summaryrefslogtreecommitdiffstats
path: root/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
AgeCommit message (Collapse)Author
2015-01-21Downgrade "verification failed" message from verbose to debug2Matthias Schiffer
This message will be printed for every packet in severe reordering situtations, so better not print it by default. In the future, we'll need a rate limiting mechanism...
2015-01-14Update copyright yearsMatthias Schiffer
2015-01-09ec25519-fhmqvc: don't check group order of peers' public keysMatthias Schiffer
Skipping this check will significantly speed up startup with many peers. As we now do embedded group order verification, an attacker can't gain anything from small-subgroup attacks, so skipping the check isn't a security issue.
2015-01-09ec25519-fhmqvc: optimize handshake by using embedded group element verificationMatthias Schiffer
Using the embedded group element verification allows us to get away without explicit verification, thus needing one scalar multiplication less. This reduces the number of expensive operations needed for a handshake to three: one Galois field square root (for key unpacking) and two scalar multiplications. For this optimization to be secure, private keys must be divisible by 8. This is the case for all keys generated with all but extremely old versions of fastd (pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse to start now.
2015-01-09ec25519-fhmqvc: unpack peers' keys only onceMatthias Schiffer
2015-01-06ec25519-fhmqvc: additional key checksMatthias Schiffer
Until now, it wasn't checked if a public key was the identity element. I don't think this mistake allows any actual attacks against the handshake though.
2014-09-10ec25519-fhmqvc: refactor old session check codeMatthias Schiffer
2014-09-09Add current method of connections to status outputMatthias Schiffer
2014-09-08Make stats of reordered packetsMatthias Schiffer
2014-08-24Coding style: always add a space between a pointer's type and the *Matthias Schiffer
2014-08-24Use simple int64_t timestamps in ms instead of timespecsMatthias Schiffer
2014-08-24Merge peer config into peer structureMatthias Schiffer
With this refactoring, the structure fastd_peer_config_t is merged into fastd_peer_t, and fastd_remote_config_t into fastd_remote_t. This also means we now create peers directly when reading their configurations, which significantly simplifies the whole reload process, and prepares for some future optimizations like a key hash table. Note: This commit is too big, but I couldn't come up with a nice way to split it into smaller pieces...
2014-08-18Rename WITH_VERIFY CMake option to WITH_DYNAMIC_PEERSMatthias Schiffer
2014-08-18Rename "temporary peers" to "dynamic peers"Matthias Schiffer
2014-08-02Introduce and use alloc helpersMatthias Schiffer
These new helpers will terminate fastd on allocation failures and add some additional convenience (allow strdup with NULL; typesafe new(type) macros).
2014-05-29Document *everything*Matthias Schiffer
2014-05-28Still more documentationMatthias Schiffer
2014-05-25Make a few struct fields that are not supposed to be changed defines insteadMatthias Schiffer
2014-04-26Make on-verify support optionalMatthias Schiffer
2014-04-26Implement async verifyMatthias Schiffer
2014-04-24ec25519-fhmqvc: use PUBLICKEYBYTES and SECRETKEYBYTES defines moreMatthias Schiffer
2014-04-20Make ctx globalMatthias Schiffer
2014-04-20Make conf globalMatthias Schiffer
2014-03-14Adjust copyright yearsMatthias Schiffer
2014-03-10Make --verify-config option more flexibleMatthias Schiffer
2014-01-26Switch to the new timeout helpers where possibleMatthias Schiffer
2013-11-30Rename methods to methods providers and method contexts to methods to ↵Matthias Schiffer
reflect their function better
2013-11-30Perform string-based lookup of method-related information only onceMatthias Schiffer
2013-11-29Output an error message when the encrypt function failsMatthias Schiffer
2013-11-29Compile with -std=c99 and restructure some code to ensure there is no ↵Matthias Schiffer
invalid aliasing (hopefully)
2013-11-20Slightly simplify method/cipher/MAC definitionsMatthias Schiffer
2013-11-14Move test for initiator in the session refresh check from protocol to methodMatthias Schiffer
2013-10-30Separate ec25519-fhmqvc into multiple source filesMatthias Schiffer
2013-10-29Rename fastd_parse_method_name to fastd_method_get_by_nameMatthias Schiffer
2013-10-29Handle methods as stringsMatthias Schiffer
2013-10-29Allow using libsodium instead of NaClMatthias Schiffer
As libsodium has some strange include files (like a version.h), we try to use absolute include paths whenever possible in fastd now and rename our generated headers.
2013-10-28Organize method and protocol source files into distinct source directoriesMatthias Schiffer