[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Wed Apr 29 18:17:13 EEST 2015


New commits:
commit 82fd22ab5a95e2f3772a7edd8e29a98b40af125e
Merge: b2c7a68 b694d92
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 29 10:46:25 2015 -0400

    pluto: re-implement PRF eliminating duplicates; add CAVP test program
    
    The file crypt_prf.c implements rfc2104 PRF using PK11SymKey and
    PK11_Derive.  It doesn't use NSS's lower-level HASH interface
    as that writes the result to an unprotected buffer.  The down
    side is that it has to create/free lots of PK11SymKeys.
    
    It can be tested by feeding the CAVP program test vectors from NIST.
    
    The old PRF code, found in hmac.c(1) and crypt_dh.c(2), has been
    replaced with calls to the above.
    
    Notes:
    
    crypt_symkey.c, which provides sane wrappers around
    PK11_Derive, could do with a further clean-up - pluto,
    since for ever, has been creating scratch keys of type
    CKM_CONCATENATE_BASE_AND_DATA.
    
    It would be nice to eliminate the hmac_init et.al. wrappers;
    it would simplify ikev1_quick.c.
    
    More crypto material should be left in PK11SymKeys and
    only copied to buffers when needed.
    
    All code should switch to crypt_symkey.c; especially free_any_symkey().
    
    All code should switch to DBG_dump_symkey; it only dumps the
    raw key when DBG_PRIVATE.
    
    NSS needs an interface that doesn't leak results and doesn't
    force a lot of PK11SymKey create/freeing.
    
    Merges prf-rewrite branch.

commit b694d928a156a0a362c5e2fe4832dd9232be6f4c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 29 10:19:02 2015 -0400

    pluto: testing: cleanly shutdown NSS after running tests

commit bb91124f055b9706b8ac59b864978a4247a8a5eb
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 28 22:01:00 2015 -0400

    pluto: try to make debug messages from crypt_symkey.c slightly less cryptic

commit dc6685d87ac099a0d81ae1957030cfb908984fbc
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 28 14:23:43 2015 -0400

    pluto: add free_any_symkey function; call from new PRF code
    
    Leaves old code :-(

commit 4f2f53136e4da1b7720d8cf68c135abef81359bc
Merge: 14bc2f4 9efef74
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 28 13:03:59 2015 -0400

    Merge branch 'prf-rewrite' of vault.libreswan.org:/srv/src/libreswan into prf-rewrite

commit 9efef744462aecabaa20ad5767a489accbd20aca
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 28 12:11:41 2015 -0400

    pluto: add missing free to ikev2_prfplus

commit 1b1a4dd59faf457be40c6d0a35b39c73112537bf
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 28 11:20:33 2015 -0400

    pluto: add more missing cases to ckm_to_string
    
    (also return upper-case strings so spotting them is easier)

commit 64e0bfbdd6e2e1cb633b29fa29c46eb44538b9ea
Merge: 5fc2d9a bbc36b1
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 27 19:53:33 2015 -0400

    Merge branch 'prf-rewrite' of vault.libreswan.fi:/srv/src/libreswan into prf-rewrite

commit bbc36b1ce448a00dac21b8b06b092e58827c5d67
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 27 19:28:15 2015 -0400

    pluto: re-implement hmac.c using crypt_prf.c
    
    This should mean that there's only one PRF implementation
    in the code base.
    
