summaryrefslogtreecommitdiffhomepage
path: root/talpid-tunnel-config-client
AgeCommit message (Collapse)AuthorFilesLines
2025-10-03Bump windows-sys version to latestDavid Lönnhager1-4/+0
This also refactors and documents some code
2025-09-23Document why `rand` can't be upgraded in `talpid-tunnel-config-client`Markus Pettersson1-0/+1
2025-09-09Replace libc with nix in ttccJoakim Hulthe2-24/+7
2025-07-10Run `cargo fmt`Sebastian Holmin2-4/+4
2025-07-09Put the `tonic::Status` in a Box to make the error type smallerSebastian Holmin1-2/+4
2025-05-14Log how long time it takes to generate quantum-resistant secretsLinus Färnstrand1-1/+6
2025-05-14Hide algorithm name constantLinus Färnstrand3-6/+14
2025-05-14Use HQC-256 instead of Classic McEliece in quantum-resistant handshakeLinus Färnstrand6-165/+114
2025-05-14Update ephemeral peer proto definition to prepare for HQC-256Linus Färnstrand1-3/+4
2025-02-25Add safety comment to talpid_tunnel_config_client::socketJoakim Hulthe1-7/+11
2025-02-03Set correct DAITA platform on WindowsDavid Lönnhager2-2/+2
2025-01-24Change temporary `DaitaPlatform` for windows to `LinuxWgGo`Sebastian Holmin1-1/+1
2025-01-24Log DAITA v2 requestDavid Lönnhager1-4/+8
2025-01-24Enable DAITA v2 for Windows via wireguard-goDavid Lönnhager1-27/+9
2025-01-21Restart mceliece keygen worker if it stopsJoakim Hulthe1-8/+26
2025-01-09Remove unnecessary pubSebastian Holmin1-1/+1
2025-01-09Do not expose the key pair receiver publiclySebastian Holmin1-7/+6
2025-01-09Add panic note to docstringSebastian Holmin1-0/+4
2025-01-09Fix expect messageSebastian Holmin1-1/+1
2025-01-09Fix panic on capacity=1Sebastian Holmin1-14/+24
As `tokio::sync::mpsc` doesn't allow capacity to be zero, we cannot support buffering only one key pair if we generate it before sending. To get around this we use `reserve` to wait for capacity before generating the key.
2025-01-09Make `KEY_PAIR` private and expose it by a fnSebastian Holmin1-3/+11
2025-01-09Spawn key pair worker on launchSebastian Holmin2-4/+4
2025-01-09Update documentationSebastian Holmin1-5/+13
2025-01-09Generate McEliece key pairs in separate threadSebastian Holmin1-5/+27
2024-12-27Use DAITAv2 on iOSEmīls1-9/+9
2024-12-20Fix byte counting in socket snifferSebastian Holmin1-3/+4
2024-12-20Move SocketSniffer to separate moduleSebastian Holmin1-52/+58
2024-12-20Remove unused `futures` depSebastian Holmin1-1/+0
2024-12-20Log data usage for tunnel config clientSebastian Holmin1-5/+73
2024-12-19Use IAN TCP connection for ephemeral peer exchangeEmīls1-3/+3
2024-12-12Use dynamic DAITA machines in wireguard-goDavid Lönnhager1-32/+40
Co-authored-by: Markus Pettersson <markus.pettersson@mullvad.net>
2024-12-12Add support for DAITA v2 to talpid tunnel config clientDavid Lönnhager3-5/+98
Co-authored-by: Markus Pettersson <markus.pettersson@mullvad.net>
2024-10-17Document relationship between ephemeral peer MTU fixesLinus Färnstrand1-0/+5
2024-10-17Clean up relay config client creation codeLinus Färnstrand1-6/+9
2024-10-17Improve documentation on classic mceliece threadingLinus Färnstrand1-3/+5
2024-10-17Move higher level function to above lower level functionLinus Färnstrand1-21/+21
2024-10-17Refactor post_quantum_secrets to not take an enable-boolLinus Färnstrand1-32/+30
2024-10-15Split out Classic McEliece code in tuncfg-server exampleLinus Färnstrand1-7/+16
2024-10-15Replace pqc_kyber with ml-kemLinus Färnstrand6-56/+102
Upgrading one of the key encapsulation mechanism algorithms we use for quantum-resistant tunnels from Kyber (draft) to ML-KEM (standardized FIPS 203)
2024-09-25Upgrade `tonic` to 0.12 and `prost` to 0.13Sebastian Holmin2-0/+5
Upgrading `tonic` is a prerequisite to later on upgrading `hyper` to version 1.0. As of version 1.0, `hyper` no longer uses `tokio`s `AsyncWriter` and `AsyncReader` traits, instead defining its own versions, see <https://github.com/hyperium/hyper/issues/3110>. As tonic `0.12` is updated to use the `hyper 1.0` ecosystem, it changed some of its trait-bounds to the new `hyper` traits. The `hyper-utils` crate provides the wrapper `TokioIo`, which converts between the two. `prost` had to be upgraded as well, for compatibility.
2024-09-24Move ephemeral negotiation to own moduleDavid Lönnhager2-3/+3
2024-09-24Lower MTU during ephemeral peer negotiation on WindowsDavid Lönnhager2-57/+95
2024-09-24Do not set IP_USER_MTU on on tunnel config socketDavid Lönnhager1-46/+7
2024-09-02Fix a lingering panic by using a stricter typeMax Zettlmeißl2-6/+6
The functions `request_ephemeral_peer` and consecutively `new_client` accepted an `IpAddr`, but due to only ever preparing a v4 socket this lead to panic due to an `EAFNOSUPPORT` error if an IPv6 was provided. It would also have made sense to change `new_client` to create either an IPv4 or IPv6 socket depending on the type of the address, but the tuncfg service is currently not accepting IPv6 connections, therefore this was the cleaner change.
2024-07-23Only accept an IPv4 as valid first argumentMax Zettlmeißl1-2/+2
While `request_ephemeral_peer` accepts a generic `IpAddr`, the function `new_client` used within forces an `Ipv4Addr`. In the long run it would be best to change the library to support IPv6 (provided that the tunnel configuration service listens to an IPv6) or to change the signature of `request_ephemeral_peer` to expect an IPv4.
2024-07-23Improve variable names, comments and error messagesMax Zettlmeißl1-10/+16
Briefly explain the usage. Make it clearer that the program does not work with an IPv6. Remove the somewhat confusing usage of `trim`. The IP is not trimmed either and it would only protect from a purposefully wrong argument (With quoted or escaped spaces.) Explain what the boolean parameters stand for. Explain why the PSK has to be printed with `fmt::Debug`.
2024-07-23Output the unwrapped Base64 encoded pre-shared keyMax Zettlmeißl1-1/+1
2024-07-17Add a Rust FFI, Disable sandboxing for scriptsBug Magnet6-567/+0
2024-07-11Document that it is round3 of the Kyber KEM we are usingLinus Färnstrand3-1/+5
2024-06-24Run `cargo +nightly fmt`Sebastian Holmin2-7/+9
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.