aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev2
Commit message (Collapse)AuthorAgeFilesLines
* ikev2: Add hash algorithm used for RSASSA-PSS signature to log messageTobias Brunner2017-11-171-11/+41
|
* Fixed some typos, courtesy of codespellTobias Brunner2017-11-151-1/+1
|
* ikev2: Use helpers to build signature auth dataTobias Brunner2017-11-081-40/+4
|
* ikev2: Enumerate RSA/PSS schemes and use them if enabledTobias Brunner2017-11-081-7/+11
|
* ikev2: Support signing with RSASSA-PSS via RFC 7427 signature authTobias Brunner2017-11-081-6/+21
|
* ikev2: Verify RSASSA-PSS signatures via RFC 7427 signature authTobias Brunner2017-11-081-19/+34
|
* keymat_v2: Pass/receive signature schemes as signature_param_t objectsTobias Brunner2017-11-082-28/+58
|
* auth-cfg: Store signature schemes as signature_params_t objectsTobias Brunner2017-11-082-18/+23
| | | | | Due to circular references the hasher_from_signature_scheme() helper does not take a signature_params_t object.
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-2/+2
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-1/+1
|
* ikev2: Don't use SHA-1 for RFC 7427 signature authenticationTobias Brunner2017-11-081-3/+1
| | | | | | RFC 8247 demoted it to MUST NOT. References #2427.
* ike: Do not send initial contact only for UNIQUE_NEVERThomas Egerer2017-11-021-1/+0
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ikev2: Abort make-before-break reauth if we don't find children to recreateTobias Brunner2017-11-021-1/+19
| | | | | | | We do something similar in reestablish() for break-before-make reauth. If we don't abort we'd be sending an IKE_AUTH without any TS payloads. References #2430.
* libcharon: Added Cisco FlexVPN Supported VIDAndreas Steffen2017-10-271-0/+2
|
* child-create: Don't consider a DH group mismatch as failure as responderTobias Brunner2017-09-181-1/+0
| | | | | | | This causes problems e.g. on Android where we handle the alert (and reestablish the IKE_SA) even though it usually is no problem if the peer retries with the requested group. We don't consider it as a failure on the initiator either.
* child-delete: Only let SAs expire naturally if they not already didTobias Brunner2017-09-151-1/+1
|
* ike: Reset local SPI if retrying to connect in state IKE_CONNECTINGTobias Brunner2017-09-041-2/+2
| | | | | | | | | | | | | | In case we send retransmits for an IKE_SA_INIT where we propose a DH group the responder will reject we might later receive delayed responses that either contain INVALID_KE_PAYLOAD notifies with the group we already use or, if we retransmitted an IKE_SA_INIT with the requested group but then had to restart again, a KE payload with a group different from the one we proposed. So far we didn't change the initiator SPI when restarting the connection, i.e. these delayed responses were processed and might have caused fatal errors due to a failed DH negotiation or because of the internal retry counter in the ike-init task. Changing the initiator SPI avoids that as we won't process the delayed responses anymore that caused this confusion.
* ike-init: Fail if DH group in KE payload does not match proposed groupTobias Brunner2017-09-041-1/+5
|
* child-create: Don't log CHILD_SA initiation until we know the unique IDTobias Brunner2017-08-071-11/+13
|
* child-rekey: Add CHILD_SA name and unique ID to collision log messagesTobias Brunner2017-08-071-8/+13
|
* child-rekey: Don't install outbound SA in case of lost collisionsTobias Brunner2017-08-073-21/+66
| | | | | | | This splits the SA installation also on the initiator, so we can avoid installing the outbound SA if we lost a rekey collision, which might have caused traffic loss depending on the timing of the DELETEs that are sent in both directions.
* child-sa: Install outbound SA immediately if kernel supports SPIs on policiesTobias Brunner2017-08-071-3/+3
|
* ikev2: AES-CMAC-PRF-128 only uses the first 64 bits of each nonceTobias Brunner2017-07-271-2/+5
| | | | References #2377.
* ike: Trigger CHILD_INSTALLED state change after corresponding log messageTobias Brunner2017-07-271-6/+6
| | | | | | | | This way we get the log message in stroke and swanctl as last message when establishing a connection. It's already like this for the IKE_SA where IKE_ESTABLISHED is set after the corresponding log message. Fixes #2364.
* ike: Apply retransmission_limit before applying the jitterTobias Brunner2017-05-261-4/+4
|
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-262-84/+93
| | | | This avoids the unportable five pointer hack.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-7/+14
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAsTobias Brunner2017-05-232-6/+50
| | | | | | | | After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't destroy the CHILD_SA (and the inbound SA) immediately. We delay it a few seconds or until the SA expires to allow delayed packets to get processed. The CHILD_SA remains in state CHILD_DELETING until it finally gets destroyed.
