Rooba
/
boringtun
mirror of https://github.com/cloudflare/boringtun.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
167 Commits 10 Branches 8 Tags 3.1 MiB
Commit Graph

167 Commits

Author SHA1 Message Date
Hrushikesh Deshpande 64a2fc7c63
chore: create semgrep.yml (#415) 
Creating Semgrep.yml file - Semgrep is a tool that will be used to scan Cloudflare's public repos for Supply chain, code and secrets. This work is part of Application & Product Security team's initiative to onboard Semgrep onto all of Cloudflare's public repos.

In case of any questions, please reach out to "Hrushikesh Deshpande" on cf internal chat.
 2024-10-14 15:25:15 -05:00
Luís Cruz f672bb6c1e
build: add apple tvOS support (#365) 2023-10-24 20:53:26 +00:00
Thomas Eizinger 62c88737db
noise: make functions infallible where possible (#366) 2023-10-23 17:39:35 +00:00
dependabot[bot] 4de6415aaa
build(deps): bump thiserror from 1.0.31 to 1.0.50 (#375) 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.31 to 1.0.50.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/1.0.31...1.0.50)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 17:04:49 +00:00
dependabot[bot] 3a8d17f37b
build(deps): bump rand_core from 0.6.3 to 0.6.4 (#378) 
Bumps [rand_core](https://github.com/rust-random/rand) from 0.6.3 to 0.6.4.
- [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-random/rand/compare/rand_core-0.6.3...0.6.4)

---
updated-dependencies:
- dependency-name: rand_core
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 11:53:29 -05:00
dependabot[bot] 1db5108387
build(deps): bump mock_instant from 0.2.1 to 0.3.1 (#373) 
Bumps [mock_instant](https://github.com/museun/mock_instant) from 0.2.1 to 0.3.1.
- [Commits](https://github.com/museun/mock_instant/commits)

---
updated-dependencies:
- dependency-name: mock_instant
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-20 16:35:22 +00:00
dependabot[bot] 5ade9ce313
build(deps): bump ring from 0.17.4 to 0.17.5 (#374) 
Bumps [ring](https://github.com/briansmith/ring) from 0.17.4 to 0.17.5.
- [Commits](https://github.com/briansmith/ring/commits)

---
updated-dependencies:
- dependency-name: ring
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-20 16:29:02 +00:00
dependabot[bot] af48325426
build(deps): bump tracing from 0.1.35 to 0.1.40 (#371) 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.35 to 0.1.40.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.35...tracing-0.1.40)

---
updated-dependencies:
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Noah Kennedy <nkennedy@cloudflare.com>
 2023-10-20 16:21:28 +00:00
dependabot[bot] d4ef2fa1e0
build(deps): bump etherparse from 0.12.0 to 0.13.0 (#369) 
Bumps [etherparse](https://github.com/JulianSchmid/etherparse) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/JulianSchmid/etherparse/releases)
- [Changelog](https://github.com/JulianSchmid/etherparse/blob/master/changelog.md)
- [Commits](https://github.com/JulianSchmid/etherparse/compare/0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: etherparse
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-20 11:11:51 -05:00
Thomas Eizinger 9720735c9e
ci: add dependabot (#368) 
Proactively bumping dependencies keeps the ecosystem in sync. See #367.
 2023-10-20 11:03:55 -05:00
Thomas Eizinger e3252d9c4f
Bump to ring `0.17` (#367) 2023-10-20 10:53:55 -05:00
Yuanhai He e1d6360d6a
chore: bump x25519-dalek version to 2.0.0 (#359) 
Signed-off-by: bestmike007 <i@bestmike007.com>
 2023-08-18 11:02:57 -05:00
Noah Kennedy 18eaf59c9c
chore: prepare 0.6.0 and bump dalek (#351) 
Bump dalek to a non-yanked version and prepare a new release.

Due to other changes, this will be a new breaking version.

