strongswan.git
5 years agoFixed formatting in strongswan.conf
Andreas Steffen [Tue, 3 Dec 2013 07:17:39 +0000 (08:17 +0100)]
Fixed formatting in strongswan.conf

5 years agoike: Log SK_p consistently on level 4
Tobias Brunner [Thu, 28 Nov 2013 18:04:47 +0000 (19:04 +0100)]
ike: Log SK_p consistently on level 4

5 years agoUpdated NEWS for 5.1.2dr1 5.1.2dr1
Andreas Steffen [Wed, 27 Nov 2013 19:37:11 +0000 (20:37 +0100)]
Updated NEWS for 5.1.2dr1

5 years agoAdded DRBG automatic reseeding tests
Andreas Steffen [Mon, 25 Nov 2013 12:48:31 +0000 (13:48 +0100)]
Added DRBG automatic reseeding tests

5 years agoUse strongSwan hash plugins for SHA-1 and SHA-256
Andreas Steffen [Sun, 24 Nov 2013 14:31:19 +0000 (15:31 +0100)]
Use strongSwan hash plugins for SHA-1 and SHA-256

5 years agoExtended NIST SP 800-90A HMAC_DRBG test cases
Andreas Steffen [Sun, 24 Nov 2013 10:49:41 +0000 (11:49 +0100)]
Extended NIST SP 800-90A HMAC_DRBG test cases

5 years agoCleaned up ntru-crypto library
Andreas Steffen [Sun, 24 Nov 2013 10:47:57 +0000 (11:47 +0100)]
Cleaned up ntru-crypto library

5 years agoImplemented NIST SP 800-90A DRBG_HMAC with SHA-256
Andreas Steffen [Sun, 24 Nov 2013 01:22:25 +0000 (02:22 +0100)]
Implemented NIST SP 800-90A DRBG_HMAC with SHA-256

5 years agoAdded NTRU key exchange to default IKE proposal
Andreas Steffen [Fri, 22 Nov 2013 20:24:51 +0000 (21:24 +0100)]
Added NTRU key exchange to default IKE proposal

5 years agounit-tests: Added ntru wrong ciphertext test
Andreas Steffen [Fri, 22 Nov 2013 19:38:05 +0000 (20:38 +0100)]
unit-tests: Added ntru wrong ciphertext test

5 years agounit-tests: Added ntru entropy, retransmission and ciphertext tests
Andreas Steffen [Thu, 21 Nov 2013 22:51:02 +0000 (23:51 +0100)]
unit-tests: Added ntru entropy, retransmission and ciphertext tests

5 years agoAny of the four NTRU parameter sets can be selected
Andreas Steffen [Thu, 21 Nov 2013 21:08:16 +0000 (22:08 +0100)]
Any of the four NTRU parameter sets can be selected

5 years agoMake the NTRU parameter set configurable
Andreas Steffen [Wed, 20 Nov 2013 23:15:59 +0000 (00:15 +0100)]
Make the NTRU parameter set configurable

5 years agounit-tests: first NTRU test case
Andreas Steffen [Tue, 19 Nov 2013 23:14:07 +0000 (00:14 +0100)]
unit-tests: first NTRU test case

5 years agoAdded ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
Andreas Steffen [Mon, 18 Nov 2013 20:18:11 +0000 (21:18 +0100)]
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios

5 years agoPrototype implementation of IKE key exchange via NTRU encryption
Andreas Steffen [Mon, 18 Nov 2013 20:11:03 +0000 (21:11 +0100)]
Prototype implementation of IKE key exchange via NTRU encryption

5 years agoMerge branch 'nm-psk'
Tobias Brunner [Wed, 27 Nov 2013 17:37:11 +0000 (18:37 +0100)]
Merge branch 'nm-psk'

This adds support for PSK authentication to the NetworkManager frontend.

