aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* ike: Store unhandled attributes on IKE_SA as wellMartin Willi2014-06-164-12/+12
|
* child-sa: Pass the number of total policies tied to an SA to the kernelMartin Willi2014-06-041-0/+8
| | | | | This will be useful if the kernel backend has to know how many policies follow an SA install, for example if it must install all policies concurrently.
* kernel-interface: Add a flag to indicate no policy updates requiredMartin Willi2014-06-041-3/+14
|
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-0438-166/+166
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* ikev1: Fix debugging log when remote traffic selector selection failsMartin Willi2014-05-141-1/+1
|
* child-sa: Reclaim old state if SA updating is not supportedMartin Willi2014-05-091-0/+2
| | | | | If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as the task manager refuses to rekey a CHILD_SA in non-INSTALLED state.
* ike-sa-manager: Improve scalability of half-open IKE_SA checkingTobias Brunner2014-04-241-7/+8
| | | | | | | | | | | | | | | This patch is based on one by Christoph Gouault. Currently, to count the total number of half_open IKE_SAs, get_half_open_count sums up the count of each segment in the SA hash table (acquiring a lock for each segment). This procedure does not scale well when the number of segments increases, as the method is called for each new negotiation. Instead, lets maintain a global atomic counter. This optimization allows the use of big values for charon.ikesa_table_size and charon.ikesa_table_segments.
* ikev2: Reject CHILD_SA creation/rekeying while deleting an IKE_SAMartin Willi2014-04-171-0/+6
| | | | | | | | | | | If one peer starts reauthentication by deleting the IKE_SA, while the other starts CHILD_SA rekeying, we run in a race condition. To avoid it, temporarily reject the rekey attempt while we are in the IKE_SA deleting state. RFC 4306/5996 is not exactly clear about this collision, but it should be safe to reject CHILD_SA rekeying during this stage, as the reauth will re-trigger the CHILD_SA. For non-rekeying CHILD_SA creations, it's up to the peer to retry establishing the CHILD_SA on the reauthenticated IKE_SA.
* ikev2: Apply extensions and conditions before starting rekeyingMartin Willi2014-04-171-0/+6
| | | | | | The extensions and conditions apply to the rekeyed IKE_SA as well, so we should migrate them. Especially when using algorithms from private space, we need EXT_STRONGSWAN to properly select these algorithms during IKE rekeying.
* ikev2: Add inherit_pre() to apply config and hosts before IKE_SA rekeyingMartin Willi2014-04-173-14/+28
|
* ikev2: Fix reauthentication if peer assigns a different virtual IPTobias Brunner2014-04-151-1/+1
| | | | | | | | | | | | | | | | | Before this change a reqid set on the create_child_t task was used as indicator of the CHILD_SA being rekeyed. Only if that was not the case would the local traffic selector be changed to 0.0.0.0/0|::/0 (as we don't know which virtual IP the gateway will eventually assign). On the other hand, in case of a rekeying the VIP is expected to remain the same, so the local TS would simply equal the VIP. Since c949a4d5016e33c5 reauthenticated CHILD_SAs also have the reqid set. Which meant that the local TS would contain the previously assigned VIP, basically rendering the gateway unable to assign a different VIP to the client as the resulting TS would not match the client's proposal anymore. Fixes #553.
* ikev2: Reject CREATE_CHILD_SA exchange on unestablished IKE_SAsMartin Willi2014-04-141-0/+9
| | | | | | | Prevents a responder peer to trick us into established state by starting IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH. Fixes CVE-2014-2338.
* aead: Support custom AEAD salt sizesMartin Willi2014-03-311-2/+27
| | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeyingMartin Willi2014-03-311-0/+12
| | | | | Works around issues related to system time changes and kernel backends using that system time, such as Linux XFRM.
* ikev2: Cache all received attribute certificates to auth configMartin Willi2014-03-311-1/+27
|
* ikev2: Send all known and valid attribute certificates for subject certMartin Willi2014-03-311-0/+46
|
* ikev2: Slightly refactor certificate payload construction to separate functionsMartin Willi2014-03-311-37/+56
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-0/+3
| | | | References #516.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-1211-26/+26
|
* ikev1: Fix config switching due to failed authentication during Aggressive modeTobias Brunner2014-02-121-3/+1
| | | | | | | The encoded ID payload gets destroyed by the authenticator, which caused a segmentation fault after the switch. Fixes #501.
* child-sa: Add a getter for CHILD_SA install timeMartin Willi2014-01-232-0/+20
|
* ikev2: Add Cisco FRAGMENTATION vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Add Cisco Copyright vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Add Cisco Delete Reason vendor IDMartin Willi2014-01-231-0/+2
| | | | Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
* ikev2: Use a more dynamic vendor ID database, as we use with IKEv1Martin Willi2014-01-231-16/+57
|
* ike: Simplify error handling if name resolution failedTobias Brunner2014-01-231-16/+3
| | | | | | | This avoids a second name resolution attempt just to determine if %any etc. was configured. Fixes #440.
