Tobias Brunner
1806ba0890
travis: Add a workaround for a bug regarding libtool installed via Homebrew
2016-08-25 17:21:02 +02:00
Thomas Egerer
8456d6f5a8
ikev1: Don't require AH mapping for integrity algorithm when generating proposal
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-08-25 13:34:36 +02:00
Andreas Steffen
d125941802
libtpmtss: TCTI finalization call changed
2016-08-25 13:22:51 +02:00
Andreas Steffen
36bf2b1bc5
conf: aikpub2.opt added to Makefile.am
2016-08-25 13:22:51 +02:00
Tobias Brunner
09d8215d3f
pki: Allow to load CRLs from files in --verify
2016-08-25 11:07:35 +02:00
Tobias Brunner
17ecc104fb
ikev1: Ignore the last two bytes of the Cisco Unity vendor ID
...
These seem to indicate the major and minor version of the protocol, like
e.g. for the DPD vendor ID. Some implementations seem to send versions
other than 1.0 so we just ignore these for now when checking for known
vendor IDs.
Fixes #2088 .
2016-08-24 17:46:05 +02:00
Tobias Brunner
603a1d3c8f
utils: Fix definition of BYTE_ORDER with MinGW
2016-08-24 10:40:57 +02:00
Tobias Brunner
22b839e6e9
ikev1: Accept more than one certificate payload in aggressive mode
...
Fixes #2085 .
2016-08-17 10:30:39 +02:00
Andreas Steffen
ce20979ce2
testing: Virtual IPs went missing
2016-08-16 17:18:17 +02:00
Andreas Steffen
3bca51e430
unit-tests: Removed unused variable
2016-08-11 17:01:33 +02:00
Andreas Steffen
5afaf0dba2
Version bump to 5.5.1dr1
2016-08-10 18:11:53 +02:00
Andreas Steffen
53332c9390
Merge branch 'newhope'
2016-08-10 16:23:04 +02:00
Andreas Steffen
c1a1f9f548
testing: Added swanctl/rw-newhope-bliss scenario
2016-08-10 15:14:26 +02:00
Andreas Steffen
1e0dc2c329
testing: Add chapoly, ntru and newhope plugins to crypto and integrity tests
2016-08-10 14:34:27 +02:00
Andreas Steffen
277ef8c2fa
testing: Added ikev2/rw-newhope-bliss scenario
2016-08-10 14:22:00 +02:00
Andreas Steffen
1342bd3386
unit-tests: Created newhope unit-tests
2016-08-10 14:22:00 +02:00
Andreas Steffen
393688aea0
Created newhope plugin implementing the New Hope key exchange algorithm
2016-08-10 14:22:00 +02:00
Andreas Steffen
1fddb0b92e
xof: Added ChaCha20 stream as XOF
2016-08-06 12:09:05 +02:00
Andreas Steffen
8993cb556e
utils: Defined uletoh16() and htole16()
2016-08-06 12:09:05 +02:00
Andreas Steffen
b8070e2c85
integrity-test: Added ntru_param_sets to read-only segment
2016-07-29 12:36:15 +02:00
Andreas Steffen
17e4ca6ac9
integrity-test: Added bliss_param_sets to read-only segment
2016-07-29 12:36:15 +02:00
Andreas Steffen
7256c68da0
integrity-test: check code and ro segments of libnttfft
2016-07-29 12:36:15 +02:00
Andreas Steffen
d305f251a5
Created libnttfft
...
This makes Number Theoretic Transforms (NTT) based on the efficient
Fast-Fourier-Transform (FFT) available to multiple plugins.
