Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
fab4c845ec
ikev1: Send NAT-D payloads after vendor ID payloads in Aggressive Mode messages
...
Some implementations might otherwise not recognize the NAT-D payload
type. Also moves SIG and HASH payloads last in these messages.
Fixes #1239 .
2016-03-07 14:13:12 +01:00
Tobias Brunner
541543dbfe
message: Log message if unknown/disallowed payload received
2015-06-01 09:42:11 +02:00
Tobias Brunner
e67161fe9e
message: Log original message type of unknown payloads
2015-06-01 09:42:11 +02:00
Tobias Brunner
1507647434
unknown-payload: Use a new private payload type and make original type available
...
This fixes a DoS and potential remote code execution vulnerability that was
caused because the original payload type that was returned previously was
used to cast such payload objects to payloads of the indicated type (e.g.
when logging notify payloads with a payload type for the wrong IKE version).
Fixes CVE-2015-3991.
2015-06-01 09:42:11 +02:00
Martin Willi
823a8a9b46
message: Show the fragmentation numbers in message stringification
2015-06-01 09:42:10 +02:00
Martin Willi
161a015782
utils: Use chunk_equals_const() for all cryptographic purposes
2015-04-14 12:02:51 +02:00
Tobias Brunner
42e0a317c6
ike: Only parse payloads valid for the current IKE version
2014-12-05 15:41:47 +01:00
Tobias Brunner
fac310a467
ike: Make check for known payloads depend on IKE version
2014-12-05 15:41:46 +01:00
Tobias Brunner
b089169752
message: Include encrypted fragment payload in payload (order) rules
...
Otherwise fragmented CREATE_CHILD_SA exchanges won't get accepted
because they don't contain an SA payload.
It also prevents a warning when ordering payloads.
Fixes #752 .
2014-10-29 15:51:38 +01:00
Tobias Brunner
8dbe128c8c
message: Limit maximum number of IKEv2 fragments
...
The maximum for IKEv1 is already 255 due to the 8-bit fragment number.
With an overhead of 17 bytes (x64) per fragment and a default maximum
of 10000 bytes per packet the maximum memory required is 14 kB
for a fragmented message.
2014-10-10 09:32:42 +02:00
Tobias Brunner
f00a9c1715
packet: Define a global default maximum size for IKE packets
2014-10-10 09:32:42 +02:00
Tobias Brunner
03512c47bf
message: Ensure a minimum fragment length
2014-10-10 09:32:41 +02:00
Tobias Brunner
c0f4936a23
message: Fragment and reassemble IKEv2 messages
2014-10-10 09:32:41 +02:00
Tobias Brunner
e8ffb256b3
message: Handle encrypted fragment payload similar to the encrypted payload
2014-10-10 09:32:41 +02:00
Tobias Brunner
41751a70d9
message: Split generate() in multiple functions
2014-10-10 09:31:16 +02:00
Tobias Brunner
70e0be072b
ikev1: Move defragmentation to message_t
2014-10-10 09:30:26 +02:00
Tobias Brunner
2e7a2c06a1
message: fragment() generates message and fragments and caches them
2014-10-10 09:30:26 +02:00
Tobias Brunner
e0b35142c1
message: Make packet argument optional in generate()
2014-10-10 09:30:26 +02:00
Tobias Brunner
127a98dc90
ikev1: Move fragment generation to message_t
2014-10-10 09:30:26 +02:00
Tobias Brunner
147fe503af
ike: Rename encryption_payload to encrypted_payload
2014-10-10 09:30:25 +02:00
Tobias Brunner
8a6b01dd2a
ikev1: Don't cache last block of INFORMATIONAL messages as IV
...
We don't expect a response with the same MID, but apparently some
devices (e.g. FRITZ!Box) do that for DPDs, while still treating the
response as a new exchange. By storing the last message block as IV
we can't decrypt the first block of such a response.
Fixes #661 .
2014-09-12 13:56:18 +02:00
Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Martin Willi
c4c9d291d2
ikev1: Add an option to accept unencrypted ID/HASH payloads
...
Even in Main Mode, some Sonicwall boxes seem to send ID/HASH payloads in
unencrypted form, probably to allow PSK lookup based on the ID payloads. We
by default reject that, but accept it if the
charon.accept_unencrypted_mainmode_messages option is set in strongswan.conf.
