strongswan.git
3 years agolibimcv: No need to load AIK pubkey if AIK certificate is available
Andreas Steffen [Wed, 31 Aug 2016 14:12:47 +0000 (16:12 +0200)]
libimcv: No need to load AIK pubkey if AIK certificate is available

3 years agoswanctl: Document how DH groups in CHILD_SA proposals are applied
Tobias Brunner [Wed, 31 Aug 2016 09:44:11 +0000 (11:44 +0200)]
swanctl: Document how DH groups in CHILD_SA proposals are applied

References #1039.

3 years agoman: Update description of the esp keyword
Tobias Brunner [Wed, 31 Aug 2016 09:38:38 +0000 (11:38 +0200)]
man: Update description of the esp keyword

Clarifies how DH groups are applied, updates the proposal selection
description and ESN can now also be configured for IKEv1.

References #1039.

3 years agopadlock: Use builtin bswap32() to fix compilation on FreeBSD
Tobias Brunner [Wed, 31 Aug 2016 08:51:24 +0000 (10:51 +0200)]
padlock: Use builtin bswap32() to fix compilation on FreeBSD

Fixes #591.

3 years agotesting: Try to properly abort a test run after CTRL-C
Tobias Brunner [Tue, 30 Aug 2016 13:30:49 +0000 (15:30 +0200)]
testing: Try to properly abort a test run after CTRL-C

The run is aborted after the current scenario.  Depending on which
command was interrupted it might be necessary to press CTRL-C multiple
times (e.g. if a later command depends on the interrupted one).

This should fix HTML files and get us some proper console output after
the run.

3 years agotesting: Report number of tests per subdirectory in main index
Tobias Brunner [Mon, 29 Aug 2016 17:15:24 +0000 (19:15 +0200)]
testing: Report number of tests per subdirectory in main index

3 years agotesting: Mount and serve testresults from the host
Tobias Brunner [Thu, 21 Jul 2016 13:04:24 +0000 (15:04 +0200)]
testing: Mount and serve testresults from the host

This avoids having to copy testresults, makes results of cancelled runs
browsable (runs may actually be followed live) and preserves old results
when rebuilding guest images (e.g. when using the build-strongswan script).
The number of consecutive test runs without any intermittent rebuild of the
guest images is also not limited by the image size anymore.

3 years agotesting: Create a symlink to the testresults under a known path when starting the...
Tobias Brunner [Thu, 21 Jul 2016 13:02:20 +0000 (15:02 +0200)]
testing: Create a symlink to the testresults under a known path when starting the environment

3 years agotesting: Serve images in testresults via mod_rewrite and not a symlink
Tobias Brunner [Thu, 21 Jul 2016 13:01:00 +0000 (15:01 +0200)]
testing: Serve images in testresults via mod_rewrite and not a symlink

3 years agoconf: Extend description of charon.plugins.kernel-netlink.xfrm_acq_expires
Tobias Brunner [Thu, 21 Jul 2016 15:24:00 +0000 (17:24 +0200)]
conf: Extend description of charon.plugins.kernel-netlink.xfrm_acq_expires

3 years agoproposal: Use proper list to get function pointer when adding custom parser
Thomas Egerer [Wed, 24 Feb 2016 18:09:37 +0000 (19:09 +0100)]
proposal: Use proper list to get function pointer when adding custom parser

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
3 years agoandroid: Add missing xof.c file
Tobias Brunner [Mon, 29 Aug 2016 08:42:00 +0000 (10:42 +0200)]
android: Add missing xof.c file

Fixes #2093.

3 years agoxof: Add header to dev headers
Tobias Brunner [Mon, 29 Aug 2016 08:40:59 +0000 (10:40 +0200)]
xof: Add header to dev headers

3 years agoVersion bump to 5.5.1dr2 5.5.1dr2
Andreas Steffen [Fri, 26 Aug 2016 20:55:41 +0000 (22:55 +0200)]
Version bump to 5.5.1dr2

3 years agoconfigure: Improve check for built-in __atomic_* functions
Tobias Brunner [Wed, 20 Jul 2016 09:01:17 +0000 (11:01 +0200)]
configure: Improve check for built-in __atomic_* functions

With AC_SEARCH_LIBS() we don't succeed if the searched function is a
built-in as the check uses the wrong signature so the built-in will not
be applied (the warning issued by GCC is "conflicting types for built-in
function '...'").  So even if not required, libatomic will be linked if
it is found, which could be problematic if compiling on a separate host
and the target host does not have libatomic installed.

