[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Wed Apr 29 18:17:13 EEST 2015
New commits:
commit 82fd22ab5a95e2f3772a7edd8e29a98b40af125e
Merge: b2c7a68 b694d92
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 29 10:46:25 2015 -0400
pluto: re-implement PRF eliminating duplicates; add CAVP test program
The file crypt_prf.c implements rfc2104 PRF using PK11SymKey and
PK11_Derive. It doesn't use NSS's lower-level HASH interface
as that writes the result to an unprotected buffer. The down
side is that it has to create/free lots of PK11SymKeys.
It can be tested by feeding the CAVP program test vectors from NIST.
The old PRF code, found in hmac.c(1) and crypt_dh.c(2), has been
replaced with calls to the above.
Notes:
crypt_symkey.c, which provides sane wrappers around
PK11_Derive, could do with a further clean-up - pluto,
since for ever, has been creating scratch keys of type
CKM_CONCATENATE_BASE_AND_DATA.
It would be nice to eliminate the hmac_init et.al. wrappers;
it would simplify ikev1_quick.c.
More crypto material should be left in PK11SymKeys and
only copied to buffers when needed.
All code should switch to crypt_symkey.c; especially free_any_symkey().
All code should switch to DBG_dump_symkey; it only dumps the
raw key when DBG_PRIVATE.
NSS needs an interface that doesn't leak results and doesn't
force a lot of PK11SymKey create/freeing.
Merges prf-rewrite branch.
commit b694d928a156a0a362c5e2fe4832dd9232be6f4c
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 29 10:19:02 2015 -0400
pluto: testing: cleanly shutdown NSS after running tests
commit bb91124f055b9706b8ac59b864978a4247a8a5eb
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 28 22:01:00 2015 -0400
pluto: try to make debug messages from crypt_symkey.c slightly less cryptic
commit dc6685d87ac099a0d81ae1957030cfb908984fbc
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 28 14:23:43 2015 -0400
pluto: add free_any_symkey function; call from new PRF code
Leaves old code :-(
commit 4f2f53136e4da1b7720d8cf68c135abef81359bc
Merge: 14bc2f4 9efef74
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 28 13:03:59 2015 -0400
Merge branch 'prf-rewrite' of vault.libreswan.org:/srv/src/libreswan into prf-rewrite
commit 9efef744462aecabaa20ad5767a489accbd20aca
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 28 12:11:41 2015 -0400
pluto: add missing free to ikev2_prfplus
commit 1b1a4dd59faf457be40c6d0a35b39c73112537bf
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 28 11:20:33 2015 -0400
pluto: add more missing cases to ckm_to_string
(also return upper-case strings so spotting them is easier)
commit 64e0bfbdd6e2e1cb633b29fa29c46eb44538b9ea
Merge: 5fc2d9a bbc36b1
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Apr 27 19:53:33 2015 -0400
Merge branch 'prf-rewrite' of vault.libreswan.fi:/srv/src/libreswan into prf-rewrite
commit bbc36b1ce448a00dac21b8b06b092e58827c5d67
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 27 19:28:15 2015 -0400
pluto: re-implement hmac.c using crypt_prf.c
This should mean that there's only one PRF implementation
in the code base.
Nice to have is go through the hmac.c callers and have
them use crypt_prf directly.
commit 132159ff79c5533af81bca6d0894f7c31dad93b5
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 27 19:26:34 2015 -0400
pluto: implement crypt_prf_final_bytes and crypt_prf_update_bytes methods
makes re-implementing hmac.c easier (and for that matter
hashing stuff on the wire).
commit 27626fba84d19b8dfafce2f496929c61ddd7c4cf
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 27 19:25:13 2015 -0400
pluto: fix DBG_CRYPT crasher in DBG_dump_symkey when symkey==NULL
commit 39239094bbcf549567470767c79110b226fcf8d2
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 27 15:33:52 2015 -0400
pluto: add DBG_dump_symkey which tries to keep symkes private
Use, update calls to dump better info.
commit f51d1fd350074cb3167a33ee49a9d0b09ed3b4b4
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 27 10:33:08 2015 -0400
pluto: add bytes_from_symkey_*; use from chunk_from_symkey_ *
This has the effect of testing the code before something external
uses it.
commit dafcb3244897bf7400f382298697f363f865382c
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 24 12:12:37 2015 -0400
pluto: add concat_symkey_bytes and append_symkey_bytes
Tweak code so everything uses them (gives better code coverage).
commit e9c7ee73bed3c2ea864a44ab0a37dc152f466f07
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 24 11:33:13 2015 -0400
pluto: add symkey_from_bytes()
hmac likes lower-level interfaces
commit 693e70bdd4954cb0968cc7115a7afdb54c84d6f0
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 23 22:31:49 2015 -0400
pluto: add chunk_from_symkey
commit 25509556e5eb40545a7bcd2c1d61a000f976416c
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 23 22:13:43 2015 -0400
pluto: replace merge_symkey_chunk with merge_symkey_bytes
prep for byte based symkey interfaces.
