aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/config/proposal.c
Commit message (Collapse)AuthorAgeFilesLines
* proposal: Remove MODP-1024 from default IKE proposalTobias Brunner2017-11-081-2/+2
| | | | | | | | RFC 8247 demoted it to SHOULD NOT. This might break connections with Windows clients unless they are configured to use a stronger group or matching weak proposals are configured explicitly on the server. References #2427.
* proposal: Remove MD5 from default IKE proposalTobias Brunner2017-11-081-2/+5
| | | | | | RFC 8247 demoted MD5 to MUST NOT. References #2427.
* proposal: Remove deprecated algorithms from default ESP and AH proposalsTobias Brunner2017-11-081-4/+0
| | | | | | | This removes algorithms that were deprecated by RFC 8221 (3DES, BF, MD5) from the default proposals for ESP and AH. References #8247.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-18/+22
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* proposal: Copy SPI and proposal number from correct proposal in select()Tobias Brunner2017-02-061-3/+13
| | | | | | | | If charon.prefer_configured_proposals is disabled select() is called on the received proposal. This incorrectly set the SPI to 0 as the configured proposal has no SPI set. Fixes #2190.
* proposal: Remove RFC 5114 MODP DH groups from default proposalMartin Willi2016-11-151-2/+4
| | | | | | | | | | | | | | Recent research demonstrates that at least for 1024-bit DH groups, it is possible to create specially crafted primes having a backdoor. From the prime itself this is not detectable, creating a perfect NOBUS attack. http://eprint.iacr.org/2016/961 For the primes defined in RFC 5114 no information is provided on how these have been selected. In the default proposal we included one of the 2048-bit primes only, where it is questionable if constructing a backdoored prime is feasible. Nevertheless, this patch removes the group from the set of default proposals as well.
* proposal: Add curve25519 and curve448 to default proposalTobias Brunner2016-11-141-0/+2
|
* proposal: Correctly add AES-GMAC for AH proposalsTobias Brunner2016-10-051-0/+41
| | | | | | We parse aes*gmac as encryption algorithm, which we have to map to an integrity algorithm. We also make sure we remove all other encryption algorithms and ensure there is an integrity algorithm.
* proposal: Enforce separate proposals for AEAD and classic encryption algorithmsTobias Brunner2016-10-051-16/+22
|
* proposal: Make sure there is a PRF defined in IKE proposalsTobias Brunner2016-10-051-14/+34
| | | | But filter PRFs from ESP proposals.
* proposal: Make DH groups mandatory in IKE proposals parsed from stringsTobias Brunner2016-10-051-4/+11
| | | | References #2051.
* Created newhope plugin implementing the New Hope key exchange algorithmAndreas Steffen2016-08-101-0/+1
|
* proposal: Remove MODP_NONE from IKE proposals parsed from stringsTobias Brunner2016-06-171-0/+10
|
* proposal: Handle MODP_NONE in both directions when selecting proposalsTobias Brunner2016-06-171-6/+14
|
* proposal: Remove some weaker and rarely used DH groups from the default proposalTobias Brunner2016-05-041-3/+5
| | | | | | | | | | | This fixes an interoperability issue with Windows Server 2012 R2 gateways. They insist on using modp1024 for IKE, however, Microsoft's IKEv2 implementation seems only to consider the first 15 DH groups in the proposal. Depending on the loaded plugins modp1024 is now at position 17 or even later, causing the server to reject the proposal. By removing some of the weaker and rarely used DH groups from the default proposal we make sure modp1024 is among the first 15 DH groups. The removed groups may still be used by configuring custom proposals.
* Use standard unsigned integer typesAndreas Steffen2016-03-241-14/+14
|
* 128 bit default security strength for IKE and ESP algorithmsAndreas Steffen2015-12-171-40/+140
| | | | | | | | | | | | | | | | | The default ESP cipher suite is now AES_CBC-128/HMAC_SHA2_256_128 and requires SHA-2 HMAC support in the Linux kernel (correctly implemented since 2.6.33). The default IKE cipher suite is now AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 if the openssl plugin is loaded or AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 if ECC is not available. The use of the SHA-1 hash algorithm and the MODP_2048 DH group has been deprecated and ENCR_CHACHA20_POLY1305 has been added to the default IKE AEAD algorithms.