Closes #340.
 2023-07-07 15:11:32 -06:00
Jeff Hiner 878385f171
Update x25519_dalek to 2.0.0-rc.2 (#341) 2023-04-03 11:34:15 -06:00
Zach Walton be08af94a7
Clarify that CAP_NET_ADMIN is required (#328) 2023-02-18 01:53:28 +00:00
Jeff Hiner 5a49e83556
Remove bespoke socket implementation (#336) 2023-02-17 16:36:41 -07:00
Jeff Hiner a205cfed25
Fix clippy lints (#335) 2023-02-17 15:27:51 -06:00
dependabot[bot] b3c4a1b49b
build(deps): bump bumpalo from 3.10.0 to 3.12.0 (#334) 
Bumps [bumpalo](https://github.com/fitzgen/bumpalo) from 3.10.0 to 3.12.0.
- [Release notes](https://github.com/fitzgen/bumpalo/releases)
- [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fitzgen/bumpalo/compare/3.10.0...3.12.0)
 2023-01-26 15:53:37 -07:00
Luca Barbato 5d4dac2e39
crypto: Re-export x25519_dalek (#312) 
This way downstream crates not have to explicitly import the
x25519_dalek crate and sync it up when needed.
 2022-12-16 00:00:40 -06:00
Matt Schulte 57c69460d0
Add different error type for a duplicate counter (#320) 
This allows those who are debugging to more easily understand if an
error from boringtun is a result of a duplicate packet or an actual
issue with a invalid counter
 2022-10-03 15:24:55 -07:00
Braden Ehrat 897b291d98
Fix warning of unused Box::from_raw() return value. (#319) 2022-09-26 19:10:45 -05:00
Matt Schulte 6d4fb2e942
Be sure to count for system sleep in timers (#317) 
* Be sure to count for system sleep in timers

Currently the timers in boringtun use std::time::Instant. This timer
does not increment while the machine is asleep on macOS and Linux
meaning the device does not know to properly handshake on wake from
sleep.

To solve this we use `CLOCK_BOOTTIME` on Linux/Android and
`CLOCK_MONOTONIC` on macOS/iOS to get the actual duration since the last
handshake.

Fixes #316

* Move sleepyinstant to module instead of crate

* Moved Windows to new files

Stopped using `path`
 2022-09-13 08:58:00 -07:00
Matt Schulte 370a9ed290
Add unit tests to noise (#315) 
* Add unit tests to noise

* Add "mock-instant" feature for tests which need mock
 2022-09-06 15:38:06 -07:00
Chris Branch 5f61297bfb
noise: use non-sequential peer indices (#308) 
Resolves #55 about as much as is possible given the design constraints
of boringtun peer handling.

boringtun is not intended to provide unlinkable sessions, particularly
given that source addresses remain constant across sessions. We can at
least obscure the details of the number of peers registered with
a server.
 2022-08-24 21:02:12 -05:00
csabol 829dae28fd
ffi: add set_logging_function to ffi-bindings (#305) 
Add set_logging_function to ffi-bindings to allow forwarding tracing events to a custom logging function.
 2022-08-16 20:55:33 +00:00
Jeff Hiner 1466836d67
Push locking outside of noise state machine (#304) 2022-08-15 16:02:30 -06:00
csabol 29b99afb5a
Adds [lib] configuration for building libraries for mobile (#303) 2022-08-10 18:49:25 +00:00
Noah Kennedy 309558a3ec
device: derive traits for AllowedIP (#302) 2022-08-08 17:09:34 +00:00
Noah Kennedy ee3051dbbc
timers: don't use epoch time in stat generation (#300) 
This was completely unhelpful and was serving only to make measurements useless.
 2022-07-21 15:04:18 -05:00
Noah Kennedy 08bc5ed19b
chore: fix mistake in #298 (#299) 
I did the release with --allow-dirty and this change, so the release was fine.
 2022-07-20 16:57:43 +00:00
Noah Kennedy 6d3fbbb3cf
chore: prepare v0.5.2 releases for boringtun and boringtun-cli (#298) 
# v0.5.2

### Fixed

- device: use runtime instead of compile-time environment var for macos drop privileges ([#297])

[#297]: https://github.com/cloudflare/boringtun/pull/297
 2022-07-20 16:37:33 +00:00
Noah Kennedy 003ba82767
device: use runtime instead of compile-time environment var for macos drop privileges (#297) 
In #231 we accidentally started using a compile-time environment environment variable instead of a runtime one for dropping privileges on macos. This causes privilege drops to fail when the user who is running the program does not have the same username as the user who compiled the program.

