aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-wfp: Install outbound ALE connect rules for IPsecMartin Willi2014-12-041-16/+43
| | | | | | Similar to the inbound rules, the ALE filter processes IP-in-IP packets for outbound tunnel mode traffic. When using an outbound default-drop policy, Windows does not allow connection initiation without these explicit rules.
* kernel-wfp: Install inbound ALE IP-in-IP filtersMartin Willi2014-12-041-41/+159
| | | | | | | | | | | When processing inbound tunnel mode packets, Windows decrypts packets and filters them as IP-in-IP packets. We therefore require an ALE filter that calls the FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT callout to allow them when using a default-drop policy. Without these rules, any outbound packet created an ALE state that allows inbound packets as well. Processing inbound packets without any outbound traffic fails without these rules.
* kernel-wfp: Add missing IPsec sublayer GUIDsMartin Willi2014-12-041-0/+6
|
* kernel-wfp: Define IPsec related ALE layers and callout GUIDsMartin Willi2014-12-042-0/+40
|
* kernel-wfp: Fix logging of MM/QM/EM NetEvent failuresMartin Willi2014-12-041-0/+12
|
* vici: Make sure to send/recv all requested bytes over socketMartin Willi2014-12-041-3/+22
| | | | | | As the underlying C functions, send/recv on ruby sockets are not guaranteed to send/recv all requested bytes. Use wrapper functions to make sure we get all bytes needed.
* updown: Inverse comment of VPN_LOGGING variable, as it is enabled by defaultMartin Willi2014-12-021-1/+1
| | | | Fixes #780.
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-2917-18/+97
| | | | pki tool
* Applied bit packing to BLISS public keyAndreas Steffen2014-11-295-55/+68
|
* Wipe BLISS private key memoryAndreas Steffen2014-11-291-2/+8
|
* Created bliss_bitpacker class to encode BLISS signaturesAndreas Steffen2014-11-298-46/+464
|
* Skip the unused bits field of the ASN.1 BIT STRING encodingAndreas Steffen2014-11-291-1/+1
|
* Store NTT A of BLISS public key aAndreas Steffen2014-11-292-28/+24
|
* unit-tests: created bliss_sign test suiteAndreas Steffen2014-11-295-1/+91
|
* Finished BLISS signature generationAndreas Steffen2014-11-2912-157/+1170
|
* Implemented Gaussian rejection samplerAndreas Steffen2014-11-296-16/+496
| | | | | The bliss_sampler class uses the mgf1_bitspender as a pseudo-random source.
* Implemented get_byte() method for mgf1_bitspender classAndreas Steffen2014-11-294-26/+78
| | | | | | The new get_byte() method returns a pseudo-random byte at a time. Changed the get_bits() interface to the same interface as get_byte(). Updated the mgf1 unit-tests accordingly.
* Added support for BLISS-IIIAndreas Steffen2014-11-291-2/+17
|
* Started implementing BLISS signature generationAndreas Steffen2014-11-298-24/+34
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-299-32/+441
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* unit-tests: Created separate mgf1 test suiteAndreas Steffen2014-11-295-147/+270
|
* Use mgf1_bitspender in ntru_poly_create_from_seedAndreas Steffen2014-11-292-52/+16
|
* Use mgf1_bitspender to generate random secret keyAndreas Steffen2014-11-291-280/+226
|
* Implemented bitspender based on the MGF1 mask generator functionAndreas Steffen2014-11-294-3/+223
|
* unit-tests: Added bliss_fft test suiteAndreas Steffen2014-11-295-0/+193
|
* Moved mgf1 class to libstrongswan/crypto/mgf1Andreas Steffen2014-11-297-62/+51
|
* Defined BLISS I and IV parameter setsAndreas Steffen2014-11-294-19/+365
|
* Added BLISS OIDs in ITA-HSR OID treeAndreas Steffen2014-11-291-0/+10
|
* Implemented Number Theoretic Transform using the FFT algorithmAndreas Steffen2014-11-298-3/+869
| | | | | | By pre-multiplying the input arrays with a linear phase the fast multiplication via FFT and inverse FFT computes a negative wrapped convolution corresponding to a modulus of x^n+1.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-2911-8/+659
|
* libtls: Catch POLLHUP/NVAL in TLS socket splicingMartin Willi2014-11-281-2/+2
| | | | | If one of the sockets gets disconnected, some systems return POLLHUP. Signal the socket as ready to let the read/write call fail properly.
* watcher: Proper handle poll() POLLHUP/NVAL signalingMartin Willi2014-11-281-13/+36
| | | | | | | poll() may return POLLHUP or POLLNVAL for given file descriptors. To handle these properly, we signal them to the EXCEPT watcher state, if registered. If not, we call the read/write callbacks, so they can properly fail when trying to read from or write to the file descriptor.
* windows: Properly set errno for read/write functions using WinsockMartin Willi2014-11-281-4/+4
|
* ikev2: Fix ike_rekey switch statement broken with last commitMartin Willi2014-11-241-1/+1
|
* ikev2: Prevent IKE_SA rekeying if we are currently retrying a CHILD_SA rekeyMartin Willi2014-11-211-0/+1
|
* controller: Keep following initiate() if the first DH guess was wrongMartin Willi2014-11-211-0/+12
|
* child-sa: Introduce a CHILD_RETRYING state to detect DH group retriesMartin Willi2014-11-213-0/+7
|
* windows: Move the compatibility header to the compat subfolderMartin Willi2014-11-214-6/+6
|
* apple: Wrap accept() and recvfrom() with poll(2) instead of selectMartin Willi2014-11-211-5/+11
|
* apple: Introduce a central compatibility header with all __APPLE__ quirksMartin Willi2014-11-216-87/+113
|
* watcher: Use Windows read/write(2) wrappers instead of compile-conditionsMartin Willi2014-11-211-8/+0
|
* windows: Provide a write(2) wrapper that uses send(2) on socketsMartin Willi2014-11-212-0/+22
|
* windows: Provide a read(2) wrapper that uses recv(2) on socketsMartin Willi2014-11-212-0/+25
|
* unit-tests: Test cancellability of some cancellation points we rely onMartin Willi2014-11-211-0/+192
|
* thread: Test for pending cancellation requests before poll()ing on OS XMartin Willi2014-11-211-0/+20
| | | | | As we are now using poll(2) instead of select(2), we need the work-around from 76dc329e for poll() as well.
* kernel-libipsec: Use poll(2) instead of selectMartin Willi2014-11-211-54/+56
|
* watcher: Use poll(2) instead of selectMartin Willi2014-11-211-24/+38
|
* libtls: Use poll(2) instead of select() in tls_socketMartin Willi2014-11-211-8/+7
|
* socket-default: Use round-robin selection of sockets to read fromMartin Willi2014-11-211-5/+13
| | | | | If multiple sockets are ready, we previously preferred the IPv4 non-NAT socket over others. To handle all with equal priority, use a round-robin selection.
* socket-default: Use poll(2) instead of selectMartin Willi2014-11-211-46/+20
| | | | | It is not only simpler, but also allows the use of arbitrary high fd numbers, which silently fails with select().
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 18:12:14 +0000