strongswan.git
8 years agoimplemented support if functional sub-components
Andreas Steffen [Mon, 30 Jul 2012 18:48:05 +0000 (20:48 +0200)]
implemented support if functional sub-components

8 years agoextended and documented ipsec attest
Andreas Steffen [Mon, 30 Jul 2012 18:44:15 +0000 (20:44 +0200)]
extended and documented ipsec attest

8 years agoProper fallback if capability dropping is not available
Tobias Brunner [Fri, 27 Jul 2012 12:45:15 +0000 (14:45 +0200)]
Proper fallback if capability dropping is not available

8 years agoThe use of $< in Makefiles is not portable
Tobias Brunner [Fri, 27 Jul 2012 11:39:18 +0000 (13:39 +0200)]
The use of $< in Makefiles is not portable

It requires GNU make which is not what most people use on e.g. FreeBSD.

Fixes #205.

8 years agoInclude stdint.h for UINTxx_MAX defines
Tobias Brunner [Fri, 27 Jul 2012 09:36:59 +0000 (11:36 +0200)]
Include stdint.h for UINTxx_MAX defines

Fixes #205.

8 years agomeasure all kernel modules and optimize firefox and thunderbird measurements
Andreas Steffen [Fri, 27 Jul 2012 09:47:09 +0000 (11:47 +0200)]
measure all kernel modules and optimize firefox and thunderbird measurements

8 years agowith --relative --file do not insert absolute filenames into database
Andreas Steffen [Fri, 27 Jul 2012 09:45:56 +0000 (11:45 +0200)]
with --relative --file do not insert absolute filenames into database

8 years agoDon't include acquiring packet traffic selectors in IKEv1
Martin Willi [Thu, 26 Jul 2012 13:45:49 +0000 (15:45 +0200)]
Don't include acquiring packet traffic selectors in IKEv1

As we only can negotiate a single TS in IKEv1, don't prepend the
triggering packet TS, as we do in IKEv2. Otherwise we don't establish
the TS of the configuration, but only that of the triggering packet.

Fixes #207.

8 years agoImplement late peer config switching after XAuth authentication
Martin Willi [Thu, 26 Jul 2012 13:02:37 +0000 (15:02 +0200)]
Implement late peer config switching after XAuth authentication

If additional authentication constraints, such as group membership,
is not fulfilled by an XAuth backend, we search for another
peer configuration that fulfills all constraints, including those
from phase1.

8 years agoCheck if XAuth round complies to configured authentication round
Martin Willi [Thu, 26 Jul 2012 10:40:27 +0000 (12:40 +0200)]
Check if XAuth round complies to configured authentication round

8 years agoShow which group would be required when failing in constraint check
Martin Willi [Thu, 26 Jul 2012 10:39:53 +0000 (12:39 +0200)]
Show which group would be required when failing in constraint check

8 years agoDon't add ANY identity constraint to auth config, as XAuth rounds don't use one
Martin Willi [Thu, 26 Jul 2012 10:38:34 +0000 (12:38 +0200)]
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one

8 years agoMerge auth config items added from XAuth backends to IKE_SA
Martin Willi [Thu, 26 Jul 2012 10:07:48 +0000 (12:07 +0200)]
Merge auth config items added from XAuth backends to IKE_SA

8 years agoAdd an ipsec.conf leftgroups2 parameter for the second authentication round
Martin Willi [Thu, 26 Jul 2012 09:49:46 +0000 (11:49 +0200)]
Add an ipsec.conf leftgroups2 parameter for the second authentication round

8 years agoIMA SHA1 file measurement is not needed any more
Andreas Steffen [Mon, 23 Jul 2012 20:19:20 +0000 (22:19 +0200)]
IMA SHA1 file measurement is not needed any more

8 years agofixed typo
Andreas Steffen [Mon, 23 Jul 2012 20:17:53 +0000 (22:17 +0200)]
fixed typo

8 years agoRelease leaking child config after uninstalling shunt policy
Martin Willi [Mon, 23 Jul 2012 15:13:20 +0000 (17:13 +0200)]
Release leaking child config after uninstalling shunt policy

8 years agomoved PA-TNC message logging to level 1
Andreas Steffen [Mon, 23 Jul 2012 11:04:28 +0000 (13:04 +0200)]
moved PA-TNC message logging to level 1

