strongswan.git
2 years agoMoved Ed25519 tests to libstrongswan
Andreas Steffen [Tue, 13 Dec 2016 21:47:36 +0000 (22:47 +0100)]
Moved Ed25519 tests to libstrongswan

2 years agounit-tests: Completed coverage of hasher, crypter and libnttfft
Andreas Steffen [Fri, 9 Dec 2016 11:56:15 +0000 (12:56 +0100)]
unit-tests: Completed coverage of hasher, crypter and libnttfft

2 years agoAdded swanctl/net2net-ed2559 scenario and needed Ed25519 certificates
Andreas Steffen [Fri, 9 Dec 2016 09:14:42 +0000 (10:14 +0100)]
Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates

2 years agoImplemented EdDSA for IKEv2 using a pro forma Identity hash function
Andreas Steffen [Fri, 9 Dec 2016 08:38:15 +0000 (09:38 +0100)]
Implemented EdDSA for IKEv2 using a pro forma Identity hash function

2 years agoAdded Ed25519 ref10 implementation from libsodium
Andreas Steffen [Fri, 2 Dec 2016 12:00:24 +0000 (13:00 +0100)]
Added Ed25519 ref10 implementation from libsodium

2 years agoAdded support of EdDSA signatures
Andreas Steffen [Mon, 14 Nov 2016 11:37:23 +0000 (12:37 +0100)]
Added support of EdDSA signatures

2 years agokernel-netlink: Add support for AES-CMAC-96 (RFC 4494)
Tobias Brunner [Mon, 5 Dec 2016 14:07:59 +0000 (15:07 +0100)]
kernel-netlink: Add support for AES-CMAC-96 (RFC 4494)

The kernel apparently supports this since 3.10.

2 years agoandroid: New release after re-adding support for ECC Brainpool curves
Tobias Brunner [Sat, 10 Dec 2016 11:28:09 +0000 (12:28 +0100)]
android: New release after re-adding support for ECC Brainpool curves

2 years agoopenssl: BoringSSL doesn't provide curve data for ECC Brainpool curves
Tobias Brunner [Sat, 10 Dec 2016 11:26:31 +0000 (12:26 +0100)]
openssl: BoringSSL doesn't provide curve data for ECC Brainpool curves

2 years agoandroid: New release after fixing libtpmtss issue
Tobias Brunner [Fri, 9 Dec 2016 10:18:17 +0000 (11:18 +0100)]
android: New release after fixing libtpmtss issue

2 years agoandroid: Make sure libtpmtss is loaded on older systems
Tobias Brunner [Fri, 9 Dec 2016 10:16:42 +0000 (11:16 +0100)]
android: Make sure libtpmtss is loaded on older systems

On newer Android systems this seems to happen automatically (or does at
least not cause crashes if the library is not loaded).

2 years agoandroid: New release after adding notification
Tobias Brunner [Thu, 8 Dec 2016 16:37:21 +0000 (17:37 +0100)]
android: New release after adding notification

2 years agoMerge branch 'android-updates'
Tobias Brunner [Thu, 8 Dec 2016 16:33:11 +0000 (17:33 +0100)]
Merge branch 'android-updates'

Adds a permanent notification while connected (or connecting), which
allows running as a foreground service, which in turn should prevent
Android from terminating the service when low on memory.

Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH.

2 years agoandroid: Ensure that the certificates are loaded when accessing them via JNI
Tobias Brunner [Wed, 7 Dec 2016 16:52:33 +0000 (17:52 +0100)]
android: Ensure that the certificates are loaded when accessing them via JNI

2 years agoandroid: Add a public notification
Tobias Brunner [Wed, 7 Dec 2016 16:51:42 +0000 (17:51 +0100)]
android: Add a public notification

2 years agoandroid: Display a permanent notification while connected
Tobias Brunner [Wed, 2 Nov 2016 17:26:43 +0000 (18:26 +0100)]
android: Display a permanent notification while connected

This forces the service to run in the foreground, meaning the system
won't kill it when low on memory.