Initial patch courtesy of Paul Stewart.
2014-04-17 08:52:28 +02:00
Tobias Brunner
e8229ad558
iv_gen: Provide external sequence number (IKE, ESP)
...
This prevents duplicate sequential IVs in case of a HA failover.
2013-10-11 15:55:40 +02:00
Martin Willi
d489e75579
ikev1: Accept more than two certificate payloads
2013-10-11 10:15:21 +02:00
Martin Willi
61b0079881
message: print type of configuration payload
2013-09-03 16:26:19 +02:00
Martin Willi
8e4b258030
message: print attributes for IKEv1 configuration payloads as well
2013-09-03 16:26:19 +02:00
Tobias Brunner
84693a3d79
linked-list: Remove barely used has_more() method
...
This required some refactoring when handling encrypted payloads.
Also changed log messages so that "encrypted payload" is logged instead
of "encryption payload" (even if we internally still call it that) as
that's the name used in RFC 5996.
2013-07-17 17:42:53 +02:00
Tobias Brunner
665fac2433
Allow up to 10 NAT-D payloads in IKEv1 messages
2013-03-20 16:20:39 +01:00
Tobias Brunner
af5452ba76
Allow more than one CERTREQ payload for IKEv2
...
There is no reason not to do so (RFC 5996 explicitly mentions multiple
CERTREQ payloads) and some implementations seem to use the same behavior
as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
2013-02-08 11:28:56 +01:00
Tobias Brunner
9b1659f52c
Add message rules to properly handle IKE fragments
...
These are sent in unencrypted messages and are the only payload
contained in such messages.
2012-12-24 10:24:48 +01:00
Tobias Brunner
ddfad8b67e
Reset the encrypted flag when handling IKE messages that contain a fragment
...
Racoon sets the encrypted bit for messages containing a fragment, but these
messages are not really encrypted (the fragmented message is though).
2012-12-24 10:24:48 +01:00
Volker Rümelin
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
Martin Willi
aa51d5dd25
Increase the limit of acceptable IKEv1 CERTREQ payloads to 20
2012-10-24 13:07:53 +02:00
Martin Willi
73514b3217
Don't print hexdumps on loglevel 1 if hash verification fails
2012-07-20 17:36:27 +02:00
Martin Willi
511f0b18b9
Cleaned up memory management and return values for encryption payload
2012-07-16 14:55:07 +02:00
Martin Willi
e185612dd8
Add a return value to keymat_v1_t.{get,update,confirm}_iv
2012-07-16 14:55:06 +02:00
Martin Willi
a7e6539135
Use a bool return value in keymat_v1_t.get_hash_phase2()
2012-07-16 14:53:34 +02:00
Tobias Brunner
1726795fa9
Store the major IKE version on ike_sa_id_t.
2012-03-20 17:31:40 +01:00
Martin Willi
bb2d4e1882
Print IKEv1 notify types in message summary
2012-03-20 17:31:35 +01:00
Martin Willi
5f2f864efc
Support IKEv1 notifies in message_t.get_notify()
2012-03-20 17:31:35 +01:00
Tobias Brunner
bd8d1f1d9c
Accept unencrypted Aggressive Mode messages.
...
Racoon does not encrypt the third message during Aggressive Mode.
2012-03-20 17:31:34 +01:00
Martin Willi
ebc7bcb550
Encrypt payloads of third aggressive mode message
2012-03-20 17:31:33 +01:00
Martin Willi
07b8ec7c00
Cast keymat safely, not based on external input
2012-03-20 17:31:30 +01:00
Martin Willi
82b1e5e270
Accept NULL as keymat when generating a message
2012-03-20 17:31:29 +01:00
Martin Willi
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
Martin Willi
5d0458af0a
Another set of cleanups in message.c
2012-03-20 17:31:25 +01:00
Martin Willi
b9a707e696
Some coding style cleanups
2012-03-20 17:31:25 +01:00
Martin Willi
a4cc071364
Do not trust unprotected INFORMATIONALS, just print that we got one
2012-03-20 17:31:23 +01:00