SophieK
7e0e3ef4e0
keymat_v1: Avoid memory leak during IKE key derivation in some error cases
...
Closes strongswan/strongswan#138 .
2019-05-09 10:07:52 +02:00
Tobias Brunner
3ee352a691
smp: Use correct printf specifier to print SPIs
2019-05-08 14:48:54 +02:00
Tobias Brunner
c7a0b39bd6
vici: Add Python command wrappers to tarball
...
Fixes: e0f7da8644
("vici: Extract command wrappers in Python bindings")
2019-05-06 15:51:05 +02:00
Tobias Brunner
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
Tobias Brunner
eefa81120c
vici: Update command wrappers in the Perl bindings
...
Note that load_key() now returns the complete response (to get the key
identifier).
2019-04-26 10:15:48 +02:00
Tobias Brunner
968866afc6
vici: Update some data in the Ruby gemspec
2019-04-26 10:15:48 +02:00
Tobias Brunner
cc2ef8f8a7
vici: Some code style fixes in the Ruby bindings
...
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
2019-04-26 10:15:43 +02:00
Tobias Brunner
1fef01af58
vici: Update command wrappers of the Ruby bindings
...
Also reorder them to match README.md.
2019-04-26 09:35:37 +02:00
Tobias Brunner
3b39444556
vici: Refactor how commands are called in the Ruby bindings
...
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
2019-04-26 09:35:11 +02:00
Tobias Brunner
42fe703a95
vici: Fix formatting of return values for load-conn and load-authority commands
2019-04-26 09:35:10 +02:00
Tobias Brunner
c5113c8105
vici: Add missing command wrappers for Python bindings
...
Also change some for which the return value became relevant.
2019-04-26 09:35:10 +02:00
Tobias Brunner
e0f7da8644
vici: Extract command wrappers in Python bindings
...
This simplifies the interface and allows calling not yet wrapped
commands more easily.
2019-04-26 09:18:54 +02:00
Tobias Brunner
89c8ba525b
eap-aka-3gpp2: Increase SQN after each authentication
2019-04-25 15:58:17 +02:00
Tobias Brunner
fbb0feeea9
unit-tests: Add unit tests for childless IKE_SA initiation
2019-04-25 15:23:19 +02:00
Tobias Brunner
1b19469c67
unit-tests: Make childless initiation configurable
2019-04-25 15:23:19 +02:00
Tobias Brunner
e0678a8cc6
unit-tests: Add helper to create but not yet establish two IKE_SAs
2019-04-25 15:23:19 +02:00
Tobias Brunner
202fb101b8
unit-tests: Add macros to assert certain payloads are (not) in a message
2019-04-25 15:23:19 +02:00
Tobias Brunner
c863960eb1
vici: Support initiation of IKE_SAs
...
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
2019-04-25 15:23:19 +02:00
Tobias Brunner
2889b77da2
vici: Make childless initiation of IKE_SAs configurable
2019-04-25 15:23:19 +02:00
Tobias Brunner
6b00d34b42
controller: Make child config optional for initiate()
2019-04-25 15:23:19 +02:00
Tobias Brunner
ed521a7470
child-create: Initiate and handle childless IKE_SAs according to RFC 6023
2019-04-25 15:23:19 +02:00
Tobias Brunner
93104d0fe9
ike-init: Notify initiator if childless IKE_SAs are accepted
2019-04-25 14:31:39 +02:00
Tobias Brunner
ddb083c164
ike-cfg: Add setting for childless IKE_SAs
2019-04-25 14:31:39 +02:00
Tobias Brunner
9486a2e5b0
ike-cfg: Pass arguments as struct
2019-04-25 14:31:33 +02:00
SophieK
de77957eda
proposal-substructure: Fix incorrect type for IKEv2 proposals
...
Luckily, the type is only used once when generating payloads and there it
doesn't matter because the encoding rules are the same.
Closes strongswan/strongswan#135 .
2019-04-25 09:40:51 +02:00
Tobias Brunner
8da7dbe766
socket-default: Fix setting DSCP value on FreeBSD
...
Fixes #3030 .
2019-04-23 11:49:04 +02:00
Tobias Brunner
4c0d74bc12
eap-mschapv2: Convert UTF-8-encoded passwords
...
