aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * tls: Check for minimal TLS record length before each record iterationMartin Willi2014-03-311-8/+8
| | | | | | | | | | | | Fixes fragment reassembling if a buffer contains more than one record, but the last record contains a partial TLS record header. Thanks to Nick Saunders and Jamil Nimeh for identifying this issue and providing a fix for it.
| * tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD foundMartin Willi2014-03-311-19/+52
| |
| * tls: Offer TLS signature schemes in ClientHello in order of preferenceMartin Willi2014-03-311-90/+59
| | | | | | | | | | Additionally, we now query plugin features to find out what schemes we exactly support.
| * tls: Define AES-GCM cipher suites from RFC 5288/5289Martin Willi2014-03-311-0/+54
| |
| * tls: Implement the TLS AEAD abstraction for real AEAD modesMartin Willi2014-03-314-8/+262
| |
| * tls: Separate TLS protection to abstracted AEAD modesMartin Willi2014-03-318-325/+874
| | | | | | | | | | | | To better separate the code path for different TLS versions and modes of operation, we introduce a TLS AEAD abstraction. We provide three implementations using traditional transforms, and get prepared for TLS AEAD modes.
| * aead: Support custom AEAD salt sizesMartin Willi2014-03-3117-43/+131
|/ | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeyingMartin Willi2014-03-311-0/+12
| | | | | Works around issues related to system time changes and kernel backends using that system time, such as Linux XFRM.
* revocation: Log error if no OCSP signer candidate foundMartin Willi2014-03-311-1/+1
| | | | Fixes evaluation of ikev2/ocsp-untrusted-cert.
* Merge branch 'ocsp-constraints'Martin Willi2014-03-313-46/+86
|\ | | | | | | | | | | | | Limits cached OCSP verification to responses signed by the CA, a directly delegated signer or a pre-installed OCSP responder certificate. Disables auth config merge for revocation trust-chain strength checkin, as it breaks CA constraints in some scenarios.
| * revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-313-10/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
| * revocation: Don't merge auth config of CLR/OCSP trustchain validationMartin Willi2014-03-311-39/+24
|/ | | | | | | | | | This behavior was introduced with 6840a6fb to avoid key/signature strength checking for the revocation trustchain as we do it for end entity certificates. Unfortunately this breaks CA constraint checking under certain conditions, as we merge additional intermediate/CA certificates to the auth config. As key/signature strength checking of the revocation trustchain is a rather exotic requirement we drop support for that to properly enforce CA constraints.
* hashtable: Make key arguments constTobias Brunner2014-03-312-22/+23
| | | | | This allows using const strings etc. for lookups without cast. And keys are not modifiable anyway.
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-314-71/+7
| | | | | Simply using the pointer is not optimal for our hash table implementation, which simply masks the key to determine the bucket.
* kernel-pfroute: Let get_nexthop() default to destination addressTobias Brunner2014-03-311-3/+7
|
* x509: CERT_DECODE actually requires KEY_ANYTobias Brunner2014-03-311-3/+1
| | | | | More specific decoders might still be needed, but the x509 plugin should not care which ones.
* pkcs1: KEY_ANY public key decoder soft depends on specific decodersTobias Brunner2014-03-311-0/+3
|
* eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵Tobias Brunner2014-03-312-1/+10
| | | | | | accouting updates Fixes #528.
* ikev1: Accept SPI size of any length <= 16 in ISAKMP proposalTobias Brunner2014-03-311-4/+12
| | | | Fixes #533.
* proposal: Don't fail DH proposal matching if peer includes NONETobias Brunner2014-03-311-4/+19
| | | | | | | | The DH transform is optional for ESP/AH proposals. The initiator can include NONE (0) in its proposal to indicate that while it prefers to do a DH exchange, the responder may still decide to not do so. Fixes #532.
* conf: Order settings in man page alphabeticallyTobias Brunner2014-03-311-5/+4
| | | | | For the config snippets the options are now explicitly ordered before subsections.
