aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* unit-tests: Forward variable argument list in TEST_SUITE_DEPENDMartin Willi2015-07-121-2/+2
| | | | | For some plugin features, such as crypters or AEADs, we have some additional feature arguments, such as the key size.
* unit-tests: Load libstrongswan plugins in libcharon testsMartin Willi2015-07-122-0/+16
|
* ikev2: Derive additional 4 byte CHILD_SA nonce keymat for ChaCha20-Poly1305Martin Willi2015-06-291-0/+1
|
* ikev2: Use four byte salt for ChaCha20-Poly1305 AEADMartin Willi2015-06-291-0/+1
|
* osx-attr: Optionally replace existing DNS server instead of appending themMartin Willi2015-06-181-3/+27
|
* ikev2: Enforce remote authentication config before proceeding with own ↵Martin Willi2015-06-051-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | authentication Previously the constraints in the authentication configuration of an initiator were enforced only after all authentication rounds were complete. This posed a problem if an initiator used EAP or PSK authentication while the responder was authenticated with a certificate and if a rogue server was able to authenticate itself with a valid certificate issued by any CA the initiator trusted. Because any constraints for the responder's identity (rightid) or other aspects of the authentication (e.g. rightca) the initiator had were not enforced until the initiator itself finished its authentication such a rogue responder was able to acquire usernames and password hashes from the client. And if a client supported EAP-GTC it was even possible to trick it into sending plaintext passwords. This patch enforces the configured constraints right after the responder's authentication successfully finished for each round and before the initiator starts with its own authentication. Fixes CVE-2015-4171.
* child-sa: Use any fixed reqid configured on the CHILD_SA configMartin Willi2015-06-051-2/+2
| | | | | | | Global reqid allocation (94eb09ac) broke fixed reqid allocation. Resupport them by bypassing allocation in the kernel if a fixed reqid has been configured. Fixes #976.
* message: Log message if unknown/disallowed payload receivedTobias Brunner2015-06-011-3/+10
|
* message: Log original message type of unknown payloadsTobias Brunner2015-06-011-0/+13
|
* unknown-payload: Use a new private payload type and make original type availableTobias Brunner2015-06-016-10/+35
| | | | | | | | | This fixes a DoS and potential remote code execution vulnerability that was caused because the original payload type that was returned previously was used to cast such payload objects to payloads of the indicated type (e.g. when logging notify payloads with a payload type for the wrong IKE version). Fixes CVE-2015-3991.
* ikev2: Include fragment number into message ID passed to IV genMartin Willi2015-06-011-0/+5
| | | | | | When using a cipher with sequential IVs, we never must pass an identical IV to the IV generator. To avoid it when using IKEv2 fragmentation, use the lower bits of the 64-bit message ID as the fragment number.
* message: Show the fragmentation numbers in message stringificationMartin Willi2015-06-011-0/+36
|
* ha: Document tunnel parameterTobias Brunner2015-05-271-0/+1
|
* ha: Skip SA for sync messages when resyncing HA segmentsTobias Brunner2015-05-263-3/+14
|
* ha: Move plugin initialization from constructor to plugin callbackTobias Brunner2015-05-261-58/+69
| | | | | This fixes support for the secret option, as otherwise the kernel interface is not registered yet when the trap policy is installed.
* vici: Explicitly disable --user-install when installing Ruby GemTobias Brunner2015-05-211-1/+1
| | | | | | | | Only one of `--user-install` and `--install-dir` may be set and if `--user-install` is the default on a system installation will fail unless we disable it explicitly. Fixes #914.
* vici: Make installation of Ruby Gem and Python Egg optionalTobias Brunner2015-05-212-0/+4
| | | | | | | | | | | | | | | | | | Installing them might not work well when building distro packages (e.g. with DESTDIR installs). It might be easier to install them later with a script in the distro package. When building from source on the local system it could still be useful to install the packages directly, which can be enabled with separate configure options. The main problem with DESTDIR installations of the Python Egg is that easy_install creates or modifies a file called easy-install.pth in the installation directory. So it's not actually possible to simply copy the results in DESTDIR over to the actual system as that file would have to be merged with any existing one. Fixes #914.
* vici: Support out-of-tree build of Python EggTobias Brunner2015-05-211-5/+5
| | | | | | | We also don't require setup.py to exist during cleanup, as e.g. with make distcheck the source directory is not writable when the build directory is cleaned, so setup.py can't be created (to just get removed again anyway if VICI and the Python Eggs haven't been enabled previously).
* ikev1: When a reauth is detected explicitly delete the old IKE_SATobias Brunner2015-05-211-3/+13
| | | | | | | | | | | Instead of just implicitly destroying the old SA we properly delete it to notify the other peer (if the other peer keeps the SA up after the reauthentication and sends DPDs it might consider us dead even though the new SA is up, that seems to be the case with racoon). We delay the DELETE a bit to give the other peer time to get the new SA fully established. Since DELETE messages are not retransmitted it is still possible that the other peer misses that we deleted the SA.
* eap-radius: Keep track of stats for SAs migrated during IKEv1 reauthenticationTobias Brunner2015-05-211-88/+229
|
* ikev1: Trigger children_migrate event if CHILD_SAs are adoptedTobias Brunner2015-05-213-1/+12
|
* bus: Add new hook called when IKEv1 CHILD_SAs are migrated to a new IKE_SATobias Brunner2015-05-213-3/+58
| | | | | | The interface is currently not very nice, but if we ever were able to safely checkout multiple SAs concurrently we could add something similar to ike_rekey() and call that when we detect a reauthentication.