* ike: Use proper hostname(s) when name resolution failedTobias Brunner2014-01-231-1/+1
| | | | | | Was wrong since 0edce687675df8f10f4026fa12a8fc3b3dd003f5. Fixes #440.
* ikev2: Wipe (optional) shared secret during CHILD_SA key derivationTobias Brunner2014-01-231-11/+14
|
* ike_sa: Defer task manager destruction after child destructionThomas Egerer2014-01-164-9/+16
| | | | | | | | | | This patch exports the task manager's flush to allow flushing of all queues with one function call from ike_sa->destroy. It allows the access of intact children during task destructoin (see git-commit e44ebdcf) and allows the access of the task manager in child_state_change hook. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ike: Log SK_p consistently on level 4Tobias Brunner2013-11-281-1/+1
|
* trap-manager: Reset IKE_SA on bus_t if initiating failsTobias Brunner2013-11-211-0/+1
|
* trap-manager: Prevent deadlock when installing trap policiesTobias Brunner2013-11-211-40/+46
| | | | | | | | | | | Because the write lock was held while calling add_policies() on child_sa_t, which finishes with a call to child_state_change() on bus_t, a deadlock would ensue if CHILD_SAs are concurrently being established, which also causes a call to child_state_change() that will require the read lock in trap_manager_t. No locks are now being held while creating the CHILD_SA and installing the trap policies.
* ikev2: Properly free DH secret in case of errors during IKE key derivationTobias Brunner2013-11-061-0/+3
| | | | Fixes #437.
* ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeyingMartin Willi2013-11-011-0/+8
| | | | | | | Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which is perfectly valid. For short(er) DPD delays, this leads to the situation where we send a DPD request during set_state(), but the IKE_SA has no hosts set yet. Avoid that DPD by resetting the INBOUND timestamp during set_state().
* ikev1: Properly initialize list of fragments in case fragment ID is 0Volker Rümelin2013-10-311-1/+1
| | | | Fixes CVE-2013-6076.
* Fixed some typosTobias Brunner2013-10-292-2/+2
|
* trap-manager: Make sure a config is not trapped twiceTobias Brunner2013-10-171-4/+16
|
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-111-0/+8
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-111-1/+1
| | | | for IKEv2 anyway
* kernel: Use a time_t to report use time in query_policy()Martin Willi2013-10-111-2/+2
|
* kernel: Use a time_t to report use time in query_sa()Martin Willi2013-10-111-3/+3
|
* ike: Define keylength for aescmac algorithmMartin Willi2013-10-111-0/+1
|
* ikev1: Delete quick modes with the negotiated SA protocolMartin Willi2013-10-111-1/+1
|
* trap-manager: Install trap with SA protocol of the first configured proposalMartin Willi2013-10-111-4/+12
|
* child-sa: Save protocol during SPI allocationMartin Willi2013-10-111-6/+3
| | | | | This allows us to properly delete the incomplete SA with the correct protocol should negotiation fail.
* ikev1: Negotiate SPI with the first/negotiated proposal protocolMartin Willi2013-10-111-3/+18
|
* ikev2: Allocate SPI with the protocol of the first/negotiated proposalMartin Willi2013-10-111-2/+16
|
* ikev1: Accept reauthentication attempts with a keep unique policy from same hostMartin Willi2013-09-301-6/+17
| | | | | | | When we have a "keep" unique policy in place, we have to be less strict in rejecting Main/Aggressive Modes to enforce it. If the host/port equals to that of an existing ISAKMP SA, we assume it is a reauthentication attempt and accept the new SA (to replace the old).
* ikev1: Delay a potential delete for a duplicate IKE_SA having a replace policyMartin Willi2013-09-301-8/+29
| | | | | | | | | Sending a DELETE for the replaced SA immediately is problematic during reauthentication, as the peer might have associated the Quick Modes to the old SA, and also delete them. With this change the delete for the old ISAKMP SA is usually omitted, as it is gets implicitly deleted by the reauth.
* ikev2: Force an update of the host addresses on the first responseTobias Brunner2013-09-231-11/+9
| | | | | | | | | | | This is especially useful on Android where we are able to send messages even if we don't know the correct local address (this is possible because we don't set source addresses in outbound messages). This way we may learn the correct local address if it e.g. changed right before reestablishing an SA. Updating the local address later is tricky without MOBIKE as the responder might not update the associated IPsec SAs properly.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 11:32:04 +0000