* Merge branch 'acerts'Martin Willi2014-03-3196-1587/+2394
|\ | | | | | | | | | | | | (Re-)Introduces X.509 Attribute Certificate support in IKE, and cleans up the x509 AC parser/generator. ACs may be stored locally or exchanged in IKEv2 CERT payloads, Attribute Authorities must be installed locally. pki --acert issues Attribute Certificates and replaces the removed openac utility.
| * NEWS: Add acert and pki changes for 5.1.3Martin Willi2014-03-311-0/+13
| |
| * openac: Remove obsolete openac utilityMartin Willi2014-03-3110-772/+21
| | | | | | | | The same functionality is now provided by the pki --acert subcommand.
| * pki: Document --not-before/after and --dateform options in manpagesMartin Willi2014-03-314-7/+99
| |
| * pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
| |
| * pki: Support absolute --not-before/after issued certificate lifetimesMartin Willi2014-03-312-7/+22
| |
| * pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
| |
| * pki: Support absolute --not-before/after acert lifetimesMartin Willi2014-03-311-7/+26
| |
| * pki: Add a certificate lifetime calculation helper functionMartin Willi2014-03-312-1/+69
| |
| * testing: Add an acert test that forces a fallback connection based on groupsMartin Willi2014-03-3113-0/+199
| |
| * testing: Add an acert test case sending attribute certificates inlineMartin Willi2014-03-3118-0/+291
| |
| * testing: Add an acert test using locally cached attribute certificatesMartin Willi2014-03-3116-0/+239
| |
| * testing: build strongSwan with acert pluginMartin Willi2014-03-311-0/+1
| |
| * ikev2: Cache all received attribute certificates to auth configMartin Willi2014-03-311-1/+27
| |
| * ikev2: Send all known and valid attribute certificates for subject certMartin Willi2014-03-311-0/+46
| |
| * ikev2: Slightly refactor certificate payload construction to separate functionsMartin Willi2014-03-311-37/+56
| |
| * ike: Support encoding of attribute certificates in CERT payloadsMartin Willi2014-03-311-1/+6
| |
| * auth-cfg: Declare an attribute certificate helper type to exchange acertsMartin Willi2014-03-313-2/+15
| |
| * acert: Implement a plugin finding, validating and evaluating attribute certsMartin Willi2014-03-317-0/+367
| | | | | | | | | | | | This validator checks for any attribute certificate it can find for validated end entity certificates and tries to extract group membership information used for connection authorization rules.
| * x509: Match acert has_subject() against entityName or holder serialMartin Willi2014-03-311-5/+25
| | | | | | | | | | This allows us to find attribute certificates for a subject certificate in credential sets.
| * pki: Add acert and extend pki/print manpagesMartin Willi2014-03-315-2/+116
| |
| * pki: Implement an acert command to issue attribute certificatesMartin Willi2014-03-313-1/+275
| |
| * pki: Support printing attribute certificatesMartin Willi2014-03-311-1/+89
| |
| * pki: Don't generate negative random serial numbers in X.509 certificatesMartin Willi2014-03-312-0/+2
| | | | | | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
| * pem: Support encoding of attribute certificatesMartin Willi2014-03-311-1/+6
| | | | | | | | | | | | | | While there is no widely used PEM header for attribute certificates, at least IAIK-JCE uses BEGIN ATTRIBUTE CERTIFICATE: http://javadoc.iaik.tugraz.at/iaik_jce/current/iaik/utils/Util.html#toPemString(iaik.x509.attr.AttributeCertificate)
| * x509: Replace the comma separated string AC group builder with a list based oneMartin Willi2014-03-314-10/+22
| |
| * x509: Integrate IETF attribute handling, and obsolete ietf_attributes_tMartin Willi2014-03-316-639/+186
| | | | | | | | | | The ietf_attributes_t class is used for attribute certificates only these days, and integrating them to x509_ac_t simplifies things significantly.
| * x509: Replace fixed acert group string getter by a more dynamic group enumeratorMartin Willi2014-03-315-69/+131
| |
| * x509: Skip parsing of acert chargingIdentity, as we don't use it anywayMartin Willi2014-03-311-9/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 23:02:02 +0000