strongswan.git
8 years agoAdded measurement and metadata columns to files table
Sansar Choinyambuu [Wed, 19 Oct 2011 07:17:29 +0000 (09:17 +0200)]
Added measurement and metadata columns to files table
Added "/etc/tnc_config" file record for metadata request
Modified files table entries with measurement flag set

8 years agoImplemented Quote Digest constructing function for IMV
Sansar Choinyambuu [Fri, 14 Oct 2011 16:19:49 +0000 (18:19 +0200)]
Implemented Quote Digest constructing function for IMV
Implemented Signature verification function to check TPM Quote Signature
Implemented Handling of Simple Evidence Final attribute
Fixed bug within tpm_quote function

8 years agoReplaced with boolean variable for PCR info included and Evidence Signature included...
Sansar Choinyambuu [Fri, 14 Oct 2011 16:18:07 +0000 (18:18 +0200)]
Replaced with boolean variable for PCR info included and Evidence Signature included flags
Write and Read flags to int first and set flags /Due to special definition/

8 years agoLoading AIK Blob from file configured
Sansar Choinyambuu [Wed, 12 Oct 2011 09:42:40 +0000 (11:42 +0200)]
Loading AIK Blob from file configured
Finalized implementation of quote_tpm function

8 years agoGet AIK certificate encoding in PUBKEY_ASN1_DER if it's just public key
Sansar Choinyambuu [Mon, 10 Oct 2011 14:07:18 +0000 (16:07 +0200)]
Get AIK certificate encoding in PUBKEY_ASN1_DER if it's just public key

8 years agoAdded parentesis for logical conditions of IF statement to get rid of the warning
Sansar Choinyambuu [Mon, 10 Oct 2011 09:52:36 +0000 (11:52 +0200)]
Added parentesis for logical conditions of IF statement to get rid of the warning

8 years agoadded pts_dh_group_error_create() and pts_dh_nonce_error_create()
Andreas Steffen [Sun, 9 Oct 2011 20:30:55 +0000 (22:30 +0200)]
added pts_dh_group_error_create() and pts_dh_nonce_error_create()

8 years agomoved building of attributes to imv_attestation_build
Andreas Steffen [Sun, 9 Oct 2011 17:37:48 +0000 (19:37 +0200)]
moved building of attributes to imv_attestation_build

8 years agocosmetics
Andreas Steffen [Sun, 9 Oct 2011 13:58:37 +0000 (15:58 +0200)]
cosmetics

8 years agomoved comments
Andreas Steffen [Sun, 9 Oct 2011 13:39:25 +0000 (15:39 +0200)]
moved comments

8 years agoadded the IMV_ATTESTATION_STATE_NONCE_REQ state
Andreas Steffen [Sun, 9 Oct 2011 13:19:03 +0000 (15:19 +0200)]
added the IMV_ATTESTATION_STATE_NONCE_REQ state

8 years agomoved attribute processing to imc_attestation_process
Andreas Steffen [Sun, 9 Oct 2011 08:19:10 +0000 (10:19 +0200)]
moved attribute processing to imc_attestation_process

8 years agoaborting after fatal imv_attestation error
Andreas Steffen [Sun, 9 Oct 2011 08:18:24 +0000 (10:18 +0200)]
aborting after fatal imv_attestation error

8 years agomoved attribute processing to imv_attestation_process
Andreas Steffen [Sat, 8 Oct 2011 22:58:33 +0000 (00:58 +0200)]
moved attribute processing to imv_attestation_process

8 years agorefactored DH group nonce exchange
Andreas Steffen [Sat, 8 Oct 2011 20:17:50 +0000 (22:17 +0200)]
refactored DH group nonce exchange

8 years agocosmetics
Andreas Steffen [Sat, 8 Oct 2011 13:13:30 +0000 (15:13 +0200)]
cosmetics

8 years agonormalized and extended pts_meas_algo functions
Andreas Steffen [Sat, 8 Oct 2011 13:12:37 +0000 (15:12 +0200)]
normalized and extended pts_meas_algo functions

