summaryrefslogtreecommitdiffstats
path: root/src/protocol_ec25519_fhmqvc.c
AgeCommit message (Collapse)Author
2013-07-25Move _GNU_SOURCE define to types.hMatthias Schiffer
2013-07-24Allow specifying multiple remote entries for a single peerMatthias Schiffer
2013-07-24Remove dead code handling resolves triggered by received packetsMatthias Schiffer
2013-07-24Remove handing for packets received on wrong sockets (this shouldn't happen)Matthias Schiffer
2013-07-23Don't trigger a resolve when a packet from an unknown peer is receivedMatthias Schiffer
2013-07-12Invalidate old session on method changesMatthias Schiffer
2013-04-24Provide the correct local address on first on-verify for a new temporary peerMatthias Schiffer
2013-04-20ec25519-fhmqvc: drop is_established test in protocol_handle_recv()Matthias Schiffer
handle_socket() now tests it before calling handle_recv
2013-04-20Greatly improve handling of hosts with multiple IP addressesMatthias Schiffer
2013-04-17Fix handling of the local address in shell commandsMatthias Schiffer
Without this fix, using on-establish/disestablish/verify would cause a strange zero port when a bind with a random port was used, and a segmentation fault with dynamic binds.
2013-03-09Don't try to add temporary peers for disabled keysMatthias Schiffer
2013-03-08Fix crash on invalid key definitionsMatthias Schiffer
2013-03-08Handle duplicate keysMatthias Schiffer
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key.
2013-03-08Allow disabling previously enabled peersMatthias Schiffer
2013-03-01Re-verify unknown peers on each handshakeMatthias Schiffer
2013-03-01Identify peers be key in log output when no name is availableMatthias Schiffer
2013-02-27Don't set the peer address for temporary peers before the session is ↵Matthias Schiffer
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless.
2013-02-26Experimental support for accepting connections from unknown peersMatthias Schiffer
2013-02-25Add public keys to shell environmentMatthias Schiffer
2013-02-23Differentiate between reasons for ignoring a handshakeMatthias Schiffer
2013-02-23Use fastd_peer_t instead of fastd_peer_config_t in handshake codeMatthias Schiffer
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers.
2013-01-21Add error message for OOM on buffer allocMatthias Schiffer
2013-01-09Improve checking of received handshake keysMatthias Schiffer
2013-01-09Update to libuecc v3, check EC points for validityMatthias Schiffer
2013-01-05Adjust copyright yearsMatthias Schiffer
2012-12-23Fix up all usage of deprecated libuecc APIMatthias Schiffer
2012-12-18Convert type names to _t conventionMatthias Schiffer
2012-11-05Implement peer limit constraintsMatthias Schiffer
2012-11-02Improve handling of associated sockets in key matchingMatthias Schiffer
2012-11-01Dynamically create and destroy sockets without fixed bindsMatthias Schiffer
2012-10-29Add support for multiple bindsMatthias Schiffer
2012-09-15Use inline function for alignmentMatthias Schiffer
2012-09-15Rework some parts of the AES128-GCM methodMatthias Schiffer
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily.
2012-07-01Add support for multiple crypto methods without reconfigurationMatthias Schiffer
2012-06-15Avoid using the same handshake key to establish more than one sessionMatthias Schiffer
This fix prevents a potential attack using intentional packet reordering to initialize more than one session with using the same handshake keys, leading to more that one session to be initialized with the same key data altogether, allowing to decrypt some packets in the worst case.
2012-06-07Limit handshake frequency where possibleMatthias Schiffer
2012-06-06Limit resolve frequencyMatthias Schiffer
2012-06-06Improve some log levelsMatthias Schiffer
2012-06-05Fix possible duplicate session establishmentMatthias Schiffer
This is causing duplicate nonces in the worst case.
2012-06-05Add support for receiving reordered packetsMatthias Schiffer
2012-06-04Make sure refresh handshakes aren't cleanedMatthias Schiffer
2012-06-04Fix key invalidation order on key refreshMatthias Schiffer
2012-06-04Add version string to handshakeMatthias Schiffer
2012-06-04Improve handshake loggingMatthias Schiffer
2012-05-03Fix critical error introduced by copy-and-pasting, another possible NULL ↵Matthias Schiffer
dereference
2012-05-03Critical fix: ignore disabled peers when searching peer key to avoid NULL ↵v0.4-rc6Matthias Schiffer
dereference
2012-04-22Ignore handshakes for 15 seconds after session establishment to avoid ↵v0.4-rc2Matthias Schiffer
excessive and concurrent handshakes
2012-04-22Add --show-key and --machine-readable optionsMatthias Schiffer
2012-04-22Ignore peers with own keyMatthias Schiffer
2012-04-19Don't regenerate session handshake keypair for every handshake so a global ↵Matthias Schiffer
state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 04:39:12 +0100