aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* testing: Added ikev2/net2net-ed25519 scenarioAndreas Steffen2016-12-1717-0/+173
|
* stroke: Load general PKCS#8 private keysAndreas Steffen2016-12-172-3/+9
|
* Merge branch 'Ed25519'Andreas Steffen2016-12-1673-109/+7058
|\
| * Moved Ed25519 tests to libstrongswanAndreas Steffen2016-12-1410-142/+27
| |
| * unit-tests: Completed coverage of hasher, crypter and libnttfftAndreas Steffen2016-12-143-34/+57
| |
| * Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificatesAndreas Steffen2016-12-1428-1/+300
| |
| * Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-146-17/+140
| |
| * Added Ed25519 ref10 implementation from libsodiumAndreas Steffen2016-12-1414-16/+5790
| |
| * Added support of EdDSA signaturesAndreas Steffen2016-12-1431-55/+900
| |
* | vici: Check for closed connection in Python bindingsWeilu Jia2016-12-141-1/+4
|/ | | | | | | The Python VICI library does not check if the socket is closed. If the daemon closes the connection, _recvall() spins forever. Closes strongswan/strongswan#56.
* kernel-netlink: Add support for AES-CMAC-96 (RFC 4494)Tobias Brunner2016-12-121-0/+1
| | | | The kernel apparently supports this since 3.10.
* android: New release after re-adding support for ECC Brainpool curvesTobias Brunner2016-12-101-2/+2
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* android: New release after fixing libtpmtss issueTobias Brunner2016-12-091-2/+2
|
* android: Make sure libtpmtss is loaded on older systemsTobias Brunner2016-12-093-1/+3
| | | | | On newer Android systems this seems to happen automatically (or does at least not cause crashes if the library is not loaded).
* android: New release after adding notificationTobias Brunner2016-12-081-2/+2
|
* Merge branch 'android-updates'Tobias Brunner2016-12-0816-44/+175
|\ | | | | | | | | | | | | | | Adds a permanent notification while connected (or connecting), which allows running as a foreground service, which in turn should prevent Android from terminating the service when low on memory. Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH.
| * android: Ensure that the certificates are loaded when accessing them via JNITobias Brunner2016-12-081-1/+1
| |
| * android: Add a public notificationTobias Brunner2016-12-081-6/+10
| |
| * android: Display a permanent notification while connectedTobias Brunner2016-12-089-27/+120
| | | | | | | | | | This forces the service to run in the foreground, meaning the system won't kill it when low on memory.
| * android: Log any installed DNS serversTobias Brunner2016-12-081-1/+1
| |
| * android: Unregister listener in case of error alertsTobias Brunner2016-12-081-3/+9
| | | | | | | | | | | | | | | | This avoids triggering additional errors via e.g. ike_updown() that might cause the error message displayed in the GUI to change if the status fragment is recreated. References #2134.
| * android: Report an error for invalid integer valuesTobias Brunner2016-12-081-4/+27
| | | | | | | | | | Previously we'd just ignore the invalid values without notifying the user.
| * android: Propose curve25519 in the ESP proposalsTobias Brunner2016-12-081-3/+3
| |
| * android: Enable curve25519 plugin in the appTobias Brunner2016-12-081-1/+1
| |
| * android: Optionally build the curve25519 pluginTobias Brunner2016-12-081-0/+2
| |
| * android: Propose ChaCha20/Poly1305 in the ESP AEAD proposalsTobias Brunner2016-12-081-2/+3
| |
| * android: Enable chapoly plugin in the appTobias Brunner2016-12-081-1/+1
| |
| * android: Optionally build the chapoly pluginTobias Brunner2016-12-081-0/+2
| |
| * android: Update Gradle plugin and wrapperTobias Brunner2016-12-082-3/+3
|/
* ikev1: Minor code optimization in task managerThomas Egerer2016-12-071-11/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* travis: The xcode7.3 image is now the defaultTobias Brunner2016-12-021-1/+0
|
* travis: Output config.log on failureTobias Brunner2016-12-021-0/+3
|
* configure: Check for actual functions in libraries with AC_CHECK_LIBTobias Brunner2016-12-021-27/+32
| | | | | | | | | | | | | | | | | Checking for `main` produces code like this in the test program: int main () { return main (); ; return 0; } This recursive call results in a warning message with some compilers (e.g. Clang in newer Xcode versions: "all paths through this function will call itself [-Winfinite-recursion]"), which lets the tests fail when compiling with -Werror.
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* child-sa: Use single return statement in update_usebytes()Thomas Egerer2016-11-181-4/+8
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* proposal: Remove RFC 5114 MODP DH groups from default proposalMartin Willi2016-11-151-2/+4
| | | | | | | | | | | | | | Recent research demonstrates that at least for 1024-bit DH groups, it is possible to create specially crafted primes having a backdoor. From the prime itself this is not detectable, creating a perfect NOBUS attack. http://eprint.iacr.org/2016/961 For the primes defined in RFC 5114 no information is provided on how these have been selected. In the default proposal we included one of the 2048-bit primes only, where it is questionable if constructing a backdoored prime is feasible. Nevertheless, this patch removes the group from the set of default proposals as well.
* Version bump to 5.5.2dr25.5.2dr2Andreas Steffen2016-11-143-3/+6
|
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-14820-1072/+1050
|
* proposal: Add curve25519 and curve448 to default proposalTobias Brunner2016-11-141-0/+2
|
* configure: Enable curve25519 plugin by defaultTobias Brunner2016-11-141-1/+1
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-149-0/+473
|
* dh-speed: Compare the shared secrets for equality after testMartin Willi2016-11-141-3/+7
|
* dh-speed: Include the get_my_public_value() call in public exponent timingMartin Willi2016-11-141-4/+4
| | | | | This fixes results where a DH backend does not generate the public value in the constructor internally.
* dh-speed: Add an identifier to test curve25519 performanceMartin Willi2016-11-141-0/+1
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* proposal: Add a curve25519 proposal keywordMartin Willi2016-11-141-0/+1
|
* diffie-hellman: Add DH group identifiers for Curve25519 and Curve448Martin Willi2016-11-142-3/+14
|
* bus: Re-add ampersand that got lost in refactoringTobias Brunner2016-11-141-1/+1
| | | | | Fixes: 4af02c6c61cf ("bus: Fix maximum log level for different groups after removal of a logger")
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 04:37:28 +0000