aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Test TLS AEAD cipher suitesAndreas Steffen2014-04-0110-10/+17
|
* Added Ubuntu 14.04 to IMV databaseAndreas Steffen2014-03-311-0/+24
|
* Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenarioAndreas Steffen2014-03-311-1/+1
|
* unit-tests: Always load address of testable functionsTobias Brunner2014-03-311-1/+1
| | | | | | | The addresses can actually change as plugins are loaded/unloaded for each test case. Fixes #551.
* settings: Reduce log verbosity if strongswan.conf does not existTobias Brunner2014-03-311-1/+10
| | | | | In some situations we expect strongswan.conf to not exist, for instance, when running the unit tests before installation.
* test-vectors: Renumber AES-GCM test vectors according to original sourceTobias Brunner2014-03-312-16/+100
| | | | Also adds several missing ones.
* Merge branch 'tls-aead'Martin Willi2014-03-3129-479/+1435
|\ | | | | | | | | | | Adds AEAD support to the TLS stack, currently supporting AES-GCM. Brings fixes for TLS record fragmentation, enforcing TLS versions < 1.2 and proper signature scheme support indication.
| * NEWS: Note TLS AEAD modeMartin Willi2014-03-311-0/+3
| |
| * tls: Fix some TLS cipher suite enum namesMartin Willi2014-03-311-3/+3
| | | | | | | | | | It is important to have them mapped correctly, as we use these official TLS identifiers to configure specific TLS suites.
| * tls: Include TLS version announced in Client Hello in encrypted premasterMartin Willi2014-03-311-1/+7
| | | | | | | | | | | | While a hardcoded 1.2 version is fine when we offer that in Client Hello, we should include the actually offered version if it has been reduced before starting the exchange.
| * tls: Check for minimal TLS record length before each record iterationMartin Willi2014-03-311-8/+8
| | | | | | | | | | | | Fixes fragment reassembling if a buffer contains more than one record, but the last record contains a partial TLS record header. Thanks to Nick Saunders and Jamil Nimeh for identifying this issue and providing a fix for it.
| * tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD foundMartin Willi2014-03-311-19/+52
| |
| * tls: Offer TLS signature schemes in ClientHello in order of preferenceMartin Willi2014-03-311-90/+59
| | | | | | | | | | Additionally, we now query plugin features to find out what schemes we exactly support.
| * tls: Define AES-GCM cipher suites from RFC 5288/5289Martin Willi2014-03-311-0/+54
| |
| * tls: Implement the TLS AEAD abstraction for real AEAD modesMartin Willi2014-03-314-8/+262
| |
| * tls: Separate TLS protection to abstracted AEAD modesMartin Willi2014-03-318-325/+874
| | | | | | | | | | | | To better separate the code path for different TLS versions and modes of operation, we introduce a TLS AEAD abstraction. We provide three implementations using traditional transforms, and get prepared for TLS AEAD modes.
| * aead: Support custom AEAD salt sizesMartin Willi2014-03-3117-43/+131
|/ | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeyingMartin Willi2014-03-311-0/+12
| | | | | Works around issues related to system time changes and kernel backends using that system time, such as Linux XFRM.
* revocation: Log error if no OCSP signer candidate foundMartin Willi2014-03-311-1/+1
| | | | Fixes evaluation of ikev2/ocsp-untrusted-cert.
* Merge branch 'ocsp-constraints'Martin Willi2014-03-313-46/+86
|\ | | | | | | | | | | | | Limits cached OCSP verification to responses signed by the CA, a directly delegated signer or a pre-installed OCSP responder certificate. Disables auth config merge for revocation trust-chain strength checkin, as it breaks CA constraints in some scenarios.
| * revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-313-10/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
| * revocation: Don't merge auth config of CLR/OCSP trustchain validationMartin Willi2014-03-311-39/+24
|/ | | | | | | | | | This behavior was introduced with 6840a6fb to avoid key/signature strength checking for the revocation trustchain as we do it for end entity certificates. Unfortunately this breaks CA constraint checking under certain conditions, as we merge additional intermediate/CA certificates to the auth config. As key/signature strength checking of the revocation trustchain is a rather exotic requirement we drop support for that to properly enforce CA constraints.
