strongswan.git
8 months agoDemo branch showing the creation of a listener plugin demo-plugin
Andreas Steffen [Mon, 21 Dec 2015 12:04:24 +0000 (13:04 +0100)]
Demo branch showing the creation of a listener plugin

8 months agotravis: Don't build botan twice if installing dependencies is retried
Tobias Brunner [Tue, 2 Oct 2018 14:13:26 +0000 (16:13 +0200)]
travis: Don't build botan twice if installing dependencies is retried

8 months agofuzzing: Add -lm to LDFLAGS if the coverage sanitizer is used
Tobias Brunner [Tue, 2 Oct 2018 08:58:40 +0000 (10:58 +0200)]
fuzzing: Add -lm to LDFLAGS if the coverage sanitizer is used

libFuzzer apparently uses math functions (e.g. ceilf) for that sanitizer.

8 months agotravis: Only build sonarcloud target if the token is available
Tobias Brunner [Tue, 2 Oct 2018 07:38:00 +0000 (09:38 +0200)]
travis: Only build sonarcloud target if the token is available

That's not the case for pull requests that don't have access to
encrypted tokens/environment variables.

8 months agoswanctl: Fix typos in usage for swanctl rekey/terminate commands
Matt Selsky [Tue, 2 Oct 2018 04:56:31 +0000 (00:56 -0400)]
swanctl: Fix typos in usage for swanctl rekey/terminate commands

Closes strongswan/strongswan#113.

8 months agoVersion bump to 5.7.1 5.7.1
Andreas Steffen [Mon, 1 Oct 2018 15:46:17 +0000 (17:46 +0200)]
Version bump to 5.7.1

8 months agoNEWS: Add info about CVE-2018-17540
Tobias Brunner [Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)]
NEWS: Add info about CVE-2018-17540

8 months agogmp: Fix buffer overflow with very small RSA keys
Tobias Brunner [Tue, 25 Sep 2018 12:50:08 +0000 (14:50 +0200)]
gmp: Fix buffer overflow with very small RSA keys

Because `keylen` is unsigned the subtraction results in an integer
underflow if the key length is < 11 bytes.

This is only a problem when verifying signatures with a public key (for
private keys the plugin enforces a minimum modulus length) and to do so
we usually only use trusted keys.  However, the x509 plugin actually
calls issued_by() on a parsed certificate to check if it is self-signed,
which is the reason this issue was found by OSS-Fuzz in the first place.
So, unfortunately, this can be triggered by sending an invalid client
cert to a peer.

Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them")
Fixes: CVE-2018-17540

8 months agotravis: Don't build tags separately
Tobias Brunner [Fri, 21 Sep 2018 16:49:09 +0000 (18:49 +0200)]
travis: Don't build tags separately

Travis treats tags just like branches (which sonarcloud does too) and the
tagged commit is built anyway.

8 months agoVersion bump to 5.7.0 5.7.0
Andreas Steffen [Mon, 24 Sep 2018 09:10:12 +0000 (11:10 +0200)]
Version bump to 5.7.0

8 months agoNEWS: Add info about CVE-2018-16151/52
Tobias Brunner [Mon, 3 Sep 2018 12:39:52 +0000 (14:39 +0200)]
NEWS: Add info about CVE-2018-16151/52

8 months agogmp: Don't parse PKCS1 v1.5 RSA signatures to verify them
Tobias Brunner [Tue, 28 Aug 2018 09:26:24 +0000 (11:26 +0200)]
gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them

Instead we generate the expected signature encoding and compare it to the
decrypted value.

Due to the lenient nature of the previous parsing code (minimum padding
length was not enforced, the algorithmIdentifier/OID parser accepts arbitrary
data after OIDs and in the parameters field etc.) it was susceptible to
Daniel Bleichenbacher's low-exponent attack (from 2006!), which allowed
forging signatures for keys that use low public exponents (i.e. e=3).

Since the public exponent is usually set to 0x10001 (65537) since quite a
while, the flaws in the previous code should not have had that much of a
practical impact in recent years.

Fixes: CVE-2018-16151, CVE-2018-16152

8 months agotravis: Run long-running tests first to reduce overall build time
Tobias Brunner [Tue, 18 Sep 2018 14:55:38 +0000 (16:55 +0200)]
travis: Run long-running tests first to reduce overall build time

Moving the manual matrix inclusions further up would be even better but
that doesn't seem possible.