2 years agoandroid: Log any installed DNS servers
Tobias Brunner [Wed, 2 Nov 2016 15:40:36 +0000 (16:40 +0100)]
android: Log any installed DNS servers

2 years agoandroid: Unregister listener in case of error alerts
Tobias Brunner [Wed, 2 Nov 2016 15:35:50 +0000 (16:35 +0100)]
android: Unregister listener in case of error alerts

This avoids triggering additional errors via e.g. ike_updown() that
might cause the error message displayed in the GUI to change if the
status fragment is recreated.

References #2134.

2 years agoandroid: Report an error for invalid integer values
Tobias Brunner [Wed, 2 Nov 2016 15:33:29 +0000 (16:33 +0100)]
android: Report an error for invalid integer values

Previously we'd just ignore the invalid values without notifying the
user.

2 years agoandroid: Propose curve25519 in the ESP proposals
Tobias Brunner [Tue, 6 Dec 2016 10:51:33 +0000 (11:51 +0100)]
android: Propose curve25519 in the ESP proposals

2 years agoandroid: Enable curve25519 plugin in the app
Tobias Brunner [Tue, 6 Dec 2016 10:51:19 +0000 (11:51 +0100)]
android: Enable curve25519 plugin in the app

2 years agoandroid: Optionally build the curve25519 plugin
Tobias Brunner [Tue, 6 Dec 2016 10:50:25 +0000 (11:50 +0100)]
android: Optionally build the curve25519 plugin

2 years agoandroid: Propose ChaCha20/Poly1305 in the ESP AEAD proposals
Tobias Brunner [Wed, 18 Nov 2015 10:31:14 +0000 (11:31 +0100)]
android: Propose ChaCha20/Poly1305 in the ESP AEAD proposals

2 years agoandroid: Enable chapoly plugin in the app
Tobias Brunner [Wed, 18 Nov 2015 10:31:03 +0000 (11:31 +0100)]
android: Enable chapoly plugin in the app

2 years agoandroid: Optionally build the chapoly plugin
Tobias Brunner [Wed, 18 Nov 2015 10:25:29 +0000 (11:25 +0100)]
android: Optionally build the chapoly plugin

2 years agoandroid: Update Gradle plugin and wrapper
Tobias Brunner [Tue, 20 Sep 2016 17:20:22 +0000 (19:20 +0200)]
android: Update Gradle plugin and wrapper

2 years agoikev1: Minor code optimization in task manager
Thomas Egerer [Tue, 6 Dec 2016 12:24:59 +0000 (13:24 +0100)]
ikev1: Minor code optimization in task manager

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2 years agotravis: The xcode7.3 image is now the default
Tobias Brunner [Fri, 2 Dec 2016 10:06:08 +0000 (11:06 +0100)]
travis: The xcode7.3 image is now the default

2 years agotravis: Output config.log on failure
Tobias Brunner [Fri, 2 Dec 2016 10:05:30 +0000 (11:05 +0100)]
travis: Output config.log on failure

2 years agoconfigure: Check for actual functions in libraries with AC_CHECK_LIB
Tobias Brunner [Fri, 2 Dec 2016 09:55:13 +0000 (10:55 +0100)]
configure: Check for actual functions in libraries with AC_CHECK_LIB

Checking for `main` produces code like this in the test program:

  int
  main ()
  {
  return main ();
    ;
    return 0;
  }

This recursive call results in a warning message with some compilers (e.g.
Clang in newer Xcode versions: "all paths through this function will call
itself [-Winfinite-recursion]"), which lets the tests fail when compiling
with -Werror.

