aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev2
Commit message (Collapse)AuthorAgeFilesLines
...
* ikev2: Try all RSA signature schemes if none is configuredTobias Brunner2015-03-041-4/+19
|
* ikev2: Consider signature schemes in rightauth when sending hash algorithmsTobias Brunner2015-03-041-14/+54
|
* keymat: Use hash algorithm setTobias Brunner2015-03-041-29/+7
|
* ikev2: Add an option to disable constraints against signature schemesTobias Brunner2015-03-041-1/+11
| | | | | | | | | | If this is disabled the schemes configured in `rightauth` are only checked against signature schemes used in the certificate chain and signature schemes used during IKEv2 are ignored. Disabling this could be helpful if existing connections with peers that don't support RFC 7427 use signature schemes in `rightauth` to verify certificate chains.
* ikev2: Fall back to SHA-1 signatures for RSATobias Brunner2015-03-041-0/+7
| | | | | This is really just a fallback to "classic" IKEv2 authentication if the other peer supports no stronger hash algorithms.
* ikev2: Select a signature scheme appropriate for the given keyTobias Brunner2015-03-041-18/+13
| | | | | By enumerating hashes we'd use SHA-1 by default. This way stronger signature schemes are preferred.
* ikev2: Log the actual signature scheme used for RFC 7427 authenticationTobias Brunner2015-03-041-4/+6
|
* ikev2: Store signature scheme used to verify peer in auth_cfgTobias Brunner2015-03-041-0/+1
| | | | | | | | | | This enables late connection switching based on the signature scheme used for IKEv2 and allows to enforce stronger signature schemes. This may break existing connections with peers that don't support RFC 7427 if signature schemes are currently used in `rightauth` for certificate chain validation and if the configured schemes are stronger than the default used for IKE (e.g. SHA-1 for RSA).
* ikev2: Add a global option to disable RFC 7427 signature authenticationTobias Brunner2015-03-041-2/+12
| | | | This is mostly for testing.
* ikev2: Remove private AUTH_BLISS methodTobias Brunner2015-03-041-9/+0
| | | | | | We use the new signature authentication instead for this. This is not backward compatible but we only released one version with BLISS support, and the key format will change anyway with the next release.
* ikev2: Handle RFC 7427 signature authentication in pubkey authenticatorTobias Brunner2015-03-041-49/+178
|
* ikev2: Enable signature authentication by transmitting supported hash algorithmsTobias Brunner2015-03-041-4/+83
|
* keymat: Add facility to store supported hash algorithmsTobias Brunner2015-03-042-1/+70
|
* ikev2: Only accept initial messages in specific statesTobias Brunner2015-03-041-10/+9
| | | | | | | The previous code allowed an attacker to slip in an IKE_SA_INIT with both SPIs and MID 1 set when an IKE_AUTH would be expected instead. References #816.
* ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is receivedTobias Brunner2015-03-041-4/+0
| | | | | | | | | | | | This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0") because it allowed to close any IKE_SA by sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those of that SA. The next commit will prevent SAs from getting created for IKE_SA_INIT messages with invalid MID. Fixes #816.
* ikev2: Merge EAP client authentication details if EAP methods provides themMartin Willi2015-03-031-0/+7
|
* ikev2: Schedule a timeout for the delete message following passive IKE rekeyingMartin Willi2015-03-031-0/+6
| | | | | | | | | | | | | | | | | | | | | | | Under some conditions it can happen that the CREATE_CHILD_SA exchange for rekeying the IKE_SA initiated by the peer is successful, but the delete message does not follow. For example if processing takes just too long locally, the peer might consider us dead, but we won't notice that. As this leaves the old IKE_SA in IKE_REKEYING state, we currently avoid actively initiating any tasks, such as rekeying or scheduled DPD. This leaves the IKE_SA in a dead and unusable state. To avoid that situation, we schedule a timeout to wait for the DELETE message to follow the CREATE_CHILD_SA, before we actively start to delete the IKE_SA. Alternatively we could start a liveness check on the SA after a timeout to see if the peer still has that state and we can expect the delete to follow. But it is unclear if all peers can handle such messages in this very special state, so we currently don't go for that approach. While we could calculate the timeout based on the local retransmission timeout, the peer might use a different scheme, so a fixed timeout works as well. Fixes #742.
