tteras/strongswan - tteras' strongSwan tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use standard unsigned integer types	Andreas Steffen	2016-03-24	1	-14/+14
\|
*	ivgen: Allow reusing the same message ID twice in sequential IV gen	Martin Willi	2015-06-05	1	-7/+25
\| \| \| \| \| \| \| \| \| \| \| \|	We use the message ID and fragment number as IV generator. As IKEv2 uses distinct message ID counters for actively and passively initiated exchanges, each IV would be used twice. As we explicitly reject such message IDs since d0ed1079, original-responder initiated exchanges fail with counter mode ciphers. This commit separates IV space in two halves for sequential IVs, and automatically assigns once reused sequence numbers to the second half. Fixes #980.
*	iv-gen: Fail getting shorter IV values than the used counter size	Martin Willi	2015-06-01	1	-0/+4
\| \| \| \| \|	While no algorithm actually uses such short IVs, we add a check here to ensure we won't return just the lower bits of the counter.
*	iv-gen: Ensure external sequential IVs are actually sequential	Martin Willi	2015-06-01	1	-0/+20
\| \| \| \|	We allow gaps in IVs, but ensure that an IV is never used more than once.
*	iv_gen: Mask sequential IVs with a random salt	Tobias Brunner	2013-10-11	1	-0/+24
\| \| \| \| \|	This makes it harder to attack a HA setup, even if the sequence numbers were not fully in sync.
*	iv_gen: Provide external sequence number (IKE, ESP)	Tobias Brunner	2013-10-11	1	-13/+4
\| \| \| \|	This prevents duplicate sequential IVs in case of a HA failover.
*	iv_gen: Add IV generator that allocates IVs sequentially	Tobias Brunner	2013-10-11	1	-0/+87