2016-07-29 12:36:15 +02:00
Andreas Steffen
65f2ecb86d
Share twiddle factors table between 512 and 1024 point FFT
2016-07-29 12:36:14 +02:00
Andreas Steffen
68075fb7a7
Implemented FFT with n = 1024 and q = 11289 using Montgomery arithmetic
2016-07-29 12:36:14 +02:00
Andreas Steffen
a7d626118f
bliss: Implemented FFT with fast Montgomery arithmetic
2016-07-29 12:36:14 +02:00
Andreas Steffen
5ff88c9622
xof: Implemented SHAKE128 and SHAKE256 Extended Output Functions
2016-07-29 12:36:14 +02:00
Andreas Steffen
04208ac5d4
xof: Defined Extended Output Functions
2016-07-29 12:36:14 +02:00
Andreas Steffen
7f65a8c271
vici: Increased various string buffers to BUF_LEN (512 bytes)
2016-07-29 12:34:40 +02:00
Andreas Steffen
fa1865094d
integrity-test: Added charon-systemd
2016-07-29 12:33:32 +02:00
Andreas Steffen
eda8907b90
Added SHA-3 signature OIDs
2016-07-26 13:34:45 +02:00
Tobias Brunner
a6d7aed78a
libcharon: Add exchange_tests to .gitignore
2016-07-25 14:01:26 +02:00
Andreas Steffen
5ce749bcfc
unit-tests: Decreased loop count of FFT speed test to 10'000
2016-07-22 21:27:42 +02:00
Andreas Steffen
10ebb3c914
unit-tests: Added bliss_fft_speed test
2016-07-22 11:58:10 +02:00
Andreas Steffen
6f4b73615b
Merge branch 'tss2-sapi'
2016-07-20 11:26:45 +02:00
Andreas Steffen
0274163674
libtpmtss: Use pkconfig to configure TSS 2.0 includes and libraries
2016-07-20 11:26:07 +02:00
Tobias Brunner
60d0f52fd6
ike1: Flush active queue when queueing a delete of the IKE_SA
...
By aborting the active task we don't have to wait for potential
retransmits if the other peer does not respond to the current task.
Since IKEv1 has no sequential message IDs and INFORMATIONALs are no real
exchanges this should not be a problem.
Fixes #1537
References #429 , #1410
Closes strongswan/strongswan#48
2016-07-19 11:48:17 +02:00
Andreas Steffen
74de8c3727
Version bump to 5.5.0
2016-07-13 13:26:16 +02:00
Tobias Brunner
b977ef8ec9
NEWS: Some updates for the 5.5.0 release
2016-07-11 15:42:51 +02:00
Tobias Brunner
1fafc56b95
Fixed some typos, courtesy of codespell
2016-07-04 12:18:51 +02:00
Tobias Brunner
5e5dee36b6
testing: Remove obsolete openssl-fips recipe
...
This was only required when we initially started and OpenSSL was built
from sources, which was changed with b97dd59ba8
("install FIPS-aware
OpenSSL Debian packages").
2016-07-04 12:18:51 +02:00
Tobias Brunner
7b879874d7
Revert "testing: Only load selected plugins in swanctl"
...
This reverts commit dee01d019b
.
Thanks to 505c318701
("leak-detective: Try to properly free
allocations after deinitialization") this is not required anymore.
2016-07-01 17:35:52 +02:00
Andreas Steffen
8fafbffdb7
Version bump to 5.5.0rc1
2016-06-30 16:28:28 +02:00
Andreas Steffen
37ffa99cf2
imcv: Added EFI HCRTM event
2016-06-30 16:20:10 +02:00
Andreas Steffen
ee2644dd3f
testing: Version bump to 4.6.3 kernel and strongSwan 5.5.0
2016-06-30 16:20:10 +02:00
Tobias Brunner
a8d6501036
aikgen: Fix computation of key ID of the AIK public key
...
We don't have direct access to the modulus and exponent of the key anymore.
2016-06-30 12:56:41 +02:00
Tobias Brunner
c05d49632f
libtpmtss: Define missing Doxygen group and fix some comments
2016-06-30 12:12:31 +02:00
Tobias Brunner
a23bde26bd
libimcv: Fix Doxygen comment
2016-06-30 12:12:26 +02:00
Tobias Brunner
c3e5109c37
testing: Add ikev1/net2net-esn scenario
2016-06-29 11:16:48 +02:00
Thomas Egerer
40bb4677f7
ikev1: Add support for extended sequence numbers
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-06-29 11:16:48 +02:00