* ikev2: Schedule a make-before-break completion task to delete old IKE_SAMartin Willi2015-02-204-0/+168
|
* ikev2: Allow task to skip exchange by setting undefined exchange typeMartin Willi2015-02-201-0/+5
|
* ikev2: Trigger make-before-break reauthentication instead of reauth taskMartin Willi2015-02-201-0/+76
|
* attribute-manager: Pass full IKE_SA to handler methodsMartin Willi2015-02-201-4/+2
|
* attribute-manager: Pass the full IKE_SA to provider methodsMartin Willi2015-02-201-2/+2
|
* attributes: Move the configuration attributes framework to libcharonMartin Willi2015-02-201-8/+7
|
* ike: Consistently log CHILD_SAs with their unique_id instead of their reqidMartin Willi2015-02-202-3/+3
|
* inactivity-job: Schedule job by CHILD_SA unique ID instead of reqidMartin Willi2015-02-201-7/+4
|
* kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqidMartin Willi2015-02-201-2/+2
|
* ike: Maintain per-IKE_SA CHILD_SAs in the global CHILD_SA managerMartin Willi2015-02-201-8/+19
|
* child-sa: Replace reqid based marks by "unique" marksMartin Willi2015-02-203-2/+38
| | | | | | | | | | | As we now use the same reqid for multiple CHILD_SAs with the same selectors, having marks based on the reqid makes not that much sense anymore. Instead we use unique marks that use a custom identifier. This identifier is reused during rekeying, keeping the marks constant for any rule relying on it (for example installed by updown). This also simplifies handling of reqid allocation, as we do not have to query the marks that is not yet assigned for an unknown reqid.
* ikev2: Only touch the DH object if we have a matching proposalTobias Brunner2014-12-231-11/+17
|
* ike: Make check for known payloads depend on IKE versionTobias Brunner2014-12-051-1/+1
|
* ikev2: Fix handling of more than one hash-and-URL certificate payloadsTobias Brunner2014-12-041-2/+2
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-291-0/+9
| | | | pki tool
* ikev2: Fix ike_rekey switch statement broken with last commitMartin Willi2014-11-241-1/+1
|
* ikev2: Prevent IKE_SA rekeying if we are currently retrying a CHILD_SA rekeyMartin Willi2014-11-211-0/+1
|
* child-sa: Introduce a CHILD_RETRYING state to detect DH group retriesMartin Willi2014-11-211-0/+1
|
* ikev2: Send retransmits using the latest known addressesTobias Brunner2014-10-101-1/+3
| | | | | | | For instance, if a DPD exchange is initiated by the gateway when a mobile client is roaming and it then gets a new IP address and sends an address update via MOBIKE, the DPD retransmits would still be sent to the old address and the SA would eventually get closed.
* ikev2: Send and receive fragmented IKE messagesTobias Brunner2014-10-101-44/+169
| | | | | If a fragmented message is retransmitted only the first packet is passed to the alert() hook.
* ikev2: Negotiate support for IKEv2 fragmentationTobias Brunner2014-10-101-0/+23
|
* ikev2: Reorder task activation for established IKE SAsTobias Brunner2014-09-251-11/+11
| | | | We now prefer MOBIKE tasks over delete tasks then the rest.
* Revert "ikev2: Insert MOBIKE tasks at the front of the queue"Tobias Brunner2014-09-251-6/+1
| | | | | | | | This reverts commit 3293d146289d7c05e6c6089ae1f7cdbcea378e63. The position of tasks in the queue does not actually determine the order in which they are activated. Instead this is determined by the statements in task_manager_v2_t.initiate().
* ikev2: Don't treat initial messages as MOBIKE exchangesTobias Brunner2014-09-161-6/+9
| | | | | The MOBIKE task is active during the initial exchanges but we don't want to treat them as actual MOBIKE exchanges (i.e. there is no path probing).
* ikev2: Reduce timeout if path probing was enabledTobias Brunner2014-09-121-6/+13
|
* ikev2: Defer MOBIKE updates if no path is availableTobias Brunner2014-09-121-7/+14
|
* ike-mobike: Allow calling transmit() even when not currently path probingTobias Brunner2014-09-121-5/+17
| | | | Path probing is enabled if the current path is not available anymore.
* ikev2: Defer path probing if no path is currently availableTobias Brunner2014-09-121-1/+20
| | | | | We do the same before initiating the task, so we should probably do it too when we already initiated it, not just time out and destroy the SA.
* ike-mobike: Return FALSE in transmit() if no path was availableTobias Brunner2014-09-122-3/+7
|
* ikev2: Enable path probing for currently active MOBIKE taskTobias Brunner2014-09-121-0/+18
| | | | | | | This might not be the case if e.g. an address appeared but the old one is still available but not actually usable. Without this the MOBIKE task would eventually time out even though we might be able to switch to a working address.
* ike-mobike: Add method to enable path probingTobias Brunner2014-09-122-0/+12
|
* ike-mobike: Skip peer addresses we can't send packets to when checking pathsTobias Brunner2014-09-121-5/+18
|
* ikev2: Insert MOBIKE tasks at the front of the queueTobias Brunner2014-09-121-1/+6
| | | | | In case we have no usable path to the other peer there is no point in initiating any other tasks (like rekeying).
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 12:58:03 +0000