sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
15,690 Commits 101 Branches 327 Tags
Commit Graph

15690 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Steffen
91a4a4aa83 testing: Added swanctl/ocsp-disabled scenario 2017-01-02 14:34:39 +01:00
Andreas Steffen
db0953d41f testing: Added swanctl/ocsp-signer-cert scenario 2017-01-02 14:34:18 +01:00
Andreas Steffen
e3f63c6469 revocation: OCSP and/or CRL fetching can be disabled 2016-12-30 18:12:53 +01:00
Andreas Steffen
08253bbba3 testing: Convert swanctl scenarios to curve-25519 2016-12-30 16:22:12 +01:00
Andreas Steffen
65797c9faf Version bump to 5.5.2dr3 and Linux kernel 4.9 5.5.2dr3 2016-12-17 18:10:13 +01:00
Andreas Steffen
470e61ae77 testing: strongTNC does not come with django.db any more 2016-12-17 18:09:20 +01:00
Andreas Steffen
3c1e5ad6ce testing: Added ikev2/net2net-ed25519 scenario 2016-12-17 18:07:29 +01:00
Andreas Steffen
bd2f2b11fc stroke: Load general PKCS#8 private keys 2016-12-17 18:06:11 +01:00
Andreas Steffen
9da89eeb4f Merge branch 'Ed25519' 2016-12-16 12:24:54 +01:00
Andreas Steffen
4f19112b1f Moved Ed25519 tests to libstrongswan 2016-12-14 11:57:36 +01:00
Weilu Jia
351179d4dc vici: Check for closed connection in Python bindings 
The Python VICI library does not check if the socket is closed.
If the daemon closes the connection, _recvall() spins forever.

Closes strongswan/strongswan#56.
 2016-12-14 11:35:31 +01:00
Andreas Steffen
e9c2b6658b unit-tests: Completed coverage of hasher, crypter and libnttfft 2016-12-14 11:15:48 +01:00
Andreas Steffen
94ae1ac18e Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates 2016-12-14 11:15:48 +01:00
Andreas Steffen
f2eb367adc Implemented EdDSA for IKEv2 using a pro forma Identity hash function 2016-12-14 11:15:48 +01:00
Andreas Steffen
d47ad3d67e Added Ed25519 ref10 implementation from libsodium 2016-12-14 11:15:47 +01:00
Andreas Steffen
35bc60cc68 Added support of EdDSA signatures 2016-12-14 11:15:47 +01:00
Tobias Brunner
564a199674 kernel-netlink: Add support for AES-CMAC-96 (RFC 4494) 
The kernel apparently supports this since 3.10.
 2016-12-12 11:43:06 +01:00
Tobias Brunner
8c859e86d6 android: New release after re-adding support for ECC Brainpool curves 2016-12-10 12:28:09 +01:00
Tobias Brunner
f20b3f7b2c openssl: BoringSSL doesn't provide curve data for ECC Brainpool curves 2016-12-10 12:27:47 +01:00
Tobias Brunner
aae9a9e678 android: New release after fixing libtpmtss issue 2016-12-09 11:18:17 +01:00
Tobias Brunner
9920824e70 android: Make sure libtpmtss is loaded on older systems 
On newer Android systems this seems to happen automatically (or does at
least not cause crashes if the library is not loaded).
 2016-12-09 11:16:42 +01:00
Tobias Brunner
708f9c7f65 android: New release after adding notification 2016-12-08 17:37:21 +01:00
Tobias Brunner
7e1c840753 Merge branch 'android-updates' 
Adds a permanent notification while connected (or connecting), which
allows running as a foreground service, which in turn should prevent
Android from terminating the service when low on memory.

Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH.
 2016-12-08 17:33:11 +01:00
Tobias Brunner
3e85b5a492 android: Ensure that the certificates are loaded when accessing them via JNI 2016-12-08 17:14:49 +01:00
Tobias Brunner
85059424a7 android: Add a public notification 2016-12-08 17:14:49 +01:00
Tobias Brunner
d5070425a0 android: Display a permanent notification while connected 
This forces the service to run in the foreground, meaning the system
won't kill it when low on memory.
 2016-12-08 17:14:49 +01:00
Tobias Brunner
e03c936982 android: Log any installed DNS servers 2016-12-08 17:14:49 +01:00
Tobias Brunner
d6d12bab14 android: Unregister listener in case of error alerts 
This avoids triggering additional errors via e.g. ike_updown() that
might cause the error message displayed in the GUI to change if the
status fragment is recreated.

