Bruno Clermont [Wed, 8 Feb 2017 10:52:55 +0000 (18:52 +0800)]
Refactor server
- server can be used as a Go library
- unexposed type and values that aren't consumed outside package
- golint fixes
- switch logging to logrus
- add more logging messages
- improve usage as a library: no more `panic` or `os.Exit`, return `error` instead
- evalute/raise nearly all possible `error` values
- use interface to allow library consumer to use custom peer configuration backend
Sergey Matveev [Sat, 25 Feb 2017 09:20:44 +0000 (12:20 +0300)]
Revert lenData=len(data) assignment
lenData := -- creates new variable each time, that is slow. Slices and
arrays already contain their length. len() function call creates pretty
optimal by performance code.
Bruno Clermont [Wed, 8 Feb 2017 10:41:10 +0000 (18:41 +0800)]
Refactor govpn common package
- unexposed type and values that aren't consumed outside package
- golint fixes
- switch logging to logrus
- add more logging messages
- improve usage as a library: no more `panic` or `os.Exit`, return `error` instead
- evalute/raise nearly all possible `error` values
Bruno Clermont [Wed, 8 Feb 2017 10:39:19 +0000 (18:39 +0800)]
Upgrade Client
- wrap errors
- switch to logrus
- add Android support: allow connection with file descriptor
- move `govpn/client.Protocol` to `govpn.Protocol`
- improve usage as a library: switch from Up/Down as executed script to Go function
- add `PreUp` step
- allow metrics to be consumed by library user
- use a generic channel to stop client
- log failure to close resources
- close TAP when not used anymore
Sergey Matveev [Thu, 8 Dec 2016 20:34:46 +0000 (23:34 +0300)]
No need to explicitly print the fact that we have exited
Zero return code from the program tells that everything is ok. There is
"[finish ...]" message (also in syslog if it is enabled) telling that
program (and a tunnel) was going to shutdown.
Sergey Matveev [Thu, 8 Dec 2016 20:33:12 +0000 (23:33 +0300)]
No need of notice that noise-mode is enabled when encryptionless is on
Encryptionless mode always noises the packets (by "definition").
No need to force user setting up -noise option to skip the notice that
encryptionless mode includes noise. Those, who turns this option on --
already should know what they are doing.
Sergey Matveev [Thu, 8 Dec 2016 19:58:10 +0000 (22:58 +0300)]
We must fail if invalid transport configuration is set
We must not do anything unexpected by user. It he specified UDP mode and
HTTP proxy -- it is his fault, but that does not mean that we could
assume switching to TCP mode instead. No unexpectedly generated traffic
must come out.
Bruno Clermont [Thu, 8 Dec 2016 10:21:42 +0000 (18:21 +0800)]
Refactor govpn-client.
- move out of main client logic, allowing it to be imported from other Go code.
- evaluate all errors values
- client package only return `error`, it don't `os.Exit` anymore
- add a new `Protocol` type
* We should use Argon2i, instead of Argon2d. Current implementation was
Argon2i and did not support d-one.
* Other Argon2i implementations on Go exists, but they implements not
the latest Argon2 1.3 version.
* Argon2 is not so trivial to rewrite from scratch.
* Used argon2 library contained testing-library import, that added -test
related flags to the command line.
* Argon2i has some cryptoanalysis, showing it is not so perfect as
expected.
So all the issues above are mitigated by replacing this hashing function
with much more simpler Balloon hashing written from scratch. Simplicity
wins.