8 months agoandroid: Disable capabilities in the android app
Tobias Brunner [Fri, 21 Sep 2018 08:58:51 +0000 (10:58 +0200)]
android: Disable capabilities in the android app

capset/capget are not in the NDK headers anymore, but we didn't use them
in the app anyway.

8 months agoandroid: Fix implementation of change_state() method in Android IMC
Tobias Brunner [Fri, 21 Sep 2018 08:55:34 +0000 (10:55 +0200)]
android: Fix implementation of change_state() method in Android IMC

The signature was changed with 731e043c8e07 ("libimcv: Reset of IMC state for
new measurement cycle").

9 months agoVersion bump to 5.7.0rc2 5.7.0rc2
Andreas Steffen [Tue, 18 Sep 2018 14:03:23 +0000 (16:03 +0200)]
Version bump to 5.7.0rc2

9 months agoswanctl: Document PPKs
Tobias Brunner [Tue, 18 Sep 2018 08:12:45 +0000 (10:12 +0200)]
swanctl: Document PPKs

9 months agoFixed some typos, courtesy of codespell
Tobias Brunner [Mon, 17 Sep 2018 16:36:22 +0000 (18:36 +0200)]
Fixed some typos, courtesy of codespell

9 months agosettings: Clarify that a key/value-pair can only occur once
Tobias Brunner [Mon, 17 Sep 2018 15:58:09 +0000 (17:58 +0200)]
settings: Clarify that a key/value-pair can only occur once

9 months agosettings-test: Remove unused variable in printf() call
Tobias Brunner [Mon, 17 Sep 2018 15:43:18 +0000 (17:43 +0200)]
settings-test: Remove unused variable in printf() call

9 months agovici: Fix syntax error in Ruby bindings
Tobias Brunner [Mon, 17 Sep 2018 15:05:23 +0000 (17:05 +0200)]
vici: Fix syntax error in Ruby bindings

I guess nobody uses these.

Fixes: 2c7cfe76303b ("vici:  flush-certs command flushes certificate cache")

9 months agoimv-attestation: Don't use comma to separate statements
Tobias Brunner [Mon, 17 Sep 2018 14:59:43 +0000 (16:59 +0200)]
imv-attestation: Don't use comma to separate statements

9 months agoimv-agent: Don't use comma to separate statements
Tobias Brunner [Mon, 17 Sep 2018 14:59:11 +0000 (16:59 +0200)]
imv-agent: Don't use comma to separate statements

9 months agoxauth-pam: Don't use comma to separate statements
Tobias Brunner [Mon, 17 Sep 2018 14:58:14 +0000 (16:58 +0200)]
xauth-pam: Don't use comma to separate statements

9 months agotnc-pdp: Don't use comma to separate statements
Tobias Brunner [Mon, 17 Sep 2018 14:57:43 +0000 (16:57 +0200)]
tnc-pdp: Don't use comma to separate statements

9 months agoreceiver: Don't use commas to separate statements
Tobias Brunner [Mon, 17 Sep 2018 14:56:25 +0000 (16:56 +0200)]
receiver: Don't use commas to separate statements

Maybe was in the INIT statement at some point.

9 months agomanager: Restore direct return if database URI is not defined
Tobias Brunner [Mon, 17 Sep 2018 14:30:51 +0000 (16:30 +0200)]
manager: Restore direct return if database URI is not defined

There was an exit anyway because storage_create() returns NULL if the
database can't be created.

9 months agoimv-os-agent: Remove useless assignment
Tobias Brunner [Mon, 17 Sep 2018 14:44:47 +0000 (16:44 +0200)]
imv-os-agent: Remove useless assignment

`eval` will never be TNC_IMV_EVALUATION_RESULT_DONT_KNOW so we can
remove the if statement too.

9 months agopts: Remove commented call of inexistent function
Tobias Brunner [Mon, 17 Sep 2018 14:43:32 +0000 (16:43 +0200)]
pts: Remove commented call of inexistent function

9 months agocounters: Fix exit status in error case
Tobias Brunner [Mon, 17 Sep 2018 14:13:22 +0000 (16:13 +0200)]
counters: Fix exit status in error case

9 months agosigncrl: Remove useless assignment
Tobias Brunner [Mon, 17 Sep 2018 14:11:05 +0000 (16:11 +0200)]
signcrl: Remove useless assignment

9 months agoasn1: Remove useless assignment
Tobias Brunner [Mon, 17 Sep 2018 14:07:59 +0000 (16:07 +0200)]
asn1: Remove useless assignment