8 years agorenamed conversion function to pts_dh_group_to_ike
Andreas Steffen [Sat, 8 Oct 2011 12:32:52 +0000 (14:32 +0200)]
renamed conversion function to pts_dh_group_to_ike

8 years agonormalized pts_dh_group function names
Andreas Steffen [Sat, 8 Oct 2011 12:24:24 +0000 (14:24 +0200)]
normalized pts_dh_group function names

8 years agoadded pts_dh_group_select
Andreas Steffen [Sat, 8 Oct 2011 12:12:14 +0000 (14:12 +0200)]
added pts_dh_group_select

8 years agocombine two algorithm checks
Andreas Steffen [Fri, 7 Oct 2011 19:01:16 +0000 (21:01 +0200)]
combine two algorithm checks

8 years agofixed setting of PTS DH group
Andreas Steffen [Fri, 7 Oct 2011 18:28:29 +0000 (20:28 +0200)]
fixed setting of PTS DH group

8 years agoChanged encoding type to ASN.1 DER
Sansar Choinyambuu [Fri, 7 Oct 2011 13:40:29 +0000 (15:40 +0200)]
Changed encoding type to ASN.1 DER

8 years agoImproved implementation of Read PCR/ Extend PCR/ Quote_TPM functions
Sansar Choinyambuu [Fri, 7 Oct 2011 13:15:56 +0000 (15:15 +0200)]
Improved implementation of Read PCR/ Extend PCR/ Quote_TPM functions
Implemented creating/handling of Simple Evidence Final attribute (incomplete)

8 years agoRemoved unnecessary setter functions
Sansar Choinyambuu [Fri, 7 Oct 2011 13:15:23 +0000 (15:15 +0200)]
Removed unnecessary setter functions

8 years agoFixes for memory leaks
Sansar Choinyambuu [Fri, 7 Oct 2011 13:15:01 +0000 (15:15 +0200)]
Fixes for memory leaks

8 years agoFreeing memory allocated for AIK after writing
Sansar Choinyambuu [Fri, 7 Oct 2011 13:14:24 +0000 (15:14 +0200)]
Freeing memory allocated for AIK after writing

8 years agoChanged definition of output and set them in quote_tpm function
Sansar Choinyambuu [Fri, 7 Oct 2011 09:15:37 +0000 (11:15 +0200)]
Changed definition of output and set them in quote_tpm function

8 years agoUse already negotiated Measurement algorithm as Hashing algorithm for Diffie Hellman...
Sansar Choinyambuu [Fri, 7 Oct 2011 09:14:41 +0000 (11:14 +0200)]
Use already negotiated Measurement algorithm as Hashing algorithm for Diffie Hellman secret calculation

8 years agoImplemented first version of tpm quote function
Sansar Choinyambuu [Fri, 7 Oct 2011 07:13:42 +0000 (09:13 +0200)]
Implemented first version of tpm quote function

8 years agoadded newline at end of file
Andreas Steffen [Fri, 7 Oct 2011 07:12:18 +0000 (09:12 +0200)]
added newline at end of file

8 years agofixed pts_probe_dh_groups warning
Andreas Steffen [Fri, 7 Oct 2011 06:04:31 +0000 (08:04 +0200)]
fixed pts_probe_dh_groups warning

8 years agoFixed some memory leaks
Sansar Choinyambuu [Wed, 5 Oct 2011 08:53:05 +0000 (10:53 +0200)]
Fixed some memory leaks

8 years agoChanged definition of get_my_pub_val function a little
Sansar Choinyambuu [Wed, 5 Oct 2011 08:52:17 +0000 (10:52 +0200)]
Changed definition of get_my_pub_val function a little

8 years agoAdded ctime function to white list
Sansar Choinyambuu [Wed, 5 Oct 2011 08:51:32 +0000 (10:51 +0200)]
Added ctime function to white list

