#
1.101 |
|
13-Feb-2024 |
tobhe |
Control startup of PROC_CERT and PROC_IKEV2. Currenly PROC_PARENT sends the configuration to both PROC_CERT and PROC_IKEV2 and finishes by sending IMSG_CTL_ACTIVE to PROC_IKEV2.
However, when PROC_IKEV2 receives IMSG_CTL_ACTIVE it does not know the state of PROC_CERT: PROC_CERT might not have processed the initial configuration while PROC_IKEV2 already sends requests to PROC_CERT, causing failed requests, or even crashes (NULL deref of ca_certs).
In order to make sure that PROC_CERT is ready before IMSG_CTL_ACTIVE is sent to PROC_IKEV2 that startup protocol is changed as follows:
(1) PROC_PARENT sends configuration to both PROC_CERT and PROC_IKEV2 (2) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_CERT (3) PROC_CERT acks IMSG_CTL_ACTIVE by sending it back to PROC_PARENT (4) PROC_PARENT now knows that PROC_CERT is ready and has processed all messages from step (1) (5) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_IKEV2 and knows that IMSG_CTL_ACTIVE will be processed by PROC_IKEV2 after all messages from step (1) (6) PROC_IKEV2 can now assume that PROC_CERT is ready because it has already processed IMSG_CTL_ACTIVE
from markus@
|
#
1.100 |
|
06-Feb-2024 |
tobhe |
Pass struct iked directly to ca_reset() instead of passing it via ps
discussed with markus@
|
#
1.99 |
|
24-Jan-2024 |
tobhe |
Use per connection peerid for control replies instead of 'broadcasting' replies for 'ikectl show sa' and similar control requests, we now assign a uniq peerid to each request and pass this peerid between the processes so the reply can be sent on the matching connection.
from markus@
|
#
1.98 |
|
15-Jan-2024 |
tobhe |
Include cert_partial_chain in iked_static instead of sending a separate message.
from markus@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.97 |
|
02-Sep-2023 |
tobhe |
Remove unneccessary id == NULL check after dereferencing it. id can never be NULL here.
Found by tb@
|
#
1.96 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.100 |
|
06-Feb-2024 |
tobhe |
Pass struct iked directly to ca_reset() instead of passing it via ps
discussed with markus@
|
#
1.99 |
|
24-Jan-2024 |
tobhe |
Use per connection peerid for control replies instead of 'broadcasting' replies for 'ikectl show sa' and similar control requests, we now assign a uniq peerid to each request and pass this peerid between the processes so the reply can be sent on the matching connection.
from markus@
|
#
1.98 |
|
15-Jan-2024 |
tobhe |
Include cert_partial_chain in iked_static instead of sending a separate message.
from markus@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.97 |
|
02-Sep-2023 |
tobhe |
Remove unneccessary id == NULL check after dereferencing it. id can never be NULL here.
Found by tb@
|
#
1.96 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.99 |
|
24-Jan-2024 |
tobhe |
Use per connection peerid for control replies instead of 'broadcasting' replies for 'ikectl show sa' and similar control requests, we now assign a uniq peerid to each request and pass this peerid between the processes so the reply can be sent on the matching connection.
from markus@
|
#
1.98 |
|
15-Jan-2024 |
tobhe |
Include cert_partial_chain in iked_static instead of sending a separate message.
from markus@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.97 |
|
02-Sep-2023 |
tobhe |
Remove unneccessary id == NULL check after dereferencing it. id can never be NULL here.
Found by tb@
|
#
1.96 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.98 |
|
15-Jan-2024 |
tobhe |
Include cert_partial_chain in iked_static instead of sending a separate message.
from markus@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.97 |
|
02-Sep-2023 |
tobhe |
Remove unneccessary id == NULL check after dereferencing it. id can never be NULL here.
Found by tb@
|
#
1.96 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.97 |
|
02-Sep-2023 |
tobhe |
Remove unneccessary id == NULL check after dereferencing it. id can never be NULL here.
Found by tb@
|
#
1.96 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.96 |
|
04-Aug-2023 |
claudio |
Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.95 |
|
28-Jun-2023 |
tobhe |
Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert().
