aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
* ikev2: Add hash algorithm used for RSASSA-PSS signature to log messageTobias Brunner2017-11-171-11/+41
|
* Fixed some typos, courtesy of codespellTobias Brunner2017-11-152-2/+2
|
* ikev2: Use helpers to build signature auth dataTobias Brunner2017-11-081-40/+4
|
* ikev2: Enumerate RSA/PSS schemes and use them if enabledTobias Brunner2017-11-081-7/+11
|
* ikev2: Support signing with RSASSA-PSS via RFC 7427 signature authTobias Brunner2017-11-081-6/+21
|
* ikev2: Verify RSASSA-PSS signatures via RFC 7427 signature authTobias Brunner2017-11-081-19/+34
|
* keymat_v2: Pass/receive signature schemes as signature_param_t objectsTobias Brunner2017-11-082-28/+58
|
* auth-cfg: Store signature schemes as signature_params_t objectsTobias Brunner2017-11-082-18/+23
| | | | | Due to circular references the hasher_from_signature_scheme() helper does not take a signature_params_t object.
* certificate: Return signature scheme and parameters from issued_by() methodTobias Brunner2017-11-081-0/+1
| | | | | This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-082-3/+3
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-082-2/+2
|
* ikev2: Don't use SHA-1 for RFC 7427 signature authenticationTobias Brunner2017-11-081-3/+1
| | | | | | RFC 8247 demoted it to MUST NOT. References #2427.
* shunt-mananger: Make outbound FWD shunt policies optionalTobias Brunner2017-11-021-6/+15
|
* ike: Do not send initial contact only for UNIQUE_NEVERThomas Egerer2017-11-022-3/+1
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* child-cfg: Optionally set mark on inbound SATobias Brunner2017-11-021-2/+17
|
* ikev2: Abort make-before-break reauth if we don't find children to recreateTobias Brunner2017-11-021-1/+19
| | | | | | | We do something similar in reestablish() for break-before-make reauth. If we don't abort we'd be sending an IKE_AUTH without any TS payloads. References #2430.
* libcharon: Added Cisco FlexVPN Supported VIDAndreas Steffen2017-10-271-0/+2
|
* child-create: Don't consider a DH group mismatch as failure as responderTobias Brunner2017-09-181-1/+0
| | | | | | | This causes problems e.g. on Android where we handle the alert (and reestablish the IKE_SA) even though it usually is no problem if the peer retries with the requested group. We don't consider it as a failure on the initiator either.
* child-delete: Only let SAs expire naturally if they not already didTobias Brunner2017-09-151-1/+1
|
* ike: Reset local SPI if retrying to connect in state IKE_CONNECTINGTobias Brunner2017-09-043-11/+19
| | | | | | | | | | | | | | In case we send retransmits for an IKE_SA_INIT where we propose a DH group the responder will reject we might later receive delayed responses that either contain INVALID_KE_PAYLOAD notifies with the group we already use or, if we retransmitted an IKE_SA_INIT with the requested group but then had to restart again, a KE payload with a group different from the one we proposed. So far we didn't change the initiator SPI when restarting the connection, i.e. these delayed responses were processed and might have caused fatal errors due to a failed DH negotiation or because of the internal retry counter in the ike-init task. Changing the initiator SPI avoids that as we won't process the delayed responses anymore that caused this confusion.
* ike-sa-manager: Add method to change the initiator SPI of an IKE_SATobias Brunner2017-09-042-4/+99
|
* ike-init: Fail if DH group in KE payload does not match proposed groupTobias Brunner2017-09-041-1/+5
|
* child-sa: Allow requesting different unique marks for in/outEyal Birger2017-08-071-6/+23
| | | | | | | | | | | | | | | | | | | | When requiring unique flags for CHILD_SAs, allow the configuration to request different marks for each direction by using the %unique-dir keyword. This is useful when different marks are desired for each direction but the number of peers is not predefined. An example use case is when implementing a site-to-site route-based VPN without VTI devices. A use of 0.0.0.0/0 - 0.0.0.0/0 traffic selectors with identical in/out marks results in outbound traffic being wrongfully matched against the 'fwd' policy - for which the underlay 'template' does not match - and dropped. Using different marks for each direction avoids this issue as the 'fwd' policy uses the 'in' mark will not match outbound traffic. Closes strongswan/strongswan#78.
* trap-manager: Don't require that remote is resolvable during installationTobias Brunner2017-08-071-10/+49
| | | | | | | | Initiation might later fail, of course, but we don't really require an IP address when installing, that is, unless the remote traffic selector is dynamic. As that would result in installing a 0.0.0.0/0 remote TS which is not ideal when a single IP is expected as remote.
