Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-10-18 | config: make on_up/down/establish/disestablish commands configurable per ↵ | Matthias Schiffer | |
peer group | |||
2015-10-18 | peer_group: move to a new header, add recursive lookup macros | Matthias Schiffer | |
2015-09-04 | config: allow moving the 'on verify' clause into a peer group | Matthias Schiffer | |
2015-03-24 | Make build dependencies more configurable | Matthias Schiffer | |
2015-03-24 | Add support for defining the MTU per peer | Matthias Schiffer | |
2015-03-23 | peer: create interface when the connection has been established and no ↵ | Matthias Schiffer | |
interface exists yet Allows using dynamic interfaces with dynamic peers. | |||
2015-03-23 | ec25519-fhmqvc: call fastd_peer_reset to setup newly added dynamic peers | Matthias Schiffer | |
2015-03-23 | Improve sync/async execution of up/down scripts | Matthias Schiffer | |
2015-03-23 | Set the default interface for all peers | Matthias Schiffer | |
2015-01-23 | ec25519-fhmqvc: comment update | Matthias Schiffer | |
2015-01-23 | ec25519-fhmqvc: add sender's public key to a few debug messages | Matthias Schiffer | |
2015-01-23 | ec25519-fhmqvc: use new hexdump logging feature for unknown keys | Matthias Schiffer | |
2015-01-22 | ec25519-fhmqvc: use reduced-bitlength scalar multiplication | Matthias Schiffer | |
The values d and e will only use 128bits, so speed up the scalar multiplication by using the new reduced-bitlength scalar multiplication functions. This change requires the current development version of libuecc. | |||
2015-01-21 | Downgrade "verification failed" message from verbose to debug2 | Matthias Schiffer | |
This message will be printed for every packet in severe reordering situtations, so better not print it by default. In the future, we'll need a rate limiting mechanism... | |||
2015-01-20 | handshake: delay method parsing until the sender key has been handled | Matthias Schiffer | |
Otherwise fastd won't use the correct peer group's method list for handshakes incoming on generic sockets. | |||
2015-01-14 | Update copyright years | Matthias Schiffer | |
2015-01-14 | Allow to configure methods per peer group | Matthias Schiffer | |
2015-01-09 | Comment typo fix | Matthias Schiffer | |
2015-01-09 | ec25519-fhmqvc: don't check group order of peers' public keys | Matthias Schiffer | |
Skipping this check will significantly speed up startup with many peers. As we now do embedded group order verification, an attacker can't gain anything from small-subgroup attacks, so skipping the check isn't a security issue. | |||
2015-01-09 | ec25519-fhmqvc: optimize handshake by using embedded group element verification | Matthias Schiffer | |
Using the embedded group element verification allows us to get away without explicit verification, thus needing one scalar multiplication less. This reduces the number of expensive operations needed for a handshake to three: one Galois field square root (for key unpacking) and two scalar multiplications. For this optimization to be secure, private keys must be divisible by 8. This is the case for all keys generated with all but extremely old versions of fastd (pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse to start now. | |||
2015-01-09 | Move protocol-specific TLV specifications to main handshake record enum | Matthias Schiffer | |
2015-01-09 | ec25519-fhmqvc: unpack peers' keys only once | Matthias Schiffer | |
2015-01-09 | Add support for a new big-endian handshake format | Matthias Schiffer | |
Because of strange dicisions in the past, fastd currently uses little endian type and length values in its handshake. As the common network byte order is big endian, changing the handshake format would be preferable. This commit adds support for a new big-endian handshake. For now, fastd will continue to send little-endian handshakes so ensure backwarts compatiblity, but if it receives a big-endian handshake, it will respond with a big-endian one. | |||
2015-01-08 | ecc25519-fhmqvc: add doxygen comments to the key check functions | Matthias Schiffer | |
2015-01-06 | ec25519-fhmqvc: additional key checks | Matthias Schiffer | |
Until now, it wasn't checked if a public key was the identity element. I don't think this mistake allows any actual attacks against the handshake though. | |||
2014-11-15 | ec25519-fhmqvc: extend describe_peer to return the whole key | Matthias Schiffer | |
2014-11-15 | Fix segfault when checking peer addresses | Matthias Schiffer | |
This segfault would occur when a peer with a static IP address (e.i. not a hostname resolved via DNS) is read, and any other peer after that. | |||
2014-11-11 | ec25519-fhmqvc: add missing Doxygen comment | Matthias Schiffer | |
2014-10-13 | ec25519-fhmqvc: improve unknown key message | Matthias Schiffer | |
2014-09-16 | More fixes for zero-length VLAs | Matthias Schiffer | |
2014-09-10 | ec25519-fhmqvc: refactor old session check code | Matthias Schiffer | |
2014-09-09 | Add current method of connections to status output | Matthias Schiffer | |
2014-09-08 | Make stats of reordered packets | Matthias Schiffer | |
2014-09-06 | Move UNUSED attribute to the start of arguments to help editors understand ↵ | Matthias Schiffer | |
the syntax | |||
2014-08-31 | Replace memcmp with a constant-time version in some places | Matthias Schiffer | |
2014-08-24 | Coding style: always add a space between a pointer's type and the * | Matthias Schiffer | |
2014-08-24 | Use simple int64_t timestamps in ms instead of timespecs | Matthias Schiffer | |
2014-08-24 | Merge peer config into peer structure | Matthias Schiffer | |
With this refactoring, the structure fastd_peer_config_t is merged into fastd_peer_t, and fastd_remote_config_t into fastd_remote_t. This also means we now create peers directly when reading their configurations, which significantly simplifies the whole reload process, and prepares for some future optimizations like a key hash table. Note: This commit is too big, but I couldn't come up with a nice way to split it into smaller pieces... | |||
2014-08-19 | Create peer structures for disabled peers as well | Matthias Schiffer | |
We have a 1:1 association between peers and peer configs now. | |||
2014-08-18 | Dynamically create peer configs for dynamic peers | Matthias Schiffer | |
This avoids duplicating the protocol_config field. | |||
2014-08-18 | Rename WITH_VERIFY CMake option to WITH_DYNAMIC_PEERS | Matthias Schiffer | |
2014-08-18 | Rename "temporary peers" to "dynamic peers" | Matthias Schiffer | |
2014-08-09 | Move fastd_config_t.peers to fastd_context_t.peer_configs | Matthias Schiffer | |
2014-08-02 | Introduce and use alloc helpers | Matthias Schiffer | |
These new helpers will terminate fastd on allocation failures and add some additional convenience (allow strdup with NULL; typesafe new(type) macros). | |||
2014-06-08 | Allow async verify for handshake responses | Matthias Schiffer | |
This will lead to a bit strange handshake as a handshake response is answered with another handshake response, but it won't lead to loops because of the verification and handshake backoff intervals. | |||
2014-05-31 | Make log levels verbose and info more useful | Matthias Schiffer | |
2014-05-29 | Document *everything* | Matthias Schiffer | |
2014-05-28 | Still more documentation | Matthias Schiffer | |
2014-05-25 | Make a few struct fields that are not supposed to be changed defines instead | Matthias Schiffer | |
2014-04-26 | Make on-verify support optional | Matthias Schiffer | |