ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
14,922 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

106 Commits

Author SHA1 Message Date
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner fab4c845ec ikev1: Send NAT-D payloads after vendor ID payloads in Aggressive Mode messages 
Some implementations might otherwise not recognize the NAT-D payload
type.  Also moves SIG and HASH payloads last in these messages.

Fixes #1239.
 2016-03-07 14:13:12 +01:00
Tobias Brunner 541543dbfe message: Log message if unknown/disallowed payload received 2015-06-01 09:42:11 +02:00
Tobias Brunner e67161fe9e message: Log original message type of unknown payloads 2015-06-01 09:42:11 +02:00
Tobias Brunner 1507647434 unknown-payload: Use a new private payload type and make original type available 
This fixes a DoS and potential remote code execution vulnerability that was
caused because the original payload type that was returned previously was
used to cast such payload objects to payloads of the indicated type (e.g.
when logging notify payloads with a payload type for the wrong IKE version).

Fixes CVE-2015-3991.
 2015-06-01 09:42:11 +02:00
Martin Willi 823a8a9b46 message: Show the fragmentation numbers in message stringification 2015-06-01 09:42:10 +02:00
Martin Willi 161a015782 utils: Use chunk_equals_const() for all cryptographic purposes 2015-04-14 12:02:51 +02:00
Tobias Brunner 42e0a317c6 ike: Only parse payloads valid for the current IKE version 2014-12-05 15:41:47 +01:00
Tobias Brunner fac310a467 ike: Make check for known payloads depend on IKE version 2014-12-05 15:41:46 +01:00
Tobias Brunner b089169752 message: Include encrypted fragment payload in payload (order) rules 
Otherwise fragmented CREATE_CHILD_SA exchanges won't get accepted
because they don't contain an SA payload.

It also prevents a warning when ordering payloads.

Fixes #752.
 2014-10-29 15:51:38 +01:00
Tobias Brunner 8dbe128c8c message: Limit maximum number of IKEv2 fragments 
The maximum for IKEv1 is already 255 due to the 8-bit fragment number.

With an overhead of 17 bytes (x64) per fragment and a default maximum
of 10000 bytes per packet the maximum memory required is 14 kB
for a fragmented message.
 2014-10-10 09:32:42 +02:00
Tobias Brunner f00a9c1715 packet: Define a global default maximum size for IKE packets 2014-10-10 09:32:42 +02:00
Tobias Brunner 03512c47bf message: Ensure a minimum fragment length 2014-10-10 09:32:41 +02:00
Tobias Brunner c0f4936a23 message: Fragment and reassemble IKEv2 messages 2014-10-10 09:32:41 +02:00
Tobias Brunner e8ffb256b3 message: Handle encrypted fragment payload similar to the encrypted payload 2014-10-10 09:32:41 +02:00
Tobias Brunner 41751a70d9 message: Split generate() in multiple functions 2014-10-10 09:31:16 +02:00
Tobias Brunner 70e0be072b ikev1: Move defragmentation to message_t 2014-10-10 09:30:26 +02:00
Tobias Brunner 2e7a2c06a1 message: fragment() generates message and fragments and caches them 2014-10-10 09:30:26 +02:00
Tobias Brunner e0b35142c1 message: Make packet argument optional in generate() 2014-10-10 09:30:26 +02:00
Tobias Brunner 127a98dc90 ikev1: Move fragment generation to message_t 2014-10-10 09:30:26 +02:00
Tobias Brunner 147fe503af ike: Rename encryption_payload to encrypted_payload 2014-10-10 09:30:25 +02:00
Tobias Brunner 8a6b01dd2a ikev1: Don't cache last block of INFORMATIONAL messages as IV 
We don't expect a response with the same MID, but apparently some
devices (e.g. FRITZ!Box) do that for DPDs, while still treating the
response as a new exchange.  By storing the last message block as IV
we can't decrypt the first block of such a response.

Fixes #661.
 2014-09-12 13:56:18 +02:00
Martin Willi 3ecfc83c6b payload: Use common prefixes for all payload type identifiers 
The old identifiers did not use a proper namespace and often clashed with
other defines.
 2014-06-04 15:53:03 +02:00
Martin Willi c4c9d291d2 ikev1: Add an option to accept unencrypted ID/HASH payloads 
Even in Main Mode, some Sonicwall boxes seem to send ID/HASH payloads in
unencrypted form, probably to allow PSK lookup based on the ID payloads. We
by default reject that, but accept it if the
charon.accept_unencrypted_mainmode_messages option is set in strongswan.conf.