8 years agotransport IMA file info via PTS Component Evidence Policy URI
Andreas Steffen [Mon, 23 Jul 2012 10:51:37 +0000 (12:51 +0200)]
transport IMA file info via PTS Component Evidence Policy URI

8 years agoipsec attest now deletes file hashes
Andreas Steffen [Sun, 22 Jul 2012 07:29:39 +0000 (09:29 +0200)]
ipsec attest now deletes file hashes

8 years agobuffer PA-TNC attributes until Generate Attestation Evidence attribute is received
Andreas Steffen [Sat, 21 Jul 2012 14:43:24 +0000 (16:43 +0200)]
buffer PA-TNC attributes until Generate Attestation Evidence attribute is received

8 years agoallow --rel as an abbreviation for --relative
Andreas Steffen [Sat, 21 Jul 2012 13:58:08 +0000 (15:58 +0200)]
allow --rel as an abbreviation for --relative

8 years agomoved all shadow PCR stuff to the pts_pcr class
Andreas Steffen [Sat, 21 Jul 2012 13:56:39 +0000 (15:56 +0200)]
moved all shadow PCR stuff to the pts_pcr class

8 years agoSupport Unity split-include/exclude options in attr plugin
Martin Willi [Fri, 20 Jul 2012 14:14:29 +0000 (16:14 +0200)]
Support Unity split-include/exclude options in attr plugin

8 years agoDon't print hexdumps on loglevel 1 if hash verification fails
Martin Willi [Thu, 19 Jul 2012 12:48:37 +0000 (14:48 +0200)]
Don't print hexdumps on loglevel 1 if hash verification fails

8 years agocreated a pts_pcr class for PCR computations
Andreas Steffen [Fri, 20 Jul 2012 12:57:28 +0000 (14:57 +0200)]
created a pts_pcr class for PCR computations

8 years agorenamed build_database.sh to build-database.sh
Andreas Steffen [Fri, 20 Jul 2012 12:04:16 +0000 (14:04 +0200)]
renamed build_database.sh to build-database.sh

8 years agowhy the hell do firefox, thunderbird and acroread their own Linux libraries?
Andreas Steffen [Thu, 19 Jul 2012 16:27:08 +0000 (18:27 +0200)]
why the hell do firefox, thunderbird and acroread their own Linux libraries?

8 years agoAdd a libstrongswan-dev debian package with development headers
Martin Willi [Thu, 19 Jul 2012 06:28:07 +0000 (08:28 +0200)]
Add a libstrongswan-dev debian package with development headers

8 years agoPass CC/CFLAGS to ./configure, not to make, adding -include config.h
Martin Willi [Thu, 19 Jul 2012 06:44:55 +0000 (08:44 +0200)]
Pass CC/CFLAGS to ./configure, not to make, adding -include config.h

8 years agoUpgraded our Debian package to 5.0
Martin Willi [Tue, 3 Jul 2012 08:59:05 +0000 (10:59 +0200)]
Upgraded our Debian package to 5.0

8 years agoadded some multiply defined libraries
Andreas Steffen [Thu, 19 Jul 2012 11:49:20 +0000 (13:49 +0200)]
added some multiply defined libraries

8 years agoqueries with relative filenames might return multiple results
Andreas Steffen [Thu, 19 Jul 2012 11:48:32 +0000 (13:48 +0200)]
queries with relative filenames might return multiple results

8 years agoupdated build_database.sh
Andreas Steffen [Wed, 18 Jul 2012 20:00:58 +0000 (22:00 +0200)]
updated build_database.sh

8 years agoadded index to files table
Andreas Steffen [Wed, 18 Jul 2012 20:00:35 +0000 (22:00 +0200)]
added index to files table

8 years agoupdated build_database.sh
Andreas Steffen [Wed, 18 Jul 2012 11:55:08 +0000 (13:55 +0200)]
updated build_database.sh

8 years agoFix EAP-MSCHAPv2 master key derivation, broken with 87dd205b
Martin Willi [Wed, 18 Jul 2012 14:46:05 +0000 (16:46 +0200)]
Fix EAP-MSCHAPv2 master key derivation, broken with 87dd205b

8 years agoRemove debugging leftovers
Martin Willi [Wed, 18 Jul 2012 13:35:40 +0000 (15:35 +0200)]
Remove debugging leftovers

8 years agoAdd a SHA1 test vector forcing padding over block boundary
Martin Willi [Wed, 18 Jul 2012 10:28:16 +0000 (12:28 +0200)]
Add a SHA1 test vector forcing padding over block boundary

