aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version bump to 5.5.0dr15.5.0dr1Andreas Steffen2016-06-262-1/+9
|
* Merge branch 'tpm2'Andreas Steffen2016-06-2643-1004/+3198
|\ | | | | | | | | | | The libtpmtss library supports both TPM 1.2 and TPM 2.0 Trusted Platform Modules. Features comprise capability discovery, listing of PCRs, AIK generation and quote signatures.
| * libtpmtss: Added to integrity checksAndreas Steffen2016-06-264-0/+19
| |
| * aikpub2: Output AIK signature algorithmAndreas Steffen2016-06-261-1/+14
| |
| * Refactoring to tpm_tss_quote_info objectAndreas Steffen2016-06-2624-397/+923
| |
| * libimcv: Changed debug level for functional components from 2 to 3Andreas Steffen2016-06-261-2/+2
| |
| * libtpmtss: Implemented TSS2 quote() methodAndreas Steffen2016-06-262-23/+142
| |
| * libtpmtss: Implemented TSS2 read_pcr() methodAndreas Steffen2016-06-221-6/+114
| |
| * libimcv: migrate pts to tpm_tssAndreas Steffen2016-06-2212-496/+572
| |
| * libtpmtss: Get TPM 2.0 capabilitiesAndreas Steffen2016-06-224-2/+227
| |
| * libtpmtss: Retrieve TPM 1.2 version infoAndreas Steffen2016-06-223-3/+75
| |
| * Created libtpmtss library handling access to v1.2 and v2.0 TPMsAndreas Steffen2016-06-2215-403/+927
| |
| * aikpub2: --handle option retrieves public key from TPM 2.0 NVRAMAndreas Steffen2016-06-222-30/+147
| |
| * aikpub2: Convert TSS 2.0 AIK public key blob into PKCS#1 formatAndreas Steffen2016-06-227-5/+400
|/
* testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tlsTobias Brunner2016-06-211-1/+1
| | | | | | | | | | | | | The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario") is not really ideal as now the vici plugin might not yet be ready when `swanctl --load-creds` is called. Perhaps starting charon before Apache causes enough delay. Once we switch to charon-systemd this isn't a problem anymore as starting the unit will block until everything is up and ready. Also, the individual swanctl calls will be redundant as the default service unit calls --load-all. But start scripts do run before charon-systemd signals that the daemon is ready, so using these would work too then.
* testing: Only load selected plugins in swanctlTobias Brunner2016-06-201-0/+4
| | | | | | | | | The main issue is that the ldap and curl plugins, or rather the libraries they use, initialize GnuTLS (curl, strangely, even when it is, by its own account, linked against OpenSSL). Some of these allocations are only freed once the libraries are unloaded. This means that the leak detective causes invalid frees when swanctl is terminated and libraries are unloaded after the leak detective is already deinitialized.
* Merge branch 'exchange-collisions'Tobias Brunner2016-06-1754-329/+6479
|\ | | | | | | | | | | | | | | | | | | Improves the handling of IKEv2 exchange collisions in several corner cases. TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND notifies that were defined with RFC 7296 are now handled and sent as appropriate. The behavior in these situations is tested with new unit tests. Fixes #379, #464, #876, #1293.
| * unit-tests: Add tests for expires after CHILD_SA rekeyingTobias Brunner2016-06-171-0/+129
| |
| * child-rekey: Only rekey installed CHILD_SAsTobias Brunner2016-06-171-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | Depending on the lifetimes a CHILD_SA we rekeyed as responder might expire shortly afterwards. We don't want to rekey it again. When retrying due to an INVALID_KE_PAYLOAD notify the expected state is CHILD_REKEYING if it is anything else (e.g. due to a collision) we ignore it. We also abort the exchange properly if we don't find the CHILD_SA, no need for an empty INFORMATIONAL exchange anymore.
| * Report test coverage of libcharon and starterTobias Brunner2016-06-172-0/+6
| |
| * unit-tests: Add test for CHILD_SA rekey if a retry due to an ↵Tobias Brunner2016-06-171-0/+143
| | | | | | | | INVALID_KE_PAYLOAD is delayed
| * child-rekey: Ignore failed colliding CHILD_SA rekeyingsTobias Brunner2016-06-171-1/+10
| | | | | | | | | | | | | | If a passive rekeying fails due to an INVALID_KE_PAYLOAD we don't want to consider this task later when resolving collisions. This previously might have caused the wrong SA to get deleted/installed based on the nonces in the unsuccessful exchange.
| * unit-tests: Add test for collision between IKE_SA rekey and CHILD_SA creationTobias Brunner2016-06-173-0/+108
| |
| * child-create: Retry creating the CHILD_SA if TEMPORARY_FAILURE is receivedTobias Brunner2016-06-171-4/+33
| | | | | | | | We queue a delayed task that is initiated after a while.