9 months agomode-config: Remove useless assignment
Tobias Brunner [Mon, 17 Sep 2018 14:02:24 +0000 (16:02 +0200)]
mode-config: Remove useless assignment

9 months agokeymat_v1: Remove useless assignment
Tobias Brunner [Mon, 17 Sep 2018 14:00:11 +0000 (16:00 +0200)]
keymat_v1: Remove useless assignment

9 months agokernel-netlink: Check return value of both halfs when installing default route in...
Tobias Brunner [Mon, 17 Sep 2018 13:56:48 +0000 (15:56 +0200)]
kernel-netlink: Check return value of both halfs when installing default route in main table

9 months agobotan: Fix leak if hasher initialization fails
Tobias Brunner [Mon, 17 Sep 2018 15:59:55 +0000 (17:59 +0200)]
botan: Fix leak if hasher initialization fails

9 months agobotan: Share code to generate RSA EMSA PSS signature identifier strings
Tobias Brunner [Mon, 17 Sep 2018 10:57:25 +0000 (12:57 +0200)]
botan: Share code to generate RSA EMSA PSS signature identifier strings

9 months agobotan: Remove unnecessary nested blocks and simplify keyid allocation
Tobias Brunner [Mon, 17 Sep 2018 10:33:09 +0000 (12:33 +0200)]
botan: Remove unnecessary nested blocks and simplify keyid allocation

9 months agodaemon: Remove redundant assignment to time_format
Tobias Brunner [Fri, 14 Sep 2018 14:10:46 +0000 (16:10 +0200)]
daemon: Remove redundant assignment to time_format

9 months agoVersion bump to 5.7.0rc1 5.7.0rc1
Andreas Steffen [Sun, 16 Sep 2018 07:30:09 +0000 (09:30 +0200)]
Version bump to 5.7.0rc1

9 months agotesting: Extended Botan scenarios
Andreas Steffen [Wed, 12 Sep 2018 15:21:21 +0000 (17:21 +0200)]
testing: Extended Botan scenarios

9 months agoNEWS: Added some news for 5.7.0
Tobias Brunner [Wed, 12 Sep 2018 16:41:53 +0000 (18:41 +0200)]
NEWS: Added some news for 5.7.0

9 months agotravis: Silence `git checkout` for Botan
Tobias Brunner [Wed, 12 Sep 2018 15:18:15 +0000 (17:18 +0200)]
travis: Silence `git checkout` for Botan

9 months agoMerge branch 'botan-plugin'
Tobias Brunner [Wed, 12 Sep 2018 14:25:07 +0000 (16:25 +0200)]
Merge branch 'botan-plugin'

Adds a wrapper plugin for the Botan crypto library.

Closes strongswan/strongswan#109.

9 months agotravis: Use a fix revision for Botan and speed up subsequent builds via ccache
Tobias Brunner [Wed, 12 Sep 2018 13:51:08 +0000 (15:51 +0200)]
travis: Use a fix revision for Botan and speed up subsequent builds via ccache

9 months agotravis: Use amalgamation build for Botan and build outside our source tree
Tobias Brunner [Wed, 12 Sep 2018 11:12:44 +0000 (13:12 +0200)]
travis: Use amalgamation build for Botan and build outside our source tree

This merges all source files into botan_all.cpp, which reduces the build
time by almost 50%. Building outside the strongSwan tree avoids analyzing
Botan with sonarqube.

9 months agogcrypt: Make generic DH constructor static
Tobias Brunner [Wed, 12 Sep 2018 10:56:11 +0000 (12:56 +0200)]
gcrypt: Make generic DH constructor static

9 months agotravis: Build botan plugin also in the tests that build everything
Tobias Brunner [Wed, 12 Sep 2018 10:05:14 +0000 (12:05 +0200)]
travis: Build botan plugin also in the tests that build everything

9 months agotravis: Only add the sonarcloud addon for that build
Tobias Brunner [Wed, 12 Sep 2018 10:02:41 +0000 (12:02 +0200)]
travis: Only add the sonarcloud addon for that build

9 months agotesting: Added botan/rw-cert scenario
Andreas Steffen [Wed, 5 Sep 2018 06:07:06 +0000 (08:07 +0200)]
testing: Added botan/rw-cert scenario

9 months agotesting: Enable Botan and the plugin
Tobias Brunner [Thu, 30 Aug 2018 15:47:43 +0000 (17:47 +0200)]
testing: Enable Botan and the plugin

ldconfig is required, otherwise the library won't be found by
strongSwan in the same session.