2 years agoplugin-loader: Strip '!' from critical plugin names when setting paths
Tobias Brunner [Fri, 18 Nov 2016 11:16:34 +0000 (12:16 +0100)]
plugin-loader: Strip '!' from critical plugin names when setting paths

2 years agochild-sa: Use single return statement in update_usebytes()
Thomas Egerer [Tue, 15 Nov 2016 17:27:55 +0000 (18:27 +0100)]
child-sa: Use single return statement in update_usebytes()

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
3 years agoproposal: Remove RFC 5114 MODP DH groups from default proposal
Martin Willi [Thu, 20 Oct 2016 05:12:32 +0000 (07:12 +0200)]
proposal: Remove RFC 5114 MODP DH groups from default proposal

Recent research demonstrates that at least for 1024-bit DH groups, it is
possible to create specially crafted primes having a backdoor. From the
prime itself this is not detectable, creating a perfect NOBUS attack.

http://eprint.iacr.org/2016/961

For the primes defined in RFC 5114 no information is provided on how these
have been selected. In the default proposal we included one of the 2048-bit
primes only, where it is questionable if constructing a backdoored prime is
feasible. Nevertheless, this patch removes the group from the set of default
proposals as well.

3 years agoVersion bump to 5.5.2dr2 5.5.2dr2
Andreas Steffen [Mon, 14 Nov 2016 15:20:10 +0000 (16:20 +0100)]
Version bump to 5.5.2dr2

3 years agotesting: make curve25519 the default DH group
Andreas Steffen [Tue, 8 Nov 2016 12:50:14 +0000 (13:50 +0100)]
testing: make curve25519 the default DH group

3 years agoproposal: Add curve25519 and curve448 to default proposal
Tobias Brunner [Fri, 30 Sep 2016 12:40:48 +0000 (14:40 +0200)]
proposal: Add curve25519 and curve448 to default proposal

3 years agoconfigure: Enable curve25519 plugin by default
Tobias Brunner [Fri, 30 Sep 2016 12:39:18 +0000 (14:39 +0200)]
configure: Enable curve25519 plugin by default

3 years agocurve22519: Add a portable backend implemented in plain C
Martin Willi [Tue, 7 Apr 2015 16:12:52 +0000 (18:12 +0200)]
curve22519: Add a portable backend implemented in plain C

3 years agocurve25519: Add a plugin providing Curve25519 DH using backend drivers
Martin Willi [Fri, 8 Aug 2014 14:22:56 +0000 (16:22 +0200)]
curve25519: Add a plugin providing Curve25519 DH using backend drivers

3 years agodh-speed: Compare the shared secrets for equality after test
Martin Willi [Tue, 7 Apr 2015 16:11:41 +0000 (18:11 +0200)]
dh-speed: Compare the shared secrets for equality after test

3 years agodh-speed: Include the get_my_public_value() call in public exponent timing
Martin Willi [Fri, 8 Aug 2014 14:26:27 +0000 (16:26 +0200)]
dh-speed: Include the get_my_public_value() call in public exponent timing

This fixes results where a DH backend does not generate the public value
in the constructor internally.

3 years agodh-speed: Add an identifier to test curve25519 performance
Martin Willi [Fri, 8 Aug 2014 14:26:03 +0000 (16:26 +0200)]
dh-speed: Add an identifier to test curve25519 performance

3 years agotest-vectors: Add a Curve25519 DH test vector
Martin Willi [Thu, 9 Apr 2015 13:19:42 +0000 (15:19 +0200)]
test-vectors: Add a Curve25519 DH test vector

3 years agoproposal: Add a curve25519 proposal keyword
Martin Willi [Fri, 8 Aug 2014 14:20:59 +0000 (16:20 +0200)]
proposal: Add a curve25519 proposal keyword

3 years agodiffie-hellman: Add DH group identifiers for Curve25519 and Curve448
Martin Willi [Fri, 8 Aug 2014 14:20:31 +0000 (16:20 +0200)]
diffie-hellman: Add DH group identifiers for Curve25519 and Curve448

3 years agobus: Re-add ampersand that got lost in refactoring
Tobias Brunner [Mon, 14 Nov 2016 14:15:11 +0000 (15:15 +0100)]
bus: Re-add ampersand that got lost in refactoring

Fixes: 4af02c6c61cf ("bus: Fix maximum log level for different groups
after removal of a logger")

3 years agopeer-cfg: Fix memory leak when replacing child configs
Tobias Brunner [Fri, 11 Nov 2016 14:30:54 +0000 (15:30 +0100)]
peer-cfg: Fix memory leak when replacing child configs

Fixes: 622c2b2c3386 ("peer-cfg: Add method to atomically replace child
configs")

3 years agobus: Fix maximum log level for different groups after removal of a logger
Tobias Brunner [Wed, 9 Nov 2016 17:29:46 +0000 (18:29 +0100)]
bus: Fix maximum log level for different groups after removal of a logger

The log level was incorrectly set to the same value for all groups.

