ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
13,771 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

13771 Commits

Author SHA1 Message Date
Martin Willi dcae0a3935 updown: Inverse comment of VPN_LOGGING variable, as it is enabled by default 
Fixes #780.
 2014-12-02 15:02:41 +01:00
Andreas Steffen 32d19652f1 Version bump to 5.2.2dr1 2014-11-29 15:00:10 +01:00
Andreas Steffen 9b01a061ec Increased check size du to INITIAL_CONTACT notify 2014-11-29 14:57:41 +01:00
Andreas Steffen c02ebf1ecd Renewed expired certificates 2014-11-29 14:51:18 +01:00
Andreas Steffen b6bb32e658 Implemented full BLISS support for IKEv2 public key authentication and the pki tool 2014-11-29 14:51:18 +01:00
Andreas Steffen 43d9247599 Created ikev2/rw-ntru-bliss scenario 2014-11-29 14:51:18 +01:00
Andreas Steffen 0d8a3f5d01 Applied bit packing to BLISS public key 2014-11-29 14:51:18 +01:00
Andreas Steffen bf749fa1fb Wipe BLISS private key memory 2014-11-29 14:51:17 +01:00
Andreas Steffen b352ee4266 Created bliss_bitpacker class to encode BLISS signatures 2014-11-29 14:51:17 +01:00
Andreas Steffen 7143667bdd Skip the unused bits field of the ASN.1 BIT STRING encoding 2014-11-29 14:51:17 +01:00
Andreas Steffen 5a50e364e6 Store NTT A of BLISS public key a 2014-11-29 14:51:17 +01:00
Andreas Steffen 3e1f6edc5a unit-tests: created bliss_sign test suite 2014-11-29 14:51:17 +01:00
Andreas Steffen e71813e56d Finished BLISS signature generation 2014-11-29 14:51:17 +01:00
Andreas Steffen edd72b6bb9 Implemented Gaussian rejection sampler 
The bliss_sampler class uses the mgf1_bitspender as a
pseudo-random source.
 2014-11-29 14:51:16 +01:00
Andreas Steffen 72bb7eec9c Implemented get_byte() method for mgf1_bitspender class 
The new get_byte() method returns a pseudo-random byte at a time.
Changed the get_bits() interface to the same interface as get_byte().
Updated the mgf1 unit-tests accordingly.
 2014-11-29 14:51:16 +01:00
Andreas Steffen 5f7a9ea9c3 Added support for BLISS-III 2014-11-29 14:51:16 +01:00
Andreas Steffen f673966b9f Started implementing BLISS signature generation 2014-11-29 14:51:16 +01:00
Andreas Steffen 56009f2001 Store and parse BLISS private and public keys in DER and PEM format 
Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey
and subjectPublicKeyInfo objects.

