Commit Graph

140 Commits

Author SHA1 Message Date
Frank Denis e49823d328 More deps update 2019-09-09 18:08:44 +02:00
Frank Denis 1a06806477 Revert "Use CIRCL for X25519. That makes ephemeral key computation faster."
This reverts commit 5d130cdf0b.

Revert "Kill nacl/box"

This reverts commit dd9cf5cc9a.
2019-09-09 17:43:30 +02:00
Frank Denis 5c9c20c974 swizzle 2019-09-07 16:26:31 +02:00
Frank Denis cef00d5d0b Update deps 2019-09-07 11:04:40 +02:00
Frank Denis 9b33aba757 Update deps 2019-07-06 18:03:41 +02:00
Frank Denis dd9cf5cc9a Kill nacl/box 2019-06-24 19:13:34 +02:00
Frank Denis d80e72365f Update deps 2019-06-24 14:55:34 +02:00
Frank Denis 5d130cdf0b Use CIRCL for X25519. That makes ephemeral key computation faster. 2019-06-24 14:17:00 +02:00
Frank Denis 14d6345d6b Deps update 2019-06-04 09:51:48 +02:00
Frank Denis 11311d663d Update deps 2019-06-02 13:25:06 +02:00
Frank Denis f8415c4a4b Update deps 2019-05-31 22:49:25 +02:00
Frank Denis 71858bfc98 Update deps 2019-04-28 23:19:52 +02:00
Frank Denis 25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
This reverts commit 2d1dd7eaab.
2019-04-02 01:57:48 +02:00
Frank Denis 2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
2019-04-01 09:36:56 +02:00
Frank Denis 674bd30d45 Update dependencies 2019-04-01 08:21:17 +02:00
Frank Denis c16016b112 Update deps 2019-03-14 02:17:58 +01:00
Frank Denis b624f8ef58 Accept sdns: scheme without a namespace 2019-03-03 18:20:39 +01:00
Frank Denis c3e29c2a60 Switch to Go modules 2019-03-01 18:44:37 +01:00
Frank Denis d0ca608cb7 Update deps 2019-02-23 13:44:05 +01:00
Frank Denis 31d6b0b879 Update deps 2018-11-22 17:26:43 +01:00
Frank Denis 9c17f476f3 Update deps 2018-11-15 13:38:08 +01:00
Frank Denis 8be1fef464 Update deps for BSD 2018-10-03 18:36:19 +02:00
Frank Denis 76fdb51c38 Update deps for Go 1.11 2018-10-02 18:06:43 +02:00
Frank Denis 40f2dc6a7d Apply kardianos/service PR #144 2018-08-23 00:25:56 +02:00
Frank Denis e3d5f3e6e5 Update deps 2018-08-23 00:23:59 +02:00
Frank Denis 7740e9d3bc Update dep and deps 2018-08-10 01:39:33 +02:00
Frank Denis 35e4d36f67 Add sys/unix for pledge 2018-07-07 20:39:04 +02:00
Frank Denis 648c0df016 Update deps 2018-07-07 20:35:02 +02:00
Frank Denis 4a3be6086e Update deps 2018-07-05 15:44:04 +02:00
Frank Denis 02888adff3 Deps update 2018-06-26 15:40:08 +02:00
Frank Denis 7f8b8d043e Remove old daemonization code
We will be able do it using fork+exec
2018-06-13 17:31:47 +02:00
Frank Denis 8d99e95288 Update deps 2018-06-13 16:52:04 +02:00
Frank Denis 5b1fc8da2a Update deps 2018-06-06 16:10:10 +02:00
Frank Denis cdfe7ba673 Deps update 2018-05-31 19:08:31 +02:00
Frank Denis b9764f8248 Add minisign/.travis 2018-05-19 10:44:10 +02:00
Frank Denis eff3272b9f Update deps 2018-05-19 01:50:26 +02:00
Frank Denis f44d9f658b Revert "Update deps"
This reverts commit 49e5c87f8d.
2018-05-16 11:53:20 +02:00
Frank Denis 49e5c87f8d Update deps 2018-05-16 11:39:59 +02:00
Frank Denis 113a952b94 Add missing travis file 2018-05-10 12:03:26 +02:00
Frank Denis 2b070c6e93 Deps update 2018-05-10 12:03:06 +02:00
Frank Denis 4f4daf41b7 Massive dependencies update 2018-05-10 09:56:25 +02:00
Frank Denis e6ccf7f3c0 No cookie for @aead :) 2018-05-04 00:36:20 +02:00
Frank Denis 8d20cd7550 Update deps 2018-05-03 23:36:57 +02:00
Frank Denis 3104dcbd70 Go 1.10.2 2018-05-02 13:25:59 +02:00
Frank Denis 084bfe67fd Hopefully remove the remaining %ecx clobbering cases in chacha_386 2018-05-01 11:50:01 +02:00
Frank Denis 17dc8f2dca Update deps 2018-04-27 01:10:35 +02:00
