Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-29 | Allow using libsodium instead of NaCl | Matthias Schiffer | |
As libsodium has some strange include files (like a version.h), we try to use absolute include paths whenever possible in fastd now and rename our generated headers. | |||
2013-10-28 | Unify duplicate code in xsalsa20-poly1305 and aes128-gcm methods | Matthias Schiffer | |
2013-10-28 | Organize method and protocol source files into distinct source directories | Matthias Schiffer | |
2013-10-24 | Fix maybe-uninitialized warning | Matthias Schiffer | |
2013-10-20 | Don't print fastd version from handshake requests when secure handshakes are ↵ | Matthias Schiffer | |
set, instead print it on handshake finish | |||
2013-10-20 | Warn when no encryption method is set | Matthias Schiffer | |
2013-10-20 | Don't send chosen method name when it doesn't matter | Matthias Schiffer | |
2013-10-20 | Align handshake buffer | Matthias Schiffer | |
2013-10-20 | Always check for mode and protocol mismatches | Matthias Schiffer | |
This was accidentially disabled in the previous commit for initial handshake requests. | |||
2013-10-20 | Refactor handshake code, prevent downgrade attacks | Matthias Schiffer | |
2013-10-19 | Rename RECORD_HANDSHAKE_MAC to RECORD_TLV_MAC | Matthias Schiffer | |
2013-10-19 | Authenticate the TLV records only | Matthias Schiffer | |
2013-10-19 | Use the rsv2 field in the handshake header as an optional length field to ↵ | Matthias Schiffer | |
facilitate future extensions | |||
2013-10-19 | Get rid of packet.h | Matthias Schiffer | |
2013-10-19 | Add a HMAC to authenticate all handshake TLV | Matthias Schiffer | |
2013-10-18 | Generalize SHA256 functions to work with arbitrary inputs | Matthias Schiffer | |
2013-10-17 | Use the default delay before a handshake is sent when the local address is ↵ | Matthias Schiffer | |
invalid Sending it right away will make crossed handshakes more probable which is especially painful when roaming, so it's better to add the delay. | |||
2013-10-16 | Add `secure handshakes' option (without effect for now) | Matthias Schiffer | |
Not setting the option produces a warning (so not having it set is deprecated now), so we can change the default from no to yes in a few release cycles. | |||
2013-10-16 | Initiate handshake when a packet can't be sent because the local address is ↵ | Matthias Schiffer | |
invalid | |||
2013-10-16 | Fix fast roaming when local IP address has changed | Matthias Schiffer | |
2013-10-04 | Fix source address choice for IPv4 on Linux | Matthias Schiffer | |
2013-09-30 | Invalidate null sessions when they are superseded | Matthias Schiffer | |
2013-09-06 | Change directory to / when privileges are dropped or the user is changed | Matthias Schiffer | |
2013-09-03 | Add packet/byte statistics | Matthias Schiffer | |
2013-08-30 | Demote some sendmsg warnings to debug and debug2 levels | Matthias Schiffer | |
2013-08-29 | Don't initialize monotone timestamps with zero | Matthias Schiffer | |
The monotone timestamp is near zero on linux systems, confusing fastd. | |||
2013-08-29 | Replace old task queue | Matthias Schiffer | |
The handshakes are now schedules in a doubly-linked list that is maintained as a part of the peer structure. | |||
2013-08-29 | Simplify keepalive sending | Matthias Schiffer | |
By using a global keepalive timer, the O(n) keepalive queue purge operation on every send operation is avoided. | |||
2013-08-28 | ec25519: ensure old sessions are invalidated quickly after a new one has ↵ | Matthias Schiffer | |
been established | |||
2013-08-28 | Remote unused fastd_task_replace_peer() | Matthias Schiffer | |
2013-08-28 | ec25519: ensure that there is always a handshake enqueued after sending a ↵ | Matthias Schiffer | |
handshake finish This ensures that the handshake is repeated in case the finish packet is lost. | |||
2013-08-28 | ec25519: reset peers as soon as their current session times out | Matthias Schiffer | |
2013-08-28 | Cancel the session establishment earlier when the address can't be claimed ↵ | Matthias Schiffer | |
by the peer There is no reason to run through all the session establishment just to cancel it a moment later. | |||
2013-08-28 | Introduce constants for tristate values | Matthias Schiffer | |
2013-08-27 | Introduce new log level debug2 for potentially very frequent messages | Matthias Schiffer | |
2013-08-26 | options: change `config error' to `command line error' messages | Matthias Schiffer | |
2013-08-25 | ec25519-fhmqvc: use different handshake keys as initiator and responder | Matthias Schiffer | |
This ensures that even in the unlikely case of a crossed handshake fastd will never establish two sessions with the same encryption key | |||
2013-08-25 | ec25519-fhmqvc: put public and secret keys together in a keypair structure | Matthias Schiffer | |
2013-08-20 | OpenBSD doesn't support IPv4 on IPv6 sockets | Matthias Schiffer | |
2013-08-20 | Use v4-mapped addresses for IPv4 peers on IPv6 sockets | Matthias Schiffer | |
This is needed at least on FreeBSD | |||
2013-08-20 | Prevent zero-before-free operations from being optimized out | Matthias Schiffer | |
2013-08-20 | Fix lots of -Wextra warnings | Matthias Schiffer | |
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field. | |||
2013-08-19 | ec25519: add alignment attributes to all keys used as hash inputs | Matthias Schiffer | |
2013-08-19 | ec25519: reorder some code to fix a false-positive "may be used ↵ | Matthias Schiffer | |
uninitialized" warning | |||
2013-08-18 | ec25519: minor code simplifications in handshake handling | Matthias Schiffer | |
2013-08-17 | Cache values calculated in the handshake reponse to reuse them in the finish ↵ | Matthias Schiffer | |
handling | |||
2013-08-17 | Make handshake records const uint8_t* instead of void* | Matthias Schiffer | |
This enforces explicit casting and thus avoids alignment problems. | |||
2013-08-17 | Slightly improve the SHA256 API | Matthias Schiffer | |
2013-08-17 | Check closedir return value | Matthias Schiffer | |
Just for the sake of completeness. | |||
2013-08-17 | Use readdir instead of readdir_r | Matthias Schiffer | |
readdir_r can be unsafe for very long filenames. |