Also, some tests showed that it's more likely that __atomic_and_fetch()
requires linking libatomic than __atomic_load_n() does.

References #1533.

3 years agotravis: Add a workaround for a bug regarding libtool installed via Homebrew
Tobias Brunner [Wed, 24 Aug 2016 08:50:28 +0000 (10:50 +0200)]
travis: Add a workaround for a bug regarding libtool installed via Homebrew

3 years agoikev1: Don't require AH mapping for integrity algorithm when generating proposal
Thomas Egerer [Mon, 4 Jul 2016 09:10:53 +0000 (11:10 +0200)]
ikev1: Don't require AH mapping for integrity algorithm when generating proposal

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
3 years agolibtpmtss: TCTI finalization call changed
Andreas Steffen [Thu, 25 Aug 2016 11:22:34 +0000 (13:22 +0200)]
libtpmtss: TCTI finalization call changed

3 years agoconf: aikpub2.opt added to Makefile.am
Andreas Steffen [Wed, 24 Aug 2016 12:41:10 +0000 (14:41 +0200)]
conf: aikpub2.opt added to Makefile.am

3 years agopki: Allow to load CRLs from files in --verify
Tobias Brunner [Thu, 18 Aug 2016 16:07:21 +0000 (18:07 +0200)]
pki: Allow to load CRLs from files in --verify

3 years agoikev1: Ignore the last two bytes of the Cisco Unity vendor ID
Tobias Brunner [Tue, 23 Aug 2016 14:47:05 +0000 (16:47 +0200)]
ikev1: Ignore the last two bytes of the Cisco Unity vendor ID

These seem to indicate the major and minor version of the protocol, like
e.g. for the DPD vendor ID.  Some implementations seem to send versions
other than 1.0 so we just ignore these for now when checking for known
vendor IDs.

Fixes #2088.

3 years agoutils: Fix definition of BYTE_ORDER with MinGW
Tobias Brunner [Tue, 23 Aug 2016 12:27:09 +0000 (14:27 +0200)]
utils: Fix definition of BYTE_ORDER with MinGW

3 years agoikev1: Accept more than one certificate payload in aggressive mode
Tobias Brunner [Wed, 17 Aug 2016 08:26:01 +0000 (10:26 +0200)]
ikev1: Accept more than one certificate payload in aggressive mode

Fixes #2085.

3 years agotesting: Virtual IPs went missing
Andreas Steffen [Tue, 16 Aug 2016 15:18:17 +0000 (17:18 +0200)]
testing: Virtual IPs went missing

3 years agounit-tests: Removed unused variable
Andreas Steffen [Thu, 11 Aug 2016 15:01:33 +0000 (17:01 +0200)]
unit-tests: Removed unused variable

3 years agoVersion bump to 5.5.1dr1 5.5.1dr1
Andreas Steffen [Wed, 10 Aug 2016 16:11:53 +0000 (18:11 +0200)]
Version bump to 5.5.1dr1

3 years agoMerge branch 'newhope'
Andreas Steffen [Wed, 10 Aug 2016 14:23:04 +0000 (16:23 +0200)]
Merge branch 'newhope'

3 years agotesting: Added swanctl/rw-newhope-bliss scenario
Andreas Steffen [Wed, 10 Aug 2016 13:14:26 +0000 (15:14 +0200)]
testing: Added swanctl/rw-newhope-bliss scenario

3 years agotesting: Add chapoly, ntru and newhope plugins to crypto and integrity tests
Andreas Steffen [Wed, 10 Aug 2016 12:34:27 +0000 (14:34 +0200)]
testing: Add chapoly, ntru and newhope plugins to crypto and integrity tests

3 years agotesting: Added ikev2/rw-newhope-bliss scenario
Andreas Steffen [Wed, 10 Aug 2016 12:19:32 +0000 (14:19 +0200)]
testing: Added ikev2/rw-newhope-bliss scenario

3 years agounit-tests: Created newhope unit-tests
Andreas Steffen [Tue, 9 Aug 2016 18:58:00 +0000 (20:58 +0200)]
unit-tests: Created newhope unit-tests