Should later be changed to 2.8.0 or a newer stable release.

9 months agobotan: Add support for X25519
Tobias Brunner [Tue, 11 Sep 2018 09:05:21 +0000 (11:05 +0200)]
botan: Add support for X25519

9 months agobotan: Simplify DH/ECDH key derivation
Tobias Brunner [Tue, 11 Sep 2018 08:58:42 +0000 (10:58 +0200)]
botan: Simplify DH/ECDH key derivation

9 months agotest-vectors: Add the actual test vector from RFC 8031 for x25519
Tobias Brunner [Tue, 11 Sep 2018 08:32:50 +0000 (10:32 +0200)]
test-vectors: Add the actual test vector from RFC 8031 for x25519

The existing test vector is from RFC 8037.

9 months agoike-init: Fix leak if KE payload creation fails
Tobias Brunner [Thu, 30 Aug 2018 12:48:34 +0000 (14:48 +0200)]
ike-init: Fix leak if KE payload creation fails

9 months agoleak-detective: Add an option to ignore frees of unknown memory blocks
Tobias Brunner [Wed, 8 Aug 2018 15:06:15 +0000 (17:06 +0200)]
leak-detective: Add an option to ignore frees of unknown memory blocks

This also changes how unknown/corrupted memory is handled in the free()
and realloc() hooks in general.

Incorporates changes provided by Thomas Egerer who ran into a similar
issue.

9 months agotravis: Add Botan build
Tobias Brunner [Wed, 8 Aug 2018 09:35:46 +0000 (11:35 +0200)]
travis: Add Botan build

We build Botan directly from the master branch until 2.8.0 is released.

9 months agoleak-detective: Whitelist some Botan functions
Tobias Brunner [Wed, 8 Aug 2018 09:41:36 +0000 (11:41 +0200)]
leak-detective: Whitelist some Botan functions

Due to the mangled C++ function names it's tricky to be more specific.  The
"leaked" allocations are from a static hashtable containing EC groups.

There is another leak caused by the locking allocator singleton
(triggered by the first function that uses it, usually initialization of
 a cipher, but could be a hasher in other test runners), but we can avoid
that with a Botan config option.

9 months agobotan: Adhere to configured DH exponent length
Tobias Brunner [Fri, 10 Aug 2018 15:04:09 +0000 (17:04 +0200)]
botan: Adhere to configured DH exponent length

9 months agobotan: Encode private keys as PKCS#8
Tobias Brunner [Fri, 10 Aug 2018 07:02:26 +0000 (09:02 +0200)]
botan: Encode private keys as PKCS#8

Since we can now parse that encoding directly we can simplify the private
key export and stick to PKCS#8.

9 months agobotan: Load public/private keys generically
Tobias Brunner [Thu, 9 Aug 2018 11:00:50 +0000 (13:00 +0200)]
botan: Load public/private keys generically

Simplifies public key loading and this way unencrypted PKCS#8-encoded
keys can be loaded directly without pkcs8 plugin (code for encrypted
keys could probably later be added, if necessary).

It also simplifies the implementation of private_key_t::get_public_key()
a lot.

9 months agobotan: Encode curve OID and public key in EC private key
Tobias Brunner [Wed, 8 Aug 2018 16:23:11 +0000 (18:23 +0200)]
botan: Encode curve OID and public key in EC private key

Without OID we can't generate an algorithmIdentifier when loading the
key again. And older versions of OpenSSL insist on a public key when
e.g. converting a key to PKCS#8.

Simply unwrapping the ECPrivateKey structure avoids log messages when
parsing other keys in the KEY_ANY case.

9 months agopkcs1: Accept EC private keys without public key but make sure of an OID
Tobias Brunner [Thu, 9 Aug 2018 06:45:48 +0000 (08:45 +0200)]
pkcs1: Accept EC private keys without public key but make sure of an OID

9 months agobotan: Fixes, code style changes plus some refactorings
Tobias Brunner [Mon, 6 Aug 2018 15:46:54 +0000 (17:46 +0200)]
botan: Fixes, code style changes plus some refactorings

Some changes rely on newly added FFI functions in Botan's master
branch.

9 months agobotan: Add MD5 support to Botan hasher
René Korthaus [Fri, 27 Jul 2018 07:33:39 +0000 (09:33 +0200)]
botan: Add MD5 support to Botan hasher

Support MD5 in the Botan plugin if supported by Botan.
MD5 is required for RADIUS and obviously EAP-MD5,
and also for non-PKCS#8 encoded, encrypted private keys.

