistake allows any actual attacks against the handshake though. | |||
2015-01-06 | handshake: get rid of stpcpy | Matthias Schiffer | |
stpcpy was added in POSIX.1-2008 and is not present on some systems like Android. | |||
2014-11-15 | Development version | Matthias Schiffer | |
2014-11-15 | fastd v16v16 | Matthias Schiffer | |
2014-11-15 | fastd v16 release notes | Matthias Schiffer | |