Commit Graph

134 Commits

Author SHA1 Message Date
Adam Ierymenko
d496304bbf Put back rest of selftest. 2013-10-21 15:59:22 -04:00
Adam Ierymenko
719dd2870d Self-test for certificate of membership. 2013-10-21 15:47:33 -04:00
Adam Ierymenko
c89cdcc3fd Blech... moving on! 2013-10-20 15:54:32 -04:00
Adam Ierymenko
1ed8a22d19 And then it turns out to be too slow on a slower 32-bit machine... we do want to do tablets eventually. 2013-10-20 15:46:36 -04:00
Adam Ierymenko
bad043729f Yet another revision of this algo... yeesh... and update to supernode IDs. I think I am gonna go with this one. Seems memory-hard enough to me. I am probably procrastinating by obsessing over it. 2013-10-20 15:31:32 -04:00
Adam Ierymenko
8c9b73f67b Make Salsa20 variable-round, allowing for Salsa20/12 to be used for Packet encrypt and decrypt. Profiling analysis found that Salsa20 encrypt was accounting for a nontrivial percentage of CPU time, so it makes sense to cut this load fundamentally. There are no published attacks against Salsa20/12, and DJB believes 20 rounds to be overkill. This should be more than enough for our needs. Obviously incorporating ASM Salsa20 is among the next steps for performance. 2013-10-18 17:39:48 -04:00
Adam Ierymenko
0c8614b9c6 Add a second arg to idtool generate to make generating both secret and public easier, add new supernode identities after generating them, fix known good and bad IDs in selftest. 2013-10-07 09:36:20 -04:00
Adam Ierymenko
bc715fbd51 Make new identity hashcash algo memory hard, and tweak generation time a bit. Current hashcash cost should be overkill for what we need but still tolerable to users. 2013-10-05 14:15:59 -04:00
Adam Ierymenko
0e43e5e8f2 Rest of work on new hashcash based identity scheme. 2013-10-05 07:00:55 -04:00
Adam Ierymenko
b0187f4472 Hashcash-based identity, work in progress... committing to test speed on other boxes. 2013-10-05 06:00:47 -04:00
Adam Ierymenko
141b858737 Self-test fixes for new packet armor/dearmor functions that combine old encrypt and MAC functions. 2013-09-27 16:25:35 -04:00
Adam Ierymenko
903b5b4218 Add validation of known-good identity to selftest to check endian and similar issues across platforms. 2013-09-19 12:57:35 -04:00
Adam Ierymenko
e376c6f6a9 New crypto integrated -- going to be testing new identity address generation algo a bit more before finalizing. 2013-09-16 13:57:57 -04:00
Adam Ierymenko
300d26973a Test vectors for all new crypto. 2013-09-15 10:41:52 -04:00
Adam Ierymenko
660f92b6a7 Add test vectors for ensuring identical C25519 operation across systems. 2013-09-14 13:51:08 -04:00
Adam Ierymenko
09c8b4bbb3 More new crypto: Ed25519 signatures. 2013-09-13 19:18:01 -04:00
Adam Ierymenko
77965af288 Add new crypto: SHA512 and C25519 -- not integrated yet. 2013-09-13 15:47:00 -04:00
Adam Ierymenko
f3ad05347e Improve code security posture by replacing sprintf with a safer function. 2013-08-30 17:05:43 -04:00
Adam Ierymenko
9f16707b0b Cut out tap test code from selftest. 2013-08-25 18:25:22 -04:00
Adam Ierymenko
bbbc032959 Tap works! At least in isolation. Time to create the Windows executable and the Windows service to run it and handle auto-update. 2013-08-25 18:18:02 -04:00
Adam Ierymenko
e2effbd1ce Tap driver basically builds in VS2012... fork of tap-windows from OpenVPN (compatible license). 2013-08-23 17:39:21 -04:00
Adam Ierymenko
f6e7be102a Decided to abandon the winpcap direction for Windows tap... re-evaluating using OpenVPN tap driver in some form for now. 2013-08-23 09:50:51 -04:00
Adam Ierymenko
c8213a3f58 Commit of a draft of the pcap-based strategy for a Windows tap. This may, in the end, not work, since winpcap may not support immediate capture and also because some software flags winpcap as malware. Like I said, trying to do anything interesting with Windows is PAIN. 2013-08-22 22:33:32 -04:00
Adam Ierymenko
ca5334509c Tap now creates Microsoft Loopback Adapter instances and tags them with a special ID... work in progress. 2013-08-22 14:30:55 -04:00
Adam Ierymenko
150a53eb17 Self test almost builds, now need skeleton EthernetTap implementation for Windows. 2013-08-14 11:19:21 -04:00
Adam Ierymenko
fc18334dbb Version 0.4.3 (the real one): fix Gentoo ip config failures and crashes
This version fixes problems with locating the 'ip' command on Gentoo
and possibly other Linux systems, and a problem that could cause a
crash if EthernetTap was unable to locate one of the commands it
invokes to configure IP information on tap devices.

The code also now builds on Windows. It doesn't run yet, but it's a
step. Windows port is in full swing.

Finally, the multicast rate limit defaults were raised a little. More
testing is needed here, and real world measurments.
2013-08-13 15:14:03 -04:00
Adam Ierymenko
f5d77a1bc2 Clean up a bunch of valgrind errors, nix a potentially unsafe op in Buffer assignment operator. 2013-08-12 13:17:03 -04:00
Adam Ierymenko
93a7eef2a5 Replace libcrypto RAND_ with our own to avoid valgrind errors. 2013-08-10 10:27:53 -04:00
Adam Ierymenko
67acba4bc9 Stop using RAND_ in libcrypto for Utils::getSecureRandom() due to annoying valgrind spew from libcrypto use of uninitialized RAM as a random source. Might look into replacing RAND_ in libcrypto with our own simple /dev/urandom / Windows CAPI plugin. 2013-08-10 10:12:16 -04:00
Adam Ierymenko
fb975ead23 Add simple key=value dictionary, sorta like java.util.Properties. 2013-07-27 15:09:51 -04:00
Adam Ierymenko
a816f56426 Dump huffman, doesnt add much and complicates porting to other languages. Also fix compile error in idtool. 2013-07-27 14:01:19 -04:00
Adam Ierymenko
c345c699fd Self test for command bus encode/decode. 2013-07-18 13:27:46 -04:00
Adam Ierymenko
ef3e319c64 Several things:
(1) Probable fix for issue #7 and major cleanup of EthernetTap code with consolidation for all unix-like systems and specialization for different flavors only when needed.

(2) Refactor of Buffer<> to make its members private, and Packet to use Buffer's methods exclusively to access them. This improves clarity and means we're no longer lying about Buffer's role in the code's security posture.

(3) Add -fstack-protect to Makefile to bounds check stack variables.
2013-07-09 14:06:55 -04:00
Adam Ierymenko
150850b800 New git repository for release - version 0.2.0 tagged 2013-07-04 16:56:19 -04:00