From markus@
|
#
1.94 |
|
25-Jun-2023 |
op |
remove ca_sslinit()
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything.
spotted by tb, ok tb tobhe
|
#
1.93 |
|
17-Jun-2023 |
tobhe |
Fix leak of key.id_buf in pubkey auth case.
from markus
|
#
1.92 |
|
23-May-2023 |
claudio |
Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.91 |
|
05-Mar-2023 |
tobhe |
Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update.
ok patrick@
|
#
1.90 |
|
04-Mar-2023 |
tobhe |
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector.
ok bluhm@ patrick@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.89 |
|
07-Nov-2022 |
tobhe |
Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92) ok tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.88 |
|
08-Jul-2022 |
tobhe |
Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads.
from Katsuhiro Ueno tested by and ok sthen@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.87 |
|
14-Dec-2021 |
tobhe |
Move raw pubkey bytes to EVP_PKEY conversion to common function.
ok markus@
|
#
1.86 |
|
13-Dec-2021 |
tb |
Fix asprintf() error check. Portable code should check the return value for -1, not buf == NULL.
ok tobhe
|
#
1.85 |
|
13-Dec-2021 |
tb |
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically allocating a buffer.
ok tobhe
|
#
1.84 |
|
13-Dec-2021 |
tobhe |
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees.
Feedback and ok tb@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.83 |
|
08-Dec-2021 |
tobhe |
The /etc/iked/certs/ directory is used for both local and peer certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked.
ok markus@ patrick@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.82 |
|
07-Dec-2021 |
tobhe |
Fix locally stored peer certificates in /etc/iked/certs as documented in iked(8). Local certificates are always trusted and preferred over certs received over the wire.
ok patrick@ markus@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.81 |
|
01-Dec-2021 |
deraadt |
whitespace cleanup during review read
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.80 |
|
25-Nov-2021 |
tobhe |
Silence unitialized variable warnings.
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.79 |
|
21-Nov-2021 |
tobhe |
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.78 |
|
24-Feb-2021 |
tobhe |
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
From Moritz Schmitt ok patrick@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.77 |
|
07-Feb-2021 |
tobhe |
Free X509_STOREs in ca_shutdown().
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.76 |
|
04-Feb-2021 |
tobhe |
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional checks where needed.
ok markus@ patrick@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.75 |
|
05-Dec-2020 |
tobhe |
Make len unsigned.
ok patrick@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.74 |
|
04-Nov-2020 |
tobhe |
Add check for static id size.
ok patrick@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.73 |
|
09-Oct-2020 |
tobhe |
More unused headers.
|
#
1.72 |
|
09-Oct-2020 |
tobhe |
Remove unused "wait.h" includes.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.71 |
|
23-Sep-2020 |
tobhe |
Add new 'set cert_partial_chain' config option to allow verification of partial certificate chains if a trusted intermediate CA is found in /etc/iked/ca/.
ok patrick@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.70 |
|
08-Sep-2020 |
tobhe |
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching the CERTREQ is found, don't wait for more requests. Correctly set type if cert was found as fallback.
ok patrick@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.69 |
|
21-Aug-2020 |
tobhe |
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.68 |
|
18-Aug-2020 |
tobhe |
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value.
ok patrick@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.67 |
|
16-Aug-2020 |
tobhe |
Clean up unused parameters.
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.66 |
|
14-Aug-2020 |
tobhe |
Clean up unused variables.
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.65 |
|
27-Jul-2020 |
tobhe |
Fix return value check for openssl API used during pubkey validation.
Found thanks to bug report by Michael Scheibel <m.Scheibel (at) tuvit (dot) de> ok patrick@, markus@, tb@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
branches: 1.60.4; "could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
branches: 1.48.2; snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.64 |
|
15-Jul-2020 |
tobhe |
Make CERT and CERTREQ payloads optional for public key authentication.
When using certificate authentication the CERT payload is mandatory and as the name suggests is used to send a certificate containing a public key used for the authentication signature. For pubkey authentication the key is preshared and stored locally, but only the 'ca' process can read the local keys. The 'ikev2' process had to get the key from the received CERT payload to verify the authentication signature. The peer ID + raw key was then forwarded to the 'ca' process which compared the key against the contents of /etc/iked/pubkey and returned either CERTVALID or CERTINVALID.
With this change a message containing only the ID may be sent from 'ikev2' to the 'ca' process if CERT was not included. In this case the CA process will try to find a local key matching the ID and return it to the 'ikev2' process. The auth verification happens after the 'ca' process has verified or found a key and returned it to the 'ikev2' process, eliminating the need for the CERT payload.
Making CERTREQ optional is easier because we already have a fallback case if the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this same fallback.
This should fix public key authentication interoperability with *swan and other IKEv2 implementations.
ok and tested by kn@ ok patrick@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
"could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.63 |
|
25-Jun-2020 |
tobhe |
Silence ca_validate_pubkey() error message for cert type IKEV2_CERT_X509_CERT.
