ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,372 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

12372 Commits

Author SHA1 Message Date
Andreas Steffen 2006709ec5 Moved test_rng to a test suite of its own 2013-12-04 21:23:30 +01:00
Tobias Brunner f1e12da7ef unit-tests: Don't use priority for destructor that unregisters testable functions 
This fixes coverage reports, at least if leak detective is disabled.
If it is enabled the plugins are not unloaded so the destructor is not
executed until the process is destroyed, which seems not to be covered
by gcov.
 2013-12-04 20:33:00 +01:00
Tobias Brunner d5a0abfa92 unit-tests: Export ntru_drbg_create as testable function so no linking is required 
This way the plugin does not have to be linked explicitly to the test
runner, which otherwise would require that the plugin is either always
enabled to build the tests or that ifdefs are added to the Makefile.
 2013-12-04 20:32:59 +01:00
Tobias Brunner 4cea186b64 unit-tests: Add facility to register testable functions 
These can be defined in plugins, or other parts of the tested libraries.
They can even be static.
 2013-12-04 20:32:59 +01:00
Tobias Brunner a24eec4649 unit-tests: Move ntru_test_rng_t to a utility class in libtest 2013-12-04 20:32:59 +01:00
Tobias Brunner 6354466a5b unit-tests: Fix apidoc for libtest 2013-12-04 20:32:59 +01:00
Tobias Brunner 3e8a44c2aa ntru: Fix compiler warning caused by ++/-- on righthand side of an assignment 
The behavior of stuff like x = --x; (or x++) is not defined.
 2013-12-04 20:32:59 +01:00
Reto Buerki ea4f71c2c3 testing: Fix status output in build-baseimage script 2013-12-04 10:42:03 +01:00
Reto Buerki e570628557 Remove check library from HACKING document 2013-12-04 10:42:03 +01:00
Reto Buerki d33df7ed51 charon-tkm: Abort if gprbuild binary is not found 2013-12-04 10:42:03 +01:00
Reto Buerki 8416ebb628 charon-tkm: Update integration tests 2013-12-04 10:41:54 +01:00
Adrian-Ken Rueegsegger 6db7feacf6 charon-tkm: Implement IANA DH Id to TKM Id mapping 
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:

