| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
For some plugin features, such as crypters or AEADs, we have some additional
feature arguments, such as the key size.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
If the nonce generator detects a stale nonce upon destroy(), it resets
the context in the TKM and releases associated resources in the ID
manager and chunk map.
Also, do not acquire the nonce context ID in tkm_nonceg_create function
but rather when the nonce is actually created by get_nonce().
The nonces created with get_nonce must also be registered in the chunk map.
|
| | |
|
| |
|
|
|
| |
The function gets the ESA id for another entry associated with the same
security policy as the specified ESA.
|
| | |
|
| | |
|
| |
|
|
|
| |
This function returns the destination host of an SAD entry for given
reqid, spi and protocol arguments or NULL if not found.
|
| | |
|
| |
|
|
| |
Change 'test_runner' to 'test-runner'.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
As we except to get more and more test runners for the different components,
we add a name to easily identify them on the test output.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:
dh_mapping {
iana_id1 = tkm_id1
iana_id2 = tkm_id2
iana_id3 = tkm_id3
...
}
Only the mapped IANA IDs are registered as supported DH groups.
|
| |
|
|
|
|
| |
Due to problems with the external libraries tkm_init/deinit can't be
called for each test case. Because of this leak detective has to be
disabled for these tests.
|
| |
|
|
|
|
|
|
|
| |
Load complete kernel_netlink plugin instead. Registering the TKM
specific plugins first still ensures that the correct ipsec plugin
is used.
Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable
soft dependency on startup.
|
| | |
|
| | |
|
| |
|
|
| |
The parameter is used to initialize the given sequence to zero.
|
| | |
|
| | |
|
| |
|
|
|
| |
The TKM kernel SAD (security association database) stores information
about CHILD SAs.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Explicitly register kernel netlink net implementation and avoid loading
the whole kernel-netlink plugin since the kernel netlink ipsec part is
unwanted.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This function converts a given chunk to a variable-length byte sequence.
|
| |
|
|
|
| |
This function converts a given TKM variable-length byte sequence to
chunk.
|
| | |
|
| |
|
|
|
| |
This data structure allows to store mappings of chunks to ids. This will
be used to map nonces to their corresponding nonce context ids.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Instead of storing the acquired context ids in a linked list, use an
array of booleans for the job. A boolean value of true in the array
designates an available context id.
|
| |
|
|
|
|
|
|
|
|
| |
The tkm_diffie_hellman_t plugin acquires a DH context from the Trusted
Key Manager and uses it to get a DH public value and the calculated
shared secret. Proper context handling is still missing though, the
plugin currently uses context ID 1.
The get_shared_secret function will be removed as soon as the TKM
specific keymat is ready.
|
| | |
|
|
|
Analogous to charon-nm the charon-tkm daemon is a specialized charon
instance used in combination with the trusted key manager (TKM) written
in Ada.
The charon-tkm is basically a copy of the charon-nm code which will
register it's own TKM specific plugins.
The daemon binary is built using the gprbuild utility. This is needed
because it uses the tkm-rpc Ada library and consequently the Ada
runtime. gprbuild takes care of the complete binding and linker steps
required to properly initialize the Ada runtime.
|
