Tobias Brunner
62d43ea694
ike-sa-manager: Extract IKE SPI labeling feature from charon-tkm
...
Might be useful for users of other daemons too. Note that compared to the
previous implementation in charon-tkm, the mask/label are applied in
network order.
Closes strongswan/strongswan#134 .
2019-04-11 09:51:02 +02:00
Tobias Brunner
3fbc95cf54
keymat_v2: Add support for PPKs
2018-09-10 18:03:01 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Martin Willi
83187f3883
charon-tkm: Ignore an existing PID file if it references ourself
2018-03-21 10:25:49 +01:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Adrian-Ken Rueegsegger
fcff3808b4
charon-tkm: Update to latest Anet version
2018-02-08 17:01:38 +01:00
Tobias Brunner
2307bffe56
proposal: Move proposal_t from libcharon to libstrongswan
...
This allows us to use it without having to initialize libcharon, which
was required for the logging (we probably could have included debug.h
instead of daemon.h to workaround that but this seems more correct).
2017-11-17 18:09:54 +01:00
Tobias Brunner
42353849cb
charon: Explicitly check return value of fileno()
...
This is mainly for Coverity because fchown() can't take a negative
value, which the -1 check implies is possible.
2017-11-15 14:37:43 +01:00
Tobias Brunner
291b02262d
charon-tkm: Unlink PID file after deinit
...
Same change as for charon in the previous commit.
References #2460 .
2017-11-10 10:56:13 +01:00
Tobias Brunner
024b979522
certificate: Return signature scheme and parameters from issued_by() method
...
This also required some include restructuring (avoid including library.h
in headers) to avoid unresolvable circular dependencies.
2017-11-08 16:48:10 +01:00
Tobias Brunner
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
Tobias Brunner
a413571f3b
public-key: Add optional parameters argument to verify() method
2017-11-08 16:48:10 +01:00
Adrian-Ken Rueegsegger
fc08e6af8a
charon-tkm: Reset ESA on child SA create failure
...
Since we are also releasing the ESA ID we have to make sure that the ESA
context is reset and in a clean state in order for it to be actually
reusable.
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
59e7298ff9
charon-tkm: Check for error when acquiring ESA ID
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
8e823bb8b1
charon-tkm: Fix AE context life-cycle handling
...
Use new reference counting feature of ID manager for AE contexts and
only perform reset if count is zero. Also, do not pass on AE ID as every
IKE SA must decrement AE ID count once it is not used any longer.
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
c198ddcb3f
charon-tkm: Return current refcount when releasing ID
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
1b2a8d963a
charon-tkm: Add acquire_ref method to ID manager
...
The function acquires a reference to the given context reference id for
a specific context kind.
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
fcde9686f6
charon-tkm: Store context ids as int instead of bool
...
This is in preparation of making context ids refcountable.
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
d35ebfbce1
charon-tkm: Add missing whitespace log message
2017-09-15 12:16:57 +02:00
Adrian-Ken Rueegsegger
c15dbfaf08
charon-tkm: Build fix for kernel SAD tests
...
Commit 7729577... added a flag to the get_esa_id function but the unit
tests were not adjusted.
2017-08-14 18:35:37 +02:00
Tobias Brunner
772957778c
charon-tkm: Call esa_reset() when the inbound SA is deleted
...
After a rekeying the outbound SA and policy is deleted immediately, however,
the inbound SA is not removed until a few seconds later, so delayed packets
can still be processed.
This adds a flag to get_esa_id() that specifies the location of the
given SPI.
2017-08-07 10:46:00 +02:00
Tobias Brunner
dbaeaaf605
charon-tkm: Remove unused get_other_esa_id() method
2017-08-07 10:46:00 +02:00
Tobias Brunner
d24b831fe7
charon-tkm: Don't select new outbound SA until the policy is installed
...
This tries to avoid packet loss during rekeying by delaying the usage of
the new outbound IKE_SA until the old one is deleted.
Note that esa_select() is a no-op in the current TKM implementation. And
the implementation also doesn't benefit from the delayed deletion of the
inbound SA as it calls esa_reset() when the outbound SA is deleted.
2017-08-07 10:44:05 +02:00
Tobias Brunner
0d42a76275
charon-tkm: Claim to support SPIs on policies
...
This fixes rekeying as the delayed installation of the outbound SA
caused the nonce context to be expired already.
2017-08-07 10:44:05 +02:00
Tobias Brunner
dad4f6a178
charon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host()
...
When an expire is triggered while rekeying, the CHILD_SA might be deleted
while the returned host is still used to queue a rekey job for the CHILD_SA.
