Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-08-28 | ec25519: reset peers as soon as their current session times out | Matthias Schiffer | |
2013-08-28 | Cancel the session establishment earlier when the address can't be claimed ↵ | Matthias Schiffer | |
by the peer There is no reason to run through all the session establishment just to cancel it a moment later. | |||
2013-08-27 | Introduce new log level debug2 for potentially very frequent messages | Matthias Schiffer | |
2013-08-25 | ec25519-fhmqvc: use different handshake keys as initiator and responder | Matthias Schiffer | |
This ensures that even in the unlikely case of a crossed handshake fastd will never establish two sessions with the same encryption key | |||
2013-08-25 | ec25519-fhmqvc: put public and secret keys together in a keypair structure | Matthias Schiffer | |
2013-08-20 | Prevent zero-before-free operations from being optimized out | Matthias Schiffer | |
2013-08-20 | Fix lots of -Wextra warnings | Matthias Schiffer | |
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field. | |||
2013-08-19 | ec25519: add alignment attributes to all keys used as hash inputs | Matthias Schiffer | |
2013-08-19 | ec25519: reorder some code to fix a false-positive "may be used ↵ | Matthias Schiffer | |
uninitialized" warning | |||
2013-08-18 | ec25519: minor code simplifications in handshake handling | Matthias Schiffer | |
2013-08-17 | Cache values calculated in the handshake reponse to reuse them in the finish ↵ | Matthias Schiffer | |
handling | |||
2013-08-17 | Make handshake records const uint8_t* instead of void* | Matthias Schiffer | |
This enforces explicit casting and thus avoids alignment problems. | |||
2013-08-17 | Slightly improve the SHA256 API | Matthias Schiffer | |
2013-08-15 | Align sender key | Matthias Schiffer | |
Unaligned access might be a problem on some architectures, so it's better to copy it to an aligned buffer before further handling the handshake. | |||
2013-08-15 | Replace NaCl's HMAC implementation | Matthias Schiffer | |
2013-08-15 | Add small SHA256 implementation | Matthias Schiffer | |
The NaCl implementation has a code size of more than 10KiB. | |||
2013-07-25 | Move _GNU_SOURCE define to types.h | Matthias Schiffer | |
2013-07-24 | Allow specifying multiple remote entries for a single peer | Matthias Schiffer | |
2013-07-24 | Remove dead code handling resolves triggered by received packets | Matthias Schiffer | |
2013-07-24 | Remove handing for packets received on wrong sockets (this shouldn't happen) | Matthias Schiffer | |
2013-07-23 | Don't trigger a resolve when a packet from an unknown peer is received | Matthias Schiffer | |
2013-07-12 | Invalidate old session on method changes | Matthias Schiffer | |
2013-04-24 | Provide the correct local address on first on-verify for a new temporary peer | Matthias Schiffer | |
2013-04-20 | ec25519-fhmqvc: drop is_established test in protocol_handle_recv() | Matthias Schiffer | |
handle_socket() now tests it before calling handle_recv | |||
2013-04-20 | Greatly improve handling of hosts with multiple IP addresses | Matthias Schiffer | |
2013-04-17 | Fix handling of the local address in shell commands | Matthias Schiffer | |
Without this fix, using on-establish/disestablish/verify would cause a strange zero port when a bind with a random port was used, and a segmentation fault with dynamic binds. | |||
2013-03-09 | Don't try to add temporary peers for disabled keys | Matthias Schiffer | |
2013-03-08 | Fix crash on invalid key definitions | Matthias Schiffer | |
2013-03-08 | Handle duplicate keys | Matthias Schiffer | |
When two peers are configured with the same key, disable both. When a temporary peer's key is configured, delete the temporary key. | |||
2013-03-08 | Allow disabling previously enabled peers | Matthias Schiffer | |
2013-03-01 | Re-verify unknown peers on each handshake | Matthias Schiffer | |
2013-03-01 | Identify peers be key in log output when no name is available | Matthias Schiffer | |
2013-02-27 | Don't set the peer address for temporary peers before the session is ↵ | Matthias Schiffer | |
actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless. | |||
2013-02-26 | Experimental support for accepting connections from unknown peers | Matthias Schiffer | |
2013-02-25 | Add public keys to shell environment | Matthias Schiffer | |
2013-02-23 | Differentiate between reasons for ignoring a handshake | Matthias Schiffer | |
2013-02-23 | Use fastd_peer_t instead of fastd_peer_config_t in handshake code | Matthias Schiffer | |
Directly using the peers allows us to get rid of the inefficient get_peer() function and is necessary for adding support for unknown peers. | |||
2013-01-21 | Add error message for OOM on buffer alloc | Matthias Schiffer | |
2013-01-09 | Improve checking of received handshake keys | Matthias Schiffer | |
2013-01-09 | Update to libuecc v3, check EC points for validity | Matthias Schiffer | |
2013-01-05 | Adjust copyright years | Matthias Schiffer | |
2012-12-23 | Fix up all usage of deprecated libuecc API | Matthias Schiffer | |
2012-12-18 | Convert type names to _t convention | Matthias Schiffer | |
2012-11-05 | Implement peer limit constraints | Matthias Schiffer | |
2012-11-02 | Improve handling of associated sockets in key matching | Matthias Schiffer | |
2012-11-01 | Dynamically create and destroy sockets without fixed binds | Matthias Schiffer | |
2012-10-29 | Add support for multiple binds | Matthias Schiffer | |
2012-09-15 | Use inline function for alignment | Matthias Schiffer | |
2012-09-15 | Rework some parts of the AES128-GCM method | Matthias Schiffer | |
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily. | |||
2012-07-01 | Add support for multiple crypto methods without reconfiguration | Matthias Schiffer | |