dh_mapping {
	iana_id1 = tkm_id1
	iana_id2 = tkm_id2
	iana_id3 = tkm_id3
	...
}

Only the mapped IANA IDs are registered as supported DH groups.
 2013-12-03 11:58:53 +01:00
Adrian-Ken Rueegsegger 9e8a52003a charon-tkm: Drop unnecessary include 2013-12-03 11:58:53 +01:00
Andreas Steffen 623fdcb7de Fixed formatting in strongswan.conf 2013-12-03 08:17:39 +01:00
Tobias Brunner 7c7148b038 ike: Log SK_p consistently on level 4 2013-11-28 19:04:47 +01:00
Andreas Steffen acc25f29bd Updated NEWS for 5.1.2dr1 2013-11-27 20:37:11 +01:00
Andreas Steffen 7d5b9e81a4 Added DRBG automatic reseeding tests 2013-11-27 20:21:41 +01:00
Andreas Steffen 5443762491 Use strongSwan hash plugins for SHA-1 and SHA-256 2013-11-27 20:21:41 +01:00
Andreas Steffen d993a567b7 Extended NIST SP 800-90A HMAC_DRBG test cases 2013-11-27 20:21:41 +01:00
Andreas Steffen a7047cda59 Cleaned up ntru-crypto library 2013-11-27 20:21:41 +01:00
Andreas Steffen 98c6421674 Implemented NIST SP 800-90A DRBG_HMAC with SHA-256 2013-11-27 20:21:41 +01:00
Andreas Steffen 798a36dc14 Added NTRU key exchange to default IKE proposal 2013-11-27 20:21:41 +01:00
Andreas Steffen 9013973cc8 unit-tests: Added ntru wrong ciphertext test 2013-11-27 20:21:41 +01:00
Andreas Steffen 885e699b58 unit-tests: Added ntru entropy, retransmission and ciphertext tests 2013-11-27 20:21:41 +01:00
Andreas Steffen 802eaf3789 Any of the four NTRU parameter sets can be selected 2013-11-27 20:21:41 +01:00
Andreas Steffen 1f73969eb5 Make the NTRU parameter set configurable 2013-11-27 20:21:41 +01:00
Andreas Steffen 2c620cb089 unit-tests: first NTRU test case 2013-11-27 20:21:40 +01:00
Andreas Steffen d5cd6eba2b Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios 2013-11-27 20:21:40 +01:00
Andreas Steffen 146ad86be5 Prototype implementation of IKE key exchange via NTRU encryption 2013-11-27 20:21:40 +01:00
Tobias Brunner e9b49d412b Merge branch 'nm-psk' 
This adds support for PSK authentication to the NetworkManager frontend.
 2013-11-27 18:37:11 +01:00
Tobias Brunner 0b506edb19 nm: Require the PSK to be at least 20 characters long 2013-11-27 18:36:58 +01:00
Tobias Brunner 692a421aa0 nm: German translation updated 2013-11-27 18:36:58 +01:00
Tobias Brunner 5ae822cfcd nm: Handle PSK option in NM backend 2013-11-27 18:36:58 +01:00
Tobias Brunner 594878e552 nm: Add PSK option to auth-dialog 2013-11-27 18:36:58 +01:00
Tobias Brunner 63528ebd3f nm: Add pre-shared key option in GUI 2013-11-27 18:36:58 +01:00
Tobias Brunner cfaec93111 nm: Make intltool recognize glade files properly 2013-11-27 18:36:58 +01:00
Tobias Brunner 228db0433d configure: Remove obsolete --enable-unit-tests option 2013-11-27 18:35:44 +01:00
Tobias Brunner f5feeb04f3 charon-tkm: Don't run tests automatically during 'make check' 
Due to the external dependencies these tests are quite inconvenient.
They can be run from the charon-tkm directory with 'make check-tkm'.
 2013-11-27 18:35:44 +01:00
Reto Buerki 5221a16391 charon-tkm: Add Binder switches to test project to enable exception backtraces 2013-11-27 18:35:44 +01:00
Tobias Brunner d6032bff8b charon-tkm: Migrate tests to our own test runner 
Due to problems with the external libraries tkm_init/deinit can't be
called for each test case.  Because of this leak detective has to be
disabled for these tests.
 2013-11-27 18:35:44 +01:00
Tobias Brunner 70f4461359 charon-tkm: Support for out-of-tree build added 2013-11-27 18:35:44 +01:00
Tobias Brunner 20a48e4be3 chunk: Fix signedness warnings caused by chunk_from_* macros 
There are countless other such warnings because e.g. chunk_create() is called
with char*, but at least we prevent users from causing such warnings
inadvertently when using these macros.
 2013-11-27 18:28:44 +01:00
Martin Willi 1cbe4e6ce4 tun-device: Include <linux/types.h> before <linux/if_tun.h> 
Fixes a build error on CentOS 6.4.
 2013-11-22 09:09:06 +01:00
Tobias Brunner c61ca66a39 trap-manager: Reset IKE_SA on bus_t if initiating fails 2013-11-21 13:43:31 +01:00
Tobias Brunner bb492d80b5 trap-manager: Prevent deadlock when installing trap policies 
Because the write lock was held while calling add_policies() on
child_sa_t, which finishes with a call to child_state_change() on bus_t,
a deadlock would ensue if CHILD_SAs are concurrently being established,
which also causes a call to child_state_change() that will require
the read lock in trap_manager_t.

No locks are now being held while creating the CHILD_SA and installing the
trap policies.
 2013-11-21 11:12:59 +01:00
Tobias Brunner 906a4fd16b coverage: Report branch coverage 2013-11-21 11:10:39 +01:00
Martin Willi 07ca25909b printf-hook-builtin: Don't use %P to print uppercase hex pointers 
We use %P as custom printf specifier for proposals.
 2013-11-20 16:57:28 +01:00
Tobias Brunner 8071c2a5e3 testing: Config for Linux kernel 3.12 
The most significant change is that CONFIG_ACPI_PROC_EVENT is now
finally removed (after being deprecated for a long time).

So to successfully shutdown the guests via ACPI the CONFIG_INPUT_EVDEV
option is now enabled.
 2013-11-19 17:15:12 +01:00
Tobias Brunner 3bff80aee3 openssl: Verify that a peer's ECDH public value is a point on the elliptic curve 
This check is mandated by RFC 6989.  Since we don't reuse DH secrets,
it is mostly a sanity check.
 2013-11-19 15:00:28 +01:00
Tobias Brunner 38a4f1964e kernel-netlink: Enable TFC padding only for tunnel mode ESP SAs 
The kernel does not allow them for transport mode SAs or IPComp SAs (and
of course not for AH SAs).

Fixes #446.
 2013-11-19 12:44:16 +01:00