ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,136 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

4069 Commits

Author SHA1 Message Date
SophieK 7e0e3ef4e0 keymat_v1: Avoid memory leak during IKE key derivation in some error cases 
Closes strongswan/strongswan#138.
 2019-05-09 10:07:52 +02:00
Tobias Brunner 3ee352a691 smp: Use correct printf specifier to print SPIs 2019-05-08 14:48:54 +02:00
Tobias Brunner c7a0b39bd6 vici: Add Python command wrappers to tarball 
Fixes: e0f7da8644 ("vici: Extract command wrappers in Python bindings")
 2019-05-06 15:51:05 +02:00
Tobias Brunner 02b348403a Fixed some typos, courtesy of codespell 2019-04-29 15:09:20 +02:00
Tobias Brunner eefa81120c vici: Update command wrappers in the Perl bindings 
Note that load_key() now returns the complete response (to get the key
identifier).
 2019-04-26 10:15:48 +02:00
Tobias Brunner 968866afc6 vici: Update some data in the Ruby gemspec 2019-04-26 10:15:48 +02:00
Tobias Brunner cc2ef8f8a7 vici: Some code style fixes in the Ruby bindings 
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
 2019-04-26 10:15:43 +02:00
Tobias Brunner 1fef01af58 vici: Update command wrappers of the Ruby bindings 
Also reorder them to match README.md.
 2019-04-26 09:35:37 +02:00
Tobias Brunner 3b39444556 vici: Refactor how commands are called in the Ruby bindings 
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
 2019-04-26 09:35:11 +02:00
Tobias Brunner 42fe703a95 vici: Fix formatting of return values for load-conn and load-authority commands 2019-04-26 09:35:10 +02:00
Tobias Brunner c5113c8105 vici: Add missing command wrappers for Python bindings 
Also change some for which the return value became relevant.
 2019-04-26 09:35:10 +02:00
Tobias Brunner e0f7da8644 vici: Extract command wrappers in Python bindings 
This simplifies the interface and allows calling not yet wrapped
commands more easily.
 2019-04-26 09:18:54 +02:00
Tobias Brunner 89c8ba525b eap-aka-3gpp2: Increase SQN after each authentication 2019-04-25 15:58:17 +02:00
Tobias Brunner fbb0feeea9 unit-tests: Add unit tests for childless IKE_SA initiation 2019-04-25 15:23:19 +02:00
Tobias Brunner 1b19469c67 unit-tests: Make childless initiation configurable 2019-04-25 15:23:19 +02:00
Tobias Brunner e0678a8cc6 unit-tests: Add helper to create but not yet establish two IKE_SAs 2019-04-25 15:23:19 +02:00
Tobias Brunner 202fb101b8 unit-tests: Add macros to assert certain payloads are (not) in a message 2019-04-25 15:23:19 +02:00
Tobias Brunner c863960eb1 vici: Support initiation of IKE_SAs 
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
 2019-04-25 15:23:19 +02:00
Tobias Brunner 2889b77da2 vici: Make childless initiation of IKE_SAs configurable 2019-04-25 15:23:19 +02:00
Tobias Brunner 6b00d34b42 controller: Make child config optional for initiate() 2019-04-25 15:23:19 +02:00
Tobias Brunner ed521a7470 child-create: Initiate and handle childless IKE_SAs according to RFC 6023 2019-04-25 15:23:19 +02:00
Tobias Brunner 93104d0fe9 ike-init: Notify initiator if childless IKE_SAs are accepted 2019-04-25 14:31:39 +02:00
Tobias Brunner ddb083c164 ike-cfg: Add setting for childless IKE_SAs 2019-04-25 14:31:39 +02:00
Tobias Brunner 9486a2e5b0 ike-cfg: Pass arguments as struct 2019-04-25 14:31:33 +02:00
SophieK de77957eda proposal-substructure: Fix incorrect type for IKEv2 proposals 
Luckily, the type is only used once when generating payloads and there it
doesn't matter because the encoding rules are the same.

Closes strongswan/strongswan#135.
 2019-04-25 09:40:51 +02:00
Tobias Brunner 8da7dbe766 socket-default: Fix setting DSCP value on FreeBSD 
Fixes #3030.
 2019-04-23 11:49:04 +02:00
Tobias Brunner 4c0d74bc12 eap-mschapv2: Convert UTF-8-encoded passwords 
Instead of assuming passwords are simply ASCII-encoded we now assume they are
provided UTF-8-encoded, which is quite likely nowadays.  The UTF-8 byte
sequences are not validated, however, only valid code points are encoded
as UTF-16LE.