commit 145eb32316ad3e9b9d92d9d6fc9c05174de49a84
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 21 16:51:49 2015 -0400
pluto: add notes on how to use crypt_prf.
commit 4785bdf607c86a30dd14c463ae57ccda17be4e1d
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 21 16:48:10 2015 -0400
pluto: delete higher-level crypt_prf, all code uses lower-level functions.
commit 5fc2d9a90e5aeccf5d6e9ee3cce7070f92de2241
Merge: bc3f783 d3597f4
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Apr 21 09:40:58 2015 -0400
Merge branch 'prf-rewrite' of vault.libreswan.fi:/srv/src/libreswan into prf-rewrite
commit bc3f7831484215e2d8d545745f8e67ac8650bc8a
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Tue Apr 21 09:19:11 2015 -0400
pluto: Fix CLOCK_BOOTTIME build failure
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit 5980824b4f79a4652b60033528735d47dade2516
Author: Herbert Xu <herbert at gondor.apana.org.au>
Date: Tue Apr 21 09:17:08 2015 -0400
_stackmanager: The == operator is not portable and fails on Debian under dash
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit d3597f4cb2a6bbcc9415e2153775d811ebc72cd9
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 21 08:55:26 2015 -0400
pluto: restore DBG_dump_chunk call from dbg_dump_symkey
There's a stray debug dump call, just not that one.
Partial revert of 4883afd9fc891e277d0bddc64e2a8598d650cfbc.
commit 14bc2f4211dfe97a930edad8f2b259a0bacc8077
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Apr 20 18:25:23 2015 -0400
increase BUF_SIZE to 4096
commit 28f695b61d9bb453e995df4fe7b7ed54065d50ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Apr 20 18:21:38 2015 -0400
move seam to cavp_stubs.c
commit 4883afd9fc891e277d0bddc64e2a8598d650cfbc
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 20 16:00:19 2015 -0400
pluto: fix extraction of key from keymat when offset is non-zero
Forgot to convert byte offset to bit-offset.
Delete stray logging line.
commit 73d616ee22d4cc52a0f5d98794a20750c3b34cdd
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Apr 19 19:24:25 2015 -0400
cavp.c: seam for LABELED_IPSEC
commit 7ccd1ba34e7d02fdee9cfda57777fabde3989a99
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 23:13:01 2015 -0400
pluto: merge separate cavp test programs into a single app
includes a very raw usage message
commit 23decb59ca57c25b71d9b327b8143afb3393a9ae
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 23:09:37 2015 -0400
pluto: add struct declaration
commit 279de50d051789ad90c1f16ea595a31c6c090b0b
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 23:09:07 2015 -0400
pluto: some notes on PRFs
commit 151f74ad83f82a0c5b06c32aed3a4420f7e9c722
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 00:53:47 2015 -0400
pluto: use lower-level crypt_prf interface
commit bb4f542d064b882961985350de0d466731c649f1
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 00:18:29 2015 -0400
pluto: delete unneeded #include.
commit 92358f8fe7d107314d263b474d36ebf0320434cf
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 00:14:45 2015 -0400
pluto: testing: driver for ikev1_dsa (ike., RSA_SIG)
commit da03114cb849ff58aa35295b8469ce5e65370e14
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 00:01:59 2015 -0400
pluto: rename ikev1_digital_signature_skeyid to ikev1_signature_skeyid
Trying to avoid confusion with DSS, which it has nothing to do with :-)
e Please enter the commit message for your changes. Lines starting
commit f6f0c61f1a3d524734f29135ce08a464c57ecc54
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 17 00:00:36 2015 -0400
pluto: testing: implement a driver from CAVP ikev1_psk test.
http://csrc.nist.gov/groups/STM/cavp/index.html
commit e033881f95baf6cb02ff09020317a02af15ca4be
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 16 11:19:10 2015 -0400
pluto: re-implement crypt_prf using low-level primitives
commit bdc316616a4fbd6129f20d5d473d37f0ec105eee
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 16 11:09:58 2015 -0400
pluto: implement a low-level prf function
need to use it
commit 066aa5c38e460972da3653b4578d8b067a1a74f7
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 15 21:24:42 2015 -0400
pluto: move crypt_prfplus to ikev2_prf.c
IKEv2 only.
commit b190627e763673b5d46c61762627f443ed5c1f09
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 15 21:21:38 2015 -0400
pluto: re-implement ikev1's appendix b for skeyid_e.
commit 837dfb850fd19a79991bc4562b7870dce53966f2
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 15 20:42:55 2015 -0400
pluto: use crypt_prf, fix value for skeyid_e.
commit 22c832eb2c5162835772fb126111ad2844355a2d
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 15 19:53:05 2015 -0400
pluto: extract code implementing ikev1_skeyid_X methods; mostly
skeyid_e isn't quite right.
commit 7bb7bad1905bbc5a4a647be19ae0ef1138379623
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Apr 15 16:33:42 2015 -0400
pluto: make ikev1 skeyid functions public with longer names
commit 070dc3ba2aa46ac1e06b9e8d879a976237b7a05a
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 17:09:03 2015 -0400
pluto: move pk11_derive_wrapper_lsw to ikev1_prf.c, only caller
commit 4a2cca06fde520c123d4af0134b0f5301a9c2206
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 17:03:56 2015 -0400
pluto: use symkey_from_chunk to convert a chunk(psk) into a symkey
commit 78a7b506770916701b9cf60ab1080baf7e29ae11
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 16:52:17 2015 -0400
pluto: make hmac_init very like crypt_prf.