* hashtable: Make key arguments constTobias Brunner2014-03-312-22/+23
| | | | | This allows using const strings etc. for lookups without cast. And keys are not modifiable anyway.
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-314-71/+7
| | | | | Simply using the pointer is not optimal for our hash table implementation, which simply masks the key to determine the bucket.
* kernel-pfroute: Let get_nexthop() default to destination addressTobias Brunner2014-03-311-3/+7
|
* x509: CERT_DECODE actually requires KEY_ANYTobias Brunner2014-03-311-3/+1
| | | | | More specific decoders might still be needed, but the x509 plugin should not care which ones.
* pkcs1: KEY_ANY public key decoder soft depends on specific decodersTobias Brunner2014-03-311-0/+3
|
* eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵Tobias Brunner2014-03-312-1/+10
| | | | | | accouting updates Fixes #528.
* ikev1: Accept SPI size of any length <= 16 in ISAKMP proposalTobias Brunner2014-03-311-4/+12
| | | | Fixes #533.
* proposal: Don't fail DH proposal matching if peer includes NONETobias Brunner2014-03-311-4/+19
| | | | | | | | The DH transform is optional for ESP/AH proposals. The initiator can include NONE (0) in its proposal to indicate that while it prefers to do a DH exchange, the responder may still decide to not do so. Fixes #532.
* conf: Order settings in man page alphabeticallyTobias Brunner2014-03-311-5/+4
| | | | | For the config snippets the options are now explicitly ordered before subsections.
* Merge branch 'acerts'Martin Willi2014-03-3196-1587/+2394
|\ | | | | | | | | | | | | (Re-)Introduces X.509 Attribute Certificate support in IKE, and cleans up the x509 AC parser/generator. ACs may be stored locally or exchanged in IKEv2 CERT payloads, Attribute Authorities must be installed locally. pki --acert issues Attribute Certificates and replaces the removed openac utility.
| * NEWS: Add acert and pki changes for 5.1.3Martin Willi2014-03-311-0/+13
| |
| * openac: Remove obsolete openac utilityMartin Willi2014-03-3110-772/+21
| | | | | | | | The same functionality is now provided by the pki --acert subcommand.
| * pki: Document --not-before/after and --dateform options in manpagesMartin Willi2014-03-314-7/+99
| |
| * pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
| |
| * pki: Support absolute --not-before/after issued certificate lifetimesMartin Willi2014-03-312-7/+22
| |
| * pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
| |
| * pki: Support absolute --not-before/after acert lifetimesMartin Willi2014-03-311-7/+26
| |
| * pki: Add a certificate lifetime calculation helper functionMartin Willi2014-03-312-1/+69
| |
| * testing: Add an acert test that forces a fallback connection based on groupsMartin Willi2014-03-3113-0/+199
| |
| * testing: Add an acert test case sending attribute certificates inlineMartin Willi2014-03-3118-0/+291
| |
| * testing: Add an acert test using locally cached attribute certificatesMartin Willi2014-03-3116-0/+239
| |
| * testing: build strongSwan with acert pluginMartin Willi2014-03-311-0/+1
| |
| * ikev2: Cache all received attribute certificates to auth configMartin Willi2014-03-311-1/+27
| |
| * ikev2: Send all known and valid attribute certificates for subject certMartin Willi2014-03-311-0/+46
| |
| * ikev2: Slightly refactor certificate payload construction to separate functionsMartin Willi2014-03-311-37/+56
| |
| * ike: Support encoding of attribute certificates in CERT payloadsMartin Willi2014-03-311-1/+6
| |
| * auth-cfg: Declare an attribute certificate helper type to exchange acertsMartin Willi2014-03-313-2/+15
| |
| * acert: Implement a plugin finding, validating and evaluating attribute certsMartin Willi2014-03-317-0/+367
| | | | | | | | | | | | This validator checks for any attribute certificate it can find for validated end entity certificates and tries to extract group membership information used for connection authorization rules.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 17:31:17 +0000