5 years agonm: Require the PSK to be at least 20 characters long
Tobias Brunner [Mon, 25 Nov 2013 17:17:58 +0000 (18:17 +0100)]
nm: Require the PSK to be at least 20 characters long

5 years agonm: German translation updated
Tobias Brunner [Fri, 22 Nov 2013 13:03:53 +0000 (14:03 +0100)]
nm: German translation updated

5 years agonm: Handle PSK option in NM backend
Tobias Brunner [Fri, 22 Nov 2013 13:02:56 +0000 (14:02 +0100)]
nm: Handle PSK option in NM backend

5 years agonm: Add PSK option to auth-dialog
Tobias Brunner [Fri, 22 Nov 2013 13:02:24 +0000 (14:02 +0100)]
nm: Add PSK option to auth-dialog

5 years agonm: Add pre-shared key option in GUI
Tobias Brunner [Fri, 22 Nov 2013 13:01:33 +0000 (14:01 +0100)]
nm: Add pre-shared key option in GUI

5 years agonm: Make intltool recognize glade files properly
Tobias Brunner [Fri, 22 Nov 2013 11:31:51 +0000 (12:31 +0100)]
nm: Make intltool recognize glade files properly

5 years agoconfigure: Remove obsolete --enable-unit-tests option
Tobias Brunner [Thu, 14 Nov 2013 14:34:50 +0000 (15:34 +0100)]
configure: Remove obsolete --enable-unit-tests option

5 years agocharon-tkm: Don't run tests automatically during 'make check'
Tobias Brunner [Thu, 14 Nov 2013 14:27:40 +0000 (15:27 +0100)]
charon-tkm: Don't run tests automatically during 'make check'

Due to the external dependencies these tests are quite inconvenient.
They can be run from the charon-tkm directory with 'make check-tkm'.

5 years agocharon-tkm: Add Binder switches to test project to enable exception backtraces
Reto Buerki [Wed, 6 Nov 2013 10:10:40 +0000 (11:10 +0100)]
charon-tkm: Add Binder switches to test project to enable exception backtraces

5 years agocharon-tkm: Migrate tests to our own test runner
Tobias Brunner [Tue, 5 Nov 2013 17:29:40 +0000 (18:29 +0100)]
charon-tkm: Migrate tests to our own test runner

Due to problems with the external libraries tkm_init/deinit can't be
called for each test case.  Because of this leak detective has to be
disabled for these tests.

5 years agocharon-tkm: Support for out-of-tree build added
Tobias Brunner [Tue, 5 Nov 2013 15:29:35 +0000 (16:29 +0100)]
charon-tkm: Support for out-of-tree build added

5 years agochunk: Fix signedness warnings caused by chunk_from_* macros
Tobias Brunner [Wed, 27 Nov 2013 16:52:10 +0000 (17:52 +0100)]
chunk: Fix signedness warnings caused by chunk_from_* macros

There are countless other such warnings because e.g. chunk_create() is called
with char*, but at least we prevent users from causing such warnings
inadvertently when using these macros.

5 years agotun-device: Include <linux/types.h> before <linux/if_tun.h>
Martin Willi [Tue, 19 Nov 2013 09:06:42 +0000 (10:06 +0100)]
tun-device: Include <linux/types.h> before <linux/if_tun.h>

Fixes a build error on CentOS 6.4.

5 years agotrap-manager: Reset IKE_SA on bus_t if initiating fails
Tobias Brunner [Thu, 21 Nov 2013 12:43:31 +0000 (13:43 +0100)]
trap-manager: Reset IKE_SA on bus_t if initiating fails

5 years agotrap-manager: Prevent deadlock when installing trap policies
Tobias Brunner [Thu, 7 Nov 2013 08:50:12 +0000 (09:50 +0100)]
trap-manager: Prevent deadlock when installing trap policies

Because the write lock was held while calling add_policies() on
child_sa_t, which finishes with a call to child_state_change() on bus_t,
a deadlock would ensue if CHILD_SAs are concurrently being established,
which also causes a call to child_state_change() that will require
the read lock in trap_manager_t.

No locks are now being held while creating the CHILD_SA and installing the
trap policies.

5 years agocoverage: Report branch coverage
Tobias Brunner [Thu, 21 Nov 2013 10:05:21 +0000 (11:05 +0100)]
coverage: Report branch coverage

5 years agoprintf-hook-builtin: Don't use %P to print uppercase hex pointers
Martin Willi [Tue, 19 Nov 2013 10:18:07 +0000 (11:18 +0100)]
printf-hook-builtin: Don't use %P to print uppercase hex pointers

We use %P as custom printf specifier for proposals.

