Commit Graph

13680 Commits

Author SHA1 Message Date
Tobias Brunner bf5d0693ef id-payload: Enable multiple calls to get_ts() for subnet traffic selectors
The second call resulted in a /32 subnet previously.
2014-12-05 09:32:38 +01:00
Tobias Brunner 7459f3a5ac ikev2: Fix handling of more than one hash-and-URL certificate payloads 2014-12-04 11:33:38 +01:00
Martin Willi e61841a211 Merge branch 'wfp-drop-firewall'
Introduces ALE layer WFP rules to accept tunnel mode packets in Windows
stateful packet filtering if default-drop policies are used.
2014-12-04 11:11:47 +01:00
Martin Willi e1a448314f kernel-wfp: Install outbound ALE connect rules for IPsec
Similar to the inbound rules, the ALE filter processes IP-in-IP packets for
outbound tunnel mode traffic. When using an outbound default-drop policy,
Windows does not allow connection initiation without these explicit rules.
2014-12-04 11:10:48 +01:00
Martin Willi a8142a17cf kernel-wfp: Install inbound ALE IP-in-IP filters
When processing inbound tunnel mode packets, Windows decrypts packets and
filters them as IP-in-IP packets. We therefore require an ALE filter that
calls the FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT callout to allow them
when using a default-drop policy.

Without these rules, any outbound packet created an ALE state that allows
inbound packets as well. Processing inbound packets without any outbound
traffic fails without these rules.
2014-12-04 11:10:48 +01:00
Martin Willi 070461b70d kernel-wfp: Add missing IPsec sublayer GUIDs 2014-12-04 11:10:48 +01:00
Martin Willi a21338a43e kernel-wfp: Define IPsec related ALE layers and callout GUIDs 2014-12-04 11:10:48 +01:00
Martin Willi 4d48dfd6a3 kernel-wfp: Fix logging of MM/QM/EM NetEvent failures 2014-12-04 11:10:48 +01:00
Martin Willi b164cc8e15 vici: Make sure to send/recv all requested bytes over socket
As the underlying C functions, send/recv on ruby sockets are not guaranteed
to send/recv all requested bytes. Use wrapper functions to make sure we get
all bytes needed.
2014-12-04 10:42:22 +01:00
Martin Willi dcae0a3935 updown: Inverse comment of VPN_LOGGING variable, as it is enabled by default
Fixes #780.
2014-12-02 15:02:41 +01:00
Andreas Steffen 32d19652f1 Version bump to 5.2.2dr1 2014-11-29 15:00:10 +01:00
Andreas Steffen 9b01a061ec Increased check size du to INITIAL_CONTACT notify 2014-11-29 14:57:41 +01:00
Andreas Steffen c02ebf1ecd Renewed expired certificates 2014-11-29 14:51:18 +01:00
Andreas Steffen b6bb32e658 Implemented full BLISS support for IKEv2 public key authentication and the pki tool 2014-11-29 14:51:18 +01:00
Andreas Steffen 43d9247599 Created ikev2/rw-ntru-bliss scenario 2014-11-29 14:51:18 +01:00
Andreas Steffen 0d8a3f5d01 Applied bit packing to BLISS public key 2014-11-29 14:51:18 +01:00
Andreas Steffen bf749fa1fb Wipe BLISS private key memory 2014-11-29 14:51:17 +01:00
Andreas Steffen b352ee4266 Created bliss_bitpacker class to encode BLISS signatures 2014-11-29 14:51:17 +01:00
Andreas Steffen 7143667bdd Skip the unused bits field of the ASN.1 BIT STRING encoding 2014-11-29 14:51:17 +01:00
Andreas Steffen 5a50e364e6 Store NTT A of BLISS public key a 2014-11-29 14:51:17 +01:00
Andreas Steffen 3e1f6edc5a unit-tests: created bliss_sign test suite 2014-11-29 14:51:17 +01:00
Andreas Steffen e71813e56d Finished BLISS signature generation 2014-11-29 14:51:17 +01:00
Andreas Steffen edd72b6bb9 Implemented Gaussian rejection sampler
The bliss_sampler class uses the mgf1_bitspender as a
pseudo-random source.
2014-11-29 14:51:16 +01:00
Andreas Steffen 72bb7eec9c Implemented get_byte() method for mgf1_bitspender class
The new get_byte() method returns a pseudo-random byte at a time.
Changed the get_bits() interface to the same interface as get_byte().
Updated the mgf1 unit-tests accordingly.
2014-11-29 14:51:16 +01:00
Andreas Steffen 5f7a9ea9c3 Added support for BLISS-III 2014-11-29 14:51:16 +01:00
Andreas Steffen f673966b9f Started implementing BLISS signature generation 2014-11-29 14:51:16 +01:00
Andreas Steffen 56009f2001 Store and parse BLISS private and public keys in DER and PEM format
Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey
and subjectPublicKeyInfo objects.

