Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-20 | Refactor handshake code, prevent downgrade attacks | Matthias Schiffer | |
2013-10-19 | Rename RECORD_HANDSHAKE_MAC to RECORD_TLV_MAC | Matthias Schiffer | |
2013-10-19 | Authenticate the TLV records only | Matthias Schiffer | |
2013-10-19 | Get rid of packet.h | Matthias Schiffer | |
2013-10-19 | Add a HMAC to authenticate all handshake TLV | Matthias Schiffer | |
2013-10-16 | Initiate handshake when a packet can't be sent because the local address is ↵ | Matthias Schiffer | |
invalid | |||
2013-09-03 | Add packet/byte statistics | Matthias Schiffer | |
2013-08-29 | Don't initialize monotone timestamps with zero | Matthias Schiffer | |
The monotone timestamp is near zero on linux systems, confusing fastd. | |||
2013-08-29 | Replace old task queue | Matthias Schiffer | |
The handshakes are now schedules in a doubly-linked list that is maintained as a part of the peer structure. | |||
2013-08-29 | Simplify keepalive sending | Matthias Schiffer | |
By using a global keepalive timer, the O(n) keepalive queue purge operation on every send operation is avoided. | |||
2013-08-28 | ec25519: ensure old sessions are invalidated quickly after a new one has ↵ | Matthias Schiffer | |
been established | |||
2013-08-28 | ec25519: ensure that there is always a handshake enqueued after sending a ↵ | Matthias Schiffer | |
handshake finish This ensures that the handshake is repeated in case the finish packet is lost. | |||
2013-08-28 | ec25519: reset peers as soon as their current session times out | Matthias Schiffer | |
2013-08-28 | Cancel the session establishment earlier when the address can't be claimed ↵ | Matthias Schiffer | |
by the peer There is no reason to run through all the session establishment just to cancel it a moment later. | |||
2013-08-27 | Introduce new log level debug2 for potentially very frequent messages | Matthias Schiffer | |
2013-08-25 | ec25519-fhmqvc: use different handshake keys as initiator and responder | Matthias Schiffer | |
This ensures that even in the unlikely case of a crossed handshake fastd will never establish two sessions with the same encryption key | |||
2013-08-25 | ec25519-fhmqvc: put public and secret keys together in a keypair structure | Matthias Schiffer | |
2013-08-20 | Prevent zero-before-free operations from being optimized out | Matthias Schiffer | |
2013-08-20 | Fix lots of -Wextra warnings | Matthias Schiffer | |
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field. | |||
2013-08-19 | ec25519: add alignment attributes to all keys used as hash inputs | Matthias Schiffer | |
2013-08-19 | ec25519: reorder some code to fix a false-positive "may be used ↵ | Matthias Schiffer | |
uninitialized" warning | |||
2013-08-18 | ec25519: minor code simplifications in handshake handling | Matthias Schiffer | |
2013-08-17 | Cache values calculated in the handshake reponse to reuse them in the finish ↵ | Matthias Schiffer | |
handling | |||
2013-08-17 | Make handshake records const uint8_t* instead of void* | Matthias Schiffer | |
This enforces explicit casting and thus avoids alignment problems. | |||
2013-08-17 | Slightly improve the SHA256 API | Matthias Schiffer | |
2013-08-15 | Align sender key | Matthias Schiffer | |
Unaligned access might be a problem on some architectures, so it's better to copy it to an aligned buffer before further handling the handshake. | |||
2013-08-15 | Replace NaCl's HMAC implementation | Matthias Schiffer | |
2013-08-15 | Add small SHA256 implementation | Matthias Schiffer | |
The NaCl implementation has a code size of more than 10KiB. | |||
2013-07-25 | Move _GNU_SOURCE define to types.h | Matthias Schiffer | |
2013-07-24 | Allow specifying multiple remote entries for a single peer | Matthias Schiffer | |
2013-07-24 | Remove dead code handling resolves triggered by received packets | Matthias Schiffer | |
2013-07-24 | Remove handing for packets received on wrong sockets (this shouldn't happen) | Matthias Schiffer | |
2013-07-23 | Don't trigger a resolve when a packet from an unknown peer is received | Matthias Schiffer | |
2013-07-12 | Invalidate old session on method changes | Matthias Schiffer | |
2013-04-24 | Provide the correct local address on first on-verify for a new temporary peer | Matthias Schiffer | |
2013-04-20 | ec25519-fhmqvc: drop is_established test in protocol_handle_recv() | Matthias Schiffer | |
handle_socket() now tests it before calling handle_recv | |||
2013-04-20 | Greatly improve handling of hosts with multiple IP addresses | Matthias Schiffer | |
2013-04-17 | Fix handling of the local address in shell commands | Matthias Schiffer | |
Without this fix, using on-establish/disestablish/verify would cause a strange zero port when a bind with a random port was used, and a segmentation fault with dynamic binds. | |||
2013-03-09 | Don't try to add temporary peers for disabled keys | Matthias Schiffer | |
2013-03-08 | Fix crash on invalid key definitions | Matthias Schiffer | |
2013-03-08 | Handle duplicate keys | Matthias Schiffer | |
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key. | |||
2013-03-08 | Allow disabling previously enabled peers | Matthias Schiffer | |
2013-03-01 | Re-verify unknown peers on each handshake | Matthias Schiffer | |
2013-03-01 | Identify peers be key in log output when no name is available | Matthias Schiffer | |
2013-02-27 | Don't set the peer address for temporary peers before the session is ↵ | Matthias Schiffer | |
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless. | |||
2013-02-26 | Experimental support for accepting connections from unknown peers | Matthias Schiffer | |
2013-02-25 | Add public keys to shell environment | Matthias Schiffer | |
2013-02-23 | Differentiate between reasons for ignoring a handshake | Matthias Schiffer | |
2013-02-23 | Use fastd_peer_t instead of fastd_peer_config_t in handshake code | Matthias Schiffer | |
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers. | |||
2013-01-21 | Add error message for OOM on buffer alloc | Matthias Schiffer | |