Fixes: dac15e03c828 ("bus: Fix maximum log levels when mixing log/vlog
implementing loggers")

3 years agofarp: Fix BPF jump false offset
Volker RĂ¼melin [Sun, 30 Oct 2016 21:15:04 +0000 (22:15 +0100)]
farp: Fix BPF jump false offset

Jump to BPF_STMT(BPF_RET+BPF_K, 0) if protocol_size != 4

3 years agoVersion bump to 5.5.2dr1 5.5.2dr1
Andreas Steffen [Sun, 30 Oct 2016 16:34:05 +0000 (17:34 +0100)]
Version bump to 5.5.2dr1

3 years agoFixed in-place update of cached base and delta CRLs
Andreas Steffen [Sun, 30 Oct 2016 15:37:24 +0000 (16:37 +0100)]
Fixed in-place update of cached base and delta CRLs

3 years agoNewer CRLs replace older versions of the CRL in the cache
Andreas Steffen [Wed, 26 Oct 2016 10:48:54 +0000 (12:48 +0200)]
Newer CRLs replace older versions of the CRL in the cache

3 years agoconnmark: Add CAP_NET_RAW to capabilities keep list
Tim Kent [Tue, 25 Oct 2016 06:17:10 +0000 (16:17 +1000)]
connmark: Add CAP_NET_RAW to capabilities keep list

Fix for "Permission denied (you must be root)" error when calling
iptc_init(), which opens a RAW socket to communicate with the kernel,
when built with "--with-capabilities=libcap".

Closes strongswan/strongswan#53.
Fixes #2157.

3 years agoVersion bump to 5.5.1 5.5.1
Andreas Steffen [Thu, 20 Oct 2016 10:57:00 +0000 (12:57 +0200)]
Version bump to 5.5.1

3 years agonm: Enable IKE fragmentation
Tobias Brunner [Thu, 20 Oct 2016 06:03:26 +0000 (08:03 +0200)]
nm: Enable IKE fragmentation

3 years agoVersion bump to 5.5.1rc2 5.5.1rc2
Andreas Steffen [Tue, 18 Oct 2016 16:14:57 +0000 (18:14 +0200)]
Version bump to 5.5.1rc2

3 years agotesting: Renewed expired certificates
Andreas Steffen [Tue, 18 Oct 2016 16:13:58 +0000 (18:13 +0200)]
testing: Renewed expired certificates

3 years agoadded XOF dependencies of bliss and ntru plugins
Andreas Steffen [Tue, 18 Oct 2016 06:33:35 +0000 (08:33 +0200)]
added XOF dependencies of bliss and ntru plugins

3 years agotesting: enable MACsec in guest kernel
Andreas Steffen [Tue, 18 Oct 2016 14:25:14 +0000 (16:25 +0200)]
testing: enable MACsec in guest kernel

3 years agoconfigure: Reorder mgf1 in list of crypto plugins
Tobias Brunner [Tue, 18 Oct 2016 09:42:40 +0000 (11:42 +0200)]
configure: Reorder mgf1 in list of crypto plugins

3 years agonewhope: Fix Doxygen group name
Tobias Brunner [Fri, 14 Oct 2016 16:41:08 +0000 (18:41 +0200)]
newhope: Fix Doxygen group name

3 years agolibnttfft: Fix Doxygen group
Tobias Brunner [Fri, 14 Oct 2016 16:34:42 +0000 (18:34 +0200)]
libnttfft: Fix Doxygen group