9 months agounit-tests: Remove 768 bits RSA gen test
René Korthaus [Thu, 26 Jul 2018 09:17:07 +0000 (11:17 +0200)]
unit-tests: Remove 768 bits RSA gen test

Botan only allows RSA generating keys >= 1,024 bits, which makes
the RSA test suite fail. It is questionable whether it makes
sense to test 768 bit RSA keys anymore. They are too weak
from today's perspective anyway.

9 months agobotan: Add Botan plugin to libstrongswan
René Korthaus [Wed, 25 Jul 2018 11:01:19 +0000 (13:01 +0200)]
botan: Add Botan plugin to libstrongswan

9 months agodumm: Remove the Dynamic UML Mesh Modeler framework
Tobias Brunner [Wed, 12 Sep 2018 09:02:32 +0000 (11:02 +0200)]
dumm: Remove the Dynamic UML Mesh Modeler framework

This has been pretty much defunct for several years (requires a
specially patched UML-enabled guest kernel).

9 months agoandroid: Properly set log file path
Tobias Brunner [Wed, 12 Sep 2018 09:44:33 +0000 (11:44 +0200)]
android: Properly set log file path

9 months agoconf: Document new filelog configuration
Tobias Brunner [Wed, 12 Sep 2018 09:42:38 +0000 (11:42 +0200)]
conf: Document new filelog configuration

9 months agolibrary: Return FALSE from library_init() if loaded settings are invalid
Tobias Brunner [Tue, 11 Sep 2018 15:56:38 +0000 (17:56 +0200)]
library: Return FALSE from library_init() if loaded settings are invalid

This way daemons won't start with config files that contain errors.

9 months agosettings: Don't allow dots in section/key names anymore
Tobias Brunner [Thu, 31 May 2018 09:46:29 +0000 (11:46 +0200)]
settings: Don't allow dots in section/key names anymore

This requires config changes if filelog is used with a path that
contains dots. This path must now be defined in the `path` setting of an
arbitrarily named subsection of `filelog`.  Without that change the
whole strongswan.conf file will fail to load, which some users might
not notice immediately.

9 months agoike-auth: Remove unnecessary case statement
Tobias Brunner [Tue, 11 Sep 2018 09:33:05 +0000 (11:33 +0200)]
ike-auth: Remove unnecessary case statement

9 months agovici: Remove unreachable code
Tobias Brunner [Fri, 7 Sep 2018 09:17:06 +0000 (11:17 +0200)]
vici: Remove unreachable code

If list is TRUE any type but VICI_LIST_END and VICI_LIST_ITEM (i.e.
including VICI_END) is already handled in the first block in this
function.

9 months agovici: Lease enumerator is always defined
Tobias Brunner [Fri, 7 Sep 2018 09:12:24 +0000 (11:12 +0200)]
vici: Lease enumerator is always defined

mem_pool_t always returns an enumerator.

9 months agostroke: Lease enumerator is always defined
Tobias Brunner [Fri, 7 Sep 2018 09:03:29 +0000 (11:03 +0200)]
stroke: Lease enumerator is always defined

This function is only called for existing pools (under the protection of
a read lock).

9 months agosmp: Remove unreachable initializer
Tobias Brunner [Fri, 7 Sep 2018 08:56:07 +0000 (10:56 +0200)]
smp: Remove unreachable initializer

Execution in this block will start with any of the case statements,
never with the initialization.

9 months agoeap-sim-pcsc: Fix leak in error case
Tobias Brunner [Fri, 7 Sep 2018 08:36:41 +0000 (10:36 +0200)]
eap-sim-pcsc: Fix leak in error case

9 months agotravis: Add sonarcloud build
Tobias Brunner [Mon, 10 Sep 2018 16:46:20 +0000 (18:46 +0200)]
travis: Add sonarcloud build

9 months agotravis: Automatically retry install steps
Tobias Brunner [Mon, 10 Sep 2018 10:22:20 +0000 (12:22 +0200)]
travis: Automatically retry install steps

There occasionally are network issues when fetching from Ubuntu/PPA
repos.  Let's see if this is a possible fix.

9 months agoswanctl: Allow passing a custom config file for each --load* command
Tobias Brunner [Mon, 28 May 2018 15:19:22 +0000 (17:19 +0200)]
swanctl: Allow passing a custom config file for each --load* command

Mainly for debugging, but could also be used to e.g. use a separate file
for connections and secrets.