* eap-radius: Remove cache entries for expired SAs during ike/child_rekeyTobias Brunner2015-05-211-0/+53
|
* eap-radius: Add cache for usage stats of expired/rekeyed SAsTobias Brunner2015-05-211-6/+102
| | | | | | | | | | | | | There are several situations that the previous code didn't handle that well, for example, interim updates during rekeying (until the rekeyed SA was deleted the numbers were too high, then suddenly dropped afterwards), or rekeying for IKEv1 in general because rekeyed IPsec SAs stay installed until they expire (so if they were still around when the IKE_SA was terminated, the reported numbers in the Stop message were too high). If intermediate updates are not used the cache entries for rekeyed CHILD_SA will accumulate, we can't clean them up as we don't get child_updown() events for them.
* child-create: Destroy nonceg in migrate()Tobias Brunner2015-05-051-1/+2
| | | | | Since another nonce gets allocated later (if any was allocated already) this would have resulted in a leaked nonce context ID when used in charon-tkm.
* child-create: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-14/+12
| | | | As with ike-init we can't return NULL in the task constructor.
* ike-init: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-13/+21
| | | | | | Returning FAILED in the constructor is wrong, but returning NULL doesn't work either as it's currently assumed tasks always can be created. Therefore, delay this check until we actually try to allocate a nonce.
* ike-init: Fix compiler warningTobias Brunner2015-05-051-2/+0
|
* ike-init: Make nonceg a member of ike_init structReto Buerki2015-05-041-20/+17
| | | | | | | This allows to control the life-cycle of a nonce in the context of the ike init task. In the TKM use-case the nonce generator cannot be destroyed before the ike init task is finalized, otherwise the created nonce is detected as stale.
* child-create: Make nonceg a member of child_create structReto Buerki2015-05-041-12/+16
| | | | | | | | This allows to control the life-cycle of a nonce in the context of the child create task. In the TKM use-case, it is required to reset the nonce context if the created nonce is not consumed. This happens if the child SA negotiation fails and it is detected before the SA is established via the TKM kernel plugin (i.e. rekey collision).
* Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alertAdrian-Ken Rueegsegger2015-05-042-3/+8
| | | | | The parameter indicates if the alert is raised upon failure to establish the first CHILD SA of an IKE SA.
* vici: Default to certificate subject for identityTimo Teräs2015-05-041-0/+37
| | | | | | | | If id is not specified and certificate authentication is used, use the certificate subject name as identity. Simplifies configuration as in most cases this is the right thing to do. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* vici: Add support for ike_sa and child_sa updown notificationsTimo Teräs2015-05-043-0/+137
| | | | | | Useful for monitoring and management purposes. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* vici: Add function to test if an event should be generatedTimo Teräs2015-05-042-0/+74
| | | | | | | Useful to avoid generating vici messages if they are not needed and their generation is heavy operation. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* ike-vendor: Add some Microsoft vendor IDsTobias Brunner2015-04-211-0/+10
|
* vici: Relicense libvici.h under MITMartin Willi2015-04-141-9/+20
| | | | | | libvici currently relies on libstrongswan, and therefore is bound to the GPLv2. But to allow alternatively licensed reimplementations without copyleft based on the same interface, we liberate the header.
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-1410-13/+11
|
* utils: Use memeq_const() for all cryptographic purposesMartin Willi2015-04-146-13/+7
|
* vici: Defer read/write error reporting after connection entry has been releasedMartin Willi2015-04-131-12/+34
| | | | | | | | | | | | | | | | If a vici client registered for (control-)log events, but a vici read/write operation fails, this may result in a deadlock. The attempt to write to the bus results in a vici log message, which in turn tries to acquire the lock for the entry currently held. While a recursive lock could help as well for a single thread, there is still a risk of inter-thread races if there is more than one thread listening for events and/or having read/write errors. We instead log to a local buffer, and write to the bus not before the connection entry has been released. Additionally, we mark the connection entry as unusable to avoid writing to the failed socket again, potentially triggering an error loop.
* aead: Create AEAD using traditional transforms with an explicit IV generatorMartin Willi2015-04-131-4/+11
| | | | | | Real AEADs directly provide a suitable IV generator, but traditional crypters do not. For some (stream) ciphers, we should use sequential IVs, for which we pass an appropriate generator to the AEAD wrapper.
* stroke: Properly parse bliss key strength in public key constraintTobias Brunner2015-03-251-1/+1
|
* eap-tnc: Free eap-tnc object if IKE_SA not found to get IPsTobias Brunner2015-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2015-03-252-2/+2
|
* child-sa: Add a new state to track rekeyed IKEv1 CHILD_SAsTobias Brunner2015-03-257-5/+15
| | | | | | This is needed to handle DELETEs properly, which was previously done via CHILD_REKEYING, which we don't use anymore since 5c6a62ceb6 as it prevents reauthentication.
* ikev1: Inverse check when applying received KE value during Quick Mode5.3.0rc1Martin Willi2015-03-241-1/+1
| | | | Fixes Quick Mode negotiation when PFS is in use.
* encoding: Remove DH public value verification from KE payloadMartin Willi2015-03-231-73/+0
| | | | | | | | This commit reverts 84738b1a and 2ed5f569. As we have no DH group available in the KE payload for IKEv1, the verification can't work in that stage. Instead, we now verify DH groups in the DH backends, which works for any IKE version or any other purpose.
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-235-7/+55
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-238-12/+39
|
* encoding: Allow ke_payload_create_from_diffie_hellman() to failMartin Willi2015-03-235-13/+59
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-236-10/+10
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 12:19:41 +0000