    Nice to have is go through the hmac.c callers and have
    them use crypt_prf directly.

commit 132159ff79c5533af81bca6d0894f7c31dad93b5
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 27 19:26:34 2015 -0400

    pluto: implement crypt_prf_final_bytes and crypt_prf_update_bytes methods
    
    makes re-implementing hmac.c easier (and for that matter
    hashing stuff on the wire).

commit 27626fba84d19b8dfafce2f496929c61ddd7c4cf
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 27 19:25:13 2015 -0400

    pluto: fix DBG_CRYPT crasher in DBG_dump_symkey when symkey==NULL

commit 39239094bbcf549567470767c79110b226fcf8d2
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 27 15:33:52 2015 -0400

    pluto: add DBG_dump_symkey which tries to keep symkes private
    
    Use, update calls to dump better info.

commit f51d1fd350074cb3167a33ee49a9d0b09ed3b4b4
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 27 10:33:08 2015 -0400

    pluto: add bytes_from_symkey_*; use from chunk_from_symkey_ *
    
    This has the effect of testing the code before something external
    uses it.

commit dafcb3244897bf7400f382298697f363f865382c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 24 12:12:37 2015 -0400

    pluto: add concat_symkey_bytes and append_symkey_bytes
    
    Tweak code so everything uses them (gives better code coverage).

commit e9c7ee73bed3c2ea864a44ab0a37dc152f466f07
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 24 11:33:13 2015 -0400

    pluto: add symkey_from_bytes()
    
    hmac likes lower-level interfaces

commit 693e70bdd4954cb0968cc7115a7afdb54c84d6f0
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 23 22:31:49 2015 -0400

    pluto: add chunk_from_symkey

commit 25509556e5eb40545a7bcd2c1d61a000f976416c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 23 22:13:43 2015 -0400

    pluto: replace merge_symkey_chunk with merge_symkey_bytes
    
    prep for byte based symkey interfaces.

commit 145eb32316ad3e9b9d92d9d6fc9c05174de49a84
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 21 16:51:49 2015 -0400

    pluto: add notes on how to use crypt_prf.

commit 4785bdf607c86a30dd14c463ae57ccda17be4e1d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 21 16:48:10 2015 -0400

    pluto: delete higher-level crypt_prf, all code uses lower-level functions.

commit 5fc2d9a90e5aeccf5d6e9ee3cce7070f92de2241
Merge: bc3f783 d3597f4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Apr 21 09:40:58 2015 -0400

    Merge branch 'prf-rewrite' of vault.libreswan.fi:/srv/src/libreswan into prf-rewrite

commit bc3f7831484215e2d8d545745f8e67ac8650bc8a
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date:   Tue Apr 21 09:19:11 2015 -0400

    pluto: Fix CLOCK_BOOTTIME build failure
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 5980824b4f79a4652b60033528735d47dade2516
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date:   Tue Apr 21 09:17:08 2015 -0400

    _stackmanager: The == operator is not portable and fails on Debian under dash
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit d3597f4cb2a6bbcc9415e2153775d811ebc72cd9
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 21 08:55:26 2015 -0400

    pluto: restore DBG_dump_chunk call from dbg_dump_symkey
    
    There's a stray debug dump call, just not that one.
    Partial revert of 4883afd9fc891e277d0bddc64e2a8598d650cfbc.

commit 14bc2f4211dfe97a930edad8f2b259a0bacc8077
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 20 18:25:23 2015 -0400

    increase BUF_SIZE to 4096

commit 28f695b61d9bb453e995df4fe7b7ed54065d50ad
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Apr 20 18:21:38 2015 -0400

    move seam to cavp_stubs.c

commit 4883afd9fc891e277d0bddc64e2a8598d650cfbc
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 20 16:00:19 2015 -0400

    pluto: fix extraction of key from keymat when offset is non-zero
    
    Forgot to convert byte offset to bit-offset.
    Delete stray logging line.

commit 73d616ee22d4cc52a0f5d98794a20750c3b34cdd
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Apr 19 19:24:25 2015 -0400

    cavp.c: seam for LABELED_IPSEC

commit 7ccd1ba34e7d02fdee9cfda57777fabde3989a99
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 23:13:01 2015 -0400

    pluto: merge separate cavp test programs into a single app
    
    includes a very raw usage message

commit 23decb59ca57c25b71d9b327b8143afb3393a9ae
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 23:09:37 2015 -0400

    pluto: add struct declaration

commit 279de50d051789ad90c1f16ea595a31c6c090b0b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 23:09:07 2015 -0400

    pluto: some notes on PRFs

commit 151f74ad83f82a0c5b06c32aed3a4420f7e9c722
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 00:53:47 2015 -0400

    pluto: use lower-level crypt_prf interface

commit bb4f542d064b882961985350de0d466731c649f1
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 00:18:29 2015 -0400

    pluto: delete unneeded #include.