5 years agotesting: Config for Linux kernel 3.12
Tobias Brunner [Tue, 19 Nov 2013 16:09:18 +0000 (17:09 +0100)]
testing: Config for Linux kernel 3.12

The most significant change is that CONFIG_ACPI_PROC_EVENT is now
finally removed (after being deprecated for a long time).

So to successfully shutdown the guests via ACPI the CONFIG_INPUT_EVDEV
option is now enabled.

5 years agoopenssl: Verify that a peer's ECDH public value is a point on the elliptic curve
Tobias Brunner [Tue, 19 Nov 2013 14:00:28 +0000 (15:00 +0100)]
openssl: Verify that a peer's ECDH public value is a point on the elliptic curve

This check is mandated by RFC 6989.  Since we don't reuse DH secrets,
it is mostly a sanity check.

5 years agokernel-netlink: Enable TFC padding only for tunnel mode ESP SAs
Tobias Brunner [Tue, 19 Nov 2013 11:41:31 +0000 (12:41 +0100)]
kernel-netlink: Enable TFC padding only for tunnel mode ESP SAs

The kernel does not allow them for transport mode SAs or IPComp SAs (and
of course not for AH SAs).

Fixes #446.

5 years agoVersion bump to 5.1.2dr1
Andreas Steffen [Tue, 19 Nov 2013 09:27:07 +0000 (10:27 +0100)]
Version bump to 5.1.2dr1

5 years agoImplemented libstrongswan.plugins.random.strong_equals_true option
Andreas Steffen [Fri, 15 Nov 2013 23:11:40 +0000 (00:11 +0100)]
Implemented libstrongswan.plugins.random.strong_equals_true option

6 years agoandroid: New release based on 5.1.1
Tobias Brunner [Wed, 13 Nov 2013 16:41:24 +0000 (17:41 +0100)]
android: New release based on 5.1.1

This fixes issues with IVs and padding in ESP handling and removes the
Vstr dependency.

6 years agoandroid: Remove dependency on libvstr
Tobias Brunner [Wed, 13 Nov 2013 10:29:59 +0000 (11:29 +0100)]
android: Remove dependency on libvstr

6 years agoMerge branch 'unit-tests'
Martin Willi [Wed, 6 Nov 2013 09:16:56 +0000 (10:16 +0100)]
Merge branch 'unit-tests'

Replace the "check" based libstrongswan unit test framework with our own,
giving us more flexibility for our specific needs.

The new framework is more portable and uses complete libstrongswan init/deinit
cycles for each test to properly catch leaks. It fully supports multi-threaded
tests, and brings many of them for all threading primitives, watcher and
streams.

The --enable-unit-tests option is not required anymore for libstrongswan tests,
but still is for the still "check" based charon-tkm tests.

6 years agounit-tests: Initialize tests with a callback
Tobias Brunner [Tue, 5 Nov 2013 16:45:20 +0000 (17:45 +0100)]
unit-tests: Initialize tests with a callback

6 years agoplugin-loader: Convenience function added to add plugin dirs in build tree
Tobias Brunner [Tue, 5 Nov 2013 16:43:20 +0000 (17:43 +0100)]
plugin-loader: Convenience function added to add plugin dirs in build tree

6 years agounit-tests: Separate test runner to a library, reusable by other tests
Martin Willi [Tue, 5 Nov 2013 13:40:03 +0000 (14:40 +0100)]
unit-tests: Separate test runner to a library, reusable by other tests

Other users may make use of the noinst libtest.la helper library to implement
unit tests. For libstrongswan, tests.[ch] provide the configuration for test
runner to perform unit tests in a simple manner.

6 years agounit-tests: Use some include magic to define test suite constructors
Martin Willi [Mon, 4 Nov 2013 15:41:22 +0000 (16:41 +0100)]
unit-tests: Use some include magic to define test suite constructors

Avoid editing of several files when creating test suites by using a single
header file to define test suite constructor functions.