8 years agobuilds an Ubuntu 12.04 LTS measurement database
Andreas Steffen [Wed, 18 Jul 2012 09:33:39 +0000 (11:33 +0200)]
builds an Ubuntu 12.04 LTS measurement database

8 years agominor fixes in attest
Andreas Steffen [Wed, 18 Jul 2012 09:32:24 +0000 (11:32 +0200)]
minor fixes in attest

8 years agoAdd a tool to burn hashers
Martin Willi [Tue, 17 Jul 2012 15:11:01 +0000 (17:11 +0200)]
Add a tool to burn hashers

8 years agoUse centralized hasher names in pki utility
Martin Willi [Tue, 17 Jul 2012 15:31:02 +0000 (17:31 +0200)]
Use centralized hasher names in pki utility

8 years agoUse centralized hasher names in coupling plugin
Martin Willi [Tue, 17 Jul 2012 15:30:47 +0000 (17:30 +0200)]
Use centralized hasher names in coupling plugin

8 years agoUse centralized hasher names in openssl plugin
Martin Willi [Tue, 17 Jul 2012 15:30:23 +0000 (17:30 +0200)]
Use centralized hasher names in openssl plugin

8 years agoAdd short names for hasher algorithms
Martin Willi [Tue, 17 Jul 2012 13:35:02 +0000 (15:35 +0200)]
Add short names for hasher algorithms

8 years agovarious PTS fixes
Andreas Steffen [Tue, 17 Jul 2012 14:38:55 +0000 (16:38 +0200)]
various PTS fixes

8 years agoparcel IMA file measurements into batches
Andreas Steffen [Tue, 17 Jul 2012 11:44:02 +0000 (13:44 +0200)]
parcel IMA file measurements into batches

8 years agoregister _check_file_measurement() method
Andreas Steffen [Tue, 17 Jul 2012 11:42:58 +0000 (13:42 +0200)]
register _check_file_measurement() method

8 years agoFix tls_prf bug introduced with bc474883
Martin Willi [Tue, 17 Jul 2012 09:32:13 +0000 (11:32 +0200)]
Fix tls_prf bug introduced with bc474883

8 years agocheck IMA file measurements against database reference
Andreas Steffen [Tue, 17 Jul 2012 09:16:11 +0000 (11:16 +0200)]
check IMA file measurements against database reference

8 years agoSupport void return values in OpenSSL 0.9.8 HMAC functions
Martin Willi [Tue, 17 Jul 2012 08:58:53 +0000 (10:58 +0200)]
Support void return values in OpenSSL 0.9.8 HMAC functions

8 years agohandled return values in tnc-pdp
Andreas Steffen [Mon, 16 Jul 2012 20:54:38 +0000 (22:54 +0200)]
handled return values in tnc-pdp

8 years agofixed potential hasher problem in IMA template hash
Andreas Steffen [Mon, 16 Jul 2012 20:44:45 +0000 (22:44 +0200)]
fixed potential hasher problem in IMA template hash

8 years agofixed potential hasher problems
Andreas Steffen [Mon, 16 Jul 2012 20:39:34 +0000 (22:39 +0200)]
fixed potential hasher problems

8 years agouse a nonce for a PA-TNC message identifier
Andreas Steffen [Mon, 16 Jul 2012 16:08:49 +0000 (18:08 +0200)]
use a nonce for a PA-TNC message identifier

8 years agoipsec attest supports ima template hashes
Andreas Steffen [Mon, 16 Jul 2012 15:14:27 +0000 (17:14 +0200)]
ipsec attest supports ima template hashes

8 years agoHandle PRF failures in eap-aka-3gpp2
Martin Willi [Tue, 10 Jul 2012 13:11:25 +0000 (15:11 +0200)]
Handle PRF failures in eap-aka-3gpp2

8 years agoRefactored error handling in keymat_v1_t
Martin Willi [Tue, 10 Jul 2012 12:51:17 +0000 (14:51 +0200)]
Refactored error handling in keymat_v1_t

8 years agoClean up error handling in keymat_v2_t
Martin Willi [Tue, 10 Jul 2012 12:28:08 +0000 (14:28 +0200)]
Clean up error handling in keymat_v2_t

8 years agoCleaned up memory management and return values for encryption payload
Martin Willi [Tue, 10 Jul 2012 12:24:46 +0000 (14:24 +0200)]
Cleaned up memory management and return values for encryption payload