The solution here is to use the runtime variable instead.
 2022-07-19 16:16:29 +00:00
Noah Kennedy aa512bc608
chore: prepare v0.5.1 releases for boringtun and boringtun-cli (#296) 
# v0.5.1

### Fixed

- Fix broken copy_from_slice ([#295])

[#295]: https://github.com/cloudflare/boringtun/issues/295
 2022-07-14 14:07:53 -07:00
Jeff Hiner 2a42e9bab0
Fix broken copy_from_slice (#295) 2022-07-14 20:48:42 +00:00
Noah Kennedy 05ba8df3fb
chore: ensure windows support for noise via ci (#292) 
The device stuff still won't work on windows, but this will at least ensure the windows library compiles.
 2022-07-12 14:15:33 -05:00
Noah Kennedy 1c23fc7b8b
chore: move ci to use an `all-systems-go` job, like tokio does (#291) 
This eases the maintenance burden of adding/removing CI jobs.
 2022-07-12 08:44:33 -07:00
Noah Kennedy b3120750b7
chore: prepare v0.5.0 (#290) 2022-07-11 13:25:21 -07:00
Noah Kennedy 8c3aa6ae27
chore: update actions to newest checkout version (#289) 2022-07-11 12:59:52 -07:00
Noah Kennedy 0085c5df28
chore: split jni and ffi out as separate features (#288) 
We should not be unconditionally building FFI. We also should not be just building JNI on a per-target basis. Both of these should be behind feature flags.

This PR also makes the integration tests ignored, so that they get run in a separate pass and thus don't get invoked repeatedly by `cargo hack`.
 2022-07-11 19:43:26 +00:00
Noah Kennedy 04eb355c79
chore: update dependencies (#287) 
* chore: update deps

* update nix
 2022-07-11 11:33:37 -06:00
Noah Kennedy 2fb9520571
noise: get rid of the intricate locking/atomics (#286) 
The existing scheme does not work, and getting rid of it allows us to put a lock at top-level, eliminating a bunch of races.
 2022-07-07 12:24:06 -05:00
Jeff Hiner 246b8bab12
Fix benches (#285) 2022-07-06 16:01:55 -06:00
Saber Haj Rabiee a97c6f5481
fixing deps inconsistencies and clippy errors (#282) 2022-07-06 10:22:58 -06:00
Jeff Hiner 3bcdca9599
Get rid of make_array (#280) 2022-07-01 15:01:46 -06:00
Jeff Hiner dff941d406
device: fix unsound Arc shenanigans (#281) 2022-06-30 20:52:52 +00:00
Jeff Hiner cfd51acd7f
chore: fix clippy lints from 1.62.0 (#279) 2022-06-30 18:36:52 +00:00
Jeff Hiner f413a3c3f0
chore: cleanup (#278) 
Fix statics that should be const, change some comments into rustdoc, remove an unnecessary repr(C).
 2022-06-30 17:04:15 +00:00
Jeff Hiner 16cb513b12
crypto: replace custom Blake2s with RustCrypto crate implementation (#277) 
* Add benchmarks for blake2 crate

* Replace custom Blake2s with RustCrypto crate implementation
 2022-06-30 09:39:24 -05:00
Jeff Hiner ceb0a05beb
deps: update base deps, bump internal revision (#275) 
Co-authored-by: Noah Kennedy <nkennedy@cloudflare.com>
 2022-06-28 18:36:29 +00:00
Andy Grover b641ee6b51
Do not wrap keys in Arc (#274) 
With new key types, since they implement Copy (PublicKey) or Clone
(StaticSecret) this is not necessary. Copying 32 bytes should be less
overhead than incrementing the Arc.
 2022-06-28 11:23:46 -07:00