References #2134.
 2016-12-08 17:13:16 +01:00
Tobias Brunner
ef2ad9db1c android: Report an error for invalid integer values 
Previously we'd just ignore the invalid values without notifying the
user.
 2016-12-08 16:43:51 +01:00
Tobias Brunner
cefbf2bf9b android: Propose curve25519 in the ESP proposals 2016-12-08 16:43:51 +01:00
Tobias Brunner
fec47b6146 android: Enable curve25519 plugin in the app 2016-12-08 16:43:51 +01:00
Tobias Brunner
b077a2a71a android: Optionally build the curve25519 plugin 2016-12-08 16:43:51 +01:00
Tobias Brunner
5f0913fc1e android: Propose ChaCha20/Poly1305 in the ESP AEAD proposals 2016-12-08 16:43:50 +01:00
Tobias Brunner
8c0b38e9df android: Enable chapoly plugin in the app 2016-12-08 16:43:50 +01:00
Tobias Brunner
4d47adb639 android: Optionally build the chapoly plugin 2016-12-08 16:43:50 +01:00
Tobias Brunner
03472aea1f android: Update Gradle plugin and wrapper 2016-12-08 16:43:50 +01:00
Thomas Egerer
8c50bb6c36 ikev1: Minor code optimization in task manager 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-12-07 10:37:46 +01:00
Tobias Brunner
8fe2cefd9d travis: The xcode7.3 image is now the default 2016-12-02 16:56:13 +01:00
Tobias Brunner
c7c9a50adb travis: Output config.log on failure 2016-12-02 16:56:13 +01:00
Tobias Brunner
016228c158 configure: Check for actual functions in libraries with AC_CHECK_LIB 
Checking for `main` produces code like this in the test program:

  int
  main ()
  {
  return main ();
    ;
    return 0;
  }

This recursive call results in a warning message with some compilers (e.g.
Clang in newer Xcode versions: "all paths through this function will call
itself [-Winfinite-recursion]"), which lets the tests fail when compiling
with -Werror.
 2016-12-02 16:56:13 +01:00
Tobias Brunner
5078f87a52 plugin-loader: Strip '!' from critical plugin names when setting paths 2016-11-18 12:21:49 +01:00
Thomas Egerer
1042b9194f child-sa: Use single return statement in update_usebytes() 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-11-18 11:58:14 +01:00
Martin Willi
649537ee8d proposal: Remove RFC 5114 MODP DH groups from default proposal 
Recent research demonstrates that at least for 1024-bit DH groups, it is
possible to create specially crafted primes having a backdoor. From the
prime itself this is not detectable, creating a perfect NOBUS attack.

http://eprint.iacr.org/2016/961

For the primes defined in RFC 5114 no information is provided on how these
have been selected. In the default proposal we included one of the 2048-bit
primes only, where it is questionable if constructing a backdoored prime is
feasible. Nevertheless, this patch removes the group from the set of default
proposals as well.
 2016-11-15 17:20:40 +01:00
Andreas Steffen
011195f1a9 Version bump to 5.5.2dr2 5.5.2dr2 2016-11-14 16:20:51 +01:00
Andreas Steffen
99c03e9a11 testing: make curve25519 the default DH group 2016-11-14 16:20:51 +01:00
Tobias Brunner
549b325d9d proposal: Add curve25519 and curve448 to default proposal 2016-11-14 16:20:51 +01:00
Tobias Brunner
9d170c18bc configure: Enable curve25519 plugin by default 2016-11-14 16:20:51 +01:00
Martin Willi
bd0aa66e45 curve22519: Add a portable backend implemented in plain C 2016-11-14 16:20:51 +01:00
Martin Willi
7f9bfacd5a curve25519: Add a plugin providing Curve25519 DH using backend drivers 2016-11-14 16:20:51 +01:00
Martin Willi
2ac95123bb dh-speed: Compare the shared secrets for equality after test 2016-11-14 16:20:51 +01:00