commit 92358f8fe7d107314d263b474d36ebf0320434cf
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 00:14:45 2015 -0400

    pluto: testing: driver for ikev1_dsa (ike., RSA_SIG)

commit da03114cb849ff58aa35295b8469ce5e65370e14
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 00:01:59 2015 -0400

    pluto: rename ikev1_digital_signature_skeyid to ikev1_signature_skeyid
    
    Trying to avoid confusion with DSS, which it has nothing to do with :-)
    e Please enter the commit message for your changes. Lines starting

commit f6f0c61f1a3d524734f29135ce08a464c57ecc54
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 17 00:00:36 2015 -0400

    pluto: testing: implement a driver from CAVP ikev1_psk test.
    
    http://csrc.nist.gov/groups/STM/cavp/index.html

commit e033881f95baf6cb02ff09020317a02af15ca4be
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 16 11:19:10 2015 -0400

    pluto: re-implement crypt_prf using low-level primitives

commit bdc316616a4fbd6129f20d5d473d37f0ec105eee
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 16 11:09:58 2015 -0400

    pluto: implement a low-level prf function
    
    need to use it

commit 066aa5c38e460972da3653b4578d8b067a1a74f7
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 15 21:24:42 2015 -0400

    pluto: move crypt_prfplus to ikev2_prf.c
    
    IKEv2 only.

commit b190627e763673b5d46c61762627f443ed5c1f09
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 15 21:21:38 2015 -0400

    pluto: re-implement ikev1's appendix b for skeyid_e.

commit 837dfb850fd19a79991bc4562b7870dce53966f2
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 15 20:42:55 2015 -0400

    pluto: use crypt_prf, fix value for skeyid_e.

commit 22c832eb2c5162835772fb126111ad2844355a2d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 15 19:53:05 2015 -0400

    pluto: extract code implementing ikev1_skeyid_X methods; mostly
    
    skeyid_e isn't quite right.

commit 7bb7bad1905bbc5a4a647be19ae0ef1138379623
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 15 16:33:42 2015 -0400

    pluto: make ikev1 skeyid functions public with longer names

commit 070dc3ba2aa46ac1e06b9e8d879a976237b7a05a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 17:09:03 2015 -0400

    pluto: move pk11_derive_wrapper_lsw to ikev1_prf.c, only caller

commit 4a2cca06fde520c123d4af0134b0f5301a9c2206
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 17:03:56 2015 -0400

    pluto: use symkey_from_chunk to convert a chunk(psk) into a symkey

commit 78a7b506770916701b9cf60ab1080baf7e29ae11
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 16:52:17 2015 -0400

    pluto: make hmac_init very like crypt_prf.
    
    Use the same underlying functions, and better handle
    longer keys.

commit fed0b652cc5b17c803a466f204a1c79f292b5420
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 16:39:59 2015 -0400

    pluto: use simpler xor_symkey_chunk in hmac.c

commit fd1d3ef9a86eb399f04c87abd6b2b20c7a36d0f8
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 16:22:32 2015 -0400

    pluto: add xor_symkey_chunk, use in crypt_prf.c
    
    It's implementation is slightly different to what is used
    in hmac, need to figure out why.

commit c5a07cc9c2184bc53b379f162fada74532a5ffb2
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 15:46:39 2015 -0400

    pluto: shuffle hash_symkey and PK11_Derive_lsw
    
    Switch hmac.c to simpler hash_symkey.
    Leaves ikev1_prf.c as only user of PK11_Derive_lsw.

