Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | testing: Added ikev2/net2net-ed25519 scenario | Andreas Steffen | 2016-12-17 | 17 | -0/+173 |
| | |||||
* | stroke: Load general PKCS#8 private keys | Andreas Steffen | 2016-12-17 | 2 | -3/+9 |
| | |||||
* | Merge branch 'Ed25519' | Andreas Steffen | 2016-12-16 | 73 | -109/+7058 |
|\ | |||||
| * | Moved Ed25519 tests to libstrongswan | Andreas Steffen | 2016-12-14 | 10 | -142/+27 |
| | | |||||
| * | unit-tests: Completed coverage of hasher, crypter and libnttfft | Andreas Steffen | 2016-12-14 | 3 | -34/+57 |
| | | |||||
| * | Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates | Andreas Steffen | 2016-12-14 | 28 | -1/+300 |
| | | |||||
| * | Implemented EdDSA for IKEv2 using a pro forma Identity hash function | Andreas Steffen | 2016-12-14 | 6 | -17/+140 |
| | | |||||
| * | Added Ed25519 ref10 implementation from libsodium | Andreas Steffen | 2016-12-14 | 14 | -16/+5790 |
| | | |||||
| * | Added support of EdDSA signatures | Andreas Steffen | 2016-12-14 | 31 | -55/+900 |
| | | |||||
* | | vici: Check for closed connection in Python bindings | Weilu Jia | 2016-12-14 | 1 | -1/+4 |
|/ | | | | | | | The Python VICI library does not check if the socket is closed. If the daemon closes the connection, _recvall() spins forever. Closes strongswan/strongswan#56. | ||||
* | kernel-netlink: Add support for AES-CMAC-96 (RFC 4494) | Tobias Brunner | 2016-12-12 | 1 | -0/+1 |
| | | | | The kernel apparently supports this since 3.10. | ||||
* | android: New release after re-adding support for ECC Brainpool curves | Tobias Brunner | 2016-12-10 | 1 | -2/+2 |
| | |||||
* | openssl: BoringSSL doesn't provide curve data for ECC Brainpool curves | Tobias Brunner | 2016-12-10 | 1 | -1/+4 |
| | |||||
* | android: New release after fixing libtpmtss issue | Tobias Brunner | 2016-12-09 | 1 | -2/+2 |
| | |||||
* | android: Make sure libtpmtss is loaded on older systems | Tobias Brunner | 2016-12-09 | 3 | -1/+3 |
| | | | | | On newer Android systems this seems to happen automatically (or does at least not cause crashes if the library is not loaded). | ||||
* | android: New release after adding notification | Tobias Brunner | 2016-12-08 | 1 | -2/+2 |
| | |||||
* | Merge branch 'android-updates' | Tobias Brunner | 2016-12-08 | 16 | -44/+175 |
|\ | | | | | | | | | | | | | | | Adds a permanent notification while connected (or connecting), which allows running as a foreground service, which in turn should prevent Android from terminating the service when low on memory. Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH. | ||||
| * | android: Ensure that the certificates are loaded when accessing them via JNI | Tobias Brunner | 2016-12-08 | 1 | -1/+1 |
| | | |||||
| * | android: Add a public notification | Tobias Brunner | 2016-12-08 | 1 | -6/+10 |
| | | |||||
| * | android: Display a permanent notification while connected | Tobias Brunner | 2016-12-08 | 9 | -27/+120 |
| | | | | | | | | | | This forces the service to run in the foreground, meaning the system won't kill it when low on memory. | ||||
| * | android: Log any installed DNS servers | Tobias Brunner | 2016-12-08 | 1 | -1/+1 |
| | | |||||
| * | android: Unregister listener in case of error alerts | Tobias Brunner | 2016-12-08 | 1 | -3/+9 |
| | | | | | | | | | | | | | | | | This avoids triggering additional errors via e.g. ike_updown() that might cause the error message displayed in the GUI to change if the status fragment is recreated. References #2134. | ||||
| * | android: Report an error for invalid integer values | Tobias Brunner | 2016-12-08 | 1 | -4/+27 |
| | | | | | | | | | | Previously we'd just ignore the invalid values without notifying the user. | ||||
| * | android: Propose curve25519 in the ESP proposals | Tobias Brunner | 2016-12-08 | 1 | -3/+3 |
| | | |||||
| * | android: Enable curve25519 plugin in the app | Tobias Brunner | 2016-12-08 | 1 | -1/+1 |
| | | |||||
| * | android: Optionally build the curve25519 plugin | Tobias Brunner | 2016-12-08 | 1 | -0/+2 |