8 years agoFix memory management in SIM/AKA crypto functions
Martin Willi [Tue, 10 Jul 2012 11:37:59 +0000 (13:37 +0200)]
Fix memory management in SIM/AKA crypto functions

8 years agoTest reset() of hasher in crypto tester
Martin Willi [Tue, 10 Jul 2012 11:19:36 +0000 (13:19 +0200)]
Test reset() of hasher in crypto tester

8 years agoRefactored error handling in crypto tester
Martin Willi [Tue, 10 Jul 2012 07:49:38 +0000 (09:49 +0200)]
Refactored error handling in crypto tester

8 years agoSet a key before benching PRFs
Martin Willi [Tue, 10 Jul 2012 07:07:13 +0000 (09:07 +0200)]
Set a key before benching PRFs

8 years agoResetting OpenSSL HMAC with NULL key reuses existing key
Martin Willi [Tue, 10 Jul 2012 07:06:15 +0000 (09:06 +0200)]
Resetting OpenSSL HMAC with NULL key reuses existing key

8 years agoMake sure HMAC_Init is called before HMAC_Update, fixes crash
Martin Willi [Tue, 10 Jul 2012 07:03:38 +0000 (09:03 +0200)]
Make sure HMAC_Init is called before HMAC_Update, fixes crash

8 years agoCheck and forward syscall errors in AF_ALG
Martin Willi [Mon, 9 Jul 2012 15:55:52 +0000 (17:55 +0200)]
Check and forward syscall errors in AF_ALG

8 years agoAdd a return value to hasher_t.reset()
Martin Willi [Mon, 9 Jul 2012 15:26:14 +0000 (17:26 +0200)]
Add a return value to hasher_t.reset()

8 years agoAdd a return value to hasher_t.allocate_hash()
Martin Willi [Mon, 9 Jul 2012 15:15:52 +0000 (17:15 +0200)]
Add a return value to hasher_t.allocate_hash()

8 years agoAdd a return value to keymat_v1_t.{get,update,confirm}_iv
Martin Willi [Mon, 9 Jul 2012 14:27:09 +0000 (16:27 +0200)]
Add a return value to keymat_v1_t.{get,update,confirm}_iv

8 years agoAdd a return value to hasher_t.get_hash()
Martin Willi [Mon, 9 Jul 2012 13:33:41 +0000 (15:33 +0200)]
Add a return value to hasher_t.get_hash()

8 years agoAdd a return value to crypter_t.set_key()
Martin Willi [Fri, 6 Jul 2012 14:57:17 +0000 (16:57 +0200)]
Add a return value to crypter_t.set_key()

8 years agoAdd a return value to crypter_t.decrypt()
Martin Willi [Fri, 6 Jul 2012 14:11:15 +0000 (16:11 +0200)]
Add a return value to crypter_t.decrypt()

8 years agoAdd a return value to crypter_t.encrypt
Martin Willi [Fri, 6 Jul 2012 13:54:03 +0000 (15:54 +0200)]
Add a return value to crypter_t.encrypt

8 years agoIdentation fixes, warn about unused nonce_gen return values
Martin Willi [Fri, 6 Jul 2012 12:45:17 +0000 (14:45 +0200)]
Identation fixes, warn about unused nonce_gen return values

8 years agoAdd a return value to mac_t.set_key()
Martin Willi [Fri, 6 Jul 2012 12:40:04 +0000 (14:40 +0200)]
Add a return value to mac_t.set_key()

8 years agoAdd a return value to mac_t.get_bytes()
Martin Willi [Fri, 6 Jul 2012 12:34:11 +0000 (14:34 +0200)]
Add a return value to mac_t.get_bytes()

8 years agoCheck rng return value when generating libfast session COOKIEs
Martin Willi [Fri, 6 Jul 2012 12:17:01 +0000 (14:17 +0200)]
Check rng return value when generating libfast session COOKIEs

8 years agoInitialize conftest with the same plugins as charon
Martin Willi [Fri, 6 Jul 2012 12:05:49 +0000 (14:05 +0200)]
Initialize conftest with the same plugins as charon

8 years agoRemove unused replay variable in conftests seq number reset hook
Martin Willi [Fri, 6 Jul 2012 12:05:14 +0000 (14:05 +0200)]
Remove unused replay variable in conftests seq number reset hook

8 years agoUpdate conftest to use splitted listener/logger interfaces
Martin Willi [Fri, 6 Jul 2012 12:00:01 +0000 (14:00 +0200)]
Update conftest to use splitted listener/logger interfaces