8 years agoFixed freeing invalid memory issue
Sansar Choinyambuu [Wed, 5 Oct 2011 07:01:24 +0000 (09:01 +0200)]
Fixed freeing invalid memory issue

8 years agoImplemented hasndling of Request Functional Component Evidence and creation of Simple...
Sansar Choinyambuu [Fri, 30 Sep 2011 12:57:29 +0000 (14:57 +0200)]
Implemented hasndling of Request Functional Component Evidence and creation of Simple Component Evidences

8 years agoImplemented functions for reading and extending TPM PCR
Sansar Choinyambuu [Fri, 30 Sep 2011 12:56:25 +0000 (14:56 +0200)]
Implemented functions for reading and extending TPM PCR
Made hash_file function a member of pts object

8 years agoUse struct containing the parameters for Create function
Sansar Choinyambuu [Fri, 30 Sep 2011 12:54:39 +0000 (14:54 +0200)]
Use struct containing the parameters for Create function
Deleted unnecessary setter functions

8 years agoFixed memory leaks
Sansar Choinyambuu [Wed, 28 Sep 2011 13:14:02 +0000 (15:14 +0200)]
Fixed memory leaks

8 years agoClone chunk_t parameters in create function
Sansar Choinyambuu [Wed, 28 Sep 2011 13:12:32 +0000 (15:12 +0200)]
Clone chunk_t parameters in create function

8 years agoImplemented handling of DH Parameters Response and Finish attributes
Sansar Choinyambuu [Fri, 23 Sep 2011 14:06:29 +0000 (16:06 +0200)]
Implemented handling of DH Parameters Response and Finish attributes
Implemented calculating session secrets

8 years agoReplaced DH_NONCE state with TPM_INIT state
Sansar Choinyambuu [Fri, 23 Sep 2011 14:05:54 +0000 (16:05 +0200)]
Replaced DH_NONCE state with TPM_INIT state

8 years agoCloning chunk_t parameters in process message
Sansar Choinyambuu [Fri, 23 Sep 2011 14:05:21 +0000 (16:05 +0200)]
Cloning chunk_t parameters in process message

8 years agoFixed bug for updating supported diffie hellman groups
Sansar Choinyambuu [Fri, 23 Sep 2011 14:04:37 +0000 (16:04 +0200)]
Fixed bug for updating supported diffie hellman groups

8 years agoRemoved unnecessary debug statement
Sansar Choinyambuu [Wed, 21 Sep 2011 14:53:46 +0000 (16:53 +0200)]
Removed unnecessary debug statement

8 years agoReturn false if mandatory DH Group IKE19 is not available
Sansar Choinyambuu [Wed, 21 Sep 2011 14:51:39 +0000 (16:51 +0200)]
Return false if mandatory DH Group IKE19 is not available

8 years agoStarted implementing handling of DH Nonce attributes
Sansar Choinyambuu [Wed, 21 Sep 2011 14:32:25 +0000 (16:32 +0200)]
Started implementing handling of DH Nonce attributes

8 years agoImplemented Diffie Hellman Nonce attributes
Sansar Choinyambuu [Wed, 21 Sep 2011 08:36:50 +0000 (10:36 +0200)]
Implemented Diffie Hellman Nonce attributes

8 years agoWrite/Read flags field directly to/from variable
Sansar Choinyambuu [Wed, 21 Sep 2011 08:35:10 +0000 (10:35 +0200)]
Write/Read flags field directly to/from variable

8 years agoBegan implementing handline of Functional Component Measuring attributes
Sansar Choinyambuu [Fri, 16 Sep 2011 14:13:50 +0000 (16:13 +0200)]
Began implementing handline of Functional Component Measuring attributes

8 years agoFixed bug at checking error code from file stat
Sansar Choinyambuu [Fri, 16 Sep 2011 09:17:32 +0000 (11:17 +0200)]
Fixed bug at checking error code from file stat