Frank Denis 031c9c45d5 Update aead/chacha20 again 2018-04-26 23:51:36 +02:00
Frank Denis a3f51cfea9 Update aead/chacha20 2018-04-26 20:41:35 +02:00
Frank Denis e8b183e576 Deps update 2018-04-25 20:23:31 +02:00
Frank Denis f20da6b611 Remove support for legacy CSV files 2018-04-18 19:06:50 +02:00
Frank Denis 3d67c81697 Deps update 2018-04-18 18:58:39 +02:00
Frank Denis 7685c12c0f Update aead/poly1305 2018-04-16 02:19:29 +02:00
Frank Denis 1a4d34dc55 Add golang.org/x/net/http2 to the dependencies 2018-04-09 11:56:49 +02:00
Frank Denis a4366b0593 Update deps 2018-04-07 17:14:53 +02:00
Frank Denis b71e04c64e Update miekg/dns to v1.0.5 2018-04-02 00:10:55 +02:00
Frank Denis 3e4b7671d1 Patch service_upstart 2018-03-26 20:46:51 +02:00
Frank Denis 10f0503d50 Update deps; especially for chacha20 2018-03-26 20:46:25 +02:00
Frank Denis ebc3ddda38 Deps update 2018-03-18 09:09:29 -07:00
Frank Denis 3d50549cae bring back exec and strings 2018-03-07 20:21:58 +01:00
Frank Denis a6ae97ecb1 Lower default granularity 2018-03-07 19:00:09 +01:00
Frank Denis ff81344aa8 Update clocksmith 2018-03-07 18:51:55 +01:00
Frank Denis 817f2ff560 Don't pause the cert refresh timers if the host goes to hibernation 2018-03-07 18:29:58 +01:00
Frank Denis d8f502f130 Update deps 2018-03-07 18:29:26 +01:00
Frank Denis b643a816cc Add automatic log files rotation
Fixes #172
2018-03-02 10:34:00 +01:00
Frank Denis 4e7631bfcd Remove init check for busybox-based systems 2018-03-02 09:29:46 +01:00
Frank Denis 85a64e3327 Add -pidfile
Fixes #200
2018-02-28 18:11:48 +01:00
Frank Denis 66d93da954 Update deps; this fixes something related to Windows registry 2018-02-27 09:51:05 +01:00
Frank Denis 44a5448b68 Update deps, not changes besides comments 2018-02-19 18:51:31 +01:00
Frank Denis d85214252a Update deps 2018-02-14 14:39:43 +01:00
Frank Denis 6863ab66d5 Update dlog 2018-02-06 16:07:54 +01:00
Frank Denis 6b49470b95 Update deps, include cachecontrol 2018-02-04 13:48:40 +01:00
Frank Denis cb911e6ed0 Add missing golang-lru files 2018-02-02 18:18:38 +01:00
Frank Denis a7ecb1a4a3 Update golang-lru 2018-02-02 17:46:45 +01:00
Frank Denis 1bbc7e9540 Update dlog to master which just calls time.Local()
maybe
fixes #57
2018-01-31 10:14:06 +01:00
Frank Denis 367f7fd675 iradix update 2018-01-30 11:20:41 +01:00
Frank Denis eca7a078dd Do not blindly execute /sbin/init to detect upstart 2018-01-26 22:19:58 +01:00
Frank Denis ff5bba1ba4 up 2018-01-25 15:55:27 +01:00
Frank Denis 81715555be Update deps 2018-01-24 20:08:48 +01:00
Frank Denis 1bcb791270 up 2018-01-24 14:13:29 +01:00
Frank Denis a64f90e1ba Update dlog 2018-01-19 20:54:32 +01:00
Frank Denis fd9291b240 Update dlog 2018-01-19 20:27:48 +01:00
Frank Denis ed33eb4890 up 2018-01-19 19:48:01 +01:00
Frank Denis b02a4e6c73 Update dlog; now with support for the Windows Event Log
(completely untested)
2018-01-19 19:33:25 +01:00
Frank Denis 0fcbbfda1f Add systemd readiness notification 2018-01-18 15:31:08 +01:00
Frank Denis ed352cc28c Reduce verbosity 2018-01-18 14:46:19 +01:00
Frank Denis 0a63975d48 Logs can now be sent to files or syslog in addition to stderr 2018-01-18 14:25:45 +01:00
Frank Denis 3fffbaa2a2 Support installation as a service 2018-01-17 11:28:43 +01:00
Frank Denis 170e2e816e Implement blocking, fully compatible with rules from version 1 2018-01-17 02:40:47 +01:00
Frank Denis a361aa52f3 Preliminary support for remote sources 2018-01-13 23:52:44 +01:00
Ryan Boehning f44e11fa65 Switch from glide to dep. Check in vendor/ 2018-01-11 13:39:18 -08:00