Andreas Steffen
2006709ec5
Moved test_rng to a test suite of its own
2013-12-04 21:23:30 +01:00
Tobias Brunner
f1e12da7ef
unit-tests: Don't use priority for destructor that unregisters testable functions
...
This fixes coverage reports, at least if leak detective is disabled.
If it is enabled the plugins are not unloaded so the destructor is not
executed until the process is destroyed, which seems not to be covered
by gcov.
2013-12-04 20:33:00 +01:00
Tobias Brunner
d5a0abfa92
unit-tests: Export ntru_drbg_create as testable function so no linking is required
...
This way the plugin does not have to be linked explicitly to the test
runner, which otherwise would require that the plugin is either always
enabled to build the tests or that ifdefs are added to the Makefile.
2013-12-04 20:32:59 +01:00
Tobias Brunner
4cea186b64
unit-tests: Add facility to register testable functions
...
These can be defined in plugins, or other parts of the tested libraries.
They can even be static.
2013-12-04 20:32:59 +01:00
Tobias Brunner
a24eec4649
unit-tests: Move ntru_test_rng_t to a utility class in libtest
2013-12-04 20:32:59 +01:00
Tobias Brunner
6354466a5b
unit-tests: Fix apidoc for libtest
2013-12-04 20:32:59 +01:00
Tobias Brunner
3e8a44c2aa
ntru: Fix compiler warning caused by ++/-- on righthand side of an assignment
...
The behavior of stuff like x = --x; (or x++) is not defined.
2013-12-04 20:32:59 +01:00
Reto Buerki
ea4f71c2c3
testing: Fix status output in build-baseimage script
2013-12-04 10:42:03 +01:00
Reto Buerki
e570628557
Remove check library from HACKING document
2013-12-04 10:42:03 +01:00
Reto Buerki
d33df7ed51
charon-tkm: Abort if gprbuild binary is not found
2013-12-04 10:42:03 +01:00
Reto Buerki
8416ebb628
charon-tkm: Update integration tests
2013-12-04 10:41:54 +01:00
Adrian-Ken Rueegsegger
6db7feacf6
charon-tkm: Implement IANA DH Id to TKM Id mapping
...
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:
dh_mapping {
iana_id1 = tkm_id1
iana_id2 = tkm_id2
iana_id3 = tkm_id3
...
}
Only the mapped IANA IDs are registered as supported DH groups.
2013-12-03 11:58:53 +01:00
Adrian-Ken Rueegsegger
9e8a52003a
charon-tkm: Drop unnecessary include
2013-12-03 11:58:53 +01:00
Andreas Steffen
623fdcb7de
Fixed formatting in strongswan.conf
2013-12-03 08:17:39 +01:00
Tobias Brunner
7c7148b038
ike: Log SK_p consistently on level 4
2013-11-28 19:04:47 +01:00
Andreas Steffen
acc25f29bd
Updated NEWS for 5.1.2dr1
2013-11-27 20:37:11 +01:00
Andreas Steffen
7d5b9e81a4
Added DRBG automatic reseeding tests
2013-11-27 20:21:41 +01:00
Andreas Steffen
5443762491
Use strongSwan hash plugins for SHA-1 and SHA-256
2013-11-27 20:21:41 +01:00
Andreas Steffen
d993a567b7
Extended NIST SP 800-90A HMAC_DRBG test cases
2013-11-27 20:21:41 +01:00
Andreas Steffen
a7047cda59
Cleaned up ntru-crypto library
2013-11-27 20:21:41 +01:00
Andreas Steffen
98c6421674
Implemented NIST SP 800-90A DRBG_HMAC with SHA-256
2013-11-27 20:21:41 +01:00
Andreas Steffen
798a36dc14
Added NTRU key exchange to default IKE proposal
2013-11-27 20:21:41 +01:00
Andreas Steffen
9013973cc8
unit-tests: Added ntru wrong ciphertext test
2013-11-27 20:21:41 +01:00
Andreas Steffen
885e699b58
unit-tests: Added ntru entropy, retransmission and ciphertext tests
2013-11-27 20:21:41 +01:00
Andreas Steffen
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
Andreas Steffen
1f73969eb5
Make the NTRU parameter set configurable
2013-11-27 20:21:41 +01:00
Andreas Steffen
2c620cb089
unit-tests: first NTRU test case
2013-11-27 20:21:40 +01:00
Andreas Steffen
d5cd6eba2b
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
2013-11-27 20:21:40 +01:00
Andreas Steffen
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
Tobias Brunner
e9b49d412b
Merge branch 'nm-psk'
...
