sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
18,179 Commits 101 Branches 327 Tags
Commit Graph

18179 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Steffen
80e9569f85 Version bump to 6.0dr13 6.0dr13 2021-12-31 17:52:27 +01:00
Andreas Steffen
29cfecc4fe libtpmtss: Rename diffie_hellman_t to key_exchange_t 2021-12-31 17:50:23 +01:00
Andreas Steffen
f78bf84626 oqs: Included version 4.1 of BIKE Round 3 (L1 and L3) 
Requirement: liboqs-0.7.0
 2021-12-31 17:50:23 +01:00
Tobias Brunner
4118fc1f6a wolfssl: Move shared secret calculation to get_shared_secret() 
The ECDH implementation gets a bit simpler since we removed the
ecp_x_coordinate_only option a while ago.

Also added calls to verify public keys.
 2021-12-31 17:50:23 +01:00
Tobias Brunner
85bf1846c5 pkcs11: Move shared secret calculation to get_shared_secret() 2021-12-31 17:50:23 +01:00
Tobias Brunner
6b1d3c8ff2 openssl: Move shared secret calculation to get_shared_secret() 2021-12-31 17:50:23 +01:00
Tobias Brunner
3b06bbce73 gcrypt: Move shared secret calculation to get_shared_secret() 2021-12-31 17:50:23 +01:00
Tobias Brunner
9fb6b014a0 curve25519: Move shared secret calculation to get_shared_secret() 2021-12-31 17:50:23 +01:00
Tobias Brunner
d11d936dc0 botan: Move shared secret calculation to get_shared_secret() 2021-12-31 17:50:23 +01:00
Tobias Brunner
f8b0cc70b5 gmp: Move shared secret calculation to get_shared_secret() 
This avoids doing costly operations when just setting the public key.
For the same reason the optional extended public key check is moved.
 2021-12-31 17:50:23 +01:00
Tobias Brunner
13b4f023a0 key-exchange: Warn about costly operations in set_public_key() 2021-12-31 17:50:23 +01:00
Tobias Brunner
806dc9fdbc ike-auth: Move packet collection to post_build() method 
This way we avoid having to pre-generate the message when it could
theoretically still get modified by a task that follows or from a plugin
via message() hook.
 2021-12-31 17:50:23 +01:00
Tobias Brunner
edf788a760 message: Store original encrypted payload when generating fragments 
If we don't do this, get_plain() will fail after generating the message
fragmented.
 2021-12-31 17:50:23 +01:00
Tobias Brunner
27946e97d8 ikev2: Delay IKE key derivation until next message 
In particular as responder, this delays costly cryptographic operations
until the IKE_AUTH (or the next IKE_INTERMEDIATE) request is received,
which is preferable to reduce the impact of DoS attacks.

