sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
18,026 Commits 101 Branches 327 Tags
Commit Graph

18026 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Steffen
0fb3953733 Version bump to 6.0dr8 6.0dr8 2021-07-06 15:13:33 +02:00
Andreas Steffen
c9610b2cf8 vici: Increase maximum proposal length 2021-07-06 15:13:33 +02:00
Andreas Steffen
62e38c0447 proposals: Change MODP_NONE to KE_NONE 2021-07-06 15:13:33 +02:00
Andreas Steffen
6e4cb0f4cb Version bump to 6.0d7 2021-07-06 14:54:40 +02:00
Andreas Steffen
6a36473409 oqs: Updated Falcon sig tests to liboqs-0.5.0 2021-07-06 14:54:40 +02:00
Andreas Steffen
fd91014606 oqs: Upgraded Dilithium to NIST Round 3.1 2021-07-06 14:54:40 +02:00
Andreas Steffen
b126598f7f Version bump to 6.0dr5 2021-07-06 14:54:39 +02:00
Andreas Steffen
aa4de948f1 test-vectors: No changes for Saber KE NIST Round 3 tests 2021-07-06 14:45:43 +02:00
Andreas Steffen
1476e0f406 oqs: Support for HQC key exchange algorithm 2021-07-06 14:45:43 +02:00
Andreas Steffen
a328adf739 test-vectors: Upgraded Kyber KE tests to NIST Round 3 2021-07-06 14:45:43 +02:00
Andreas Steffen
a44b8210ef test-vectors: Upgraded NTRU KE tests to NIST Round 3 2021-07-06 14:45:43 +02:00
Andreas Steffen
b3007d34b2 scripts: Fixed NIST KAT scripts 2021-07-06 14:45:43 +02:00
Andreas Steffen
55fc18da81 oqs: Support of Falcon signature algorithms 2021-07-06 14:45:43 +02:00
Andreas Steffen
8f2994aa4d oqs: Complete post-quantum signature support 2021-07-06 14:45:43 +02:00
Andreas Steffen
30890b1265 ntru: Removed legacy NTRU key exchange method 2021-07-06 14:45:43 +02:00
Andreas Steffen
67133477c0 newhope: Removed legacy Newhope key exchange method 2021-07-06 14:45:43 +02:00
Andreas Steffen
dafc651b73 bliss: Removed legacy BLISS signatures 2021-07-06 14:45:43 +02:00
Andreas Steffen
391d1259a9 oqs: Added signature tests 2021-07-06 14:45:43 +02:00
Andreas Steffen
38995cf8d9 scripts: Added nist_sig_kat script 2021-07-06 14:45:43 +02:00
Andreas Steffen
f00be54ee2 oqs: Postponed freeing of kem object 2021-07-06 14:45:43 +02:00
Andreas Steffen
7f9705c2c6 oqs: Support of Dilithium signature algorithms 2021-07-06 14:45:43 +02:00
Andreas Steffen
82679ea0c4 oqs: Update to NIST round 3 KEM candidates 2021-07-06 14:45:43 +02:00
Andreas Steffen
6f00f7346b oqs: Removed BIKE round 1 version including test vectors 2021-07-06 14:45:43 +02:00
Andreas Steffen
74a5f87e49 testing: Added ikev2/rw-cert-qske scenario 2021-07-06 14:45:43 +02:00
Andreas Steffen
2d96e2048c wip: ikev2: Change multi-KE codepoints for testing 2021-07-06 14:45:43 +02:00
Andreas Steffen
77862a72aa vici: List additional key exchanges 
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
 2021-07-06 14:45:43 +02:00
Andreas Steffen
c4f6301f1e frodo: FrodoKEM KE method 2021-07-06 14:45:43 +02:00
Andreas Steffen
51b186a2f5 oqs: Added post-quantum KEM methods based on liboqs 2021-07-06 14:45:43 +02:00
Andreas Steffen
4042a92f18 nist_kem_kat: Added script formating NIST KEM KAT records into ke_test vectors 2021-07-06 14:45:43 +02:00
Andreas Steffen
2a0e7a8b91 test-vectors: Added NIST KEM test vectors 2021-07-06 14:45:43 +02:00
Andreas Steffen
ecec17c3d6 key-exchange: Joint ke_test_vector format for DH and KEM 
Both Diffie-Hellman (DH) and Key Encapsulation Mechanism (KEM) based
key exchange methods use a common ke_test_vector format. The
set_seed() function is used to provide deterministic private key
material for the crypto tests.