3 years agoFixed some typos, courtesy of codespell
Tobias Brunner [Fri, 14 Oct 2016 16:09:09 +0000 (18:09 +0200)]
Fixed some typos, courtesy of codespell

3 years agonewhope: Properly release allocated arrays if RNG can't be created
Tobias Brunner [Fri, 14 Oct 2016 13:24:04 +0000 (15:24 +0200)]
newhope: Properly release allocated arrays if RNG can't be created

3 years agonm: Add D-Bus policy to the distribution
Tobias Brunner [Fri, 14 Oct 2016 12:11:23 +0000 (14:11 +0200)]
nm: Add D-Bus policy to the distribution

3 years agonm: Version bump to 1.4.1
Tobias Brunner [Fri, 14 Oct 2016 07:50:31 +0000 (09:50 +0200)]
nm: Version bump to 1.4.1

3 years agokernel-netlink: Fix get_route() interface determination
Christophe Gouault [Wed, 12 Oct 2016 16:12:08 +0000 (18:12 +0200)]
kernel-netlink: Fix get_route() interface determination

A wrong variable is used (route instead of best), so much that the
returned interface belongs to the last seen route instead of the best
choice route.

get_route() may therefore return mismatching interface and gateway.

Fixes: 66e9165bc686 ("kernel-netlink: Return outbound interface in get_nexthop()")

Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
3 years agoVersion bump to 5.5.1rc1 5.5.1rc1
Andreas Steffen [Tue, 11 Oct 2016 17:21:36 +0000 (19:21 +0200)]
Version bump to 5.5.1rc1

3 years agoMerge branch 'cache-crls'
Andreas Steffen [Tue, 11 Oct 2016 15:19:29 +0000 (17:19 +0200)]
Merge branch 'cache-crls'

3 years agoSave both base and delta CRLs to disk
Andreas Steffen [Fri, 30 Sep 2016 06:05:20 +0000 (08:05 +0200)]
Save both base and delta CRLs to disk

3 years agovici: strongswan.conf cache_crls = yes saves fetched CRLs to disk
Andreas Steffen [Tue, 27 Sep 2016 12:42:08 +0000 (14:42 +0200)]
vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk

3 years agomem-cred: Support storing a delta CRL together with its base
Tobias Brunner [Fri, 7 Oct 2016 08:56:06 +0000 (10:56 +0200)]
mem-cred: Support storing a delta CRL together with its base

So far every "newer" CRL (higher serial or by date) replaced an existing
"older" CRL.  This meant that delta CRLs replaced an existing base CRL
and that base CRLs weren't added if a delta CRL was already stored.  So
the base had to be re-fetched every time after a delta CRL was added.

With this change one delta CRL to the latest base may be stored.  A newer
delta CRL will replace an existing delta CRL (but not its base, older
base CRLs are removed, though).  And a newer base will replace the existing
base and optional delta CRL.

3 years agorevocation: Cache valid CRL also if certificate is revoked
Tobias Brunner [Mon, 3 Oct 2016 10:40:24 +0000 (12:40 +0200)]
revocation: Cache valid CRL also if certificate is revoked

3 years agopki: Don't remove zero bytes in CRL serials anymore
Tobias Brunner [Mon, 3 Oct 2016 10:15:10 +0000 (12:15 +0200)]
pki: Don't remove zero bytes in CRL serials anymore

This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs.  But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.

3 years agopki: Use serial of base CRL for delta CRLs
Tobias Brunner [Mon, 3 Oct 2016 10:10:40 +0000 (12:10 +0200)]
pki: Use serial of base CRL for delta CRLs

According to RFC 5280 delta CRLs and complete CRLs MUST share one
numbering sequence.

3 years agoopenssl: Fix AES-GCM with BoringSSL
Tobias Brunner [Tue, 11 Oct 2016 08:54:06 +0000 (10:54 +0200)]
openssl: Fix AES-GCM with BoringSSL

BoringSSL only supports a limited list of (hard-coded) algorithms via
EVP_get_cipherbyname(), which does not include AES-GCM.  While BoringSSL
deprecated these functions they are also supported by OpenSSL (in BoringSSL
a completely new interface for AEADs was added, which OpenSSL currently does
not support).

