summaryrefslogtreecommitdiffstats
path: root/src/protocol_ec25519_fhmqvc.c
AgeCommit message (Collapse)Author
2013-10-20Refactor handshake code, prevent downgrade attacksMatthias Schiffer
2013-10-19Rename RECORD_HANDSHAKE_MAC to RECORD_TLV_MACMatthias Schiffer
2013-10-19Authenticate the TLV records onlyMatthias Schiffer
2013-10-19Get rid of packet.hMatthias Schiffer
2013-10-19Add a HMAC to authenticate all handshake TLVMatthias Schiffer
2013-10-16Initiate handshake when a packet can't be sent because the local address is ↵Matthias Schiffer
invalid
2013-09-03Add packet/byte statisticsMatthias Schiffer
2013-08-29Don't initialize monotone timestamps with zeroMatthias Schiffer
The monotone timestamp is near zero on linux systems, confusing fastd.
2013-08-29Replace old task queueMatthias Schiffer
The handshakes are now schedules in a doubly-linked list that is maintained as a part of the peer structure.
2013-08-29Simplify keepalive sendingMatthias Schiffer
By using a global keepalive timer, the O(n) keepalive queue purge operation on every send operation is avoided.
2013-08-28ec25519: ensure old sessions are invalidated quickly after a new one has ↵Matthias Schiffer
been established
2013-08-28ec25519: ensure that there is always a handshake enqueued after sending a ↵Matthias Schiffer
handshake finish This ensures that the handshake is repeated in case the finish packet is lost.
2013-08-28ec25519: reset peers as soon as their current session times outMatthias Schiffer
2013-08-28Cancel the session establishment earlier when the address can't be claimed ↵Matthias Schiffer
by the peer There is no reason to run through all the session establishment just to cancel it a moment later.
2013-08-27Introduce new log level debug2 for potentially very frequent messagesMatthias Schiffer
2013-08-25ec25519-fhmqvc: use different handshake keys as initiator and responderMatthias Schiffer
This ensures that even in the unlikely case of a crossed handshake fastd will never establish two sessions with the same encryption key
2013-08-25ec25519-fhmqvc: put public and secret keys together in a keypair structureMatthias Schiffer
2013-08-20Prevent zero-before-free operations from being optimized outMatthias Schiffer
2013-08-20Fix lots of -Wextra warningsMatthias Schiffer
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field.
2013-08-19ec25519: add alignment attributes to all keys used as hash inputsMatthias Schiffer
2013-08-19ec25519: reorder some code to fix a false-positive "may be used ↵Matthias Schiffer
uninitialized" warning
2013-08-18ec25519: minor code simplifications in handshake handlingMatthias Schiffer
2013-08-17Cache values calculated in the handshake reponse to reuse them in the finish ↵Matthias Schiffer
handling
2013-08-17Make handshake records const uint8_t* instead of void*Matthias Schiffer
This enforces explicit casting and thus avoids alignment problems.
2013-08-17Slightly improve the SHA256 APIMatthias Schiffer
2013-08-15Align sender keyMatthias Schiffer
Unaligned access might be a problem on some architectures, so it's better to copy it to an aligned buffer before further handling the handshake.
2013-08-15Replace NaCl's HMAC implementationMatthias Schiffer
2013-08-15Add small SHA256 implementationMatthias Schiffer
The NaCl implementation has a code size of more than 10KiB.
2013-07-25Move _GNU_SOURCE define to types.hMatthias Schiffer
2013-07-24Allow specifying multiple remote entries for a single peerMatthias Schiffer
2013-07-24Remove dead code handling resolves triggered by received packetsMatthias Schiffer
2013-07-24Remove handing for packets received on wrong sockets (this shouldn't happen)Matthias Schiffer
2013-07-23Don't trigger a resolve when a packet from an unknown peer is receivedMatthias Schiffer
2013-07-12Invalidate old session on method changesMatthias Schiffer
2013-04-24Provide the correct local address on first on-verify for a new temporary peerMatthias Schiffer
2013-04-20ec25519-fhmqvc: drop is_established test in protocol_handle_recv()Matthias Schiffer
handle_socket() now tests it before calling handle_recv
2013-04-20Greatly improve handling of hosts with multiple IP addressesMatthias Schiffer
2013-04-17Fix handling of the local address in shell commandsMatthias Schiffer
Without this fix, using on-establish/disestablish/verify would cause a strange zero port when a bind with a random port was used, and a segmentation fault with dynamic binds.
2013-03-09Don't try to add temporary peers for disabled keysMatthias Schiffer
2013-03-08Fix crash on invalid key definitionsMatthias Schiffer
2013-03-08Handle duplicate keysMatthias Schiffer
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key.
2013-03-08Allow disabling previously enabled peersMatthias Schiffer
2013-03-01Re-verify unknown peers on each handshakeMatthias Schiffer
2013-03-01Identify peers be key in log output when no name is availableMatthias Schiffer
2013-02-27Don't set the peer address for temporary peers before the session is ↵Matthias Schiffer
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless.
2013-02-26Experimental support for accepting connections from unknown peersMatthias Schiffer
2013-02-25Add public keys to shell environmentMatthias Schiffer
2013-02-23Differentiate between reasons for ignoring a handshakeMatthias Schiffer
2013-02-23Use fastd_peer_t instead of fastd_peer_config_t in handshake codeMatthias Schiffer
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers.
2013-01-21Add error message for OOM on buffer allocMatthias Schiffer