3 years agoCreated newhope plugin implementing the New Hope key exchange algorithm
Andreas Steffen [Tue, 26 Jul 2016 09:32:22 +0000 (11:32 +0200)]
Created newhope plugin implementing the New Hope key exchange algorithm

3 years agoxof: Added ChaCha20 stream as XOF
Andreas Steffen [Wed, 3 Aug 2016 12:46:08 +0000 (14:46 +0200)]
xof: Added ChaCha20 stream as XOF

3 years agoutils: Defined uletoh16() and htole16()
Andreas Steffen [Wed, 3 Aug 2016 12:45:01 +0000 (14:45 +0200)]
utils: Defined uletoh16() and htole16()

3 years agointegrity-test: Added ntru_param_sets to read-only segment
Andreas Steffen [Mon, 25 Jul 2016 11:49:59 +0000 (13:49 +0200)]
integrity-test: Added ntru_param_sets to read-only segment

3 years agointegrity-test: Added bliss_param_sets to read-only segment
Andreas Steffen [Mon, 25 Jul 2016 10:41:43 +0000 (12:41 +0200)]
integrity-test: Added bliss_param_sets to read-only segment

3 years agointegrity-test: check code and ro segments of libnttfft
Andreas Steffen [Mon, 25 Jul 2016 10:17:49 +0000 (12:17 +0200)]
integrity-test: check code and ro segments of libnttfft

3 years agoCreated libnttfft
Andreas Steffen [Sun, 24 Jul 2016 17:57:54 +0000 (19:57 +0200)]
Created libnttfft

This makes Number Theoretic Transforms (NTT) based on the efficient
Fast-Fourier-Transform (FFT) available to multiple plugins.

3 years agoShare twiddle factors table between 512 and 1024 point FFT
Andreas Steffen [Fri, 22 Jul 2016 15:20:23 +0000 (17:20 +0200)]
Share twiddle factors table between 512 and 1024 point FFT

3 years agoImplemented FFT with n = 1024 and q = 11289 using Montgomery arithmetic
Andreas Steffen [Fri, 22 Jul 2016 14:42:49 +0000 (16:42 +0200)]
Implemented FFT with n = 1024 and q = 11289 using Montgomery arithmetic

3 years agobliss: Implemented FFT with fast Montgomery arithmetic
Andreas Steffen [Fri, 22 Jul 2016 09:36:59 +0000 (11:36 +0200)]
bliss: Implemented FFT with fast Montgomery arithmetic

3 years agoxof: Implemented SHAKE128 and SHAKE256 Extended Output Functions
Andreas Steffen [Thu, 28 Jul 2016 12:46:56 +0000 (14:46 +0200)]
xof: Implemented SHAKE128 and SHAKE256 Extended Output Functions

3 years agoxof: Defined Extended Output Functions
Andreas Steffen [Thu, 28 Jul 2016 12:42:42 +0000 (14:42 +0200)]
xof: Defined Extended Output Functions

3 years agovici: Increased various string buffers to BUF_LEN (512 bytes)
Andreas Steffen [Fri, 29 Jul 2016 10:34:40 +0000 (12:34 +0200)]
vici: Increased various string buffers to BUF_LEN (512 bytes)

3 years agointegrity-test: Added charon-systemd
Andreas Steffen [Fri, 29 Jul 2016 10:33:32 +0000 (12:33 +0200)]
integrity-test: Added charon-systemd

3 years agoAdded SHA-3 signature OIDs
Andreas Steffen [Tue, 26 Jul 2016 11:34:45 +0000 (13:34 +0200)]
Added SHA-3 signature OIDs

3 years agolibcharon: Add exchange_tests to .gitignore
Tobias Brunner [Mon, 25 Jul 2016 12:01:26 +0000 (14:01 +0200)]
libcharon: Add exchange_tests to .gitignore

3 years agounit-tests: Decreased loop count of FFT speed test to 10'000
Andreas Steffen [Fri, 22 Jul 2016 19:27:42 +0000 (21:27 +0200)]
unit-tests: Decreased loop count of FFT speed test to 10'000

3 years agounit-tests: Added bliss_fft_speed test
Andreas Steffen [Fri, 22 Jul 2016 09:58:10 +0000 (11:58 +0200)]
unit-tests: Added bliss_fft_speed test

