Commit Graph

40 Commits

Author SHA1 Message Date
Frank Denis 6f62a82496 Update deps 2019-12-21 21:28:07 +01:00
Frank Denis 44735cb97e agl/ed25519 is not required any more 2019-12-18 12:40:52 +01:00
Frank Denis ed5431d7b9 Update deps 2019-12-16 20:04:38 +01:00
Frank Denis 76de8a955a Update deps 2019-12-11 14:10:16 +01:00
Frank Denis 51a842b838 Reapply miekg/dns updates to the vendor dir 2019-12-09 12:03:03 +01:00
Frank Denis 3d11d1d4e0 Revert "Update deps"
This reverts commit 915c90ae37.

The x/sys update breaks compilation on arm
2019-12-09 12:02:42 +01:00
Frank Denis 915c90ae37 Update deps 2019-12-09 10:09:37 +01:00
Frank Denis 722089e561 Bump deps 2019-12-03 12:02:08 +01:00
Frank Denis b4356b9fc8 Update deps 2019-11-29 00:06:14 +01:00
Frank Denis 578f359f23 Update kardianos/service 2019-11-17 22:54:56 +01:00
Frank Denis 071dceef31 Update deps 2019-11-17 19:50:40 +01:00
Frank Denis 568376ea13 Update deps 2019-11-14 22:34:38 -05:00
William Elwood 4324a09fc9 Fix failing tests on Windows
To simulate failures opening a cache file, fixtures are written without the read permission bits.
Since Unix permission bits have no meaning on Windows, a slightly more complicated solution is required to achieve the same permissions.
Thankfully, there's a library to abstract that already.
2019-11-08 10:17:12 +01:00
William Elwood af0629856c Add unit tests for sources.go
Tests cover most of the cache and download related code paths and specify the expected result of various starting states and external failure modes.
Where the current code's behaviour doesn't match a test's expectations, the test is disabled and annotated with a TODO until it can be fixed.
Added dependency on `github.com/powerman/check` and ran `go mod vendor`.
2019-11-08 10:17:12 +01:00
William Elwood 503bfb877b go mod tidy
```console
$ go mod tidy -v
(snip)
unused github.com/agl/ed25519
```
Also add base .gitattributes file to normalize line endings in the repository across differing developer environments.
2019-11-08 10:17:12 +01:00
Frank Denis e6a4a4ffda Update deps 2019-11-05 01:32:38 +01:00
Frank Denis c5bda9e2ae Update deps 2019-10-31 18:00:44 +01:00
Frank Denis d17b572b75 Update deps 2019-10-26 16:51:14 +02:00
Frank Denis e6b9f3c2c0 Update go-dnsstamps 2019-10-14 10:50:09 +02:00
Frank Denis 67f46b3c3e Update go-dnsstamps 2019-10-14 02:24:04 +02:00
Frank Denis d2db6b55a8 Update deps 2019-10-12 21:22:15 +02:00
Frank Denis 8c147c7efd Manually pin dependency revisions 2019-09-09 18:45:42 +02:00
Frank Denis e49823d328 More deps update 2019-09-09 18:08:44 +02:00
Frank Denis 1a06806477 Revert "Use CIRCL for X25519. That makes ephemeral key computation faster."
This reverts commit 5d130cdf0b.

Revert "Kill nacl/box"

This reverts commit dd9cf5cc9a.
2019-09-09 17:43:30 +02:00
Frank Denis 5c9c20c974 swizzle 2019-09-07 16:26:31 +02:00
Frank Denis cef00d5d0b Update deps 2019-09-07 11:04:40 +02:00
Frank Denis 9b33aba757 Update deps 2019-07-06 18:03:41 +02:00
Frank Denis dd9cf5cc9a Kill nacl/box 2019-06-24 19:13:34 +02:00
Frank Denis d80e72365f Update deps 2019-06-24 14:55:34 +02:00
Frank Denis 5d130cdf0b Use CIRCL for X25519. That makes ephemeral key computation faster. 2019-06-24 14:17:00 +02:00
Frank Denis 14d6345d6b Deps update 2019-06-04 09:51:48 +02:00
Frank Denis 11311d663d Update deps 2019-06-02 13:25:06 +02:00
Frank Denis f8415c4a4b Update deps 2019-05-31 22:49:25 +02:00
Frank Denis 71858bfc98 Update deps 2019-04-28 23:19:52 +02:00
Frank Denis 25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
This reverts commit 2d1dd7eaab.
2019-04-02 01:57:48 +02:00
Frank Denis 2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
2019-04-01 09:36:56 +02:00
Frank Denis 674bd30d45 Update dependencies 2019-04-01 08:21:17 +02:00
Frank Denis c16016b112 Update deps 2019-03-14 02:17:58 +01:00
Frank Denis b624f8ef58 Accept sdns: scheme without a namespace 2019-03-03 18:20:39 +01:00
Frank Denis c3e29c2a60 Switch to Go modules 2019-03-01 18:44:37 +01:00