[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Fri Jan 15 16:50:09 UTC 2016
New commits:
commit 232e3e496ace620410ec4f355a28b18b65afe7f0
Merge: 1a82eee 18bd80c
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jan 15 11:48:22 2016 -0500
pluto: switch IKEv2 to dedicated SA code (and thus we fathomed the inscrutable dance of the sadbs)
The code can be broken down into three separate components:
- ikev2_proposals_from_alg_info_ike() and ikev2_proposals_from_alg_info_esp()
These identpotent functions replace the inscrutable SADB dance and sa_v2_convert.
- ikev2_process_sa_payload()
This replaces the separate but largely identical parent and
child SA proposal matchers.
The new algorithm makes a single pass through the received proposals
(it doesn't even first read them into an internal structure) and
selects based on our preference order. The worst case complexity is
thought to be:
O(nr-remote-transfoms) * O(nr-local-transforms)
- ikev2_emit_sa_proposals() and ikev2_emit_sa_proposal()
these replace code found in the old parent/child matches
along with other proposal emit code scattered through out
pluto
In addition:
- the static proposals are described using simple tables
- it should be ESN and CHILD_SA+DH "ready" (at least the
known limitations were eliminated)
- since creating, parsing, and emitting proposals are cleanly
split, it is possible to parse things early and emit things
late (the old code prevented this being fixed)
- the custom IKEv2 MODP table is gone, instead the initial
modp group is found by looking in the proposals
Merge branch 'a-quick-proposal'
commit 18bd80c8e3eee6b6df7ee565bd8b9a09935204d5
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 13 20:28:58 2016 -0500
pluto: delete all dead IKEv2 SPDB based code
commit 60e41693ece8483300c7ab82169ef216187da935
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 14 19:53:49 2016 -0500
pluto: make the ikve2_transforms table a fixed size array
Simplifies memory management, and dealing with skipped
proposals when constructing things from alg info.
(Remember this only applies to local static proposals; remote
proposal are not stored so have no limits).
If the alg-parser ever gets changed to describe
commit ae502a99f104e30c3864f341a4b4b4046d57c4d6
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 14 10:45:54 2016 -0500
pluto: when constructing ike proposal, drop unknown algorithms
commit e99264cf8fa59c3a0bd0da192d6bf2f408e163b6
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 14 09:47:37 2016 -0500
pluto: get modp group information from struct ikev2_proposals *st_ike_proposals
Seeing as that, definitively, defines what an acceptable modp
group is.
commit c4ad0eb87f41e1c5e124a2ad4674df83dfdc30e7
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 13 20:15:06 2016 -0500
pluto: fix typo, aes128 in last proposal
commit 89374add1c153232ea68b991c9951bc9a807b898
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 13 16:49:01 2016 -0500
pluto: use correct v1tov2-integ converter when AH
commit d0fca6ae27716c762aa16b7a8ecdf9314713cafe
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 13 12:38:09 2016 -0500
pluto: better compatibilty with existing strongswan tests
First, oops, don't include a PRF in ESP/AH proposals;
and second don't yet merge proposals as strongswan cherry-picks.
commit 10b3d0c7adbe0e49d8af0e8f8ad7400623526586
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 13 09:48:58 2016 -0500
pluto: more NULL checks in free function
commit c5134ffe2b38ebae31b0d638d403935e144279d6
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 12 20:52:41 2016 -0500
pluto: use correct ESP/AH v1->v2 integ conversion function
commit 802fb52c2131e848646aa2f5bd47fec3f3ea4b1c
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 12 20:42:59 2016 -0500
pluto: store the proposals and accepted proposal in struct state
Perhaps "struct connection" is better but this matches st_sadb.