Another advantage is that the key material is not changed until all tasks
built or processed a message so e.g. IntAuth can be calculated with the
current keys without issues.
 2021-12-31 17:50:23 +01:00
Andreas Steffen
8de5ca790a vici: Increase maximum proposal length 2021-12-31 17:50:23 +01:00
Andreas Steffen
7b4166cdcd oqs: Updated Falcon sig tests to liboqs-0.5.0 2021-12-31 17:50:23 +01:00
Andreas Steffen
b8fb00dcd1 oqs: Upgraded Dilithium to NIST Round 3.1 2021-12-31 17:50:23 +01:00
Andreas Steffen
2a9128b5f6 test-vectors: No changes for Saber KE NIST Round 3 tests 2021-12-31 17:50:23 +01:00
Andreas Steffen
a7116f94f3 oqs: Support for HQC key exchange algorithm 2021-12-31 17:50:23 +01:00
Andreas Steffen
771f7fb4e7 test-vectors: Upgraded Kyber KE tests to NIST Round 3 2021-12-31 17:50:23 +01:00
Andreas Steffen
f436927689 test-vectors: Upgraded NTRU KE tests to NIST Round 3 2021-12-31 17:50:23 +01:00
Andreas Steffen
a6c76e5d76 scripts: Fixed NIST KAT scripts 2021-12-31 17:50:23 +01:00
Andreas Steffen
2c730db501 oqs: Support of Falcon signature algorithms 2021-12-31 17:50:23 +01:00
Andreas Steffen
eed5ebf2a0 oqs: Complete post-quantum signature support 2021-12-31 17:50:23 +01:00
Andreas Steffen
dd9c6911d5 ntru: Removed legacy NTRU key exchange method 2021-12-31 17:50:23 +01:00
Andreas Steffen
214ca99583 newhope: Removed legacy Newhope key exchange method 2021-12-31 17:50:23 +01:00
Andreas Steffen
639a4f067c bliss: Removed legacy BLISS signatures 2021-12-31 17:50:23 +01:00
Andreas Steffen
2471395268 oqs: Added signature tests 2021-12-31 17:50:23 +01:00
Andreas Steffen
5d831702bb scripts: Added nist_sig_kat script 2021-12-31 17:50:23 +01:00
Andreas Steffen
f9bb6a42b4 oqs: Postponed freeing of kem object 2021-12-31 17:50:23 +01:00
Andreas Steffen
0e9b4b21bb oqs: Support of Dilithium signature algorithms 2021-12-31 17:50:23 +01:00
Andreas Steffen
1e98ae8f02 oqs: Update to NIST round 3 KEM candidates 2021-12-31 17:50:23 +01:00
Andreas Steffen
032aeedc2b oqs: Removed BIKE round 1 version including test vectors 2021-12-31 17:50:23 +01:00
Andreas Steffen
af260b801d testing: Added ikev2/rw-cert-qske scenario 2021-12-31 17:50:23 +01:00
Andreas Steffen
559ce7afbe wip: ikev2: Change multi-KE codepoints for testing 2021-12-31 17:50:23 +01:00
Andreas Steffen
91e3cfdcf8 vici: List additional key exchanges 
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
 2021-12-31 17:50:23 +01:00
Andreas Steffen
84814ed07c frodo: FrodoKEM KE method 2021-12-31 17:50:23 +01:00
Andreas Steffen
50555eb61b oqs: Added post-quantum KEM methods based on liboqs 2021-12-31 17:50:23 +01:00
Andreas Steffen
6167d0d7ff nist_kem_kat: Added script formating NIST KEM KAT records into ke_test vectors 2021-12-31 17:50:23 +01:00
Andreas Steffen
60544b24f2 test-vectors: Added NIST KEM test vectors 2021-12-31 17:50:23 +01:00
Andreas Steffen
edf7dab3d0 key-exchange: Joint ke_test_vector format for DH and KEM 
Both Diffie-Hellman (DH) and Key Encapsulation Mechanism (KEM) based
key exchange methods use a common ke_test_vector format. The
set_seed() function is used to provide deterministic private key
material for the crypto tests.
 2021-12-31 17:50:23 +01:00
Andreas Steffen
8358225305 key-exchange: Added NIST round 2 submission KEM candidates 2021-12-31 17:50:22 +01:00
Tobias Brunner
9a10c50d72 wip: ike-init: Indicate support for IKE_INTERMEDIATE 
wip: Not strictly necessary. I guess we should also add some checks if
the notify was not received.
 2021-12-31 17:50:22 +01:00
Tobias Brunner
6ad6b3a0cd proposal: Prevent selection of duplicate key exchange methods 
All additional (and the initial) key exchanges must use a different method.
 2021-12-31 17:50:22 +01:00
Tobias Brunner
f5cda8967b proposal: Add helper to check if additional key exchanges are contained 2021-12-31 17:50:22 +01:00
Tobias Brunner
4c3914b6f9 proposal: Accept NONE for additional key exchanges also for IKE proposals 2021-12-31 17:50:22 +01:00
Tobias Brunner
0c79db4013 unit-tests: Add tests for CHILD_SA rekeying with multiple key exchanges 2021-12-31 17:50:22 +01:00
Tobias Brunner
e1b1bc651b unit-tests: Add tests for CHILD_SA creation with multiple key exchanges 2021-12-31 17:50:22 +01:00
Tobias Brunner
8b9526da08 unit-tests: Tests for additional key exchanges 2021-12-31 17:50:22 +01:00
Tobias Brunner
d7505f9c96 unit-tests: Support multiple proposals in exchange tests 2021-12-31 17:50:22 +01:00