8 years agoCheck rng return value when generating TLS session identifiers
Martin Willi [Fri, 6 Jul 2012 11:55:42 +0000 (13:55 +0200)]
Check rng return value when generating TLS session identifiers

8 years agoCheck rng return value when generating SIM/AKA message IVs
Martin Willi [Fri, 6 Jul 2012 11:52:57 +0000 (13:52 +0200)]
Check rng return value when generating SIM/AKA message IVs

8 years agoCheck rng return value when generating radius message authenticator
Martin Willi [Fri, 6 Jul 2012 11:52:30 +0000 (13:52 +0200)]
Check rng return value when generating radius message authenticator

8 years agoCheck rng return value when generating secrets and IVs in libtls
Tobias Brunner [Mon, 25 Jun 2012 14:04:40 +0000 (16:04 +0200)]
Check rng return value when generating secrets and IVs in libtls

8 years agoCheck rng return value when generating identity in eap-simaka-reauth plugin
Tobias Brunner [Fri, 6 Jul 2012 08:18:00 +0000 (10:18 +0200)]
Check rng return value when generating identity in eap-simaka-reauth plugin

8 years agoCheck rng return value when generating pseudonym in eap-simaka-pseudonym plugin
Tobias Brunner [Fri, 6 Jul 2012 08:11:21 +0000 (10:11 +0200)]
Check rng return value when generating pseudonym in eap-simaka-pseudonym plugin

8 years agoCheck rng return value when generating nonces in eap-aka plugin
Tobias Brunner [Fri, 6 Jul 2012 08:09:25 +0000 (10:09 +0200)]
Check rng return value when generating nonces in eap-aka plugin

8 years agoCheck rng return value when generating nonces in eap-sim plugin
Tobias Brunner [Fri, 6 Jul 2012 08:02:41 +0000 (10:02 +0200)]
Check rng return value when generating nonces in eap-sim plugin

8 years agoCheck rng return value when generating nonces in libpts
Tobias Brunner [Mon, 25 Jun 2012 14:08:11 +0000 (16:08 +0200)]
Check rng return value when generating nonces in libpts

8 years agoCheck rng return value when generating RAND in eap-aka-3gpp2 plugin
Tobias Brunner [Mon, 25 Jun 2012 13:58:50 +0000 (15:58 +0200)]
Check rng return value when generating RAND in eap-aka-3gpp2 plugin

8 years agoCheck rng return value when generating challenges in eap-md5 and mschapv2 plugins
Tobias Brunner [Mon, 25 Jun 2012 13:57:13 +0000 (15:57 +0200)]
Check rng return value when generating challenges in eap-md5 and mschapv2 plugins

8 years agoCheck rng return value when generating Transaction IDs in DHCP plugin
Tobias Brunner [Mon, 25 Jun 2012 13:56:31 +0000 (15:56 +0200)]
Check rng return value when generating Transaction IDs in DHCP plugin

8 years agoCheck rng return value when generating SPIs in kernel-klips plugin
Tobias Brunner [Mon, 25 Jun 2012 14:02:13 +0000 (16:02 +0200)]
Check rng return value when generating SPIs in kernel-klips plugin

8 years agoCheck rng return value when seeding OpenSSL RNG
Tobias Brunner [Mon, 25 Jun 2012 14:07:12 +0000 (16:07 +0200)]
Check rng return value when seeding OpenSSL RNG

8 years agoCheck rng return value when generating DH secret in gcrypt plugin
Tobias Brunner [Mon, 25 Jun 2012 14:10:46 +0000 (16:10 +0200)]
Check rng return value when generating DH secret in gcrypt plugin

8 years agoCheck rng return value when generating DH secrets and primes in gmp plugin
Tobias Brunner [Mon, 25 Jun 2012 14:09:00 +0000 (16:09 +0200)]
Check rng return value when generating DH secrets and primes in gmp plugin

8 years agoCheck rng return value when generating serial numbers in pki utility
Tobias Brunner [Mon, 25 Jun 2012 14:03:53 +0000 (16:03 +0200)]
Check rng return value when generating serial numbers in pki utility

8 years agoWrapper functions added to generate non-zero random bytes
Tobias Brunner [Mon, 25 Jun 2012 12:34:14 +0000 (14:34 +0200)]
Wrapper functions added to generate non-zero random bytes