aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * hash-algorithm-set: Add class to manage a set of hash algorithmsTobias Brunner2015-03-044-1/+193
| |
| * ikev2: Add an option to disable constraints against signature schemesTobias Brunner2015-03-042-1/+19
| | | | | | | | | | | | | | | | | | | | If this is disabled the schemes configured in `rightauth` are only checked against signature schemes used in the certificate chain and signature schemes used during IKEv2 are ignored. Disabling this could be helpful if existing connections with peers that don't support RFC 7427 use signature schemes in `rightauth` to verify certificate chains.
| * stroke: Enable BLISS-based public key constraintsTobias Brunner2015-03-041-4/+19
| |
| * credential-manager: Store BLISS key strength in auth configTobias Brunner2015-03-041-0/+3
| |
| * auth-cfg: Add BLISS key strength constraintTobias Brunner2015-03-042-21/+43
| |
| * testing: Don't check for exact IKEv2 fragment sizeTobias Brunner2015-03-041-2/+2
| | | | | | | | | | Because SHA-256 is now used for signatures the size of the two IKE_AUTH messages changed.
| * testing: Update test conditions because signature schemes are now loggedTobias Brunner2015-03-0433-58/+58
| | | | | | | | | | RFC 7427 signature authentication is now used between strongSwan hosts by default, which causes the actual signature schemes to get logged.
| * testing: Add ikev2/rw-sig-auth scenarioTobias Brunner2015-03-0412-0/+180
| |
| * testing: Add ikev2/net2net-cert-sha2 scenarioTobias Brunner2015-03-049-0/+104
| |
| * ikev2: Fall back to SHA-1 signatures for RSATobias Brunner2015-03-041-0/+7
| | | | | | | | | | This is really just a fallback to "classic" IKEv2 authentication if the other peer supports no stronger hash algorithms.
| * ikev2: Select a signature scheme appropriate for the given keyTobias Brunner2015-03-041-18/+13
| | | | | | | | | | By enumerating hashes we'd use SHA-1 by default. This way stronger signature schemes are preferred.
| * public-key: Add helper to determine acceptable signature schemes for keysTobias Brunner2015-03-043-1/+122
| |
| * ikev2: Log the actual signature scheme used for RFC 7427 authenticationTobias Brunner2015-03-041-4/+6
| |
| * ikev2: Store signature scheme used to verify peer in auth_cfgTobias Brunner2015-03-041-0/+1
| | | | | | | | | | | | | | | | | | | | This enables late connection switching based on the signature scheme used for IKEv2 and allows to enforce stronger signature schemes. This may break existing connections with peers that don't support RFC 7427 if signature schemes are currently used in `rightauth` for certificate chain validation and if the configured schemes are stronger than the default used for IKE (e.g. SHA-1 for RSA).
| * ikev2: Add a global option to disable RFC 7427 signature authenticationTobias Brunner2015-03-042-2/+15
| | | | | | | | This is mostly for testing.
| * ikev2: Remove private AUTH_BLISS methodTobias Brunner2015-03-043-18/+1
| | | | | | | | | | | | We use the new signature authentication instead for this. This is not backward compatible but we only released one version with BLISS support, and the key format will change anyway with the next release.
| * ikev2: Handle RFC 7427 signature authentication in pubkey authenticatorTobias Brunner2015-03-042-49/+179
| |
| * hasher: Add helper to determine hash algorithm from signature schemeTobias Brunner2015-03-042-0/+44
| |
| * public-key: Add helper to map signature schemes to ASN.1 OIDsTobias Brunner2015-03-042-3/+54
| | | | | | | | | | | | There is a similar function to map key_type_t and hasher_t to an OID, but this maps schemes directly (and to use the other function we'd have to have a function to map schemes to hash algorithms first).
| * public-key: Add helper to determine key type from signature schemeTobias Brunner2015-03-042-0/+43
| |
| * ikev2: Enable signature authentication by transmitting supported hash algorithmsTobias Brunner2015-03-042-4/+88
| |
| * keymat: Add facility to store supported hash algorithmsTobias Brunner2015-03-042-1/+70
| |
| * hasher: Add filter function for algorithms permitted by RFC 7427Tobias Brunner2015-03-042-0/+30
| |
| * hasher: Redefine hash algorithms to match values defined by RFC 7427Tobias Brunner2015-03-042-27/+29
| | | | | | | | Other algorithms are defined in private use range.
| * ikev2: Add SIGNATURE_HASH_ALGORITHMS notify payloadTobias Brunner2015-03-042-6/+18
| |
| * ikev2: Add new authentication method defined by RFC 7427Tobias Brunner2015-03-042-3/+9
|/
* ikev2: Only accept initial messages in specific statesTobias Brunner2015-03-041-10/+9
| | | | | | | The previous code allowed an attacker to slip in an IKE_SA_INIT with both SPIs and MID 1 set when an IKE_AUTH would be expected instead. References #816.