3 years agoMerge branch 'tss2-sapi'
Andreas Steffen [Wed, 20 Jul 2016 09:26:45 +0000 (11:26 +0200)]
Merge branch 'tss2-sapi'

3 years agolibtpmtss: Use pkconfig to configure TSS 2.0 includes and libraries
Andreas Steffen [Mon, 18 Jul 2016 14:20:58 +0000 (16:20 +0200)]
libtpmtss: Use pkconfig to configure TSS 2.0 includes and libraries

3 years agoike1: Flush active queue when queueing a delete of the IKE_SA
Tobias Brunner [Tue, 28 Jun 2016 10:22:10 +0000 (12:22 +0200)]
ike1: Flush active queue when queueing a delete of the IKE_SA

By aborting the active task we don't have to wait for potential
retransmits if the other peer does not respond to the current task.
Since IKEv1 has no sequential message IDs and INFORMATIONALs are no real
exchanges this should not be a problem.

Fixes #1537
References #429, #1410
Closes strongswan/strongswan#48

3 years agoVersion bump to 5.5.0 5.5.0
Andreas Steffen [Wed, 13 Jul 2016 11:26:16 +0000 (13:26 +0200)]
Version bump to 5.5.0

3 years agoNEWS: Some updates for the 5.5.0 release
Tobias Brunner [Mon, 11 Jul 2016 13:42:51 +0000 (15:42 +0200)]
NEWS: Some updates for the 5.5.0 release

3 years agoFixed some typos, courtesy of codespell
Tobias Brunner [Wed, 29 Jun 2016 14:14:17 +0000 (16:14 +0200)]
Fixed some typos, courtesy of codespell

3 years agotesting: Remove obsolete openssl-fips recipe
Tobias Brunner [Wed, 29 Jun 2016 12:39:06 +0000 (14:39 +0200)]
testing: Remove obsolete openssl-fips recipe

This was only required when we initially started and OpenSSL was built
from sources, which was changed with b97dd59ba841 ("install FIPS-aware
OpenSSL Debian packages").

3 years agoRevert "testing: Only load selected plugins in swanctl"
Tobias Brunner [Fri, 1 Jul 2016 15:18:11 +0000 (17:18 +0200)]
Revert "testing: Only load selected plugins in swanctl"

This reverts commit dee01d019ba9743b2784b417155601d10c173a66.

Thanks to 505c31870162 ("leak-detective: Try to properly free
allocations after deinitialization") this is not required anymore.

3 years agoVersion bump to 5.5.0rc1 5.5.0rc1
Andreas Steffen [Thu, 30 Jun 2016 14:28:28 +0000 (16:28 +0200)]
Version bump to 5.5.0rc1

3 years agoimcv: Added EFI HCRTM event
Andreas Steffen [Thu, 30 Jun 2016 14:20:00 +0000 (16:20 +0200)]
imcv: Added EFI HCRTM event

3 years agotesting: Version bump to 4.6.3 kernel and strongSwan 5.5.0
Andreas Steffen [Thu, 30 Jun 2016 14:18:38 +0000 (16:18 +0200)]
testing: Version bump to 4.6.3 kernel and strongSwan 5.5.0

3 years agoaikgen: Fix computation of key ID of the AIK public key
Tobias Brunner [Thu, 30 Jun 2016 10:56:41 +0000 (12:56 +0200)]
aikgen: Fix computation of key ID of the AIK public key

We don't have direct access to the modulus and exponent of the key anymore.

3 years agolibtpmtss: Define missing Doxygen group and fix some comments
Tobias Brunner [Thu, 30 Jun 2016 08:56:25 +0000 (10:56 +0200)]
libtpmtss: Define missing Doxygen group and fix some comments

3 years agolibimcv: Fix Doxygen comment
Tobias Brunner [Thu, 30 Jun 2016 08:54:45 +0000 (10:54 +0200)]
libimcv: Fix Doxygen comment

3 years agotesting: Add ikev1/net2net-esn scenario
Tobias Brunner [Tue, 21 Jun 2016 08:40:33 +0000 (10:40 +0200)]
testing: Add ikev1/net2net-esn scenario

3 years agoikev1: Add support for extended sequence numbers
Thomas Egerer [Mon, 20 Jun 2016 16:19:51 +0000 (18:19 +0200)]
ikev1: Add support for extended sequence numbers

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
3 years agoplugin-loader: Allow selective modification of the default plugin list
Tobias Brunner [Tue, 21 Jun 2016 09:12:18 +0000 (11:12 +0200)]
plugin-loader: Allow selective modification of the default plugin list

This change allows selectively modifying the default plugin list by setting
the `load` setting of individual plugins (e.g. to disable them or to change
their priority) without enabling charon.load_modular and having to configure
a section and a load statement for every plugin.