3 years agoandroid: Identifiers for SHA2-base RSA signature schemes got renamed
Tobias Brunner [Mon, 10 Oct 2016 15:52:35 +0000 (17:52 +0200)]
android: Identifiers for SHA2-base RSA signature schemes got renamed

Fixes: 40f2589abfc8 ("gmp: Support of SHA-3 RSA signatures")

3 years agoandroid: MGF1 implementation was moved to a plugin
Tobias Brunner [Mon, 10 Oct 2016 15:48:01 +0000 (17:48 +0200)]
android: MGF1 implementation was moved to a plugin

Fixes: 188b190a70c9 ("mgf1: Refactored MGF1 as an XOF")

3 years agoldap: Fix crash in case of empty LDAP response for CRL fetch
Yannick CANN [Thu, 6 Oct 2016 13:40:47 +0000 (15:40 +0200)]
ldap: Fix crash in case of empty LDAP response for CRL fetch

In case of an empty LDAP result during a CRL fetch (for example, due to
a wrong filter attribute in the LDAP URI, or invalid LDAP configuration),
the call to ldap_result2error() with NULL value for "entry" lead to
a crash.

Closes strongswan/strongswan#52.

3 years agolibimcv: Add Debian 8.6 to database
Tobias Brunner [Wed, 5 Oct 2016 13:53:32 +0000 (15:53 +0200)]
libimcv: Add Debian 8.6 to database

3 years agotask-manager: Only trigger retransmit cleared alert if there was at least one retransmit
Tobias Brunner [Tue, 4 Oct 2016 15:44:14 +0000 (17:44 +0200)]
task-manager: Only trigger retransmit cleared alert if there was at least one retransmit

The counter is already increased when sending the original message.

Fixes: bd71ba0ffb03 ("task-manager: Add retransmit cleared alert")

3 years agoMerge branch 'proposal-checks'
Tobias Brunner [Wed, 5 Oct 2016 12:58:41 +0000 (14:58 +0200)]
Merge branch 'proposal-checks'

Adds checks for proposals parsed from strings.  For instance, the presence
of DH, PRF and encryption algorithms for IKE are now enforced and AEAD and
regular encryption algorithms are not allowed in the same proposal anymore.
Also fixed is the mapping of the aes*gmac keywords to an integrity algorithm
in AH proposals.

3 years agounit-tests: Enable optional logging in libcharon unit tests
Tobias Brunner [Wed, 5 Oct 2016 12:22:37 +0000 (14:22 +0200)]
unit-tests: Enable optional logging in libcharon unit tests

3 years agounit-tests: Add more tests for proposal creation
Tobias Brunner [Tue, 4 Oct 2016 10:01:36 +0000 (12:01 +0200)]
unit-tests: Add more tests for proposal creation

3 years agoproposal: Correctly add AES-GMAC for AH proposals
Tobias Brunner [Tue, 4 Oct 2016 09:58:28 +0000 (11:58 +0200)]
proposal: Correctly add AES-GMAC for AH proposals

We parse aes*gmac as encryption algorithm, which we have to map to an
integrity algorithm.  We also make sure we remove all other encryption
algorithms and ensure there is an integrity algorithm.

3 years agoproposal: Enforce separate proposals for AEAD and classic encryption algorithms
Tobias Brunner [Tue, 4 Oct 2016 09:57:30 +0000 (11:57 +0200)]
proposal: Enforce separate proposals for AEAD and classic encryption algorithms

3 years agoproposal: Make sure there is a PRF defined in IKE proposals
Tobias Brunner [Tue, 4 Oct 2016 08:58:18 +0000 (10:58 +0200)]
proposal: Make sure there is a PRF defined in IKE proposals

But filter PRFs from ESP proposals.

3 years agoproposal: Make DH groups mandatory in IKE proposals parsed from strings
Tobias Brunner [Wed, 13 Jul 2016 10:37:29 +0000 (12:37 +0200)]
proposal: Make DH groups mandatory in IKE proposals parsed from strings

References #2051.