| | | |||||
| * | android: Propose ChaCha20/Poly1305 in the ESP AEAD proposals | Tobias Brunner | 2016-12-08 | 1 | -2/+3 |
| | | |||||
| * | android: Enable chapoly plugin in the app | Tobias Brunner | 2016-12-08 | 1 | -1/+1 |
| | | |||||
| * | android: Optionally build the chapoly plugin | Tobias Brunner | 2016-12-08 | 1 | -0/+2 |
| | | |||||
| * | android: Update Gradle plugin and wrapper | Tobias Brunner | 2016-12-08 | 2 | -3/+3 |
|/ | |||||
* | ikev1: Minor code optimization in task manager | Thomas Egerer | 2016-12-07 | 1 | -11/+5 |
| | | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
* | travis: The xcode7.3 image is now the default | Tobias Brunner | 2016-12-02 | 1 | -1/+0 |
| | |||||
* | travis: Output config.log on failure | Tobias Brunner | 2016-12-02 | 1 | -0/+3 |
| | |||||
* | configure: Check for actual functions in libraries with AC_CHECK_LIB | Tobias Brunner | 2016-12-02 | 1 | -27/+32 |
| | | | | | | | | | | | | | | | | | Checking for `main` produces code like this in the test program: int main () { return main (); ; return 0; } This recursive call results in a warning message with some compilers (e.g. Clang in newer Xcode versions: "all paths through this function will call itself [-Winfinite-recursion]"), which lets the tests fail when compiling with -Werror. | ||||
* | plugin-loader: Strip '!' from critical plugin names when setting paths | Tobias Brunner | 2016-11-18 | 1 | -1/+1 |
| | |||||
* | child-sa: Use single return statement in update_usebytes() | Thomas Egerer | 2016-11-18 | 1 | -4/+8 |
| | | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
* | proposal: Remove RFC 5114 MODP DH groups from default proposal | Martin Willi | 2016-11-15 | 1 | -2/+4 |
| | | | | | | | | | | | | | | Recent research demonstrates that at least for 1024-bit DH groups, it is possible to create specially crafted primes having a backdoor. From the prime itself this is not detectable, creating a perfect NOBUS attack. http://eprint.iacr.org/2016/961 For the primes defined in RFC 5114 no information is provided on how these have been selected. In the default proposal we included one of the 2048-bit primes only, where it is questionable if constructing a backdoored prime is feasible. Nevertheless, this patch removes the group from the set of default proposals as well. | ||||
* | Version bump to 5.5.2dr25.5.2dr2 | Andreas Steffen | 2016-11-14 | 3 | -3/+6 |
| | |||||
* | testing: make curve25519 the default DH group | Andreas Steffen | 2016-11-14 | 820 | -1072/+1050 |
| | |||||
* | proposal: Add curve25519 and curve448 to default proposal | Tobias Brunner | 2016-11-14 | 1 | -0/+2 |
| | |||||
* | configure: Enable curve25519 plugin by default | Tobias Brunner | 2016-11-14 | 1 | -1/+1 |
| | |||||
* | curve22519: Add a portable backend implemented in plain C | Martin Willi | 2016-11-14 | 4 | -0/+647 |
| | |||||
* | curve25519: Add a plugin providing Curve25519 DH using backend drivers | Martin Willi | 2016-11-14 | 9 | -0/+473 |
| | |||||
* | dh-speed: Compare the shared secrets for equality after test | Martin Willi | 2016-11-14 | 1 | -3/+7 |
| | |||||
* | dh-speed: Include the get_my_public_value() call in public exponent timing | Martin Willi | 2016-11-14 | 1 | -4/+4 |
| | | | | | This fixes results where a DH backend does not generate the public value in the constructor internally. | ||||
* | dh-speed: Add an identifier to test curve25519 performance | Martin Willi | 2016-11-14 | 1 | -0/+1 |
| | |||||
* | test-vectors: Add a Curve25519 DH test vector | Martin Willi | 2016-11-14 | 3 | -0/+36 |
| | |||||
* | proposal: Add a curve25519 proposal keyword | Martin Willi | 2016-11-14 | 1 | -0/+1 |
| | |||||
* | diffie-hellman: Add DH group identifiers for Curve25519 and Curve448 | Martin Willi | 2016-11-14 | 2 | -3/+14 |
| | |||||
* | bus: Re-add ampersand that got lost in refactoring | Tobias Brunner | 2016-11-14 | 1 | -1/+1 |
| | | | | | Fixes: 4af02c6c61cf ("bus: Fix maximum log level for different groups after removal of a logger") |