8 years agoImplemented handling of File Metadata
Sansar Choinyambuu [Wed, 14 Sep 2011 13:41:57 +0000 (15:41 +0200)]
Implemented handling of File Metadata

8 years agoFile not Found, Invalid path, Invalid Delimiter PTS errors case checks implemented
Sansar Choinyambuu [Fri, 9 Sep 2011 09:23:19 +0000 (11:23 +0200)]
File not Found, Invalid path, Invalid Delimiter PTS errors case checks implemented

8 years agoversion bump to 4.6.2dr1
Andreas Steffen [Mon, 28 Nov 2011 05:01:03 +0000 (06:01 +0100)]
version bump to 4.6.2dr1

8 years agolibfast: Fixed compiler warning.
Tobias Brunner [Fri, 25 Nov 2011 09:22:41 +0000 (10:22 +0100)]
libfast: Fixed compiler warning.

8 years agoFixed compiler warnings for DH groups that define no subgroup.
Tobias Brunner [Fri, 25 Nov 2011 09:18:03 +0000 (10:18 +0100)]
Fixed compiler warnings for DH groups that define no subgroup.

8 years agoFixed missing initializer compiler warning.
Tobias Brunner [Fri, 25 Nov 2011 08:52:19 +0000 (09:52 +0100)]
Fixed missing initializer compiler warning.

8 years agoFixed check for log groups when debug_t is unsigned.
Tobias Brunner [Fri, 25 Nov 2011 08:48:32 +0000 (09:48 +0100)]
Fixed check for log groups when debug_t is unsigned.

The range and signedness of enum types is up to the compiler.

8 years agoFixed check of max_poll_time as it is an unsigned int.
Tobias Brunner [Fri, 25 Nov 2011 08:46:22 +0000 (09:46 +0100)]
Fixed check of max_poll_time as it is an unsigned int.

8 years agoFixed compiler warnings regarding enum comparison.
Tobias Brunner [Fri, 25 Nov 2011 08:40:30 +0000 (09:40 +0100)]
Fixed compiler warnings regarding enum comparison.

Warnings like

  comparison of unsigned expression < 0 is always false

are reported with -Wextra when enum types that are compiled to an
unsigned type (which is up to the compiler) are checked for negativity.

8 years agoAdded missing Android.mk files to distribution.
Tobias Brunner [Tue, 22 Nov 2011 17:31:12 +0000 (18:31 +0100)]
Added missing Android.mk files to distribution.

8 years agoFixed proposal numbering check in sa_payload
Martin Willi [Mon, 21 Nov 2011 08:10:50 +0000 (09:10 +0100)]
Fixed proposal numbering check in sa_payload

8 years agoFix copy'n'paste error in libhydra's netlink interface
Thomas Jarosch [Fri, 18 Nov 2011 18:44:42 +0000 (19:44 +0100)]
Fix copy'n'paste error in libhydra's netlink interface

Detected by cppcheck.

8 years agoFix unaligned aliasing warning in raw socket
Martin Willi [Wed, 16 Nov 2011 13:45:19 +0000 (13:45 +0000)]
Fix unaligned aliasing warning in raw socket

8 years agoFix network interface deletion handling in kernel-netlink plugin.
Mirko Parthey [Mon, 14 Nov 2011 14:24:48 +0000 (15:24 +0100)]
Fix network interface deletion handling in kernel-netlink plugin.

When the kernel reports the deletion of an interface (RTM_DELLINK),
the cached interface attributes, including ifindex, become invalid
and must be forgotten.

Interface link state changes ("up" and "down") show up as RTM_NEWLINK,
so they will not cause a cached entry to be removed or
prevent listening to address change notifications.

Once an interface has been deleted, the kernel ought to stop sending
notifications for it. If the interface gets recreated with the same
name later, the kernel again reports RTM_NEWLINK, which causes a new
cache entry to be created.

There should be no reason to keep a stale cache entry around, as was
claimed in the comment.