Instead of assuming passwords are simply ASCII-encoded we now assume they are
provided UTF-8-encoded, which is quite likely nowadays. The UTF-8 byte
sequences are not validated, however, only valid code points are encoded
as UTF-16LE.
Fixes #3014 .
2019-04-16 11:26:49 +02:00
Tobias Brunner
a3885b86e6
child-create: Make sure the mode selected by the responder is acceptable
...
Previously, the initiator would install the SA in transport mode if the
peer sent back the USE_TRANSPORT_MODE notify, even if that was not
requested originally.
2019-04-15 14:31:57 +02:00
Tobias Brunner
7b2236526c
message: Enforce encryption except for INFORMATIONALs
...
The only messages that are generally sent encrypted but could be sent
unencrypted are INFORMATIONALs (currently only used for IKEv1 and ME
connectivity checks). This should prevent issues if the keymat_t behaves
incorrectly and does not return an aead_t when it actually should.
2019-04-15 14:01:02 +02:00
Tobias Brunner
62d43ea694
ike-sa-manager: Extract IKE SPI labeling feature from charon-tkm
...
Might be useful for users of other daemons too. Note that compared to the
previous implementation in charon-tkm, the mask/label are applied in
network order.
Closes strongswan/strongswan#134 .
2019-04-11 09:51:02 +02:00
Tobias Brunner
f5ad3cf491
eap-aka-3gpp: Ignore test runner in repository
2019-04-04 18:40:22 +02:00
Tobias Brunner
5af924a650
ike-config: If we don't send a CFG_REQUEST, we don't expect a CFG_REPLY
...
Previously, attributes in an incorrectly sent CFG_REPLY would still be passed
to attribute handlers. This does not prevent handlers from receiving
unrequested attributes if they requested at least one other.
2019-04-04 11:06:20 +02:00
Tobias Brunner
b5ac0bd35f
ike-config: Ignore unrequested virtual IP addresses
...
But forward them to handlers in case they requested them.
2019-04-04 11:06:20 +02:00
Tobias Brunner
0396969a36
vici: Add support for interface ID configurable on IKE_SA
2019-04-04 09:36:38 +02:00
Tobias Brunner
fafa76984d
child-sa: Pass default interface ID inherited from IKE_SA
...
Also pass optional arguments as struct.
2019-04-04 09:36:38 +02:00
Tobias Brunner
dec3c184a6
ike-sa: Add property for interface ID
2019-04-04 09:36:38 +02:00
Tobias Brunner
9347f72494
ipsec-types: Move allocation of unique interface IDs to helper function
2019-04-04 09:31:38 +02:00
Tobias Brunner
c56b8c1a26
peer-cfg: Add property for interface ID
2019-04-04 09:31:38 +02:00
Tobias Brunner
2feba5aa22
kernel-netlink: Add helper functions for nested attributes
2019-04-04 09:31:38 +02:00
Tobias Brunner
801a5d3133
kernel-netlink: Don't install routes for CHILD_SAs with interface ID
2019-04-04 09:31:38 +02:00
Tobias Brunner
d74ddd7893
xfrmi: Move to a separate directory to fix monolithic build
2019-04-04 09:31:38 +02:00
Tobias Brunner
eef9236602
kernel-netlink: Add --list option to XFRM interfaces utility
2019-04-04 09:31:38 +02:00
Tobias Brunner
aa841dbbfc
vici: Report interface IDs
2019-04-04 09:31:38 +02:00
Tobias Brunner
3fa8c3e529
updown: Pass interface ID to updown script
2019-04-04 09:31:38 +02:00
Tobias Brunner
8ab336285a
ike: Reuse interface ID during CHILD_SA rekeyings
2019-04-04 09:31:38 +02:00
Tobias Brunner
a6014d99b7
child-sa: Configure interface ID on SAs and policies
2019-04-03 12:00:08 +02:00
Tobias Brunner
18ed5a07db
vici: Make interface ID configurable
2019-04-03 12:00:08 +02:00
Tobias Brunner
f99bd2a5a6
kernel-interface: Consider interface ID when allocating reqids
2019-04-03 12:00:08 +02:00
Tobias Brunner
72c96dbf9f
child-cfg: Add property for interface ID
2019-04-03 12:00:08 +02:00
Tobias Brunner
b32c3ce8fe
kernel-netlink: Make interface ID configurable on SAs and policies
2019-04-03 12:00:08 +02:00