main

Libreswan VCS commit list Thu, 24 Jul 2025 12:28:57 -0700

New commits:
commit 572f54b1befc67af5aaa4f209d28955bd11a62ce
Merge: 096e20dccb 816667b89f
Author: Andrew Cagney <cag...@gnu.org>
Date:   Thu Jul 24 15:23:18 2025 -0400


    Merge add "ADDKE" algorithms to proposal parser
    
    based on:
      #1830 ikev2: add support for multiple key exchanges (RFC 9370)
    with additions:
    
    - add basic tests to algparse
    - show the ADDKE algs
    - only parse when .addke=true for now
      need discussion around when it should be allowed

commit 816667b89f100752231b5277d96969e84789248a
Author: Andrew Cagney <cag...@gnu.org>
Date:   Thu Jul 24 11:49:17 2025 -0400

    testing: update algparse tests, also try -addke

commit df6584fd2ae7aa7bac900b8a0bc001580b5a1348
Author: Andrew Cagney <cag...@gnu.org>
Date:   Thu Jul 24 11:48:38 2025 -0400

    algparse: add --addke option to allow additional key exchange
    
    ... for now

commit 764702916dfd8ef8e621ba1bfbe6c2d70776a383
Author: Andrew Cagney <cag...@gnu.org>
Date:   Thu Jul 24 11:12:42 2025 -0400

    proposals: only accept ADDKE* algorithms when .addke is enabled
    
    ... in struct proposal_policy
    
    also drop impair.proposal_parser checks in addke code
    per #2364 simplify impair.proposal_parser
    it needs a rethink.

commit e5b31cdab2b14c4b2df63994c6414e721fd0d99f
Author: Andrew Cagney <cag...@gnu.org>
Date:   Wed Jul 23 19:04:19 2025 -0400

    proposals: rename PROPOSAL_dh->PROPOSAL_ke
    
    It's going to be logged as KeyExchange

commit a4760fedcac5b9417efd6dd60ee47ba231f13816
Author: Andrew Cagney <cag...@gnu.org>
Date:   Wed Jul 23 18:12:11 2025 -0400

    proposals: rewrite jam_proposal()
    
    Iterate over all enum proposal_algorithm/s so that additions
    are automatically included.  Fixes:
    
        algparse -v2 'ike=aes_cbc-sha1-modp2048-modp2048'
                AES_CBC-HMAC_SHA1-MODP2048

commit 9a6e2eea33f25e7b3937c739d1668b364efb9981
Author: Daiki Ueno <u...@gnu.org>
Date:   Tue Sep 24 16:47:47 2024 +0900

    ikev2 proposals: add support for multiple key exchanges
    
    the syntax is
      <encr>-<prf>-<DH>-<addke1>-<addke2>- ... -<addke7>.
    
    Signed-off-by: Daiki Ueno <u...@gnu.org>
    
    --- MAIN/testing/pluto/algparse-01/west.console.txt
    +++ OUTPUT/testing/pluto/algparse-01/west.console.txt
    @@ -1570,9 +1570,9 @@
     algparse -v2 'ike=aes_gcm-none;modp2048' (expect SUCCESS)
        AES_GCM_16-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048
     algparse -v2 'ike=aes_gcm-sha1-none-modp2048' (expect ERROR)
    -   ERROR: IKE proposal contains unexpected 'modp2048'
    +   ERROR: IKE DH algorithm 'none' not permitted
     algparse -v2 'ike=aes_gcm-sha1-none;modp2048' (expect ERROR)
    -   ERROR: IKE proposal contains unexpected 'modp2048'
    +   ERROR: IKE DH algorithm 'none' not permitted
     algparse -v2 'ike=aes+aes_gcm' (expect ERROR)
        ERROR: AEAD and non-AEAD IKE encryption algorithm cannot be combined
     algparse -v2 'ike=,' (expect ERROR)
    
    algparse -v2 'ike=aes_cbc-sha1-modp2048-modp2048'
        AES_CBC-HMAC_SHA1-MODP2048

_______________________________________________
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an email to swan-commit-le...@lists.libreswan.org

[Swan-commit] Changes to ref refs/heads/main

Reply via email to