3 years agoMerge branch 'openssl-1.1.0'
Tobias Brunner [Wed, 29 Jun 2016 09:10:07 +0000 (11:10 +0200)]
Merge branch 'openssl-1.1.0'

This adds support for OpenSSL 1.1.0.  Several APIs have changed and it makes
all types opaque, which requires using new getter/setter functions.  For older
versions fallbacks are provided.

3 years agoleak-detective: Try to properly free allocations after deinitialization
Tobias Brunner [Mon, 27 Jun 2016 16:04:39 +0000 (18:04 +0200)]
leak-detective: Try to properly free allocations after deinitialization

If a function we whitelist allocates memory while leak detective is enabled
but only frees it after LD has already been disabled, free() will get called
with invalid pointers (not pointing to the actually allocated memory by LD),
which will cause checks in the C library to fail and the program to crash.
This tries to detect such cases and calling free with the correct pointer.

3 years agoopenssl: Whitelist OPENSSL_init_crypto() and others in leak detective
Tobias Brunner [Mon, 27 Jun 2016 15:44:57 +0000 (17:44 +0200)]
openssl: Whitelist OPENSSL_init_crypto() and others in leak detective

Lots of static data is allocated in this function, which isn't freed until
the library is unloaded (we can't call OPENSSL_cleanup() as initialization
would fail when calling it again later).  When enabling the leak
detective the test runner eventually crashes as all the data allocated during
initialization has an invalid size when freed after leak detective has been
unloaded.

3 years agoopenssl: Update GCM/crypter API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:33:58 +0000 (17:33 +0200)]
openssl: Update GCM/crypter API to OpenSSL 1.1.0

3 years agoopenssl: Update HMAC API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:31:31 +0000 (17:31 +0200)]
openssl: Update HMAC API to OpenSSL 1.1.0

3 years agoopenssl: Don't use deprecated RAND_pseudo_bytes()
Tobias Brunner [Mon, 27 Jun 2016 15:27:54 +0000 (17:27 +0200)]
openssl: Don't use deprecated RAND_pseudo_bytes()

3 years agoopenssl: Update PKCS#12 API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:26:16 +0000 (17:26 +0200)]
openssl: Update PKCS#12 API to OpenSSL 1.1.0

3 years agoopenssl: Update PKCS#7 API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:22:34 +0000 (17:22 +0200)]
openssl: Update PKCS#7 API to OpenSSL 1.1.0

3 years agoopenssl: Update CRL API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 14:56:22 +0000 (16:56 +0200)]
openssl: Update CRL API to OpenSSL 1.1.0

There is currently no way to compare the outer and inner algorithms
encoded in a parsed CRL.  X509_CRL_verify() does not seem to check that
either, though (unlike X509_verify()).

3 years agoopenssl: Update x509 API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 13:49:19 +0000 (15:49 +0200)]
openssl: Update x509 API to OpenSSL 1.1.0

3 years agoopenssl: Update ECDSA API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 10:36:32 +0000 (12:36 +0200)]
openssl: Update ECDSA API to OpenSSL 1.1.0

3 years agoopenssl: Update RSA API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 10:08:29 +0000 (12:08 +0200)]
openssl: Update RSA API to OpenSSL 1.1.0

3 years agoopenssl: Make some utilities take const BIGNUM pointers
Tobias Brunner [Mon, 27 Jun 2016 10:07:50 +0000 (12:07 +0200)]
openssl: Make some utilities take const BIGNUM pointers

3 years agoopenssl: Add macro to define fallback functions for non-opaque OpenSSL versions
Tobias Brunner [Tue, 28 Jun 2016 13:19:57 +0000 (15:19 +0200)]
openssl: Add macro to define fallback functions for non-opaque OpenSSL versions

3 years agoopenssl: Update DH API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:47:26 +0000 (11:47 +0200)]
openssl: Update DH API to OpenSSL 1.1.0

3 years agoopenssl: Update crypter API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:17:56 +0000 (11:17 +0200)]
openssl: Update crypter API to OpenSSL 1.1.0

EVP_CIPHER and EVP_CIPHER_CTX are now opaque types, the getters already
existed before.