* child-create: Don't log CHILD_SA initiation until we know the unique IDTobias Brunner2017-08-071-11/+13
|
* child-rekey: Add CHILD_SA name and unique ID to collision log messagesTobias Brunner2017-08-071-8/+13
|
* child-sa: Suppress CHILD_SA state changes if there is no changeTobias Brunner2017-08-071-6/+9
|
* child-rekey: Don't install outbound SA in case of lost collisionsTobias Brunner2017-08-073-21/+66
| | | | | | | This splits the SA installation also on the initiator, so we can avoid installing the outbound SA if we lost a rekey collision, which might have caused traffic loss depending on the timing of the DELETEs that are sent in both directions.
* child-sa: Install outbound SA immediately if kernel supports SPIs on policiesTobias Brunner2017-08-073-26/+47
|
* child-sa: Use flags to track installation of outbound SA and policies separatelyTobias Brunner2017-08-072-28/+44
|
* ikev2: AES-CMAC-PRF-128 only uses the first 64 bits of each nonceTobias Brunner2017-07-271-2/+5
| | | | References #2377.
* ike: Trigger CHILD_INSTALLED state change after corresponding log messageTobias Brunner2017-07-272-10/+9
| | | | | | | | This way we get the log message in stroke and swanctl as last message when establishing a connection. It's already like this for the IKE_SA where IKE_ESTABLISHED is set after the corresponding log message. Fixes #2364.
* ikev1: Only delete redundant CHILD_SAs if configuredTobias Brunner2017-06-261-1/+5
| | | | | | | | | If we find a redundant CHILD_SA (the peer probably rekeyed the SA before us) we might not want to delete the old SA because the peer might still use it (same applies to old CHILD_SAs after rekeyings). So only delete them if configured to do so. Fixes #2358.
* ike: Apply retransmission_limit before applying the jitterTobias Brunner2017-05-262-8/+8
|
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-264-104/+125
| | | | This avoids the unportable five pointer hack.
* linked-list: Change interface of callback for invoke_function()Tobias Brunner2017-05-261-5/+5
| | | | This avoids the unportable five pointer hack.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-266-94/+150
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-263-8/+20
|
* child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256Tobias Brunner2017-05-261-0/+8
| | | | | | | | The correct truncation is 128-bit but some implementations insist on using 96-bit truncation. With strongSwan this can be negotiated using an algorithm identifier from a private range. But this doesn't work with third-party implementations. This adds an option to use 96-bit truncation even if the official identifier is used.
* child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAsTobias Brunner2017-05-232-6/+50
| | | | | | | | After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't destroy the CHILD_SA (and the inbound SA) immediately. We delay it a few seconds or until the SA expires to allow delayed packets to get processed. The CHILD_SA remains in state CHILD_DELETING until it finally gets destroyed.
* child-sa: Remove state to track installation of half the SA againTobias Brunner2017-05-235-17/+2
|
* child-sa: Expose state of the outbound SATobias Brunner2017-05-232-17/+61
|
* child-sa: Add method to remove the outbound SA and policiesTobias Brunner2017-05-232-5/+78
|
* child-sa: Keep track whether the outbound SA has been installed or notTobias Brunner2017-05-231-8/+13
|
* child-delete: Track flags per individual CHILD_SATobias Brunner2017-05-231-47/+78
|
* ikev2: Delay installation of outbound SAs during rekeying on the responderTobias Brunner2017-05-233-10/+92
| | | | | | | | The responder has all the information needed to install both SAs before the initiator does. So if the responder immediately installs the outbound SA it might send packets using the new SA which the initiator is not yet able to process. This can be avoided by delaying the installation of the outbound SA until the replaced SA is deleted.
* child-sa: Add log message for CHILD_SA state changesTobias Brunner2017-05-231-0/+4
|
* child-sa: Add method to associate rekeyed CHILD_SAs with their replacementTobias Brunner2017-05-232-0/+35
|
* child-sa: Add methods that allow partial installation of CHILD_SATobias Brunner2017-05-232-5/+144
| | | | | | | Using install() for the inbound SA and register_outbound() for the outbound SA followed by install_policies(), will delay the installation of the outbound SA as well as the installation of the outbound policies in the kernel until install_outbound() is called later.
* child-sa: Add new state to track installation of only the inbound SATobias Brunner2017-05-232-1/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 03:57:41 +0000