Up to [local] / src / sbin / iked
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.15 / (download) - annotate - [select for diffs], Fri May 28 18:01:39 2021 UTC (3 years ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
HEAD
Changes since 1.14: +6 -2 lines
Diff to previous 1.14 (colored)
Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519). The sntrup761 implementation is imported from OpenSSH. It is public domain code originally distributed as part of the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). The method is not part of the default proposal, but can be enabled with 'ikesa group sntrup761x25519'. ok markus@ patrick@
Revision 1.14 / (download) - annotate - [select for diffs], Thu Feb 4 20:38:26 2021 UTC (3 years, 3 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.13: +11 -11 lines
Diff to previous 1.13 (colored)
Rename 'struct group' to 'struct dh_group' for more clarity and to avoid name clashes. ok patrick@
Revision 1.13 / (download) - annotate - [select for diffs], Wed Oct 28 20:54:13 2020 UTC (3 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.12: +3 -5 lines
Diff to previous 1.12 (colored)
Refactor parts of the dh_* API. ok patrick@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Apr 28 15:18:52 2020 UTC (4 years, 1 month ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.11: +3 -4 lines
Diff to previous 1.11 (colored)
Remove support for insecure EC2N groups. Clarify which Diffie-Hellman groups are not recommended to use and are only supported for backwards compatibility. Feedback from sthen@ ok kn@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Oct 27 14:26:35 2017 UTC (6 years, 7 months ago) by patrick
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.10: +3 -1 lines
Diff to previous 1.10 (colored)
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included. Unfortunately this is a backwards incompatible change, so older ikeds won't be com- patible with this change. Of course only if you use ECP. Anyway, this change makes us follow the RFC correctly. ok markus@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Mar 27 17:17:49 2017 UTC (7 years, 2 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.9: +5 -2 lines
Diff to previous 1.9 (colored)
Don't cache the DH group in the policy When tearing IKE SA down, the DH group referred by it is destroyed, however it remains cached in the policy. With the introduction of IKE SA rekeying we have extended the life of this dangling pointer by reusing it on new SAs. So instead of caching the pointer in the policy we can store the DH group ID and create a DH group on demand using this parameter if it's specified. With and OK reyk
Revision 1.9 / (download) - annotate - [select for diffs], Fri Aug 21 11:59:27 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.8: +7 -7 lines
Diff to previous 1.8 (colored)
Switch iked to C99-style fixed-width integer types. OK mikeb@
Revision 1.8 / (download) - annotate - [select for diffs], Wed Aug 19 14:12:43 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
spacing (no binary change, verified with checksums)
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jun 11 18:49:09 2015 UTC (8 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)
Use "compliant" header guards by avoiding the reserved '_' namespace. Pointed out by Markus Elfring OK mikeb@ millert@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Aug 27 10:28:57 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.5: +6 -4 lines
Diff to previous 1.5 (colored)
Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently. OK mikeb@ markus@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jan 8 10:38:19 2013 UTC (11 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.4: +2 -3 lines
Diff to previous 1.4 (colored)
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
Revision 1.4 / (download) - annotate - [select for diffs], Tue Sep 18 12:07:59 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
update email addresses to match reality. sure jsg@ mikeb@
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 23 11:26:13 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.2: +10 -9 lines
Diff to previous 1.2 (colored)
rename the ec groups to either ec2n or ecp (eg. ec155 -> ec2n155 or ec521 -> ecp521). this matches the common naming for ec groups better.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jun 23 10:49:37 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.1: +6 -8 lines
Diff to previous 1.1 (colored)
further cleanup of the dh code: - remove dh_selftest(), this should go into regress somewhere - remove any iked-specific dependencies from dh.c/dh.h which allows us to use this code in other projects as well.
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jun 3 16:41:12 2010 UTC (14 years ago) by reyk
Branch: MAIN
Import iked, a new implementation of the IKEv2 protocol. iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@