* child-sa: Remove state to track installation of half the SA againTobias Brunner2017-05-233-11/+2
|
* child-delete: Track flags per individual CHILD_SATobias Brunner2017-05-231-47/+78
|
* ikev2: Delay installation of outbound SAs during rekeying on the responderTobias Brunner2017-05-233-10/+92
| | | | | | | | The responder has all the information needed to install both SAs before the initiator does. So if the responder immediately installs the outbound SA it might send packets using the new SA which the initiator is not yet able to process. This can be avoided by delaying the installation of the outbound SA until the replaced SA is deleted.
* child-sa: Change API used to set/install policiesTobias Brunner2017-05-231-12/+14
| | | | This way we only have to pass the traffic selectors once.
* child-create: Trigger NARROW_RESPONDER_POST hook before installing SAsTobias Brunner2017-05-231-25/+21
| | | | | This makes sure we use the same set of traffic selectors when installing the SAs and installing the policies.
* ike: Use optional jitter to calculate retransmission timeoutsTobias Brunner2017-05-231-1/+25
| | | | | Also adds an optional limit to avoid very high retransmission timeouts with high numbers of retries.
* child-cfg: Use flags for boolean optionsTobias Brunner2017-05-231-3/+3
| | | | Makes it potentially easier to add new flags.
* ikev2: Ignore IKEV2_MESSAGE_ID_SYNC notifies if extension is disabledTobias Brunner2017-02-082-10/+37
| | | | | | | | | | If this is the first message by the peer, i.e. we expect MID 0, the message is not pre-processed in the task manager so we ignore it in the task. We also make sure to ignore such messages if the extension is disabled and the peer already sent us one INFORMATIONAL, e.g. a DPD (we'd otherwise consider the message with MID 0 as a retransmit).
* ikev2: Don't increase expected MID after handling MID sync messageTobias Brunner2017-02-082-3/+4
| | | | | | | | If the responder never sent a message the expected MID is 0. While the sent MID (M1) SHOULD be increased beyond the known value, it's not necessarily the case. Since M2 - 1 would then equal UINT_MAX setting that MID would get ignored and while we'd return 0 in the notify we'd actually expect 1 afterwards.
* ikev2: Don't cache response to MID sync requestTobias Brunner2017-02-081-1/+11
|
* ikev2: Accept INFORMATIONAL messages with MID 0 if used to sync MIDsTobias Brunner2017-02-081-3/+42
| | | | | | We are very picky to only allow MID 0 for these messages (while we currently don't support IPSEC_REPLAY_COUNTER_SYNC notifies we accept them).
* ikev2: Negotiate support for IKE message ID synchronisation during IKE_AUTHTobias Brunner2017-02-081-0/+7
|
* ikev2: Add task to handle IKEV2_MESSAGE_ID_SYNC notifies as responderTobias Brunner2017-02-083-0/+338
|
* ike: Add getter for the current message ID to task managerTobias Brunner2017-02-081-0/+7
|
* keymat: Allow keymat to modify signature scheme(s)Thomas Egerer2017-02-083-12/+39
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ike-auth: Don't send INITIAL_CONTACT if remote ID contains wildcardsTobias Brunner2017-02-061-1/+2
| | | | | | Such an identity won't equal an actual peer's identity resulting in sending an INITIAL_CONTACT notify even if there might be an existing IKE_SA.
* Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-141-0/+32
|
* task-manager: Only trigger retransmit cleared alert if there was at least ↵Tobias Brunner2016-10-051-1/+1
| | | | | | | | one retransmit The counter is already increased when sending the original message. Fixes: bd71ba0ffb03 ("task-manager: Add retransmit cleared alert")
* ikev2: Respond with NO_PROPOSAL_CHOSEN if proposal without DH group was selectedTobias Brunner2016-10-051-0/+1
| | | | Fixes #2051.
* ikev2: Only add NAT-D notifies to DPDs as initiatorTobias Brunner2016-10-041-8/+15
| | | | | | | | | | If a responder is natted it will usually be a static NAT (unless it's a mediated connection) in which case adding these notifies makes not much sense (if the initiator's NAT mapping had changed the responder wouldn't be able to reach it anyway). It's also problematic as some clients refuse to respond to DPDs if they contain such notifies. Fixes #2126.
* ikev2: Send derived CHILD_SA keys to the busTobias Brunner2016-10-041-26/+43
|
* ikev2: Send derived IKE_SA keys to busTobias Brunner2016-10-041-26/+30
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 07:17:14 +0000