2017-06-14 09:57:09 +02:00
Tobias Brunner
2e4d110d1e
linked-list: Change return value of find_first() and signature of its callback
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
Tobias Brunner
3ff5de05b3
tkm: Fix get_auth_octets() signature
...
Fixes: 267c1f7083
("keymat: Allow keymat to modify signature scheme(s)")
2017-02-13 18:36:01 +01:00
Tobias Brunner
9665686bd8
daemon: Use separate method to set default loggers
...
This way it is not necessary to pass the same values to reload the
loggers.
2017-01-25 14:58:09 +01:00
Andreas Steffen
40f2589abf
gmp: Support of SHA-3 RSA signatures
2016-09-22 17:34:31 +02:00
Tobias Brunner
6250e813ca
charon-tkm: Build C code with debug information
2016-09-20 16:26:05 +02:00
Tobias Brunner
8bc2ddb2cc
charon-tkm: Free name of the PID file
2016-09-20 16:26:05 +02:00
Tobias Brunner
b71f5f9305
charon-tkm: Deinitialize tkm before libstrongswan
...
In particular because of leak-detective.
2016-09-20 16:26:05 +02:00
Tobias Brunner
89da06ace9
kernel: Use structs to pass information to the kernel-ipsec interface
2016-04-09 16:50:59 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Tobias Brunner
8394ea2a42
libhydra: Move kernel interface to libcharon
...
This moves hydra->kernel_interface to charon->kernel.
2016-03-03 17:36:11 +01:00
Tobias Brunner
88b85e022a
sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not in the set
...
Fixes #1213 .
2015-11-23 11:37:19 +01:00
Adrian-Ken Rueegsegger
e63589a7dc
charon-tkm: Register SPI generator callback
...
Set get_spi callback of IKE SA manager to TKM-specific implementation.
2015-11-11 15:39:49 +01:00
Adrian-Ken Rueegsegger
efff791675
charon-tkm: Implement SPI generator
...
The get_spi callback returns a random SPI with a label encoded according
to the spi_label and spi_mask parameters read from the strongswan.conf.
2015-11-11 15:39:49 +01:00
Tobias Brunner
a6e0f14fd2
kernel-interface: Pass the same data to del_policy() that was passed to add_policy()
...
The additional data can be helpful to identify the exact policy to
delete.
2015-11-10 16:42:52 +01:00
Tobias Brunner
3195650180
Fix typo in error handling for sigwaitinfo() in charon-systemd and charon-tkm
...
Fixes 858148092d
("Replace usages of sigwait(3) with sigwaitinfo(2)")
2015-10-29 17:40:31 +01:00
Tobias Brunner
858148092d
Replace usages of sigwait(3) with sigwaitinfo(2)
...
This is basically the same call, but it has the advantage of being
supported by FreeBSD's valgrind, which sigwait() is not.
References #1106 .
2015-10-29 15:38:37 +01:00
Martin Willi
ee9f691915
unit-tests: Forward variable argument list in TEST_SUITE_DEPEND
...
For some plugin features, such as crypters or AEADs, we have some additional
feature arguments, such as the key size.
2015-07-12 13:25:50 +02:00
Adrian-Ken Rueegsegger
38b65d7186
charon-tkm: Also store local SPI in SAD
2015-05-04 18:07:52 +02:00
Reto Buerki
8cdc563258
charon-tkm: Reset stale nonce contexts
...
If the nonce generator detects a stale nonce upon destroy(), it resets
the context in the TKM and releases associated resources in the ID
manager and chunk map.
Also, do not acquire the nonce context ID in tkm_nonceg_create function
but rather when the nonce is actually created by get_nonce().
The nonces created with get_nonce must also be registered in the chunk map.
2015-05-04 18:07:51 +02:00
Reto Buerki
a8ca50e635
charon-tkm: Drop unneeded nonceg get_id function
2015-05-04 18:07:51 +02:00
Adrian-Ken Rueegsegger
5460098cce
charon-tkm: Remove ESA nonce mappings from chunk map
2015-05-04 18:07:51 +02:00
Reto Buerki
a0cf92a650
charon-tkm: Drop obsolete TKM_LIMIT define
2015-05-04 18:07:51 +02:00
Adrian-Ken Rueegsegger
2783bd17a4
charon-tkm: Select other ESA if any is present upon deletion
...
In the case that multiple ESAs exist (e.g. rekey collision) for a
security policy, make sure to select one of the remaining ESAs.
2015-05-04 18:07:51 +02:00
Adrian-Ken Rueegsegger
c7ce0d96cd
charon-tkm: Add get_other_esa_id function to TKM kernel SAD
...
The function gets the ESA id for another entry associated with the same
security policy as the specified ESA.
2015-05-04 18:07:50 +02:00