8 years agocorrected NEWs entry 4.6.1
Andreas Steffen [Thu, 10 Nov 2011 05:35:38 +0000 (06:35 +0100)]
corrected NEWs entry

8 years agolibfreeswan: Fixed compiler warning.
Tobias Brunner [Wed, 9 Nov 2011 18:20:10 +0000 (19:20 +0100)]
libfreeswan: Fixed compiler warning.

8 years agopkcs11: Fixed a bug when creating public keys.
Tobias Brunner [Wed, 9 Nov 2011 16:39:24 +0000 (17:39 +0100)]
pkcs11: Fixed a bug when creating public keys.

8 years agoProperly disable starter and pluto in top Android.mk.
Tobias Brunner [Wed, 9 Nov 2011 16:35:13 +0000 (17:35 +0100)]
Properly disable starter and pluto in top Android.mk.

8 years agogcrypt does not support MD2
Andreas Steffen [Wed, 9 Nov 2011 05:48:55 +0000 (06:48 +0100)]
gcrypt does not support MD2

8 years agoadded dummy libsimaka_init() function needed for integrity testing
Andreas Steffen [Tue, 8 Nov 2011 20:18:40 +0000 (21:18 +0100)]
added dummy libsimaka_init() function needed for integrity testing

8 years agoversion bump to 4.6.1
Andreas Steffen [Tue, 8 Nov 2011 20:00:09 +0000 (21:00 +0100)]
version bump to 4.6.1

8 years agoadded dummy libtls_init() function needed for integrity testing
Andreas Steffen [Tue, 8 Nov 2011 19:27:17 +0000 (20:27 +0100)]
added dummy libtls_init() function needed for integrity testing

8 years agoFixed monolithic build of libcharon with libtnccs enabled.
Tobias Brunner [Tue, 8 Nov 2011 17:28:00 +0000 (18:28 +0100)]
Fixed monolithic build of libcharon with libtnccs enabled.

8 years agoCorrectly refer to tnc-tnccs plugin when building monolithically.
Tobias Brunner [Tue, 8 Nov 2011 17:27:44 +0000 (18:27 +0100)]
Correctly refer to tnc-tnccs plugin when building monolithically.

8 years agoCalculate checksums for libsimaka and libtls.
Tobias Brunner [Tue, 8 Nov 2011 17:15:55 +0000 (18:15 +0100)]
Calculate checksums for libsimaka and libtls.

These are currently not checked though. And because they don't define a
<libname>_init function an warning is reported when the checksum is
calculated.

8 years agoDefer calculation of checksums until installation.
Tobias Brunner [Tue, 8 Nov 2011 16:58:32 +0000 (17:58 +0100)]
Defer calculation of checksums until installation.

The checksum is now calculated from the installed libraries and plugins.
This allows to calculate checksums for plugins linking to libraries like
libtls as these are relinked during installation.

8 years agoFixed formatting for longer plugin names in checksum_builder output.
Tobias Brunner [Tue, 8 Nov 2011 16:55:39 +0000 (17:55 +0100)]
Fixed formatting for longer plugin names in checksum_builder output.

8 years agoDon't link libtnccs to checksum_builder.
Tobias Brunner [Tue, 8 Nov 2011 16:53:37 +0000 (17:53 +0100)]
Don't link libtnccs to checksum_builder.

Linking is only required for libraries defining global symbols used by
plugins to which the plugins do not link themselves.

8 years agoRevert "fixed integrity tests of plugins using libtls or libtnccs"
Tobias Brunner [Tue, 8 Nov 2011 11:08:00 +0000 (12:08 +0100)]
Revert "fixed integrity tests of plugins using libtls or libtnccs"

This reverts commit b597ac4a4cbcd9197b886d743c75d58293264580 (not
completely).

8 years agoRevert "fixed integrity tests of plugins using libsimaka"
Tobias Brunner [Tue, 8 Nov 2011 11:04:50 +0000 (12:04 +0100)]
Revert "fixed integrity tests of plugins using libsimaka"

This reverts commit 8c42f16deeeffa1ae305b18306b0796f49c9922c.