Some basic functions used by the bliss_public_key class are shared
with the bliss_private_key class.
 2014-11-29 14:51:16 +01:00
Andreas Steffen 37bfe44358 unit-tests: Created separate mgf1 test suite 2014-11-29 14:51:16 +01:00
Andreas Steffen 8614d1214d Use mgf1_bitspender in ntru_poly_create_from_seed 2014-11-29 14:51:15 +01:00
Andreas Steffen 64a5cacde5 Use mgf1_bitspender to generate random secret key 2014-11-29 14:51:15 +01:00
Andreas Steffen 988d477145 Implemented bitspender based on the MGF1 mask generator function 2014-11-29 14:51:15 +01:00
Andreas Steffen c3664d8ee1 unit-tests: Added bliss_fft test suite 2014-11-29 14:51:15 +01:00
Andreas Steffen 1d3e080877 Moved mgf1 class to libstrongswan/crypto/mgf1 2014-11-29 14:51:15 +01:00
Andreas Steffen 73a327404d Defined BLISS I and IV parameter sets 2014-11-29 14:51:14 +01:00
Andreas Steffen 6d31c7ef74 Added BLISS OIDs in ITA-HSR OID tree 2014-11-29 14:51:14 +01:00
Andreas Steffen 8c751b6119 Implemented Number Theoretic Transform using the FFT algorithm 
By pre-multiplying the input arrays with a linear phase the
fast multiplication via FFT and inverse FFT computes a negative
wrapped convolution corresponding to a modulus of x^n+1.
 2014-11-29 14:51:14 +01:00
Andreas Steffen 9d5b91d198 Created framework for BLISS post-quantum signature algorithm 2014-11-29 14:51:14 +01:00
Martin Willi 4ef819a379 libtls: Catch POLLHUP/NVAL in TLS socket splicing 
If one of the sockets gets disconnected, some systems return POLLHUP. Signal
the socket as ready to let the read/write call fail properly.
 2014-11-28 15:53:50 +01:00
Martin Willi 015fb3134d watcher: Proper handle poll() POLLHUP/NVAL signaling 
poll() may return POLLHUP or POLLNVAL for given file descriptors. To handle
these properly, we signal them to the EXCEPT watcher state, if registered. If
not, we call the read/write callbacks, so they can properly fail when trying
to read from or write to the file descriptor.
 2014-11-28 12:50:34 +01:00
Martin Willi 02fd29acc1 windows: Properly set errno for read/write functions using Winsock 2014-11-28 12:45:58 +01:00
Martin Willi f1773fee43 ikev2: Fix ike_rekey switch statement broken with last commit 2014-11-24 10:03:26 +01:00
Martin Willi 8891ed5478 ikev2: Prevent IKE_SA rekeying if we are currently retrying a CHILD_SA rekey 2014-11-21 12:51:20 +01:00
Martin Willi c39b0c883d controller: Keep following initiate() if the first DH guess was wrong 2014-11-21 12:51:19 +01:00
Martin Willi 013857ad79 child-sa: Introduce a CHILD_RETRYING state to detect DH group retries 2014-11-21 12:51:19 +01:00
Martin Willi f6f3b0db11 Merge branch 'poll' 
Replace relevant uses of select() by poll(). poll(2) avoids the difficulties
we have with more than 1024 open file descriptors, and seems to be fairly
portable.

Fixes #757.
 2014-11-21 12:49:07 +01:00
Martin Willi 89f19ef876 windows: Move the compatibility header to the compat subfolder 2014-11-21 12:02:08 +01:00
Martin Willi aec3d5fb7f apple: Wrap accept() and recvfrom() with poll(2) instead of select 2014-11-21 12:02:08 +01:00
Martin Willi f65779dd0f apple: Introduce a central compatibility header with all __APPLE__ quirks 2014-11-21 12:02:08 +01:00
Martin Willi 6e1d3f3615 watcher: Use Windows read/write(2) wrappers instead of compile-conditions 2014-11-21 12:02:08 +01:00
Martin Willi a301a9c939 windows: Provide a write(2) wrapper that uses send(2) on sockets 2014-11-21 12:02:08 +01:00
Martin Willi 09624c6cec windows: Provide a read(2) wrapper that uses recv(2) on sockets 2014-11-21 12:02:08 +01:00
Martin Willi f518b52c2d unit-tests: Test cancellability of some cancellation points we rely on 2014-11-21 12:02:07 +01:00
Martin Willi 78725e68c1 thread: Test for pending cancellation requests before poll()ing on OS X 
As we are now using poll(2) instead of select(2), we need the work-around from
76dc329e for poll() as well.
 2014-11-21 12:02:07 +01:00
Martin Willi eeaa6f9b1a kernel-libipsec: Use poll(2) instead of select 2014-11-21 12:02:07 +01:00
Martin Willi 03bccc240c watcher: Use poll(2) instead of select 2014-11-21 12:02:07 +01:00
Martin Willi 10743ac9d6 libtls: Use poll(2) instead of select() in tls_socket 2014-11-21 12:02:07 +01:00
Martin Willi ed247660e8 socket-default: Use round-robin selection of sockets to read from 
If multiple sockets are ready, we previously preferred the IPv4 non-NAT socket
over others. To handle all with equal priority, use a round-robin selection.
 2014-11-21 12:02:07 +01:00
Martin Willi ce13ba62cc socket-default: Use poll(2) instead of select 
It is not only simpler, but also allows the use of arbitrary high fd numbers,
which silently fails with select().
 2014-11-21 12:02:07 +01:00
Martin Willi 946cf367d4 tun-device: Read from tun to buffer on stack to avoid over-allocation of packets 
Instead of allocating MTU-sized buffers for each packet, read to a stack buffer
and copy to an allocation of the actual packet size. While it requires an
additional copy on non-Apple platforms, this should make allocation more
efficient for small packets.
 2014-11-21 12:02:07 +01:00