6 years agounit-tests: Check printing of strings having zero length
Martin Willi [Fri, 25 Oct 2013 12:41:28 +0000 (14:41 +0200)]
unit-tests: Check printing of strings having zero length

6 years agounit-tests: Add some basic tests if PRI* printf specifiers work as expected
Martin Willi [Fri, 25 Oct 2013 12:38:05 +0000 (14:38 +0200)]
unit-tests: Add some basic tests if PRI* printf specifiers work as expected

6 years agounit-tests: Add a semaphore wait cancel test
Martin Willi [Wed, 23 Oct 2013 13:44:22 +0000 (15:44 +0200)]
unit-tests: Add a semaphore wait cancel test

6 years agounit-tests: Add a semaphore absolute timed wait test
Martin Willi [Wed, 23 Oct 2013 13:23:42 +0000 (15:23 +0200)]
unit-tests: Add a semaphore absolute timed wait test

6 years agounit-tests: Add a semaphore timed wait test case
Martin Willi [Wed, 23 Oct 2013 13:18:59 +0000 (15:18 +0200)]
unit-tests: Add a semaphore timed wait test case

6 years agounit-tests: Add a simple semaphore test
Martin Willi [Wed, 23 Oct 2013 12:54:00 +0000 (14:54 +0200)]
unit-tests: Add a simple semaphore test

6 years agounit-tests: Add a spinlock test case
Martin Willi [Wed, 23 Oct 2013 12:14:21 +0000 (14:14 +0200)]
unit-tests: Add a spinlock test case

6 years agounit-tests: Add a rwlock condvar thread cancel test
Martin Willi [Tue, 22 Oct 2013 15:44:57 +0000 (17:44 +0200)]
unit-tests: Add a rwlock condvar thread cancel test

6 years agounit-tests: Add a rwlock condvar absolute timed wait test
Martin Willi [Tue, 22 Oct 2013 15:41:37 +0000 (17:41 +0200)]
unit-tests: Add a rwlock condvar absolute timed wait test

6 years agounit-tests: Add a rwlock condvar wait test
Martin Willi [Tue, 22 Oct 2013 15:39:29 +0000 (17:39 +0200)]
unit-tests: Add a rwlock condvar wait test

6 years agounit-tests: Add a rwlock condvar broadcast test
Martin Willi [Tue, 22 Oct 2013 15:36:29 +0000 (17:36 +0200)]
unit-tests: Add a rwlock condvar broadcast test

6 years agounit-tests: Add a rwlock condvar test
Martin Willi [Tue, 22 Oct 2013 15:32:33 +0000 (17:32 +0200)]
unit-tests: Add a rwlock condvar test

6 years agounit-tests: Add a rwlock test case
Martin Willi [Tue, 22 Oct 2013 15:24:59 +0000 (17:24 +0200)]
unit-tests: Add a rwlock test case

6 years agounit-tests: Add a condvar test where wait gets cancelled
Martin Willi [Tue, 22 Oct 2013 14:05:11 +0000 (16:05 +0200)]
unit-tests: Add a condvar test where wait gets cancelled

6 years agounit-tests: Add a condvar test working on a recursive mutex
Martin Willi [Tue, 22 Oct 2013 14:04:25 +0000 (16:04 +0200)]
unit-tests: Add a condvar test working on a recursive mutex

6 years agounit-tests: Add a condvar absolute timed wait test
Martin Willi [Mon, 21 Oct 2013 15:53:37 +0000 (17:53 +0200)]
unit-tests: Add a condvar absolute timed wait test

6 years agounit-tests: Add a condvar timed wait test
Martin Willi [Mon, 21 Oct 2013 15:45:58 +0000 (17:45 +0200)]
unit-tests: Add a condvar timed wait test

6 years agounit-tests: Add condvar broadcast test
Martin Willi [Mon, 21 Oct 2013 15:27:49 +0000 (17:27 +0200)]
unit-tests: Add condvar broadcast test

6 years agounit-tests: Add a simple condvar test
Martin Willi [Mon, 21 Oct 2013 15:24:43 +0000 (17:24 +0200)]
unit-tests: Add a simple condvar test

6 years agounit-tests: Add a thread local storage cleanup test
Martin Willi [Mon, 21 Oct 2013 14:58:22 +0000 (16:58 +0200)]
unit-tests: Add a thread local storage cleanup test

