Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-09-16 | Make implementations used for AES128-CTR and GHASH configurable. | Matthias Schiffer | |
2012-09-16 | Fix alignment for NaCl's core2 assembler implementation of AES128-CTR | Matthias Schiffer | |
2012-09-15 | Use inline function for alignment | Matthias Schiffer | |
2012-09-15 | Add support for kernel AES implementations | Matthias Schiffer | |
This gives AES128 a slight boost on my system, but it is still slower than XSalsa20... I should probably write userspace code that can make use of AES-NI and CLMUL. Or directly jump to the kernel space with the whole forwarding code. Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES acceleration, at least if the context switches aren't too expensive... | |||
2012-09-15 | Add support for using kernel implementations of GHASH | Matthias Schiffer | |
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware. | |||
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-09-15 | Improve data alignment | Matthias Schiffer | |
Ensure that the actual packet data is always aligned to a multiple of 8. | |||
2012-07-01 | Version incrementv0.5-rc2 | Matthias Schiffer | |
2012-07-01 | Version incrementv0.5-rc1 | Matthias Schiffer | |
2012-07-01 | Add support for multiple crypto methods without reconfiguration | Matthias Schiffer | |
2012-06-24 | Release 0.4v0.4 | Matthias Schiffer | |
2012-06-15 | Version incrementv0.4-rc13 | Matthias Schiffer | |
2012-06-15 | Avoid using the same handshake key to establish more than one session | Matthias Schiffer | |
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case. | |||
2012-06-07 | Limit handshake frequency where possible | Matthias Schiffer | |
2012-06-06 | Limit resolve frequency | Matthias Schiffer | |
2012-06-05 | Increment rc versionv0.4-rc12 | Matthias Schiffer | |
2012-06-05 | Fix possible duplicate session establishment | Matthias Schiffer | |
This is causing duplicate nonces in the worst case. | |||
2012-06-05 | Add support for receiving reordered packets | Matthias Schiffer | |
2012-06-04 | Increment rc versionv0.4-rc11 | Matthias Schiffer | |
2012-06-04 | Add pidfile support | Matthias Schiffer | |
2012-05-24 | Increase rc versionv0.4-rc10 | Matthias Schiffer | |
2012-05-18 | Uninline pr_log | Matthias Schiffer | |
2012-05-18 | Increment rc versionv0.4-rc9 | Matthias Schiffer | |
2012-05-18 | New logging facilities | Matthias Schiffer | |
2012-05-17 | Add daemon mode | Matthias Schiffer | |
2012-05-03 | Use pipe to transmit resolved addresses to main threadv0.4-rc7 | Matthias Schiffer | |
2012-04-27 | Increment rcv0.4-rc5 | Matthias Schiffer | |
2012-04-22 | Add --show-key and --machine-readable options | Matthias Schiffer | |
2012-04-19 | Don't regenerate session handshake keypair for every handshake so a global ↵ | Matthias Schiffer | |
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely. | |||
2012-04-17 | Add --help page | Matthias Schiffer | |
2012-04-16 | Rename peer-to-peer to forward; remove now useless peer command line optionv0.4-rc1 | Matthias Schiffer | |
2012-04-16 | Lots of fixes and improvements on the resolver code | Matthias Schiffer | |
2012-04-16 | Add support for peers specified by hostnames | Matthias Schiffer | |
2012-04-14 | Reduce task queue usage | Matthias Schiffer | |
2012-04-14 | Separate handshake from encryption method | Matthias Schiffer | |
2012-04-05 | Add on-establish and on-disestablish commandsv0.2 | Matthias Schiffer | |
2012-04-05 | Cleanly shutdown; add on-down command | Matthias Schiffer | |
2012-04-05 | Implement reconfiguration on SIGHUP | Matthias Schiffer | |
2012-04-03 | Keep track of peer dirs | Matthias Schiffer | |
2012-04-03 | Ignore peer configs with errors in peer dirs instead of exiting | Matthias Schiffer | |
2012-04-03 | Keep list of strings allocated by the lexer | Matthias Schiffer | |
2012-04-02 | Allow peer-to-peer forwarding | Matthias Schiffer | |
2012-04-02 | Add sending of keep-alive packets | Matthias Schiffer | |
2012-04-01 | Add timestamps to log messages | Matthias Schiffer | |
2012-04-01 | Add log level configuration | Matthias Schiffer | |
2012-04-01 | Add verbose log level, change some log messages | Matthias Schiffer | |
2012-04-01 | Add missing includes that didn't throw errors with clang | Matthias Schiffer | |
2012-03-31 | ecfxp: refresh session key periodically | Matthias Schiffer | |
2012-03-31 | Change how handshakes are triggered | Matthias Schiffer | |
2012-03-30 | Limit key validity | Matthias Schiffer | |