Fixes #3014.
 2019-04-16 11:26:49 +02:00
Tobias Brunner a3885b86e6 child-create: Make sure the mode selected by the responder is acceptable 
Previously, the initiator would install the SA in transport mode if the
peer sent back the USE_TRANSPORT_MODE notify, even if that was not
requested originally.
 2019-04-15 14:31:57 +02:00
Tobias Brunner 7b2236526c message: Enforce encryption except for INFORMATIONALs 
The only messages that are generally sent encrypted but could be sent
unencrypted are INFORMATIONALs (currently only used for IKEv1 and ME
connectivity checks).  This should prevent issues if the keymat_t behaves
incorrectly and does not return an aead_t when it actually should.
 2019-04-15 14:01:02 +02:00
Tobias Brunner 62d43ea694 ike-sa-manager: Extract IKE SPI labeling feature from charon-tkm 
Might be useful for users of other daemons too. Note that compared to the
previous implementation in charon-tkm, the mask/label are applied in
network order.

Closes strongswan/strongswan#134.
 2019-04-11 09:51:02 +02:00
Tobias Brunner f5ad3cf491 eap-aka-3gpp: Ignore test runner in repository 2019-04-04 18:40:22 +02:00
Tobias Brunner 5af924a650 ike-config: If we don't send a CFG_REQUEST, we don't expect a CFG_REPLY 
Previously, attributes in an incorrectly sent CFG_REPLY would still be passed
to attribute handlers.  This does not prevent handlers from receiving
unrequested attributes if they requested at least one other.
 2019-04-04 11:06:20 +02:00
Tobias Brunner b5ac0bd35f ike-config: Ignore unrequested virtual IP addresses 
But forward them to handlers in case they requested them.
 2019-04-04 11:06:20 +02:00
Tobias Brunner 0396969a36 vici: Add support for interface ID configurable on IKE_SA 2019-04-04 09:36:38 +02:00
Tobias Brunner fafa76984d child-sa: Pass default interface ID inherited from IKE_SA 
Also pass optional arguments as struct.
 2019-04-04 09:36:38 +02:00
Tobias Brunner dec3c184a6 ike-sa: Add property for interface ID 2019-04-04 09:36:38 +02:00
Tobias Brunner 9347f72494 ipsec-types: Move allocation of unique interface IDs to helper function 2019-04-04 09:31:38 +02:00
Tobias Brunner c56b8c1a26 peer-cfg: Add property for interface ID 2019-04-04 09:31:38 +02:00
Tobias Brunner 2feba5aa22 kernel-netlink: Add helper functions for nested attributes 2019-04-04 09:31:38 +02:00
Tobias Brunner 801a5d3133 kernel-netlink: Don't install routes for CHILD_SAs with interface ID 2019-04-04 09:31:38 +02:00
Tobias Brunner d74ddd7893 xfrmi: Move to a separate directory to fix monolithic build 2019-04-04 09:31:38 +02:00
Tobias Brunner eef9236602 kernel-netlink: Add --list option to XFRM interfaces utility 2019-04-04 09:31:38 +02:00
Tobias Brunner aa841dbbfc vici: Report interface IDs 2019-04-04 09:31:38 +02:00
Tobias Brunner 3fa8c3e529 updown: Pass interface ID to updown script 2019-04-04 09:31:38 +02:00
Tobias Brunner 8ab336285a ike: Reuse interface ID during CHILD_SA rekeyings 2019-04-04 09:31:38 +02:00
Tobias Brunner a6014d99b7 child-sa: Configure interface ID on SAs and policies 2019-04-03 12:00:08 +02:00
Tobias Brunner 18ed5a07db vici: Make interface ID configurable 2019-04-03 12:00:08 +02:00
Tobias Brunner f99bd2a5a6 kernel-interface: Consider interface ID when allocating reqids 2019-04-03 12:00:08 +02:00
Tobias Brunner 72c96dbf9f child-cfg: Add property for interface ID 2019-04-03 12:00:08 +02:00
Tobias Brunner b32c3ce8fe kernel-netlink: Make interface ID configurable on SAs and policies 2019-04-03 12:00:08 +02:00