80b267f9e3
Use filter instead of findstring to check for enabled plugins in Android.mk.
...
findstring is not prefix-safe (i.e. android matches android-log). On
the other hand filter matches words separated by whitespace and if no
wildcard (%) is used the full word has to match.
2012-08-08 15:07:43 +02:00
162621ed57
Moved Android specific logger to separate plugin.
...
This is mainly because the other parts of the existing android plugin
can not be built in the NDK (access to keystore and system properties are
not part of the stable NDK libraries).
2012-08-08 15:07:43 +02:00
657a3ba609
Link android plugin against liblog in the NDK.
...
Doesn't seem to hurt the build within the source tree.
2012-08-08 15:07:43 +02:00
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
73940eb712
Make path to Android OpenSSL headers configurable.
2012-08-08 15:07:43 +02:00
4528e74a5c
Don't require STRONGSWAN_CONF to be defined.
2012-08-08 15:07:42 +02:00
a9f169f699
Don't require PLUGINDIR to be defined.
...
If it is not available, we just load monolithically built plugins.
2012-08-08 15:07:42 +02:00
4e98ca1800
Remove queued IKEv1 message before processing it
...
Avoids destruction or processing of a queued message in
recursive process_message() call.
2012-08-08 14:54:03 +02:00
6204c1182d
Include src address in hash of initial message for Main Mode
...
If two initiators use the same SPI and also use the same SA proposal the
hash for the initial message would be exactly the same. For IKEv2 and
Aggressive Mode that's not a problem as these messages include random
data (Ni, KEi payloads).
2012-08-08 14:47:36 +02:00
fa1baac315
implemented deletion of product_file database entries
2012-08-07 15:06:12 +02:00
9c2f08860d
Add DH group 15 (MODP-3072) to IKE proposal
2012-08-06 11:22:33 +02:00
7c6d6b0d89
PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5
...
Fixes #211 .
2012-08-03 15:25:17 +02:00
bd28543512
Rebuild charon after running ./configure to reflect plugin changes
2012-08-03 13:11:45 +02:00
764035d515
Block XAuth transaction on established IKE_SAs, but allow Mode Config
2012-08-03 13:07:57 +02:00
decc467a4f
Implemented recursive mutex without thread-specific counter
2012-08-03 11:30:18 +02:00
920f29e7d5
Use a single thread-specific value for our custom rwlock_t implementation
...
The pthread implementation on Android currently only supports 64
different thread-specific values per process, which we hit easily when
every rwlock_t requires one.
2012-08-03 11:30:18 +02:00
f02a305569
Fix linking of addrblock plugin when building monolithic
...
Fixes #212 .
2012-08-03 10:50:21 +02:00
394b9f6b65
Reject initial exchange messages early once IKE_SA is established
2012-08-02 13:04:54 +02:00
804d702b0a
Add some more NEWS about 5.0.1
2012-08-02 12:23:59 +02:00
11d6bc3eb0
Move MODP_CUSTOM va_arg fetching out of loop
...
It seems problematic at least on PPC with gcc 4.3, fixes #208 .
2012-08-02 12:08:27 +02:00
ecfd714c78
updated NEWS
2012-07-31 17:25:30 +02:00
3e7565eee0
libimcv requires nonce plugin
2012-07-31 16:46:46 +02:00
f701ba8389
Lookup IKEv1 PSK even if the peer identity is not known
2012-07-31 15:39:33 +02:00
6ff1d5bb32
update state before handling status
2012-07-30 23:19:25 +02:00
af8354da1a
implemented support if functional sub-components
2012-07-30 20:49:42 +02:00
e0c66bebcf
extended and documented ipsec attest
2012-07-30 20:49:42 +02:00
63ac6d00b0
Proper fallback if capability dropping is not available
2012-07-27 14:46:42 +02:00
8ff1094823
The use of $< in Makefiles is not portable
...
It requires GNU make which is not what most people use on e.g. FreeBSD.
Fixes #205 .
2012-07-27 13:47:59 +02:00
d511a71daa
Include stdint.h for UINTxx_MAX defines
...
Fixes #205 .
2012-07-27 13:47:59 +02:00
df0f88a4b3
measure all kernel modules and optimize firefox and thunderbird measurements
2012-07-27 11:47:22 +02:00
9e99d2c378
with --relative --file do not insert absolute filenames into database
2012-07-27 11:47:22 +02:00
777bcdc0d5
Don't include acquiring packet traffic selectors in IKEv1
...
As we only can negotiate a single TS in IKEv1, don't prepend the
triggering packet TS, as we do in IKEv2. Otherwise we don't establish
the TS of the configuration, but only that of the triggering packet.
Fixes #207 .
2012-07-26 15:45:49 +02:00
8b560a4565
Implement late peer config switching after XAuth authentication
...
If additional authentication constraints, such as group membership,
is not fulfilled by an XAuth backend, we search for another
peer configuration that fulfills all constraints, including those
from phase1.
2012-07-26 15:17:36 +02:00
40ca05cff8
Check if XAuth round complies to configured authentication round
2012-07-26 12:40:27 +02:00
6a8786b55f
Show which group would be required when failing in constraint check
2012-07-26 12:39:53 +02:00
874f7c7e2c
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one
2012-07-26 12:38:34 +02:00
9191946a63
Merge auth config items added from XAuth backends to IKE_SA
2012-07-26 12:07:48 +02:00
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
15f78beb0f
IMA SHA1 file measurement is not needed any more
2012-07-23 22:19:30 +02:00
327dcf96db
fixed typo
2012-07-23 22:19:30 +02:00
81419807f5
Release leaking child config after uninstalling shunt policy
2012-07-23 17:15:40 +02:00
e6b01ce42d
moved PA-TNC message logging to level 1
2012-07-23 13:04:28 +02:00
ab957aacce
transport IMA file info via PTS Component Evidence Policy URI
2012-07-23 12:51:37 +02:00
838f683cde
ipsec attest now deletes file hashes
2012-07-22 09:29:39 +02:00
2c9a833b7a
buffer PA-TNC attributes until Generate Attestation Evidence attribute is received
2012-07-21 16:43:24 +02:00
6f46681a48
allow --rel as an abbreviation for --relative
2012-07-21 15:58:13 +02:00
4c02086241
moved all shadow PCR stuff to the pts_pcr class
2012-07-21 15:58:13 +02:00
3b7468b245
Support Unity split-include/exclude options in attr plugin
2012-07-20 17:36:27 +02:00
73514b3217
Don't print hexdumps on loglevel 1 if hash verification fails
2012-07-20 17:36:27 +02:00
5a6c18853e
created a pts_pcr class for PCR computations
2012-07-20 14:57:28 +02:00
Tobias Brunner