 2021-07-06 14:45:42 +02:00
Andreas Steffen
8250867ec5 key-exchange: Added NIST round 2 submission KEM candidates 2021-07-06 14:45:42 +02:00
Tobias Brunner
dcdaae737e wip: ike-init: Indicate support for IKE_INTERMEDIATE 
wip: Not strictly necessary. I guess we should also add some checks if
the notify was not received.
 2021-07-06 14:45:42 +02:00
Tobias Brunner
5d40fef5c9 proposal: Add helper to check if additional key exchanges are contained 2021-07-06 14:45:42 +02:00
Tobias Brunner
f8b967b85a proposal: Accept NONE for additional key exchanges also for IKE proposals 2021-07-06 14:45:42 +02:00
Tobias Brunner
3ba705bc82 unit-tests: Add tests for CHILD_SA rekeying with multiple key exchanges 2021-07-06 14:45:42 +02:00
Tobias Brunner
740691caec unit-tests: Add tests for CHILD_SA creation with multiple key exchanges 2021-07-06 14:45:42 +02:00
Tobias Brunner
aee41ac825 unit-tests: Tests for additional key exchanges 2021-07-06 14:45:42 +02:00
Tobias Brunner
f05a74e55b unit-tests: Support multiple proposals in exchange tests 2021-07-06 14:45:42 +02:00
Tobias Brunner
9c67e4c3c1 unit-tests: Hand out an actual shared secret in mock KE implementation 
Makes key derivation a bit more realistic.
 2021-07-06 14:45:42 +02:00
Tobias Brunner
92940acc4c proposal: Add prefix for additional key exchanges when logging proposals 2021-07-06 14:45:42 +02:00
Tobias Brunner
7f2a4805ef key-exchange: Add dynamic parser for additional key exchange methods 2021-07-06 14:45:42 +02:00
Tobias Brunner
bd1f8d0e1c child-rekey: Support CHILD_SA rekeying with multiple key exchanges 2021-07-06 14:45:42 +02:00
Tobias Brunner
772fd05e9d child-sa: Cache and forward actual initiator flag for outbound SA 
Kernel interfaces (e.g. TKM) might rely on this flag to be correct.
 2021-07-06 14:45:42 +02:00
Tobias Brunner
d8c7d2ce70 unit-tests: Fix CHILD_SA rekey tests after INVALID_KE_PAYLOAD handling changes 
The responder doesn't create a CHILD_SA and allocate an SPI anymore
when responding with an INVALID_KE_PAYLOAD notify.
 2021-07-06 14:45:42 +02:00
Tobias Brunner
dbf3ba314b child-create: Add support for multiple key exchanges 2021-07-06 14:45:42 +02:00
Tobias Brunner
6c3e576a70 ike-rekey: Support IKE_SA rekeying with multiple key exchanges 2021-07-06 14:45:42 +02:00
Tobias Brunner
fe3e057c09 ikev2: Send deletes also for rekeyed SAs 
This way we can use the IKE_REKEYED state for both redundant and old SAs
to suppress ike_updown().

In the ike-delete task we don't suppress events in state IKE_REKEYING as
that's the case when we delete an SA the peer is currently rekeying with
multiple key exchanges.
 2021-07-06 14:45:42 +02:00
Tobias Brunner
b60a104559 ikev2: Let ike/child-rekey tasks indicate if the passive task was adopted 
This gives us more flexibility with tasks that return NEED_MORE (currently
none of the colliding tasks do, but that will change with multi-KE
rekeyings).  The active task has to check itself if the passive task is
done and should be removed from the task manager.
 2021-07-06 14:45:42 +02:00
Tobias Brunner
21772fe3fc ike-rekey: Remove collision task type checks 
Since f67199378df9 ("ike-rekey: Handle undetected collisions also if
delete is delayed") we only ever track tasks of type TASK_IKE_REKEY, so
there is no need to check the type or use the generic task_t interface.

Also changed some of the comments to clarify collision handling.
 2021-07-06 14:45:42 +02:00