Easytier

mirror/Easytier

Fork 0

mirror of https://github.com/EasyTier/EasyTier.git synced 2026-05-06 17:59:11 +00:00

Commit Graph

Author	SHA1	Message	Date
KKRainbow	c4eacf4591	feat(credential): implement credential peer auth and trust propagation (#1968 ) - add credential manager and RPC/CLI for generate/list/revoke - support credential-based Noise authentication and revocation handling - propagate trusted credential metadata through OSPF route sync - classify direct peers by auth level in session maintenance - normalize sender credential flag for legacy non-secure compatibility - add unit/integration tests for credential join, relay and revocation	2026-03-07 22:58:15 +08:00
KKRainbow	59d4475743	feat: relay peer end-to-end encryption via Noise IK handshake (#1960 ) Enable encryption for non-direct nodes requiring relay forwarding. When secure_mode is enabled, peers perform Noise IK handshake to establish an encrypted PeerSession. Relay packets are encrypted at the sender and decrypted at the receiver. Intermediate forwarding nodes cannot read plaintext data. --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: KKRainbow <5665404+KKRainbow@users.noreply.github.com>	2026-03-07 14:47:22 +08:00
KKRainbow	101f416268	Introduce secure mode (part 1) (#1808 ) Use noise protocol on handshake. Check peer's public key if needed. Also support rekey and replay attack prevention. E2EE and temporary password will be implemented based on this.	2026-01-25 20:16:51 +08:00

Author

SHA1

Message

Date

KKRainbow

c4eacf4591

feat(credential): implement credential peer auth and trust propagation (#1968 )

- add credential manager and RPC/CLI for generate/list/revoke
- support credential-based Noise authentication and revocation handling
- propagate trusted credential metadata through OSPF route sync
- classify direct peers by auth level in session maintenance
- normalize sender credential flag for legacy non-secure compatibility
- add unit/integration tests for credential join, relay and revocation

2026-03-07 22:58:15 +08:00

KKRainbow

59d4475743

feat: relay peer end-to-end encryption via Noise IK handshake (#1960 )

Enable encryption for non-direct nodes requiring relay forwarding.
When secure_mode is enabled, peers perform Noise IK handshake to
establish an encrypted PeerSession. Relay packets are encrypted at
the sender and decrypted at the receiver. Intermediate forwarding
nodes cannot read plaintext data.

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: KKRainbow <5665404+KKRainbow@users.noreply.github.com>

2026-03-07 14:47:22 +08:00

KKRainbow

101f416268

Introduce secure mode (part 1) (#1808 )

Use noise protocol on handshake. Check peer's public key if needed. Also support rekey and replay attack prevention.

E2EE and temporary password will be implemented based on this.

2026-01-25 20:16:51 +08:00

3 Commits