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
"could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.62 |
|
17-Jun-2020 |
tobhe |
Fix length check in ca_getreq().
ok patrick@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
"could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.61 |
|
08-May-2020 |
tobhe |
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf does the same thing.
ok patrick@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
"could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.60 |
|
12-Apr-2020 |
tobhe |
"could not open public key" is an error and should be log_info.
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.59 |
|
10-Apr-2020 |
tobhe |
Only make the type part of the idstring lowercase when looking for certs in '/etc/iked', otherwise certs with SubjAltNames containing uppercase letters are not found.
ok markus@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.58 |
|
08-Apr-2020 |
tobhe |
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
ok markus@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.57 |
|
07-Apr-2020 |
tobhe |
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
ok markus@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.56 |
|
06-Apr-2020 |
tobhe |
Fix pubkey leak in CA process for ASN1_DN IDs.
ok markus@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.55 |
|
01-Apr-2020 |
tobhe |
Properly handle multiple CERTREQ payloads in CA process. Only for the last CERTREQ a mismatch should trigger the fallback case, otherwise the following CERTREQs are ignored.
ok markus@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.54 |
|
31-Mar-2020 |
tobhe |
Log summary of certificates in cert store when iked fails to find a certificate for the policy's 'srcid'.
ok markus@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.53 |
|
27-Mar-2020 |
tobhe |
Adjust cert type when choosing public key fallback.
ok patrick@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.52 |
|
24-Mar-2020 |
tobhe |
Add ikev2_print_static_id() to print static IDs in log_debug() output.
ok markus@
|
#
1.51 |
|
24-Mar-2020 |
tobhe |
Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ.
ok markus@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.50 |
|
15-Jan-2020 |
tobhe |
Support multiple x509 extensions and extensions with multiple subjectAltName fields. The new parser code is inspired by tls_check_subject_altname() from libssl.
ok markus@
|
#
1.49 |
|
15-Jan-2020 |
tobhe |
If we don't find a certificate signed by a trusted CA with subjectAltName matching srcid, try certificate with only matching subjectAltName.
ok patrick@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.48 |
|
03-Jul-2019 |
deraadt |
snprintf/vsnprintf return < 0 on error, rather than -1.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.47 |
|
27-Feb-2019 |
sthen |
update RFC references, from tobias_heider at genua.de, ok claudio@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.46 |
|
30-Oct-2017 |
patrick |
In the subjectAltName comparison, the bzero before the while-loop was lost while applying the diff. This is means sanid could be passed uninitialized to ca_x509_subjectaltname_cmp(), where ibuf_release() could try to release a pointer which is essentially stack garbage. While there I realized that the bzero() in the loop is essentially fatal, since every mismatch leads to a silent leak of ibufs. Since ca_x509_subjectaltname_cmp() releases and initializes the passed iked_id, we can safely call it multiple times after initializing sanid once before the loop.
ok markus@
|
#
1.45 |
|
27-Oct-2017 |
patrick |
Support multiple subjectAltNames by trying each existing until there is none or until we find one that matches.
ok markus@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.44 |
|
28-Mar-2017 |
reyk |
Add helpful debug messages to tell us why public key authentication failed.
This is currently only visible in debug mode (eg. iked -dvv), some debug messages will be turned into regular warnings later.
OK claudio@ deraadt@
|
#
1.43 |
|
27-Mar-2017 |
reyk |
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes.
Original diff from markus@ with patches from mikeb@ and me.
OK mikeb@ patrick@
|
#
1.42 |
|
20-Jan-2017 |
mikeb |
Make sure to free reference to the public key after decoding
From and OK markus@, OK reyk
|
#
1.41 |
|
03-Jan-2017 |
reyk |
Fix pledge of the ca process by calling the right function on startup. As a related change, load the local.pub and local.key keys after privsep and reload them on SIGHUP/reload.
OK mikeb@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.40 |
|
07-Dec-2015 |
reyk |
Sync proc.c, use shorter proc_compose[v]()
|
#
1.39 |
|
22-Oct-2015 |
reyk |
iked hereby pledges that it will run with restricted system operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process.
Committed in agreement with many but nobody was brave enough to OK it.
Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@
|
#
1.38 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
#
1.37 |
|
01-Oct-2015 |
reyk |
Fix interoperability with Apple iOS9: If we don't get a (valid) CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy.
OK mikeb@ sthen@
|
#
1.36 |
|
21-Aug-2015 |
reyk |
Switch iked to C99-style fixed-width integer types.