6 years agounit-tests: Add a thread local storage fuzzer test
Martin Willi [Mon, 21 Oct 2013 14:37:51 +0000 (16:37 +0200)]
unit-tests: Add a thread local storage fuzzer test

6 years agounit-tests: Add a thread cleanup pop test
Martin Willi [Mon, 21 Oct 2013 14:12:52 +0000 (16:12 +0200)]
unit-tests: Add a thread cleanup pop test

6 years agounit-tests: Add cleanup test cases for different thread exit situations
Martin Willi [Mon, 21 Oct 2013 14:09:10 +0000 (16:09 +0200)]
unit-tests: Add cleanup test cases for different thread exit situations

6 years agounit-tests: Add a test for thread_cancellation_point()
Martin Willi [Mon, 21 Oct 2013 13:08:14 +0000 (15:08 +0200)]
unit-tests: Add a test for thread_cancellation_point()

6 years agounit-tests: Add thread cancellability testing
Martin Willi [Mon, 21 Oct 2013 12:41:12 +0000 (14:41 +0200)]
unit-tests: Add thread cancellability testing

6 years agounit-tests: Add a simple thread_cancel() test
Martin Willi [Mon, 21 Oct 2013 12:32:06 +0000 (14:32 +0200)]
unit-tests: Add a simple thread_cancel() test

6 years agounit-tests: Add thread_exit() tests to both join and detach test cases
Martin Willi [Mon, 21 Oct 2013 12:17:16 +0000 (14:17 +0200)]
unit-tests: Add thread_exit() tests to both join and detach test cases

6 years agounit-tests: Add a simple thread detach test
Martin Willi [Mon, 21 Oct 2013 12:10:38 +0000 (14:10 +0200)]
unit-tests: Add a simple thread detach test

6 years agounit-tests: Add a simple thread join() test
Martin Willi [Mon, 21 Oct 2013 09:45:10 +0000 (11:45 +0200)]
unit-tests: Add a simple thread join() test

6 years agounit-tests: Add test suite for streams and services
Martin Willi [Wed, 16 Oct 2013 13:51:12 +0000 (15:51 +0200)]
unit-tests: Add test suite for streams and services

6 years agounit-tests: Add a few test cases for watcher
Martin Willi [Wed, 16 Oct 2013 11:45:48 +0000 (13:45 +0200)]
unit-tests: Add a few test cases for watcher

6 years agounit-tests: Support testing multi-threaded code
Martin Willi [Wed, 16 Oct 2013 13:49:58 +0000 (15:49 +0200)]
unit-tests: Support testing multi-threaded code

6 years agounit-tests: Use a home-brew thread barrier to remove pthread dependency
Martin Willi [Mon, 21 Oct 2013 09:38:29 +0000 (11:38 +0200)]
unit-tests: Use a home-brew thread barrier to remove pthread dependency

6 years agounit-tests: Show how many test vectors have failed on test failure
Martin Willi [Tue, 5 Nov 2013 09:13:36 +0000 (10:13 +0100)]
unit-tests: Show how many test vectors have failed on test failure

6 years agounit-tests: Skip fmemopen() based printf() tests if not available
Martin Willi [Tue, 15 Oct 2013 16:15:29 +0000 (18:15 +0200)]
unit-tests: Skip fmemopen() based printf() tests if not available

6 years agounit-tests: Avoid name clash with clone() from <sched.h>
Martin Willi [Tue, 22 Oct 2013 16:21:01 +0000 (18:21 +0200)]
unit-tests: Avoid name clash with clone() from <sched.h>

6 years agounit-tests: Fix a compiler warning in identification tests
Martin Willi [Tue, 15 Oct 2013 13:15:45 +0000 (15:15 +0200)]
unit-tests: Fix a compiler warning in identification tests

6 years agounit-tests: Clean up memory in new asn1 unit tests
Martin Willi [Mon, 4 Nov 2013 11:13:08 +0000 (12:13 +0100)]
unit-tests: Clean up memory in new asn1 unit tests

Test runner checks for leaks when leak detective is enabled.

