New commits:
commit 71aa8a924bb478a4112ab94d5a8b7dfaac97ca2c
Author: Andrew Cagney <[email protected]>
Date: Mon Nov 4 16:51:09 2024 -0500
testing: tweak tests after PPK merge
commit 93fcc167a963858f067f1254d2f31626966914b0
Merge: cbcb99c936 4f4c7b1ec7
Author: Vukašin Karadžić <[email protected]>
Date: Mon Nov 4 12:51:34 2024 -0500
ikev2: add initial support for draft-ietf-ipsecme-ikev2-qr-alt-09
this draft enables mixing in PPK during IKE_INTERMEDIATE exchange, which
ensures post-quantum protection of the initial IKEv2 SA as well.
some implementation notes:
- the RFC8784 code in ikev2_ike_auth.c is precluded with if (*st_v2_ike_ppk
== PPK_IKE_AUTH)
- the draft also defines a mechanism to mix PPK's into CREATE_CHILD_SA
exchanges used for
creating new Child SA's and rekeying. This commit does *not* contain that
mechanism.
- all ikev2-ppk-* tests still pass
- interop successfully done with ELVIS-PLUS
Merge remote-tracking branch 'vukasink/ppk-alt-09'
Signed-off-by: Andrew Cagney <[email protected]>
commit 4f4c7b1ec73f12d5d8cde7d718ce33a76a602646
Author: Vukašin Karadžić <[email protected]>
Date: Sun Oct 13 15:59:11 2024 +0200
ikev2: update PPK qr-alt-04 code; result of git rebase
commit e00f16b5abfad38bf223072cc761e2351441dc16
Author: Vukašin Karadžić <[email protected]>
Date: Sun Oct 13 15:58:21 2024 +0200
testing: update ikev2-ppk-intermediate-01 test
commit a19088a5a2612ccc172374a51059a2326ff97033
Author: Vukašin Karadžić <[email protected]>
Date: Sun Oct 13 15:20:13 2024 +0200
ikev2: add variable comments in calls to PPK-related function
commit 4113068b22eceeca6441a2a1b19769956f3e09fa
Author: Vukašin Karadžić <[email protected]>
Date: Sun Oct 13 14:38:00 2024 +0200
enum: fix enum array ranges when defining qr-alt private notifies
i.e., do not waste space with one big array, split it in two arrays;
one containing just v2N_NULL_AUTH, the other one notifies for qr-alt
commit d22e2dc0759d685a102413ce32dbe07b0f5bcc2e
Author: Vukašin Karadžić <[email protected]>
Date: Sun Oct 13 14:18:42 2024 +0200
ikev2: update PPK in INTERM. from qr-alt-00 to qr-alt-04 version
Nothing structurally changed, just the IKEv2 Notify name was changed
from USE_PPK_ALT to USE_PPK_INT
commit 8de2f8585f5a2167fdbe25d292025d83748fece1
Author: Vukašin Karadžić <[email protected]>
Date: Tue Jul 9 23:27:12 2024 +0200
testing: add ikev2-ppk-intermediate-01-insist-yes
basic test for draft-ietf-ipsecme-ikev2-qr-alt-00
commit d7c845232817bef502138c5592f0af15d19f04b8
Author: Vukašin Karadžić <[email protected]>
Date: Tue Jul 9 23:14:38 2024 +0200
ikev2: add initial support for draft-ietf-ipsecme-ikev2-qr-alt-00
this draft enables mixing in PPK during IKE_INTERMEDIATE exchange, which
ensures post-quantum protection of the initial IKEv2 SA as well.
some implementation notes:
- the RFC8784 code in ikev2_ike_auth.c is precluded with if (*st_v2_ike_ppk
== PPK_IKE_AUTH)
- the draft also defines a mechanism to mix PPK's into CREATE_CHILD_SA
exchanges used for
creating new Child SA's and rekeying. This commit does *not* contain that
mechanism.
- all ikev2-ppk-* tests still pass
- interop successfully done with ELVIS-PLUS
commit 16c756d39f86b68668cd34f14b249c49d1ee38d5
Author: Vukasin Karadzic <[email protected]>
Date: Fri Jul 5 21:23:42 2024 +0200
testing: add ikev2-ppk-static-11-multiple-ppk-ids/
It tests if parsing ppk-ids option and searching through
listed PPK_IDs works as it is intended.
commit fe0ba3ae2ed7631f6fc100be8fec149e780b147d
Author: Vukasin Karadzic <[email protected]>
Date: Sun Jun 30 00:31:07 2024 +0200
pluto: refactor two PPK functions
in preparation for draft-ietf-ipsecme-ikev2-qr-alt-00.
Update comments referencing the qr-alt draft along the way.
commit 80b377a6cf57e2f63fd3317d3a9d5552a03188bd
Author: Vukasin Karadzic <[email protected]>
Date: Sun Jun 23 11:43:47 2024 +0200
pluto: rename two PPK functions
The new names try to indicate what do the functions actually do. One
gets PPK and PPK_ID, the other one just PPK (with specified PPK_ID).
Merging them may be possible, but definitely not straight-forward.
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