OK mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.35 |
|
26-Mar-2015 |
markus |
initial support for RFC 7427 signatures, so we are no longer restricted to SHA1 for RSA signatures. ok mikeb@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.34 |
|
06-Feb-2015 |
deraadt |
unneeded getopt.h
|
#
1.33 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
#
1.32 |
|
05-Dec-2014 |
mikeb |
Specify correct number of iovecs when sending replies to the ikev2 proc
Crash reported and fix tested by Vincent Gross <dermiste at kilob ! yt>; patch from Pedro Martelletto, thanks!
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.31 |
|
10-Jul-2014 |
jsg |
add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok reyk@
|
#
1.30 |
|
07-May-2014 |
markus |
make authentication work with X509 certificates that don't have a subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
|
#
1.29 |
|
05-May-2014 |
markus |
ca_x509_serialize: don't leak the bio buffer; ok reyk@
|
#
1.28 |
|
05-May-2014 |
markus |
make the ca_pubkey_serialize() code similar to the private key code, and fixes a leak of the rsa object in the error case. from hshoexer@; ok reyk@
|
#
1.27 |
|
22-Apr-2014 |
reyk |
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit.
ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.26 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.25 |
|
17-Feb-2014 |
reyk |
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t.
From Andre de Oliveira With input and OK from blambert@ markus@
|
#
1.24 |
|
28-Nov-2013 |
markus |
support raw pubkey authentication w/o x509 certificates; mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@
|
#
1.23 |
|
14-Nov-2013 |
markus |
pass caller to ca_sslerror for better error messages; ok mikeb
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.22 |
|
21-Mar-2013 |
deraadt |
remove excessive includes
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.21 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.20 |
|
16-Nov-2012 |
mikeb |
promote some debug messages to warnings; ok reyk
|
#
1.19 |
|
09-Oct-2012 |
reyk |
"If srcid is omitted, the default is to use the hostname of the local machine." This has been broken when the subjectAltName certificate check was introduced some time ago. Fix it by obtaining the hostname source Id in the certificate request code as well.
ok mikeb@
|
#
1.18 |
|
18-Sep-2012 |
reyk |
update email addresses to match reality. sure jsg@ mikeb@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.17 |
|
27-May-2011 |
reyk |
spacing
|
#
1.16 |
|
09-May-2011 |
reyk |
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
|
#
1.15 |
|
05-May-2011 |
reyk |
Small tweak - add direct pointer to env instead of using an indirect one.
|
#
1.14 |
|
05-May-2011 |
reyk |
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
|
#
1.13 |
|
05-May-2011 |
reyk |
rename iked_proc* to privsep_proc*. no functional change.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.12 |
|
22-Dec-2010 |
reyk |
move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because it is too specific to be in util.c. This will allow to link util.c into ikectl later without all the other dependencies of pritn_id().
|
#
1.11 |
|
30-Sep-2010 |
mikeb |
promote openssl errors to the warning level; ok reyk
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.10 |
|
29-Jun-2010 |
reyk |
add code to lookup the RSA public keys in /etc/iked/pubkeys/ as an alternative to X.509 CA verification. this will be needed to support public key authentication like isakmpd does; a few bits are still missing.
|
#
1.9 |
|
27-Jun-2010 |
reyk |
When a peer requests a certificate from the local gateway, we first lookup a cert from /etc/iked/certs/ that is signed by a requested CA. As a second step we also compare the subjectAltName of any found certificate now to match the local srcid; this allows to have multiple certs for the same CA but different srcids in the certs/ directory but enforces that the subjectAltName has to be set correctly.
requested by jsg@
|
#
1.8 |
|
27-Jun-2010 |
reyk |
fix the length check for ASN1_ID Ids.
|
#
1.7 |
|
27-Jun-2010 |
reyk |
Verify that the subjectAltName extension is present and matches the peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it with the certificate subjectName (DN). This prevents the peer from using an arbitrary peer Id (it is signed by the CA in the cert) and qualifies the optional pf tag.
|
#
1.6 |
|
26-Jun-2010 |
reyk |
Include the Id type in the generated SA tag that is passed to the kernel, just like isakmpd does it. In difference to isakmpd, the Id type is printed in capital letters, eg. FQDN/foo.example.com, because it is using the existing print_map() API. For consistency, rename a few Id types in grammar and code from the RFC-names to the OpenBSD-style names; including RFC822_ADDR to UFQDN, IPV4_ADDR to just IPV4, DER_ASN1_DN to ASN1_DN etc.
|
#
1.5 |
|
24-Jun-2010 |
reyk |
unbreak the ikectl log verbose/brief commands.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
jsg |
move a bzero of the x509 store context higher up so the cert validation does something useful.
ok reyk@
|
#
1.2 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|