Conflicts:

src/charon/Makefile.am

8 years agomaemo: New upstream release.
Tobias Brunner [Mon, 7 Nov 2011 13:50:35 +0000 (14:50 +0100)]
maemo: New upstream release.

8 years agoassign get_features method
Andreas Steffen [Mon, 7 Nov 2011 18:15:41 +0000 (19:15 +0100)]
assign get_features method

8 years agomoved random plugin in front of openssl in order to prefer gmp
Andreas Steffen [Sat, 5 Nov 2011 06:24:17 +0000 (07:24 +0100)]
moved random plugin in front of openssl in order to prefer gmp

8 years agoAllow support for CA-certificate retrieval in scepclient 4.6.0
Thomas Egerer [Fri, 4 Nov 2011 11:29:59 +0000 (12:29 +0100)]
Allow support for CA-certificate retrieval in scepclient

I think somehow this functionality got lost in the way from
strongswan-2.7.0...

8 years agoFix 'ipsec pool --status' for empty pools.
Tobias Brunner [Fri, 4 Nov 2011 14:07:54 +0000 (15:07 +0100)]
Fix 'ipsec pool --status' for empty pools.

8 years agoSyntax error in sqlite.sql fixed.
Tobias Brunner [Fri, 4 Nov 2011 13:37:22 +0000 (14:37 +0100)]
Syntax error in sqlite.sql fixed.

8 years agoSome Android NEWS added.
Tobias Brunner [Fri, 4 Nov 2011 11:24:16 +0000 (12:24 +0100)]
Some Android NEWS added.

8 years agoDon't build pluto and starter by default on Android.
Tobias Brunner [Fri, 4 Nov 2011 11:20:21 +0000 (12:20 +0100)]
Don't build pluto and starter by default on Android.

8 years agoif available link libsimaka to checksum_builder
Andreas Steffen [Fri, 4 Nov 2011 10:27:05 +0000 (11:27 +0100)]
if available link libsimaka to checksum_builder

8 years agouse the correct USE_SIMAKA conditional
Andreas Steffen [Fri, 4 Nov 2011 07:38:09 +0000 (08:38 +0100)]
use the correct USE_SIMAKA conditional

8 years agoadded integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios
Andreas Steffen [Fri, 4 Nov 2011 07:35:33 +0000 (08:35 +0100)]
added integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios

8 years agofixed integrity tests of plugins using libsimaka
Andreas Steffen [Thu, 3 Nov 2011 21:04:36 +0000 (22:04 +0100)]
fixed integrity tests of plugins using libsimaka

8 years agoChange order of ocsp uris when parsing a cert
Thomas Egerer [Fri, 4 Nov 2011 08:25:07 +0000 (09:25 +0100)]
Change order of ocsp uris when parsing a cert

8 years agoHandle certificates being on hold in a CRL
Thomas Egerer [Fri, 4 Nov 2011 08:25:05 +0000 (09:25 +0100)]
Handle certificates being on hold in a CRL

Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.

8 years agoMemwipe request after sa update, too
Thomas Egerer [Fri, 4 Nov 2011 08:25:01 +0000 (09:25 +0100)]
Memwipe request after sa update, too

8 years agoUse chunk_clear to memwipe shared secret
Thomas Egerer [Fri, 4 Nov 2011 08:24:58 +0000 (09:24 +0100)]
Use chunk_clear to memwipe shared secret

8 years agoChange order of destroy/get_ref function calls
Thomas Egerer [Fri, 4 Nov 2011 08:24:51 +0000 (09:24 +0100)]
Change order of destroy/get_ref function calls

Since DESTROY_IF might destroy the peer_cfg, a get_ref on a freed object
is subject to fail.

8 years agoFix resource leak in x509_ocsp_response
Thomas Egerer [Fri, 4 Nov 2011 08:24:47 +0000 (09:24 +0100)]
Fix resource leak in x509_ocsp_response