9 months agoMerge branch 'ikev2-ppk'
Tobias Brunner [Mon, 10 Sep 2018 16:05:12 +0000 (18:05 +0200)]
Merge branch 'ikev2-ppk'

Adds support for Postquantum Preshared Keys for IKEv2.

Fixes #2710.

9 months agotesting: Add some PPK scenarios
Tobias Brunner [Thu, 30 Aug 2018 16:14:06 +0000 (18:14 +0200)]
testing: Add some PPK scenarios

9 months agoswanctl: Report the use of a PPK in --list-sas
Tobias Brunner [Fri, 27 Jul 2018 11:14:40 +0000 (13:14 +0200)]
swanctl: Report the use of a PPK in --list-sas

If we later decide the PPK_ID would be helpful, printing this on a
separate line would probably make sense.

9 months agovici: Return PPK state of an IKE_SA
Tobias Brunner [Fri, 27 Jul 2018 10:50:22 +0000 (12:50 +0200)]
vici: Return PPK state of an IKE_SA

9 months agoikev2: Mark IKE_SAs that used PPK during authentication
Tobias Brunner [Fri, 27 Jul 2018 10:14:18 +0000 (12:14 +0200)]
ikev2: Mark IKE_SAs that used PPK during authentication

9 months agoeap-authenticator: Add support for authentication with PPK
Tobias Brunner [Fri, 27 Jul 2018 09:24:49 +0000 (11:24 +0200)]
eap-authenticator: Add support for authentication with PPK

9 months agopubkey-authenticator: Add support for authentication with PPK
Tobias Brunner [Fri, 27 Jul 2018 08:49:30 +0000 (10:49 +0200)]
pubkey-authenticator: Add support for authentication with PPK

9 months agopsk-authenticator: Add support for authentication with PPK
Tobias Brunner [Thu, 26 Jul 2018 14:25:02 +0000 (16:25 +0200)]
psk-authenticator: Add support for authentication with PPK

9 months agoike-auth: Add basic PPK support
Tobias Brunner [Thu, 26 Jul 2018 15:28:13 +0000 (17:28 +0200)]
ike-auth: Add basic PPK support

Some of the work will have to be done in the authenticators.

9 months agoike-auth: Replace `== NULL` with `!`
Tobias Brunner [Thu, 26 Jul 2018 15:27:13 +0000 (17:27 +0200)]
ike-auth: Replace `== NULL` with `!`

9 months agoauthenticator: Add optional method to set PPK
Tobias Brunner [Thu, 26 Jul 2018 13:32:10 +0000 (15:32 +0200)]
authenticator: Add optional method to set PPK

9 months agoike-init: Send USE_PPK notify as appropriate
Tobias Brunner [Thu, 26 Jul 2018 13:20:30 +0000 (15:20 +0200)]
ike-init: Send USE_PPK notify as appropriate

9 months agoswanctl: Report PPK configuration in --list-conns
Tobias Brunner [Fri, 27 Jul 2018 10:34:23 +0000 (12:34 +0200)]
swanctl: Report PPK configuration in --list-conns

9 months agovici: Make PPK related options configurable
Tobias Brunner [Thu, 26 Jul 2018 15:57:36 +0000 (17:57 +0200)]
vici: Make PPK related options configurable

9 months agopeer-cfg: Add properties for PPK ID and whether PPK is required
Tobias Brunner [Thu, 26 Jul 2018 13:16:21 +0000 (15:16 +0200)]
peer-cfg: Add properties for PPK ID and whether PPK is required

9 months agoike-sa: Add flag for PPK extension
Tobias Brunner [Thu, 26 Jul 2018 09:47:46 +0000 (11:47 +0200)]
ike-sa: Add flag for PPK extension

9 months agokeymat_v2: Add support for PPKs
Tobias Brunner [Wed, 25 Jul 2018 14:43:01 +0000 (16:43 +0200)]
keymat_v2: Add support for PPKs

9 months agoswanctl: Add support for PPKs
Tobias Brunner [Thu, 26 Jul 2018 15:44:12 +0000 (17:44 +0200)]
swanctl: Add support for PPKs

9 months agovici: Add support for PPKs
Tobias Brunner [Wed, 25 Jul 2018 15:23:12 +0000 (17:23 +0200)]
vici: Add support for PPKs