Some basic functions used by the bliss_public_key class are shared
with the bliss_private_key class.
2014-11-29 14:51:16 +01:00
Andreas Steffen 37bfe44358 unit-tests: Created separate mgf1 test suite 2014-11-29 14:51:16 +01:00
Andreas Steffen 8614d1214d Use mgf1_bitspender in ntru_poly_create_from_seed 2014-11-29 14:51:15 +01:00
Andreas Steffen 64a5cacde5 Use mgf1_bitspender to generate random secret key 2014-11-29 14:51:15 +01:00
Andreas Steffen 988d477145 Implemented bitspender based on the MGF1 mask generator function 2014-11-29 14:51:15 +01:00
Andreas Steffen c3664d8ee1 unit-tests: Added bliss_fft test suite 2014-11-29 14:51:15 +01:00
Andreas Steffen 1d3e080877 Moved mgf1 class to libstrongswan/crypto/mgf1 2014-11-29 14:51:15 +01:00
Andreas Steffen 73a327404d Defined BLISS I and IV parameter sets 2014-11-29 14:51:14 +01:00
Andreas Steffen 6d31c7ef74 Added BLISS OIDs in ITA-HSR OID tree 2014-11-29 14:51:14 +01:00
Andreas Steffen 8c751b6119 Implemented Number Theoretic Transform using the FFT algorithm
By pre-multiplying the input arrays with a linear phase the
fast multiplication via FFT and inverse FFT computes a negative
wrapped convolution corresponding to a modulus of x^n+1.
2014-11-29 14:51:14 +01:00
Andreas Steffen 9d5b91d198 Created framework for BLISS post-quantum signature algorithm 2014-11-29 14:51:14 +01:00
Martin Willi 4ef819a379 libtls: Catch POLLHUP/NVAL in TLS socket splicing
If one of the sockets gets disconnected, some systems return POLLHUP. Signal
the socket as ready to let the read/write call fail properly.
2014-11-28 15:53:50 +01:00
Martin Willi 015fb3134d watcher: Proper handle poll() POLLHUP/NVAL signaling
poll() may return POLLHUP or POLLNVAL for given file descriptors. To handle
these properly, we signal them to the EXCEPT watcher state, if registered. If
not, we call the read/write callbacks, so they can properly fail when trying
to read from or write to the file descriptor.
2014-11-28 12:50:34 +01:00
Martin Willi 02fd29acc1 windows: Properly set errno for read/write functions using Winsock 2014-11-28 12:45:58 +01:00
Martin Willi f1773fee43 ikev2: Fix ike_rekey switch statement broken with last commit 2014-11-24 10:03:26 +01:00
Martin Willi 8891ed5478 ikev2: Prevent IKE_SA rekeying if we are currently retrying a CHILD_SA rekey 2014-11-21 12:51:20 +01:00
Martin Willi c39b0c883d controller: Keep following initiate() if the first DH guess was wrong 2014-11-21 12:51:19 +01:00
Martin Willi 013857ad79 child-sa: Introduce a CHILD_RETRYING state to detect DH group retries 2014-11-21 12:51:19 +01:00
Martin Willi f6f3b0db11 Merge branch 'poll'
Replace relevant uses of select() by poll(). poll(2) avoids the difficulties
we have with more than 1024 open file descriptors, and seems to be fairly
portable.

Fixes #757.
2014-11-21 12:49:07 +01:00
Martin Willi 89f19ef876 windows: Move the compatibility header to the compat subfolder 2014-11-21 12:02:08 +01:00
Martin Willi aec3d5fb7f apple: Wrap accept() and recvfrom() with poll(2) instead of select 2014-11-21 12:02:08 +01:00
Martin Willi f65779dd0f apple: Introduce a central compatibility header with all __APPLE__ quirks 2014-11-21 12:02:08 +01:00
Martin Willi 6e1d3f3615 watcher: Use Windows read/write(2) wrappers instead of compile-conditions 2014-11-21 12:02:08 +01:00
Martin Willi a301a9c939 windows: Provide a write(2) wrapper that uses send(2) on sockets 2014-11-21 12:02:08 +01:00