* ike-sa-manager: Make sure the message ID of initial messages is 0Tobias Brunner2015-03-041-1/+2
| | | | | | | | | | | | | | | | | It is mandated by the RFCs and it is expected by the task managers. Initial messages with invalid MID will be treated like regular messages, so no IKE_SA will be created for them. Instead, if the responder SPI is 0 no SA will be found and the message is rejected with ALERT_INVALID_IKE_SPI. If an SPI is set and we do find an SA, then we either ignore the message because the MID is unexpected, or because we don't allow initial messages on established connections. There is one exception, though, if an attacker can slip in an IKE_SA_INIT with both SPIs set before the client's IKE_AUTH is handled by the server, it does get processed (see next commit). References #816.
* ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is receivedTobias Brunner2015-03-041-4/+0
| | | | | | | | | | | | This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0") because it allowed to close any IKE_SA by sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those of that SA. The next commit will prevent SAs from getting created for IKE_SA_INIT messages with invalid MID. Fixes #816.
* ikev2: Don't adopt any CHILD_SA during make-before-break reauthenticationMartin Willi2015-03-041-1/+2
| | | | | | | | | While the comment is rather clear that we should not adopt live CHILD_SAs during reauthentication in IKEv2, the code does nonetheless. Add an additional version check to fix reauthentication if the reauth responder has a replace uniqueids policy. Fixes #871.
* unit-tests: Base attributes get adopted by seg-env/seg-contractTobias Brunner2015-03-031-4/+4
|
* seg-env: Destroy base attribute if segmentation is not possibleTobias Brunner2015-03-031-0/+1
|
* Merge branch 'eap-constraints'Martin Willi2015-03-0314-2/+100
|\ | | | | | | | | | | | | | | Introduces basic support for EAP server module authentication constraints. With EAP-(T)TLS, public key, signature and end entity or CA certificate constraints can be enforced for connections. Fixes #762.
| * NEWS: Introduce EAP constraints support for EAP-(T)TLSMartin Willi2015-03-031-0/+5
| |
| * man: Describe trust chain constraints configuration for EAP methodsMartin Willi2015-03-031-1/+3
| |
| * stroke: Support public key constraints for EAP methodsMartin Willi2015-03-031-1/+8
| |
| * eap-ttls: Support EAP auth information getter in EAP-TTLSMartin Willi2015-03-031-0/+7
| |
| * eap-tls: Support EAP auth information getter in EAP-TLSMartin Willi2015-03-031-0/+7
| |
| * libtls: Add getters for TLS handshake authentication detailsMartin Willi2015-03-037-0/+49
| |
| * libtls: Merge trustchain auth verification details done during TLS handhsakeMartin Willi2015-03-032-0/+2
| |
| * ikev2: Merge EAP client authentication details if EAP methods provides themMartin Willi2015-03-031-0/+7
| |
| * eap: Add an optional authentication details getter to the EAP method interfaceMartin Willi2015-03-031-0/+12
|/
* Merge branch 'stroke-purge-on-reread'Martin Willi2015-03-036-120/+306
|\ | | | | | | | | | | | | Remove all previously loaded certificates during "ipsec reread", finally allowing the removal of CA certificates from a running daemon. Fixes #842, #700, #305.
| * ipsec: Update rereadcacerts/aacerts command description in manpageMartin Willi2015-03-031-6/+9
| |
| * stroke: Serve ca section CA certificates directly, not over central CA setMartin Willi2015-03-033-5/+85
| | | | | | | | | | | | | | This makes these CA certificates independent from the purge issued by reread commands. Certificates loaded by CA sections can be removed through ipsec.conf update/reread, while CA certificates loaded implicitly from ipsec.d/cacerts can individually be reread using ipsec rereadcacerts.
| * mem-cred: Add a method to unify certificate references, without adding itMartin Willi2015-03-032-0/+31
| | | | | | | | | | In contrast to add_cert_ref(), get_cert_ref() does not add the certificate to the set, but only finds a reference to the same certificate, if found.
| * stroke: Purge existing CA/AA certificates during rereadMartin Willi2015-03-031-0/+4
| |
| * stroke: Use separate credential sets for CA/AA certificatesMartin Willi2015-03-031-3/+21
| |
| * stroke: Refactor load_certdir functionMartin Willi2015-03-031-108/+158
|/
* vici: Don't use a default rand_time larger than half of rekey/reauth_timeMartin Willi2015-03-031-3/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 13:53:52 +0000