11d6bc3eb0
Move MODP_CUSTOM va_arg fetching out of loop
...
It seems problematic at least on PPC with gcc 4.3, fixes #208 .
2012-08-02 12:08:27 +02:00
ecfd714c78
updated NEWS
2012-07-31 17:25:30 +02:00
3e7565eee0
libimcv requires nonce plugin
2012-07-31 16:46:46 +02:00
f701ba8389
Lookup IKEv1 PSK even if the peer identity is not known
2012-07-31 15:39:33 +02:00
6ff1d5bb32
update state before handling status
2012-07-30 23:19:25 +02:00
af8354da1a
implemented support if functional sub-components
2012-07-30 20:49:42 +02:00
e0c66bebcf
extended and documented ipsec attest
2012-07-30 20:49:42 +02:00
63ac6d00b0
Proper fallback if capability dropping is not available
2012-07-27 14:46:42 +02:00
8ff1094823
The use of $< in Makefiles is not portable
...
It requires GNU make which is not what most people use on e.g. FreeBSD.
Fixes #205 .
2012-07-27 13:47:59 +02:00
d511a71daa
Include stdint.h for UINTxx_MAX defines
...
Fixes #205 .
2012-07-27 13:47:59 +02:00
df0f88a4b3
measure all kernel modules and optimize firefox and thunderbird measurements
2012-07-27 11:47:22 +02:00
9e99d2c378
with --relative --file do not insert absolute filenames into database
2012-07-27 11:47:22 +02:00
777bcdc0d5
Don't include acquiring packet traffic selectors in IKEv1
...
As we only can negotiate a single TS in IKEv1, don't prepend the
triggering packet TS, as we do in IKEv2. Otherwise we don't establish
the TS of the configuration, but only that of the triggering packet.
Fixes #207 .
2012-07-26 15:45:49 +02:00
8b560a4565
Implement late peer config switching after XAuth authentication
...
If additional authentication constraints, such as group membership,
is not fulfilled by an XAuth backend, we search for another
peer configuration that fulfills all constraints, including those
from phase1.
2012-07-26 15:17:36 +02:00
40ca05cff8
Check if XAuth round complies to configured authentication round
2012-07-26 12:40:27 +02:00
6a8786b55f
Show which group would be required when failing in constraint check
2012-07-26 12:39:53 +02:00
874f7c7e2c
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one
2012-07-26 12:38:34 +02:00
9191946a63
Merge auth config items added from XAuth backends to IKE_SA
2012-07-26 12:07:48 +02:00
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
15f78beb0f
IMA SHA1 file measurement is not needed any more
2012-07-23 22:19:30 +02:00
327dcf96db
fixed typo
2012-07-23 22:19:30 +02:00
81419807f5
Release leaking child config after uninstalling shunt policy
2012-07-23 17:15:40 +02:00
e6b01ce42d
moved PA-TNC message logging to level 1
2012-07-23 13:04:28 +02:00
ab957aacce
transport IMA file info via PTS Component Evidence Policy URI
2012-07-23 12:51:37 +02:00
838f683cde
ipsec attest now deletes file hashes
2012-07-22 09:29:39 +02:00
2c9a833b7a
buffer PA-TNC attributes until Generate Attestation Evidence attribute is received
2012-07-21 16:43:24 +02:00
6f46681a48
allow --rel as an abbreviation for --relative
2012-07-21 15:58:13 +02:00
4c02086241
moved all shadow PCR stuff to the pts_pcr class
2012-07-21 15:58:13 +02:00
3b7468b245
Support Unity split-include/exclude options in attr plugin
2012-07-20 17:36:27 +02:00
73514b3217
Don't print hexdumps on loglevel 1 if hash verification fails
2012-07-20 17:36:27 +02:00
5a6c18853e
created a pts_pcr class for PCR computations
2012-07-20 14:57:28 +02:00
cfa69fce13
renamed build_database.sh to build-database.sh
2012-07-20 14:04:16 +02:00
f524725474
why the hell do firefox, thunderbird and acroread their own Linux libraries?
2012-07-19 18:29:06 +02:00
eb1b380a1c
Add a libstrongswan-dev debian package with development headers
2012-07-19 13:55:02 +02:00
328447acd5
Pass CC/CFLAGS to ./configure, not to make, adding -include config.h
2012-07-19 13:55:02 +02:00
5084c13f6d
Upgraded our Debian package to 5.0
2012-07-19 13:55:02 +02:00
0ffd766c0a
added some multiply defined libraries
2012-07-19 13:49:35 +02:00
214097e804
queries with relative filenames might return multiple results
2012-07-19 13:49:35 +02:00
96e8ba0f78
updated build_database.sh
2012-07-19 13:49:35 +02:00
2f341c540d
added index to files table
2012-07-19 13:49:35 +02:00
14e14d913b
updated build_database.sh
2012-07-19 13:49:35 +02:00
09e3717525
Fix EAP-MSCHAPv2 master key derivation, broken with 87dd205b
2012-07-18 16:46:05 +02:00
e7600ca696
Remove debugging leftovers
2012-07-18 15:35:40 +02:00
5d2698dd62
Add a SHA1 test vector forcing padding over block boundary
2012-07-18 15:10:29 +02:00
9c48a31975
builds an Ubuntu 12.04 LTS measurement database
2012-07-18 11:33:59 +02:00
4d4a09ab09
minor fixes in attest
2012-07-18 11:33:59 +02:00
8217c099ce
Add a tool to burn hashers
2012-07-17 17:32:08 +02:00
c63fb853e8
Use centralized hasher names in pki utility
2012-07-17 17:32:05 +02:00
6719889e0a
Use centralized hasher names in coupling plugin
2012-07-17 17:32:03 +02:00
610f90a8b9
Use centralized hasher names in openssl plugin
2012-07-17 17:32:00 +02:00
Martin Willi