This adds support for PSK authentication to the NetworkManager frontend.
2013-11-27 18:37:11 +01:00
Tobias Brunner
0b506edb19
nm: Require the PSK to be at least 20 characters long
2013-11-27 18:36:58 +01:00
Tobias Brunner
692a421aa0
nm: German translation updated
2013-11-27 18:36:58 +01:00
Tobias Brunner
5ae822cfcd
nm: Handle PSK option in NM backend
2013-11-27 18:36:58 +01:00
Tobias Brunner
594878e552
nm: Add PSK option to auth-dialog
2013-11-27 18:36:58 +01:00
Tobias Brunner
63528ebd3f
nm: Add pre-shared key option in GUI
2013-11-27 18:36:58 +01:00
Tobias Brunner
cfaec93111
nm: Make intltool recognize glade files properly
2013-11-27 18:36:58 +01:00
Tobias Brunner
228db0433d
configure: Remove obsolete --enable-unit-tests option
2013-11-27 18:35:44 +01:00
Tobias Brunner
f5feeb04f3
charon-tkm: Don't run tests automatically during 'make check'
...
Due to the external dependencies these tests are quite inconvenient.
They can be run from the charon-tkm directory with 'make check-tkm'.
2013-11-27 18:35:44 +01:00
Reto Buerki
5221a16391
charon-tkm: Add Binder switches to test project to enable exception backtraces
2013-11-27 18:35:44 +01:00
Tobias Brunner
d6032bff8b
charon-tkm: Migrate tests to our own test runner
...
Due to problems with the external libraries tkm_init/deinit can't be
called for each test case. Because of this leak detective has to be
disabled for these tests.
2013-11-27 18:35:44 +01:00
Tobias Brunner
70f4461359
charon-tkm: Support for out-of-tree build added
2013-11-27 18:35:44 +01:00
Tobias Brunner
20a48e4be3
chunk: Fix signedness warnings caused by chunk_from_* macros
...
There are countless other such warnings because e.g. chunk_create() is called
with char*, but at least we prevent users from causing such warnings
inadvertently when using these macros.
2013-11-27 18:28:44 +01:00
Martin Willi
1cbe4e6ce4
tun-device: Include <linux/types.h> before <linux/if_tun.h>
...
Fixes a build error on CentOS 6.4.
2013-11-22 09:09:06 +01:00
Tobias Brunner
c61ca66a39
trap-manager: Reset IKE_SA on bus_t if initiating fails
2013-11-21 13:43:31 +01:00
Tobias Brunner
bb492d80b5
trap-manager: Prevent deadlock when installing trap policies
...
Because the write lock was held while calling add_policies() on
child_sa_t, which finishes with a call to child_state_change() on bus_t,
a deadlock would ensue if CHILD_SAs are concurrently being established,
which also causes a call to child_state_change() that will require
the read lock in trap_manager_t.
No locks are now being held while creating the CHILD_SA and installing the
trap policies.
2013-11-21 11:12:59 +01:00
Tobias Brunner
906a4fd16b
coverage: Report branch coverage
2013-11-21 11:10:39 +01:00
Martin Willi
07ca25909b
printf-hook-builtin: Don't use %P to print uppercase hex pointers
...
We use %P as custom printf specifier for proposals.
2013-11-20 16:57:28 +01:00
Tobias Brunner
8071c2a5e3
testing: Config for Linux kernel 3.12
...
The most significant change is that CONFIG_ACPI_PROC_EVENT is now
finally removed (after being deprecated for a long time).
So to successfully shutdown the guests via ACPI the CONFIG_INPUT_EVDEV
option is now enabled.
2013-11-19 17:15:12 +01:00
Tobias Brunner
3bff80aee3
openssl: Verify that a peer's ECDH public value is a point on the elliptic curve
...
This check is mandated by RFC 6989. Since we don't reuse DH secrets,
it is mostly a sanity check.
2013-11-19 15:00:28 +01:00
Tobias Brunner
38a4f1964e
kernel-netlink: Enable TFC padding only for tunnel mode ESP SAs
...
The kernel does not allow them for transport mode SAs or IPComp SAs (and
of course not for AH SAs).
Fixes #446 .
2013-11-19 12:44:16 +01:00