* proposal: Add default PRF for HMAC-MD5-128 and HMAC-SHA1-160 integrity ↵Tobias Brunner2014-10-311-0/+2
| | | | algorithms
* proposal: Fix equals()Tobias Brunner2014-09-121-5/+5
|
* proposal: Don't return a default IKE proposal without encryption/AEAD algsMartin Willi2014-05-161-3/+23
|
* proposal: Use an additional "default" constructor specific to AEAD algorithmsMartin Willi2014-05-161-0/+23
| | | | | This allows a caller to create a separated proposal for supported AEAD algorithms, as required by RFC 5996.
* proposal: Don't include AEAD algorithms in the default proposalMartin Willi2014-05-161-61/+66
| | | | | | According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms. This was not clear in RFC 5282, hence we previously included both AEAD and non-AEAD algorithms in a single proposal.
* proposal: Don't fail DH proposal matching if peer includes NONETobias Brunner2014-03-311-4/+19
| | | | | | | | The DH transform is optional for ESP/AH proposals. The initiator can include NONE (0) in its proposal to indicate that while it prefers to do a DH exchange, the responder may still decide to not do so. Fixes #532.
* Added NTRU key exchange to default IKE proposalAndreas Steffen2013-11-271-0/+4
|
* proposal: Add ECC Brainpool DH groups to the default proposalTobias Brunner2013-10-171-0/+4
|
* proposal: Strip redundant integrity algos for ESP proposals onlyMartin Willi2013-10-111-16/+19
|
* proposal: correctly enumerate registered AEADs to build default IKE proposalMartin Willi2013-07-191-6/+22
| | | | AEADs are not returned (anymore) with the encryption enumerator.
* proposal: use array to store proposal listMartin Willi2013-07-171-25/+18
| | | | Removes another two linked lists (0.5KB) of memory per IKE/CHILD_SA pair.
* proposal: use a single list to store all transformsMartin Willi2013-07-171-308/+174
| | | | | Beside that it makes the code actually simpler, it reduces the number of lists stored by each IKE_SA and each CHILD_SA by 4, which can be up to 1KB per SA.
* proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove allTobias Brunner2012-10-241-3/+10
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Only add an implicit PRF based on the MAC alg if no PRF given in proposalMartin Willi2012-10-241-38/+38
|
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-131-2/+2
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-131-24/+23
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Add DH group 15 (MODP-3072) to IKE proposalAdrian-Ken Rueegsegger2012-08-061-0/+1
|
* Pass opaque data to printf hooks and print_in_hook()Martin Willi2012-07-131-14/+14
|
* Added support for IKEv1 IPComp proposals in proposal substructure.Tobias Brunner2012-05-241-1/+2
|
* Make AES-CMAC actually usable for IKEv2.Tobias Brunner2012-04-041-0/+5
|
* Add NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in stringMartin Willi2011-04-201-4/+10
|
* Added proposal keywords for ESN supportMartin Willi2011-04-201-5/+0
|
* trace back crypto algorithms to the plugins that registered themAndreas Steffen2010-12-181-4/+5
|
* check for malformed IKE and ESP proposalsAndreas Steffen2010-12-011-0/+1
|
* Store proposal number in proposal_t to reuse it in the selected proposalMartin Willi2010-10-281-5/+20
| | | | | According to RFC 5996 3.3.1, we MUST reuse the proposal number of the selected proposal in the SA payload reply.
* Migrated proposal_t to INIT/METHOD macrosMartin Willi2010-10-281-80/+54
|
* Include CCM/GCM algorithms in IKEv2 proposals, if supportedMartin Willi2010-08-191-9/+10
|
* Make function to test if an encryption algorithm is an AEAD alg publicMartin Willi2010-08-191-24/+2
|
* Support Camellia XCBC algorithms in proposalMartin Willi2010-08-131-0/+3
|
* Added Camellia, AES-CTR to default IKE proposal, if supportedMartin Willi2010-08-131-2/+6
|
* Added support for DH groups 22, 23 and 24, patch contributed by Joy LattenMartin Willi2010-04-191-0/+3
|
* Moving charon to libcharon.Tobias Brunner2010-03-191-0/+946
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 04:19:09 +0000