6 years agounit-tests: Pass linked_list->invoke* varargs as uintptr_t
Martin Willi [Thu, 17 Oct 2013 15:05:38 +0000 (17:05 +0200)]
unit-tests: Pass linked_list->invoke* varargs as uintptr_t

Passing integers of unspecified length may result in passing an integer shorter
than uintptr_t. When reading them back, we might get more data than passed,
resulting in a failure.

6 years agounit-tests: Initialize backtracing before printing any backtraces
Martin Willi [Wed, 16 Oct 2013 10:24:21 +0000 (12:24 +0200)]
unit-tests: Initialize backtracing before printing any backtraces

6 years agothread: Note that tread_cancellation_point temporarily activates cancelability
Martin Willi [Wed, 23 Oct 2013 13:50:17 +0000 (15:50 +0200)]
thread: Note that tread_cancellation_point temporarily activates cancelability

6 years agobacktrace: Support backtracing even if library is not initialized
Martin Willi [Wed, 16 Oct 2013 10:32:15 +0000 (12:32 +0200)]
backtrace: Support backtracing even if library is not initialized

But of course backtracing must be initialized anyway using backtrace_init().

6 years agounit-tests: Enable libstrongswan tests even if --enable-unit-tests not set
Martin Willi [Mon, 4 Nov 2013 10:26:33 +0000 (11:26 +0100)]
unit-tests: Enable libstrongswan tests even if --enable-unit-tests not set

As we don't depend on the check framework anymore, we can enable the unit tests
by default. These are built/executed with "make check" only, so it makes no
sense to disable them.

6 years agoautomake: Don't use parallel test harness being the default with automake 1.13
Martin Willi [Mon, 4 Nov 2013 10:59:11 +0000 (11:59 +0100)]
automake: Don't use parallel test harness being the default with automake 1.13

We have no need for the parallel test harness, and we prefer to have the output
of make check on the console

6 years agounit-tests: Implement testing framework without "check"
Martin Willi [Mon, 14 Oct 2013 18:29:06 +0000 (20:29 +0200)]
unit-tests: Implement testing framework without "check"

6 years agoleak-detective: Call {gm,local}time_r() to allocate static buffer
Martin Willi [Wed, 6 Nov 2013 09:10:49 +0000 (10:10 +0100)]
leak-detective: Call {gm,local}time_r() to allocate static buffer

On OS X Mavericks, these functions use a static allocation and are hard
to whitelist using other means.

6 years agoleak-detective: Register OS X specific hooks just once
Martin Willi [Wed, 6 Nov 2013 09:09:04 +0000 (10:09 +0100)]
leak-detective: Register OS X specific hooks just once

If we initialize libstrongswan more than once in the same process, we may
not register the hooks twice.

6 years agoleak-detective: Reset leak list during cleanup
Martin Willi [Wed, 16 Oct 2013 09:16:41 +0000 (11:16 +0200)]
leak-detective: Reset leak list during cleanup

This resets leak detective state should it get created/destroyed more than once.

6 years agoleak-detective: Use callback functions to report leaks and usage information
Martin Willi [Wed, 16 Oct 2013 08:37:38 +0000 (10:37 +0200)]
leak-detective: Use callback functions to report leaks and usage information

This is more flexible than printing reports to a FILE.

6 years agounit-tests: Move test suites to its own subfolder
Martin Willi [Mon, 14 Oct 2013 14:44:27 +0000 (16:44 +0200)]
unit-tests: Move test suites to its own subfolder

6 years agoikev2: Properly free DH secret in case of errors during IKE key derivation
Tobias Brunner [Wed, 6 Nov 2013 09:20:48 +0000 (10:20 +0100)]
ikev2: Properly free DH secret in case of errors during IKE key derivation

Fixes #437.

6 years agounit-tests: completed asn1_suite
Andreas Steffen [Mon, 4 Nov 2013 17:35:25 +0000 (18:35 +0100)]
unit-tests: completed asn1_suite

6 years agoUpdated test_runner.h with new suites
Andreas Steffen [Sun, 3 Nov 2013 20:34:42 +0000 (21:34 +0100)]
Updated test_runner.h with new suites

6 years agounit-tests: 100% function coverage for asn1.c
Andreas Steffen [Sun, 3 Nov 2013 16:40:51 +0000 (17:40 +0100)]
unit-tests: 100% function coverage for asn1.c