commit f4b18f26d9afbf96ab306542ea6f6e6a3b663e42
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 12 19:43:01 2016 -0500
pluto: delete #ifdef OLD_PROPOSALS code
commit b197a68733e45bb0f3cfcc4ba7fb1399e03d7dbe
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 12 19:36:03 2016 -0500
pluto: switch esp initiator to using new proposal matcher
commit 7dcce306a7bc80e61a9d212c14ea7f7f3d8f5251
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Jan 9 19:42:41 2016 -0500
pluto: don't panic when an ESP algorithm is missing from ike_alg
commit e7a76710a28aa7923d8bb8b976647359f26d1db1
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Jan 9 12:09:21 2016 -0500
pluto: fix esp v1tov2 encryption conversion
commit c43cdc6db9097bd7f62bdea65d3f37931f78c99c
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jan 8 22:22:47 2016 -0500
pluto: fix switch(policy) for ESP/AH and delete dead code
commit 7e7a9a3a2b8099911eaba579a071164ee2065de3
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jan 8 20:32:24 2016 -0500
pluto: first cut at dealing with esp=...
commit ba3a3dca69ca740c6df219f716320e77d664747e
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Jan 8 20:32:01 2016 -0500
pluto: add alg_info_snprint_esp_info
commit 8a6669a067f1559afda60205984f17f66e18883d
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 7 22:05:31 2016 -0500
pluto: clean up ikev2_proposal logging
commit 81faaf854f30d914ecbf246bee69ad5041717d5b
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 7 21:14:07 2016 -0500
pluto: copy the agreed ESP/AH proposal into state/connection
commit b36926d43b0fd73516d474d0ce98149aadec84ec
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 7 19:51:29 2016 -0500
pluto: inline ikev2_process_ike_sa_payload
Prepares the path to processing the SA payload _before_
the SPI is generated and before DH is computed.
commit fcbd560f68ce69ea68e75d85345c89cab77703f0
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 7 16:48:41 2016 -0500
pluto: pass the local SPI around using a chunk_t
commit 6561e1ab36edbd8065af20d0511934a115fc03c3
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 7 15:02:16 2016 -0500
pluto: fold ikev2_chosen_proposal into ikev2_proposal
commit 1e2671057a56ce31a7781e75179944eafea89572
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jan 7 14:12:50 2016 -0500
pluto: sketch out processing of ESP/AH sa proposals
commit c344d1cf74e8f2067fad4891371857139af9cfcb
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 6 20:25:00 2016 -0500
pluto: move more ike specific code into ikev2_process_ike_sa_payload
commit 978a61abe3aaff56866f9836d26ac7c400b0b265
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 6 20:08:12 2016 -0500
pluto: use new code to generate default EH/ESP proposals
Including SPIs.
commit db5a84d22672d9305b02b73346da693a2e589317
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jan 6 19:30:12 2016 -0500
pluto: initial code for saving and generating SPIs
commit d45e07280e9cce4523e1b29be7e049c505a3a71a
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 5 19:24:27 2016 -0500
pluto: add a proto-id field to ikev2_proposal
Save's hassle of passing it around, and checking
it when matching proposals prevents potential
problem with matching proposal with wrong id.
commit 2b798590df46d9f2e1f4b85a18f1995659789c43
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 5 14:42:38 2016 -0500
pluto: first cut at default esp/ah proposals
not enabled
commit ca369352e62d8f22873aef49c968414fda0eacd2
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Jan 5 09:44:30 2016 -0500
pluto: clean up ikev2/ike proposal table
commit 0a72bbbac54fee9ef498c880d39961f3e8aa0c17
Merge: 419fbab 70c33c1
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 23 14:47:11 2015 -0500
Merge branch 'master' into a-quick-proposal
Bring in the latest test improvements and ready things
for re-implementing AH and ESP.