3 years agoikev2: Respond with NO_PROPOSAL_CHOSEN if proposal without DH group was selected
Tobias Brunner [Wed, 13 Jul 2016 10:24:39 +0000 (12:24 +0200)]
ikev2: Respond with NO_PROPOSAL_CHOSEN if proposal without DH group was selected

Fixes #2051.

3 years agotesting: Remove ikev2/default-keys scenario
Tobias Brunner [Wed, 5 Oct 2016 10:25:29 +0000 (12:25 +0200)]
testing: Remove ikev2/default-keys scenario

No default keys are generated anymore.

3 years agokernel-netlink: Consider RTA_SRC when looking for a source address
Tobias Brunner [Tue, 23 Aug 2016 10:48:37 +0000 (12:48 +0200)]
kernel-netlink: Consider RTA_SRC when looking for a source address

3 years agoMerge branch 'priv-key-any'
Tobias Brunner [Wed, 5 Oct 2016 09:36:11 +0000 (11:36 +0200)]
Merge branch 'priv-key-any'

Adds the ability to parse KEY_ANY keys via the pkcs1 and openssl plugins.
This is then used in the pki utility, where private keys may now be
loaded via `priv` keyword instead of having to specify the type of the key
explicitly.  And swanctl can load any type of key from the swanctl/private
directory.

3 years agoswanctl: Add 'private' directory/section to load any type of private key
Tobias Brunner [Fri, 30 Sep 2016 13:16:42 +0000 (15:16 +0200)]
swanctl: Add 'private' directory/section to load any type of private key

3 years agopki: Add generic 'priv' key type that loads any type of private key
Tobias Brunner [Wed, 31 Aug 2016 15:57:12 +0000 (17:57 +0200)]
pki: Add generic 'priv' key type that loads any type of private key

3 years agoopenssl: Add a generic private key loader
Tobias Brunner [Thu, 22 Sep 2016 14:21:22 +0000 (16:21 +0200)]
openssl: Add a generic private key loader

3 years agopkcs1: Support building of KEY_ANY private keys
Tobias Brunner [Wed, 31 Aug 2016 15:34:00 +0000 (17:34 +0200)]
pkcs1: Support building of KEY_ANY private keys

We try to detect the type of key by parsing the basic structure of the
passed ASN.1 blob.

3 years agopki: Drop -priv suffix to specify private key types
Tobias Brunner [Wed, 31 Aug 2016 13:08:09 +0000 (15:08 +0200)]
pki: Drop -priv suffix to specify private key types

3 years agoikev2: Only add NAT-D notifies to DPDs as initiator
Tobias Brunner [Fri, 30 Sep 2016 08:24:54 +0000 (10:24 +0200)]
ikev2: Only add NAT-D notifies to DPDs as initiator

If a responder is natted it will usually be a static NAT (unless it's a
mediated connection) in which case adding these notifies makes not much
sense (if the initiator's NAT mapping had changed the responder wouldn't
be able to reach it anyway).  It's also problematic as some clients refuse
to respond to DPDs if they contain such notifies.

Fixes #2126.

3 years agopkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyId
Raphael Geissert [Wed, 31 Aug 2016 11:22:38 +0000 (13:22 +0200)]
pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyId

charon-nm fails to find the private key when its CKA_ID doesn't match the
subjectKeyIdentifier of the X.509 certificate.  In such cases, the private
key builder now falls back to enumerating all the certificates, looking for
one that matches the supplied subjectKeyIdentifier.  It then uses the CKA_ID
of that certificate to find the corresponding private key.

It effectively means that PKCS#11 tokens where the only identifier to relate
the certificate, the public key, and the private key is the CKA_ID are now
supported by charon-nm.

Fixes #490.

3 years agonm: Make global CA directory configurable
Tobias Brunner [Wed, 31 Aug 2016 16:08:38 +0000 (18:08 +0200)]
nm: Make global CA directory configurable