commit 3663eec6fbdc95ac05a2ea49c4aa3ec2b9bcd7e1
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 15:32:49 2015 -0400

    pluto: call PK11_Directly in new code
    
    For hash_symkey, it also assumes that NSS now works.

commit e2c91e5b4b068830194114e82278f6e79814d9ac
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 13:40:15 2015 -0400

    pluto: move pk11_extract_derive_wrapper_lsw to ikev1_prf.c
    
    Has only call.

commit 39d3aa5830fa7c1cd89c2a807c2bd8a2ef5d42fb
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 12:57:04 2015 -0400

    pluto: delete nss_symkey_log, not called
    
    For debugging use dump_symkey.  Above also had a
    double free bug.

commit 3a9d855400e87170e74dc16c8cb320faa152fe7a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 12:55:50 2015 -0400

    pluto: add crypt_symkey.[hc] to Makefile
    
    Missing from commit 6ada7d80e36ff751dacd80b808f56d66dc601460

commit 313c1f67c41c7d55f61ffb4aece863c4852d988f
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 12:28:31 2015 -0400

    pluto: make hex-to-chunk function public
    
    so it can be used by test code

commit 6ada7d80e36ff751dacd80b808f56d66dc601460
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Apr 13 10:31:22 2015 -0400

    pluto: move the symkey utility functions to their own file

commit 44fb7e05e873a49b270a8e41b05837d3a000a1f6
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 22:57:54 2015 -0400

    pluto: move skeyid_digisig to ikev1_prf.c, make static

commit 96ad4eb4df78e7a48e593e6415bde08850614205
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 22:25:37 2015 -0400

    pluto: only compute child keymat once
    
    Was computing it twice while testing.

commit 201ad92d16737d93515f46767958abd708eb74f9
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 21:40:29 2015 -0400

    pluto: append correct value in crypt_prfplus; fix keylen in crypt_prf
    
    and add more dump code

commit d3b4c464bb8245d82dad3ff62f5051017708ede6
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 15:06:49 2015 -0400

    pluto: re-implement PRF+ for IKEv2, handle DH children

commit 4ce85c693a32372ed394915315330511928db374
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 14:33:08 2015 -0400

    pluto: implement a generic prf function; use in ikev2

commit e6369631f438462fedd5eba5d9a6ea78ac989039
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 12:09:10 2015 -0400

    pluto: generic functions to extract symkeys from symkeys

commit e4a25a06526a30904588d61c5559d0afb97a1700
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 11:35:54 2015 -0400

    pluto: add byte-sized chunk-from-symkey function, use better names

commit cbeaada6dc1d803a06279e83e02dff7fdc10dcf1
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 11:28:06 2015 -0400

    pluto: fix parameter order to child_sa_keymat.

commit 7ab64c41af34b0d814d8f964c1253f7646013cfd
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 03:30:08 2015 -0400

    pluto: implement ikev2_ike_sa_rekey_skeyseed

commit 35193ab4bde0710ac26d9302d3505bf668ad7512
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 02:07:33 2015 -0400

    pluto: use ikev2_prfplus to get child_sa key
    
    No DH though.  And still in test mode.

commit e1c3dfddc333bdb93b47d954074b1863a68e47ab
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 10 01:09:09 2015 -0400

    pluto: extract ikev2_prfplus

commit ad3bedac731dbb0c08b9aeeaa3b9d50415649d25
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 9 20:38:03 2015 -0400

    pluto: move PRF/Keying Material code from crypt_dh.c to ikev[12]_prf.c
    
    Step on the way to having testable access to the v1 and v2 PRF functions.
    Perhaps the files should be called ikev[12]_keymat.c, ah well.

commit 6d57e5e2fb36ac5db8f3a8dc94ba9afe8c25b215
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Apr 9 11:15:06 2015 -0400

    pluto: rename ikev2_prfplus.[hc] to ikev2_prf.[hc]



More information about the Swan-commit mailing list