Technical nit: this wasn't re-based as intermediate commits
on this branch are known to not build/not work.
commit 419fbab5c05f1b16d033783653eb647b76603f84
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 23 14:33:47 2015 -0500
pluto: factor out common code emitting all proposals and just the chosen proposal
commit 51cfb02bca95a50572a34548ab90014833f3ae99
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 23 11:30:17 2015 -0500
pluto: when ike=aes- propose aes128 aes256, for instance
If no keylen was specified, then the longer key should be proposed
but, to plicate the test results, do the reverse for the moment.
commit cf37754c5ba4cfbbee63ac9ea86c5a0b062957a6
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 23 00:17:27 2015 -0500
pluto: when ENCR allows zero keylen, only propose zero keylen
For instance 3DES.
commit 854fa01556ba871478603efe7d0a246b7e4bebcc
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Dec 22 23:58:03 2015 -0500
pluto: use new code to generate initiator IKE proposals
commit a180e5e078e40038d561da8e2aa52713fff1d8c9
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 21 21:26:24 2015 -0500
pluto: use new sa payload parser on replies (containg accepted proposal)
commit a991603e79dd482070aff4426cc30dbea133f3b6
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Dec 20 23:37:18 2015 -0500
pluto: oops, for 3DES really allow a proposal with no keylength
commit 0a96a91d8c1a32ef55ccaf33eaaff9470920351d
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Dec 20 23:11:14 2015 -0500
pluto: when AEAD, accept a null integrity proposal
but only one.
commit 19753568119a2a8fb4491ac9aafc7bbe594d84a6
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Dec 20 22:13:59 2015 -0500
pluto: allow a zero keylen in a proposal (when 3DES say)
commit dccce0330f3c4d6dda8cec0c09b4cbb58cd75eda
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Dec 18 16:54:53 2015 -0500
pluto: for ike=aes-... generate both KEYMAXLEN and KEYDEFLEN transforms
This leaves open what to do with a bad proposal like AES_000
which strongswan is rumoured to generate, or the case of
a true zero (default) keylen proposal.
commit 43c5e37e41d3515507f6dfedc22428a519a66034
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Dec 18 15:05:02 2015 -0500
pluto: pretty logging of local and chosen proposals
commit a076ed567eec009ba3ee1a7fd5df84e73582fd61
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Dec 18 11:02:21 2015 -0500
pluto: convert ike-info from parser to ikev2_proposals
commit 1c90098a82d65ce9ce8a680d9216fc5dcd814fce
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Dec 17 21:28:54 2015 -0500
pluto: add alg_info_snprint_ike_info
prints an individual ike-info as created by the parser
commit 5a83ee64a1cf3fe540f16f91a8bf36919dbada37
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 16 10:12:35 2015 -0500
pluto: add more structure to the local proposal tables
commit 5d928f9b8e4743a7f4155b4894702df0d13c8fa3
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Dec 15 10:58:09 2015 -0500
pluto: internalize the chosen IKEv2 proposal
This means that, for IKE, the old proposal code is no longer being used.
(still missing is handling custom proposals).
commit 9782570006c7d9515f46a0ae84ad6be6588b214b
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 14 21:21:26 2015 -0500
pluto: emit the accepted proposal
commit 0e5a3bf37ed37ec627a6621f5081cf41af2af2ea
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 14 14:58:46 2015 -0500
pluto: use lstat_t set to track transform types found
commit 277ccb6b48b4fb1e699ac3e97c6b973fb9bc4b46
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 14 14:33:15 2015 -0500
pluto: compare all initiator and responder proposal combinations, choose "first"
commit a6ef2692cb21085d710e6d4761ef76bc142a91af
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Dec 11 20:19:48 2015 -0500
pluto: prefer the earlieast of our responder transforms that matches
(not proposal). Change proposal structure so that it includes
a count of each transform list.
commit 6a119de51625a9193d22c3177eb83b3c70b7ae39
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 9 13:50:58 2015 -0500
pluto: define IKEv2_TRANS_TYPE_ROOF
commit 723dcd16f1c1faa87695e93ecaff4728eff5cc9c
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Dec 7 21:57:57 2015 -0500
pluto: prototype matching SA proposals in-line
i.e. rather than reading in all the transforms and
processing them as a set of nested loops, try matching
each transform with just its type.
manages to successfully identify a matching transform
More information about the Swan-commit
mailing list