Skip to content

Releases: disentangle-network/nebula-pq

Release v1.11.0-pq.4

08 Mar 06:44
@github-actions github-actions
v1.11.0-pq.4
c8bad89
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v1.11.0-pq.4 Latest
Latest 
feat: RS erasure-coded handshake chunking for PQ key exchange (#30)

* feat(header): add HandshakeIXPSK0Chunked subtype and ChunkHeader

Add RS erasure-coded chunk header types for oversized PQ handshakes.
The 8-byte ChunkHeader carries handshake_id, noise message number,
chunk index, total chunks, and data shard count for reconstruction.

* feat: RS erasure-coded chunking in handshake send paths

Add Reed-Solomon encoding for oversized handshake messages (PQ
handshakes ~9KB). Messages exceeding 1200 bytes are automatically
split into k+m chunks where k=ceil(payload/1200) and m=3 parity.
Any k of k+m chunks arriving suffices for reconstruction.

Send paths modified: handleOutbound (initiator), ixHandshakeStage1
(responder direct + relay), and ErrAlreadySeen cached resend.
Non-PQ handshakes below threshold bypass chunking entirely.

* feat: RS reassembly buffer in handshake receive path

Add ReassemblyManager for reconstructing chunked handshake messages.
Chunks are buffered by (handshakeID, noiseMsgNum) key and RS-decoded
when k shards arrive. Buffers are bounded (256 max) and expired
(5s timeout) for DoS mitigation. HandleIncoming dispatches chunked
packets to reassembly and re-injects completed messages.

* feat: add length-prefix framing and fix e2e PQ handshake test

RS encode now prepends a 4-byte big-endian length prefix before
splitting into shards, allowing the decoder to strip RS padding
that was corrupting protobuf unmarshal. Updated all unit tests to
account for the +4 byte prefix in data shard count calculations.
Rewrote TestGoodHandshakePQ to use router-based assertTunnel
approach since chunked handshakes produce multiple UDP packets.

All unit tests, reassembly tests, PQ e2e test, and non-PQ e2e
tests pass -- backward compatibility confirmed.

* fix: resolve testifylint CI failures

Use assert.LessOrEqual instead of assert.True for comparison,
and assert.Empty instead of assert.Len(0) per golangci-lint
testifylint rules.

---------

Co-authored-by: privsim <excaliberswake@pm.me>
Assets 26

Release v1.11.0-pq.3

08 Mar 05:31
@github-actions github-actions
v1.11.0-pq.3
07ff68c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v1.11.0-pq.3 
v1.11.0-pq.3: fsnotify cert watching + Go 1.26.1 security fixes
Loading

Release v1.11.0-pq.2

08 Mar 02:52
@github-actions github-actions
v1.11.0-pq.2
25b0ea3

Choose a tag to compare

View all tags
Release v1.11.0-pq.2 
fix: set executable permissions on binaries in Docker image

COPY without --chmod=755 preserves the source file permissions, which
may not include the execute bit depending on the build environment.
This caused /nebula: permission denied in distroless containers.
Loading

Release v1.11.0-pq.1

20 Feb 23:56
@github-actions github-actions
v1.11.0-pq.1
3938c76
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v1.11.0-pq.1 
v1.11.0-pq.1: Post-quantum Nebula
Loading