[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Fri Feb 11 20:40:35 EET 2022 

New commits:
commit 9674fad63e08c32ca5756f04ee6bf031547cd649
Merge: b2e5221fa6 c26a5a06e2
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Fri Feb 11 13:30:36 2022 -0500

    ikev2: implement EAP-TLS support as IKEv2 responder
    
    Signed-off-by: Andrew Cagney <cagney at gnu.org>

commit c26a5a06e22f81521b2df40a76b33075e147ad2e
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Mon Nov 22 15:42:36 2021 +0200

    ikev2: implement EAP-TLS support as IKEv2 responder
    
    This implements IKEv2 EAP-TLS authentication responder side
    using NSS TLS library. Tested against Windows 10.

commit 58e387fb0cd5744dc7f015fb954b9ff529aaf6ee
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Thu Dec 16 13:12:53 2021 +0200

    ikev2: introduce v2_ike_sa_auth_responder_establish() helper
    
    To update the ike_sa state, and process pending notifys.
    Will be shared with the EAP authentication path.

commit e19fe55f530e3a01a55b1891e3f5c8e80a707805
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Tue Nov 23 15:33:27 2021 +0200

    ikev2: introduce generate_v2_responder_auth() helper
    
    To calculate the responder's first IKEv2 AUTH. This will be shared
    with the EAP code path.

commit e9d6b2e82df9e6f06c3958bbebeb369e6082b285
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Tue Nov 23 15:19:55 2021 +0200

    ikev2: introduce process_v2_IKE_AUTH_standard_payloads
    
    Move parsing of the general IKE_AUTH payloads to separate helper
    function, so it can be also called from EAP code path.

commit 48b71a90518f91f003885154d4a035cd009faa76
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Mon Nov 22 15:07:03 2021 +0200

    ikev2: update PSK API to optionally get the secret as argument
    
    Add 'chunk_t pss' argument to ikev2_emit_psk_auth() and
    v2_authsig_and_log_using_psk() to provide generated pre-shared
    secret. Update also emit_v2_auth() to pass the auth_sig as
    the calculated shared secret (this defaults to empty hunk in
    current PSK paths).
    
    This is a prerequisite for the EAP-TLS authentication.

commit 30d8d9393d051b9f9179df29443688334c571344
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Mon Nov 22 14:28:42 2021 +0200

    consts, enums: add needed EAP, EAP-TLS and IKEv2 EAP payload definitions

commit 7ba93f781ad10c27df1dd3c86d918ac7b107a1eb
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Thu Dec 16 16:35:37 2021 +0200

    connections: fixup symmetric policy for eaponly too

commit 2eb52365de1a1817256fcfa36e11ae93a3558780
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Thu Dec 16 10:24:17 2021 +0200

    whack: support authby=rsa|eaponly

More information about the Swan-commit mailing list