Martin Willi
11d6bc3eb0
Move MODP_CUSTOM va_arg fetching out of loop
...
It seems problematic at least on PPC with gcc 4.3, fixes #208 .
2012-08-02 12:08:27 +02:00
Andreas Steffen
ecfd714c78
updated NEWS
2012-07-31 17:25:30 +02:00
Andreas Steffen
3e7565eee0
libimcv requires nonce plugin
2012-07-31 16:46:46 +02:00
Martin Willi
f701ba8389
Lookup IKEv1 PSK even if the peer identity is not known
2012-07-31 15:39:33 +02:00
Andreas Steffen
6ff1d5bb32
update state before handling status
2012-07-30 23:19:25 +02:00
Andreas Steffen
af8354da1a
implemented support if functional sub-components
2012-07-30 20:49:42 +02:00
Andreas Steffen
e0c66bebcf
extended and documented ipsec attest
2012-07-30 20:49:42 +02:00
Tobias Brunner
63ac6d00b0
Proper fallback if capability dropping is not available
2012-07-27 14:46:42 +02:00
Tobias Brunner
8ff1094823
The use of $< in Makefiles is not portable
...
It requires GNU make which is not what most people use on e.g. FreeBSD.
Fixes #205 .
2012-07-27 13:47:59 +02:00
Tobias Brunner
d511a71daa
Include stdint.h for UINTxx_MAX defines
...
Fixes #205 .
2012-07-27 13:47:59 +02:00
Andreas Steffen
df0f88a4b3
measure all kernel modules and optimize firefox and thunderbird measurements
2012-07-27 11:47:22 +02:00
Andreas Steffen
9e99d2c378
with --relative --file do not insert absolute filenames into database
2012-07-27 11:47:22 +02:00
Martin Willi
777bcdc0d5
Don't include acquiring packet traffic selectors in IKEv1
...
As we only can negotiate a single TS in IKEv1, don't prepend the
triggering packet TS, as we do in IKEv2. Otherwise we don't establish
the TS of the configuration, but only that of the triggering packet.
Fixes #207 .
2012-07-26 15:45:49 +02:00
Martin Willi
8b560a4565
Implement late peer config switching after XAuth authentication
...
If additional authentication constraints, such as group membership,
is not fulfilled by an XAuth backend, we search for another
peer configuration that fulfills all constraints, including those
from phase1.
2012-07-26 15:17:36 +02:00
Martin Willi
40ca05cff8
Check if XAuth round complies to configured authentication round
2012-07-26 12:40:27 +02:00
Martin Willi
6a8786b55f
Show which group would be required when failing in constraint check
2012-07-26 12:39:53 +02:00
Martin Willi
874f7c7e2c
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one
2012-07-26 12:38:34 +02:00
Martin Willi
9191946a63
Merge auth config items added from XAuth backends to IKE_SA
2012-07-26 12:07:48 +02:00
Martin Willi
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
Andreas Steffen
15f78beb0f
IMA SHA1 file measurement is not needed any more
2012-07-23 22:19:30 +02:00
Andreas Steffen
327dcf96db
fixed typo
2012-07-23 22:19:30 +02:00
Martin Willi
81419807f5
Release leaking child config after uninstalling shunt policy
2012-07-23 17:15:40 +02:00
Andreas Steffen
e6b01ce42d
moved PA-TNC message logging to level 1
2012-07-23 13:04:28 +02:00
Andreas Steffen
ab957aacce
transport IMA file info via PTS Component Evidence Policy URI
2012-07-23 12:51:37 +02:00
Andreas Steffen
838f683cde
ipsec attest now deletes file hashes
2012-07-22 09:29:39 +02:00
Andreas Steffen
2c9a833b7a
buffer PA-TNC attributes until Generate Attestation Evidence attribute is received
2012-07-21 16:43:24 +02:00
Andreas Steffen
6f46681a48
allow --rel as an abbreviation for --relative
2012-07-21 15:58:13 +02:00
Andreas Steffen
4c02086241
moved all shadow PCR stuff to the pts_pcr class
2012-07-21 15:58:13 +02:00
Martin Willi
3b7468b245
Support Unity split-include/exclude options in attr plugin
2012-07-20 17:36:27 +02:00
Martin Willi
73514b3217
Don't print hexdumps on loglevel 1 if hash verification fails
2012-07-20 17:36:27 +02:00
Andreas Steffen
5a6c18853e
created a pts_pcr class for PCR computations
2012-07-20 14:57:28 +02:00
Andreas Steffen
cfa69fce13
renamed build_database.sh to build-database.sh
2012-07-20 14:04:16 +02:00
Andreas Steffen
f524725474
why the hell do firefox, thunderbird and acroread their own Linux libraries?
2012-07-19 18:29:06 +02:00
Martin Willi
eb1b380a1c
Add a libstrongswan-dev debian package with development headers
2012-07-19 13:55:02 +02:00
Martin Willi
328447acd5
Pass CC/CFLAGS to ./configure, not to make, adding -include config.h
2012-07-19 13:55:02 +02:00
Martin Willi
5084c13f6d
Upgraded our Debian package to 5.0
2012-07-19 13:55:02 +02:00
Andreas Steffen
0ffd766c0a
added some multiply defined libraries
2012-07-19 13:49:35 +02:00
Andreas Steffen
214097e804
queries with relative filenames might return multiple results
2012-07-19 13:49:35 +02:00
Andreas Steffen
96e8ba0f78
updated build_database.sh
2012-07-19 13:49:35 +02:00
Andreas Steffen
2f341c540d
added index to files table
2012-07-19 13:49:35 +02:00
Andreas Steffen
14e14d913b
updated build_database.sh
2012-07-19 13:49:35 +02:00
Martin Willi
09e3717525
Fix EAP-MSCHAPv2 master key derivation, broken with 87dd205b
2012-07-18 16:46:05 +02:00
Martin Willi
e7600ca696
Remove debugging leftovers
2012-07-18 15:35:40 +02:00
Martin Willi
5d2698dd62
Add a SHA1 test vector forcing padding over block boundary
2012-07-18 15:10:29 +02:00
Andreas Steffen
9c48a31975
builds an Ubuntu 12.04 LTS measurement database
2012-07-18 11:33:59 +02:00
Andreas Steffen
4d4a09ab09
minor fixes in attest
2012-07-18 11:33:59 +02:00
Martin Willi
8217c099ce
Add a tool to burn hashers
2012-07-17 17:32:08 +02:00
Martin Willi
c63fb853e8
Use centralized hasher names in pki utility
2012-07-17 17:32:05 +02:00
Martin Willi
6719889e0a
Use centralized hasher names in coupling plugin
2012-07-17 17:32:03 +02:00
Martin Willi
610f90a8b9
Use centralized hasher names in openssl plugin
2012-07-17 17:32:00 +02:00