Use the same underlying functions, and better handle
longer keys.
commit fed0b652cc5b17c803a466f204a1c79f292b5420
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 16:39:59 2015 -0400
pluto: use simpler xor_symkey_chunk in hmac.c
commit fd1d3ef9a86eb399f04c87abd6b2b20c7a36d0f8
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 16:22:32 2015 -0400
pluto: add xor_symkey_chunk, use in crypt_prf.c
It's implementation is slightly different to what is used
in hmac, need to figure out why.
commit c5a07cc9c2184bc53b379f162fada74532a5ffb2
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 15:46:39 2015 -0400
pluto: shuffle hash_symkey and PK11_Derive_lsw
Switch hmac.c to simpler hash_symkey.
Leaves ikev1_prf.c as only user of PK11_Derive_lsw.
commit 3663eec6fbdc95ac05a2ea49c4aa3ec2b9bcd7e1
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 15:32:49 2015 -0400
pluto: call PK11_Directly in new code
For hash_symkey, it also assumes that NSS now works.
commit e2c91e5b4b068830194114e82278f6e79814d9ac
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 13:40:15 2015 -0400
pluto: move pk11_extract_derive_wrapper_lsw to ikev1_prf.c
Has only call.
commit 39d3aa5830fa7c1cd89c2a807c2bd8a2ef5d42fb
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 12:57:04 2015 -0400
pluto: delete nss_symkey_log, not called
For debugging use dump_symkey. Above also had a
double free bug.
commit 3a9d855400e87170e74dc16c8cb320faa152fe7a
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 12:55:50 2015 -0400
pluto: add crypt_symkey.[hc] to Makefile
Missing from commit 6ada7d80e36ff751dacd80b808f56d66dc601460
commit 313c1f67c41c7d55f61ffb4aece863c4852d988f
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 12:28:31 2015 -0400
pluto: make hex-to-chunk function public
so it can be used by test code
commit 6ada7d80e36ff751dacd80b808f56d66dc601460
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Apr 13 10:31:22 2015 -0400
pluto: move the symkey utility functions to their own file
commit 44fb7e05e873a49b270a8e41b05837d3a000a1f6
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 22:57:54 2015 -0400
pluto: move skeyid_digisig to ikev1_prf.c, make static
commit 96ad4eb4df78e7a48e593e6415bde08850614205
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 22:25:37 2015 -0400
pluto: only compute child keymat once
Was computing it twice while testing.
commit 201ad92d16737d93515f46767958abd708eb74f9
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 21:40:29 2015 -0400
pluto: append correct value in crypt_prfplus; fix keylen in crypt_prf
and add more dump code
commit d3b4c464bb8245d82dad3ff62f5051017708ede6
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 15:06:49 2015 -0400
pluto: re-implement PRF+ for IKEv2, handle DH children
commit 4ce85c693a32372ed394915315330511928db374
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 14:33:08 2015 -0400
pluto: implement a generic prf function; use in ikev2
commit e6369631f438462fedd5eba5d9a6ea78ac989039
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 12:09:10 2015 -0400
pluto: generic functions to extract symkeys from symkeys
commit e4a25a06526a30904588d61c5559d0afb97a1700
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 11:35:54 2015 -0400
pluto: add byte-sized chunk-from-symkey function, use better names
commit cbeaada6dc1d803a06279e83e02dff7fdc10dcf1
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 11:28:06 2015 -0400
pluto: fix parameter order to child_sa_keymat.
commit 7ab64c41af34b0d814d8f964c1253f7646013cfd
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 03:30:08 2015 -0400
pluto: implement ikev2_ike_sa_rekey_skeyseed
commit 35193ab4bde0710ac26d9302d3505bf668ad7512
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 02:07:33 2015 -0400
pluto: use ikev2_prfplus to get child_sa key
No DH though. And still in test mode.
commit e1c3dfddc333bdb93b47d954074b1863a68e47ab
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 10 01:09:09 2015 -0400
pluto: extract ikev2_prfplus
commit ad3bedac731dbb0c08b9aeeaa3b9d50415649d25
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 9 20:38:03 2015 -0400
pluto: move PRF/Keying Material code from crypt_dh.c to ikev[12]_prf.c
Step on the way to having testable access to the v1 and v2 PRF functions.
Perhaps the files should be called ikev[12]_keymat.c, ah well.
commit 6d57e5e2fb36ac5db8f3a8dc94ba9afe8c25b215
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Apr 9 11:15:06 2015 -0400
pluto: rename ikev2_prfplus.[hc] to ikev2_prf.[hc]
More information about the Swan-commit
mailing list