summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2012-10-29Allow setting IPv[46] default bind addressesMatthias Schiffer
2012-10-29Allow setting bind interfaceMatthias Schiffer
2012-10-29Fix bind error messagesMatthias Schiffer
2012-10-29Add support for multiple bindsMatthias Schiffer
2012-10-29config: Simplify default_config()Matthias Schiffer
2012-09-21fastd v0.5v0.5Matthias Schiffer
2012-09-21Nicely encapsulate different crypto algorithm implementationsMatthias Schiffer
2012-09-16Imcrement rc versionv0.5-rc4Matthias Schiffer
2012-09-16Handle posix_memalign return valueMatthias Schiffer
This is nothing we could handle correctly (well, in the long run we should print and error message), but at least this silences a warning with _FORTIFY_SOURCE.
2012-09-16Increment rc versionv0.5-rc3Matthias Schiffer
2012-09-16Make implementations used for AES128-CTR and GHASH configurable.Matthias Schiffer
2012-09-16Fix alignment for NaCl's core2 assembler implementation of AES128-CTRMatthias Schiffer
2012-09-16Ignore SIGPIPEMatthias Schiffer
We want this because of reasons. Just to be sure.
2012-09-15Use inline function for alignmentMatthias Schiffer
2012-09-15Add support for kernel AES implementationsMatthias Schiffer
This gives AES128 a slight boost on my system, but it is still slower than XSalsa20... I should probably write userspace code that can make use of AES-NI and CLMUL. Or directly jump to the kernel space with the whole forwarding code. Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES acceleration, at least if the context switches aren't too expensive...
2012-09-15Add support for using kernel implementations of GHASHMatthias Schiffer
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware.
2012-09-15Rework some parts of the AES128-GCM methodMatthias Schiffer
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily.
2012-09-15Improve data alignmentMatthias Schiffer
Ensure that the actual packet data is always aligned to a multiple of 8.
2012-09-14Critical: fix various problems in the AES128-GCM methodMatthias Schiffer
There were several bugs in the code that were severely lowering the expected security and completely breaking compatiblity with alternative implementations. The fixed version is checked against the test vectors specified in [1], and should thus be correct. [1] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
2012-07-02Fix typo in --machine-readable help messageMatthias Schiffer
2012-07-02Remove unneeded includeMatthias Schiffer
2012-07-02Require whitespace after keywords and strings etc. in config filesMatthias Schiffer
2012-07-01Version incrementv0.5-rc2Matthias Schiffer
2012-07-01Add missing _GNU_SOURCE definitionMatthias Schiffer
2012-07-01Version incrementv0.5-rc1Matthias Schiffer
2012-07-01Add support for multiple crypto methods without reconfigurationMatthias Schiffer
2012-07-01Fix invalid print on handshake failure with an unknown code.Matthias Schiffer
2012-06-27Remove unneeded size bytes from GCM to suppress warningsMatthias Schiffer
2012-06-27Implement GCM with lookup tableMatthias Schiffer
2012-06-27Fix critical memory corruption bug in coreMatthias Schiffer
2012-06-27Optimized GCM implementationMatthias Schiffer
2012-06-27Primitive aes128-gcm implementationMatthias Schiffer
2012-06-24Release 0.4v0.4Matthias Schiffer
2012-06-19Don't re-resolve dynamic-floating peers on key refreshMatthias Schiffer
2012-06-15Version incrementv0.4-rc13Matthias Schiffer
2012-06-15Allow setting dynamic peers to flaotingMatthias Schiffer
2012-06-15Avoid using the same handshake key to establish more than one sessionMatthias Schiffer
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case.
2012-06-07Limit handshake frequency where possibleMatthias Schiffer
2012-06-07Fix memory leakMatthias Schiffer
2012-06-06Limit resolve frequencyMatthias Schiffer
2012-06-06Improve some log levelsMatthias Schiffer
2012-06-05Increase reorder countMatthias Schiffer
2012-06-05Increment rc versionv0.4-rc12Matthias Schiffer
2012-06-05Fix possible duplicate session establishmentMatthias Schiffer
This is causing duplicate nonces in the worst case.
2012-06-05printf: add %p patternMatthias Schiffer
2012-06-05Add support for receiving reordered packetsMatthias Schiffer
2012-06-04Increment rc versionv0.4-rc11Matthias Schiffer
2012-06-04Make sure refresh handshakes aren't cleanedMatthias Schiffer
2012-06-04Fix key invalidation order on key refreshMatthias Schiffer
2012-06-04Add version string to handshakeMatthias Schiffer