| * ikev2: Add possibility to delay initiation of a queued taskTobias Brunner2016-06-175-66/+189
| | | | | | | | | | | | | | | | | | | | | | Such a task is not initiated unless a certain time has passed. This allows delaying certain tasks but avoids problems if we'd do this via a scheduled job (e.g. if the IKE_SA is rekeyed in the meantime). If the IKE_SA is rekeyed the delay of such tasks is reset when the tasks are adopted i.e. they get executed immediately on the new IKE_SA. This hasn't been implemented for IKEv1 yet.
| * ike: Reduce RETRY_INTERVAL a bitTobias Brunner2016-06-171-2/+2
| | | | | | | | Retry exchanges between 5 and 15 seconds after a temporary failure.
| * ike-rekey: Return TEMPORARY_FAILURE when concurrently creating a CHILD_SATobias Brunner2016-06-171-14/+35
| |
| * unit-tests: Add tests for IKE rekeying if INVALID_KE_PAYLOAD notifies are ↵Tobias Brunner2016-06-171-0/+470
| | | | | | | | received
| * ike: Add configuration option to switch to preferring supplied proposals ↵Tobias Brunner2016-06-176-10/+26
| | | | | | | | over local ones
| * child-cfg: Add option to prefer supplied proposals over locally configured onesTobias Brunner2016-06-174-23/+38
| |
| * ike-cfg: Add option to prefer supplied proposals over locally configured onesTobias Brunner2016-06-175-32/+48
| |
| * proposal: Remove MODP_NONE from IKE proposals parsed from stringsTobias Brunner2016-06-171-0/+10
| |
| * proposal: Handle MODP_NONE in both directions when selecting proposalsTobias Brunner2016-06-174-6/+97
| |
| * proposal: Parse modpnone as MODP_NONE(0)Tobias Brunner2016-06-171-0/+1
| |
| * ike-rekey: Make sure to ignore task when detecting collisions if ike-init ↵Tobias Brunner2016-06-171-1/+2
| | | | | | | | | | | | | | subtask failed For instance, if INVALID_KE_PAYLOAD is returned we don't want this task to affect any active rekeying (no new SA has been established so far).
| * unit-tests: Add test for rekey collision if one CREATE_CHILD_SA response is ↵Tobias Brunner2016-06-171-0/+221
| | | | | | | | delayed
| * unit-tests: Add tests for IKE_SA rekeying if collision is not detected by ↵Tobias Brunner2016-06-171-0/+340
| | | | | | | | one peer
| * ike-rekey: Handle undetected collisions also if delete is delayedTobias Brunner2016-06-171-16/+26
| | | | | | | | | | | | | | | | | | | | | | If the peer does not detect the rekey collision and deletes the old IKE_SA and then receives the colliding rekey request it will respond with TEMPORARY_FAILURE. That notify may arrive before the DELETE does, in which case we may just conclude the rekeying initiated by the peer. Also, since the IKE_SA is destroyed in any case when we receive a delete there is no point in storing the delete task in collide() as process_i() in the ike-rekey task will never be called.
| * ike-rekey: There is no passive reauth task, so it will never collide with oneTobias Brunner2016-06-172-7/+4
| |
| * ike-rekey: Ignore colliding rekey tasks that did not create an IKE_SATobias Brunner2016-06-171-56/+64
| | | | | | | | | | This simplifies collision handling and we don't need to know about these tasks when concluding the rekeying we initiated.
| * ike-rekey: Properly handle situation if the peer did not notice the rekey ↵Tobias Brunner2016-06-171-0/+11
| | | | | | | | | | | | | | | | | | | | collision We conclude the rekeying before deleting the IKE_SA. Waiting for the potential TEMPORARY_FAILURE notify is no good because if that response does not reach us the peer will not retransmit it upon our retransmits of the rekey request if it already deleted the IKE_SA after receiving our response to the delete.
| * ike-delete: Handle deletes while rekeying differently if there was a collisionTobias Brunner2016-06-171-2/+40
| | | | | | | | | | We treat these as if we concluded the rekeying, the active ike-rekey task will handle the collision afterwards.
| * ike-rekey: Add method to check if there was a rekey collisionTobias Brunner2016-06-172-1/+17
| |
| * ikev2: Check for collisions after handling IKE deletionTobias Brunner2016-06-171-1/+5
| |
| * unit-tests: Add tests for IKE/CHILD delete collisionsTobias Brunner2016-06-171-0/+165
| |
| * child-delete: Reply as usual when concurrently rekeying the IKE_SATobias Brunner2016-06-171-5/+1
| | | | | | | | | | As per RFC 7296, 2.25.2 (what we did before was the behavior described in RFC 4718).
| * unit-tests: Add tests for IKE/CHILD rekey collisionsTobias Brunner2016-06-171-0/+170
| |
| * child-create: Respond with TEMPORARY_FAILURE while rekeying/deleting IKE_SATobias Brunner2016-06-171-2/+2
| |
| * ike-rekey: Respond with TEMPORARY_FAILURE if CHILD_SAs are currently ↵Tobias Brunner2016-06-171-1/+8
| | | | | | | | rekeyed/deleted/established
| * unit-tests: Add tests for collisions between IKE_SA rekeying and deletionTobias Brunner2016-06-171-0/+174
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 13:33:14 +0000