3 years agoopenssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:17:31 +0000 (11:17 +0200)]
openssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0

ASN1_OBJECT is now opaque.

3 years agoopenssl: Update initialization and cleanup for OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:02:36 +0000 (11:02 +0200)]
openssl: Update initialization and cleanup for OpenSSL 1.1.0

We can't call OPENSSL_cleanup() as that would prevent us from
re-initializing the library again (which we use in the Android app, that
loads/unloads plugins).

3 years agoopenssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacks
Tobias Brunner [Mon, 27 Jun 2016 09:01:43 +0000 (11:01 +0200)]
openssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacks

3 years agotesting: Ignore tests/local directory
Tobias Brunner [Wed, 29 Jun 2016 08:36:10 +0000 (10:36 +0200)]
testing: Ignore tests/local directory

This could be used for experimental test scenarios that should not get
tracked in the repository.

3 years agoandroid: Actually add Android.mk for libtpmtss
Tobias Brunner [Tue, 28 Jun 2016 12:34:13 +0000 (14:34 +0200)]
android: Actually add Android.mk for libtpmtss

3 years agotravis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen
Tobias Brunner [Fri, 24 Jun 2016 10:18:28 +0000 (12:18 +0200)]
travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen

Ubuntu 12.04 does not provide libtss2-dev.

3 years agoconfigure: Enable respective TSS if aikgen/-pub2 are enabled
Tobias Brunner [Fri, 24 Jun 2016 11:03:15 +0000 (13:03 +0200)]
configure: Enable respective TSS if aikgen/-pub2 are enabled

3 years agoandroid: Fix build after adding libtpmtss
Tobias Brunner [Tue, 28 Jun 2016 09:28:15 +0000 (11:28 +0200)]
android: Fix build after adding libtpmtss

3 years agoVersion bump to 5.5.0dr1 5.5.0dr1
Andreas Steffen [Sun, 26 Jun 2016 16:54:56 +0000 (18:54 +0200)]
Version bump to 5.5.0dr1

3 years agoMerge branch 'tpm2'
Andreas Steffen [Sun, 26 Jun 2016 16:40:01 +0000 (18:40 +0200)]
Merge branch 'tpm2'

The libtpmtss library supports both TPM 1.2 and TPM 2.0 Trusted
Platform Modules. Features comprise capability discovery,
listing of PCRs, AIK generation and quote signatures.

3 years agolibtpmtss: Added to integrity checks
Andreas Steffen [Sun, 26 Jun 2016 14:00:43 +0000 (16:00 +0200)]
libtpmtss: Added to integrity checks

3 years agoaikpub2: Output AIK signature algorithm
Andreas Steffen [Thu, 23 Jun 2016 10:42:22 +0000 (12:42 +0200)]
aikpub2: Output AIK signature algorithm

3 years agoRefactoring to tpm_tss_quote_info object
Andreas Steffen [Mon, 20 Jun 2016 08:47:27 +0000 (10:47 +0200)]
Refactoring to tpm_tss_quote_info object

3 years agolibimcv: Changed debug level for functional components from 2 to 3
Andreas Steffen [Thu, 16 Jun 2016 15:41:03 +0000 (17:41 +0200)]
libimcv: Changed debug level for functional components from 2 to 3

3 years agolibtpmtss: Implemented TSS2 quote() method
Andreas Steffen [Thu, 16 Jun 2016 15:40:10 +0000 (17:40 +0200)]
libtpmtss: Implemented TSS2 quote() method

3 years agolibtpmtss: Implemented TSS2 read_pcr() method
Andreas Steffen [Tue, 14 Jun 2016 21:34:29 +0000 (23:34 +0200)]
libtpmtss: Implemented TSS2 read_pcr() method

3 years agolibimcv: migrate pts to tpm_tss
Andreas Steffen [Sun, 5 Jun 2016 18:39:41 +0000 (20:39 +0200)]
libimcv: migrate pts to tpm_tss

3 years agolibtpmtss: Get TPM 2.0 capabilities
Andreas Steffen [Sun, 5 Jun 2016 18:31:13 +0000 (20:31 +0200)]
libtpmtss: Get TPM 2.0 capabilities