| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-21 | Downgrade "verification failed" message from verbose to debug2 | Matthias Schiffer | |
| This message will be printed for every packet in severe reordering situtations, so better not print it by default. In the future, we'll need a rate limiting mechanism... | |||
| 2015-01-14 | Update copyright years | Matthias Schiffer | |
| 2015-01-09 | ec25519-fhmqvc: don't check group order of peers' public keys | Matthias Schiffer | |
| Skipping this check will significantly speed up startup with many peers. As we now do embedded group order verification, an attacker can't gain anything from small-subgroup attacks, so skipping the check isn't a security issue. | |||
| 2015-01-09 | ec25519-fhmqvc: optimize handshake by using embedded group element verification | Matthias Schiffer | |
| Using the embedded group element verification allows us to get away without explicit verification, thus needing one scalar multiplication less. This reduces the number of expensive operations needed for a handshake to three: one Galois field square root (for key unpacking) and two scalar multiplications. For this optimization to be secure, private keys must be divisible by 8. This is the case for all keys generated with all but extremely old versions of fastd (pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse to start now. | |||
| 2015-01-09 | ec25519-fhmqvc: unpack peers' keys only once | Matthias Schiffer | |
| 2015-01-06 | ec25519-fhmqvc: additional key checks | Matthias Schiffer | |
| Until now, it wasn't checked if a public key was the identity element. I don't think this mistake allows any actual attacks against the handshake though. | |||
| 2014-09-10 | ec25519-fhmqvc: refactor old session check code | Matthias Schiffer | |
| 2014-09-09 | Add current method of connections to status output | Matthias Schiffer | |
| 2014-09-08 | Make stats of reordered packets | Matthias Schiffer | |
| 2014-08-24 | Coding style: always add a space between a pointer's type and the * | Matthias Schiffer | |
| 2014-08-24 | Use simple int64_t timestamps in ms instead of timespecs | Matthias Schiffer | |
| 2014-08-24 | Merge peer config into peer structure | Matthias Schiffer | |
| With this refactoring, the structure fastd_peer_config_t is merged into fastd_peer_t, and fastd_remote_config_t into fastd_remote_t. This also means we now create peers directly when reading their configurations, which significantly simplifies the whole reload process, and prepares for some future optimizations like a key hash table. Note: This commit is too big, but I couldn't come up with a nice way to split it into smaller pieces... | |||
| 2014-08-18 | Rename WITH_VERIFY CMake option to WITH_DYNAMIC_PEERS | Matthias Schiffer | |
| 2014-08-18 | Rename "temporary peers" to "dynamic peers" | Matthias Schiffer | |
| 2014-08-02 | Introduce and use alloc helpers | Matthias Schiffer | |
| These new helpers will terminate fastd on allocation failures and add some additional convenience (allow strdup with NULL; typesafe new(type) macros). | |||
| 2014-05-29 | Document *everything* | Matthias Schiffer | |
| 2014-05-28 | Still more documentation | Matthias Schiffer | |
| 2014-05-25 | Make a few struct fields that are not supposed to be changed defines instead | Matthias Schiffer | |
| 2014-04-26 | Make on-verify support optional | Matthias Schiffer | |
| 2014-04-26 | Implement async verify | Matthias Schiffer | |
| 2014-04-24 | ec25519-fhmqvc: use PUBLICKEYBYTES and SECRETKEYBYTES defines more | Matthias Schiffer | |
| 2014-04-20 | Make ctx global | Matthias Schiffer | |
| 2014-04-20 | Make conf global | Matthias Schiffer | |
| 2014-03-14 | Adjust copyright years | Matthias Schiffer | |
| 2014-03-10 | Make --verify-config option more flexible | Matthias Schiffer | |
| 2014-01-26 | Switch to the new timeout helpers where possible | Matthias Schiffer | |
| 2013-11-30 | Rename methods to methods providers and method contexts to methods to ↵ | Matthias Schiffer | |
| reflect their function better | |||
| 2013-11-30 | Perform string-based lookup of method-related information only once | Matthias Schiffer | |
| 2013-11-29 | Output an error message when the encrypt function fails | Matthias Schiffer | |
| 2013-11-29 | Compile with -std=c99 and restructure some code to ensure there is no ↵ | Matthias Schiffer | |
| invalid aliasing (hopefully) | |||
| 2013-11-20 | Slightly simplify method/cipher/MAC definitions | Matthias Schiffer | |
| 2013-11-14 | Move test for initiator in the session refresh check from protocol to method | Matthias Schiffer | |
| 2013-10-30 | Separate ec25519-fhmqvc into multiple source files | Matthias Schiffer | |
| 2013-10-29 | Rename fastd_parse_method_name to fastd_method_get_by_name | Matthias Schiffer | |
| 2013-10-29 | Handle methods as strings | Matthias Schiffer | |
| 2013-10-29 | Allow using libsodium instead of NaCl | Matthias Schiffer | |
| As libsodium has some strange include files (like a version.h), we try to use absolute include paths whenever possible in fastd now and rename our generated headers. | |||
| 2013-10-28 | Organize method and protocol source files into distinct source directories | Matthias Schiffer | |
 |
index : fastd | |
| Fast and Secure Tunnelling Daemon | Matthias Schiffer <mschiffer@universe-factory.net> |
| summaryrefslogtreecommitdiffstats |