Initial patch courtesy of Paul Stewart.
 2014-04-17 08:52:28 +02:00
Tobias Brunner e8229ad558 iv_gen: Provide external sequence number (IKE, ESP) 
This prevents duplicate sequential IVs in case of a HA failover.
 2013-10-11 15:55:40 +02:00
Martin Willi d489e75579 ikev1: Accept more than two certificate payloads 2013-10-11 10:15:21 +02:00
Martin Willi 61b0079881 message: print type of configuration payload 2013-09-03 16:26:19 +02:00
Martin Willi 8e4b258030 message: print attributes for IKEv1 configuration payloads as well 2013-09-03 16:26:19 +02:00
Tobias Brunner 84693a3d79 linked-list: Remove barely used has_more() method 
This required some refactoring when handling encrypted payloads.

Also changed log messages so that "encrypted payload" is logged instead
of "encryption payload" (even if we internally still call it that) as
that's the name used in RFC 5996.
 2013-07-17 17:42:53 +02:00
Tobias Brunner 665fac2433 Allow up to 10 NAT-D payloads in IKEv1 messages 2013-03-20 16:20:39 +01:00
Tobias Brunner af5452ba76 Allow more than one CERTREQ payload for IKEv2 
There is no reason not to do so (RFC 5996 explicitly mentions multiple
CERTREQ payloads) and some implementations seem to use the same behavior
as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
 2013-02-08 11:28:56 +01:00
Tobias Brunner 9b1659f52c Add message rules to properly handle IKE fragments 
These are sent in unencrypted messages and are the only payload
contained in such messages.
 2012-12-24 10:24:48 +01:00
Tobias Brunner ddfad8b67e Reset the encrypted flag when handling IKE messages that contain a fragment 
Racoon sets the encrypted bit for messages containing a fragment, but these
messages are not really encrypted (the fragmented message is though).
 2012-12-24 10:24:48 +01:00
Volker Rümelin 0ff8d20a89 Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier 
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
 2012-12-19 11:03:42 +01:00
Martin Willi aa51d5dd25 Increase the limit of acceptable IKEv1 CERTREQ payloads to 20 2012-10-24 13:07:53 +02:00
Martin Willi 73514b3217 Don't print hexdumps on loglevel 1 if hash verification fails 2012-07-20 17:36:27 +02:00
Martin Willi 511f0b18b9 Cleaned up memory management and return values for encryption payload 2012-07-16 14:55:07 +02:00
Martin Willi e185612dd8 Add a return value to keymat_v1_t.{get,update,confirm}_iv 2012-07-16 14:55:06 +02:00
Martin Willi a7e6539135 Use a bool return value in keymat_v1_t.get_hash_phase2() 2012-07-16 14:53:34 +02:00
Tobias Brunner 1726795fa9 Store the major IKE version on ike_sa_id_t. 2012-03-20 17:31:40 +01:00
Martin Willi bb2d4e1882 Print IKEv1 notify types in message summary 2012-03-20 17:31:35 +01:00
Martin Willi 5f2f864efc Support IKEv1 notifies in message_t.get_notify() 2012-03-20 17:31:35 +01:00
Tobias Brunner bd8d1f1d9c Accept unencrypted Aggressive Mode messages. 
Racoon does not encrypt the third message during Aggressive Mode.
 2012-03-20 17:31:34 +01:00
Martin Willi ebc7bcb550 Encrypt payloads of third aggressive mode message 2012-03-20 17:31:33 +01:00
Martin Willi 07b8ec7c00 Cast keymat safely, not based on external input 2012-03-20 17:31:30 +01:00
Martin Willi 82b1e5e270 Accept NULL as keymat when generating a message 2012-03-20 17:31:29 +01:00
Martin Willi 15a682f4c2 Separated libcharon/sa directory with ikev1 and ikev2 subfolders 2012-03-20 17:31:26 +01:00
Martin Willi 5d0458af0a Another set of cleanups in message.c 2012-03-20 17:31:25 +01:00
Martin Willi b9a707e696 Some coding style cleanups 2012-03-20 17:31:25 +01:00
Martin Willi a4cc071364 Do not trust unprotected INFORMATIONALS, just print that we got one 2012-03-20 17:31:23 +01:00