strongswan.git
8 years agoCleaned up quick mode notify processing
Martin Willi [Wed, 7 Dec 2011 16:51:35 +0000 (17:51 +0100)]
Cleaned up quick mode notify processing

8 years agoAdd support for KE payloads in IKEv1 quick mode (PFS)
Martin Willi [Wed, 7 Dec 2011 16:43:58 +0000 (17:43 +0100)]
Add support for KE payloads in IKEv1 quick mode (PFS)

8 years agoEn- and decode DH group attribute in quick mode SA payloads
Martin Willi [Wed, 7 Dec 2011 16:41:16 +0000 (17:41 +0100)]
En- and decode DH group attribute in quick mode SA payloads

8 years agoUse authenticators in IKEv1 main mode
Martin Willi [Wed, 7 Dec 2011 14:10:05 +0000 (14:10 +0000)]
Use authenticators in IKEv1 main mode

8 years agoAdded a factory function for IKEv1 authenticators
Martin Willi [Wed, 7 Dec 2011 14:09:34 +0000 (14:09 +0000)]
Added a factory function for IKEv1 authenticators

8 years agoImplemented IKEv1 pubkey SIG payload processing in an authenticator
Martin Willi [Wed, 7 Dec 2011 14:08:06 +0000 (14:08 +0000)]
Implemented IKEv1 pubkey SIG payload processing in an authenticator

8 years agoImplemented IKEv1 PSK HASH payload processing in separated authenticator
Martin Willi [Wed, 7 Dec 2011 13:52:02 +0000 (14:52 +0100)]
Implemented IKEv1 PSK HASH payload processing in separated authenticator

8 years agoHandle incoming delete messages
Clavister OpenSource [Wed, 7 Dec 2011 12:30:53 +0000 (13:30 +0100)]
Handle incoming delete messages

8 years agouse untoh64 instead of non-portable be64toh
Andreas Steffen [Tue, 6 Dec 2011 14:15:40 +0000 (15:15 +0100)]
use untoh64 instead of non-portable be64toh

8 years agoImplemented post-authentication certificate handling for IKEv1
Martin Willi [Tue, 6 Dec 2011 12:38:27 +0000 (13:38 +0100)]
Implemented post-authentication certificate handling for IKEv1

8 years agoCleanup CERT payload constructors
Martin Willi [Tue, 6 Dec 2011 12:37:57 +0000 (13:37 +0100)]
Cleanup CERT payload constructors

8 years agoImplemented pre-authentication certificate handling for IKEv1
Martin Willi [Tue, 6 Dec 2011 11:14:48 +0000 (12:14 +0100)]
Implemented pre-authentication certificate handling for IKEv1

8 years agoAdded task types for IKEv1 certificate handling
Martin Willi [Tue, 6 Dec 2011 10:44:17 +0000 (11:44 +0100)]
Added task types for IKEv1 certificate handling

8 years agoCleaned up certreq payload for IKEv2/IKEv1 use
Martin Willi [Tue, 6 Dec 2011 09:56:39 +0000 (10:56 +0100)]
Cleaned up certreq payload for IKEv2/IKEv1 use

8 years agoReverted ike_cert tasks to IKEv2 only, we use dedicated IKEv1 tasks
Martin Willi [Tue, 6 Dec 2011 09:55:15 +0000 (10:55 +0100)]
Reverted ike_cert tasks to IKEv2 only, we use dedicated IKEv1 tasks

8 years agoInstall SAs with UDP encapsulation during Quick Mode.
Tobias Brunner [Tue, 6 Dec 2011 09:33:10 +0000 (10:33 +0100)]
Install SAs with UDP encapsulation during Quick Mode.

8 years agoFix support for plain RSA authentication in IKEv1, both as initiator and responder
Martin Willi [Mon, 5 Dec 2011 16:24:17 +0000 (17:24 +0100)]
Fix support for plain RSA authentication in IKEv1, both as initiator and responder

8 years agoFix referencing of multiple CERTREQ payload with IKEv1, other cleanups
Martin Willi [Mon, 5 Dec 2011 16:07:48 +0000 (17:07 +0100)]
Fix referencing of multiple CERTREQ payload with IKEv1, other cleanups

8 years agoEncode a single IP traffic selector as ID_IPV?_ADDRESS identity
Martin Willi [Mon, 5 Dec 2011 15:20:56 +0000 (16:20 +0100)]
Encode a single IP traffic selector as ID_IPV?_ADDRESS identity

8 years agoAdded missing break;s when converting ID_IP_ADDRESS types to ts, extracted function
Martin Willi [Mon, 5 Dec 2011 15:14:52 +0000 (16:14 +0100)]
Added missing break;s when converting ID_IP_ADDRESS types to ts, extracted function

8 years agoDon't use unportable htobe64 macro directly
Martin Willi [Mon, 5 Dec 2011 14:45:01 +0000 (15:45 +0100)]
Don't use unportable htobe64 macro directly

8 years agoImplement htoun/untoh64 with potentially faster htobe64/be64toh macros, if available
Martin Willi [Mon, 5 Dec 2011 14:44:51 +0000 (15:44 +0100)]
Implement htoun/untoh64 with potentially faster htobe64/be64toh macros, if available

8 years agofixed copy-and-paste error
Andreas Steffen [Sun, 4 Dec 2011 11:53:47 +0000 (12:53 +0100)]
fixed copy-and-paste error

8 years agoextended bio_reader and bio_writer to handle u_int64_t
Andreas Steffen [Wed, 26 Oct 2011 22:37:24 +0000 (00:37 +0200)]
extended bio_reader and bio_writer to handle u_int64_t

8 years agoXAUTH additions for certificates.
Clavister OpenSource [Mon, 5 Dec 2011 13:27:53 +0000 (14:27 +0100)]
XAUTH additions for certificates.

8 years agosignature payload handling.
Clavister OpenSource [Mon, 5 Dec 2011 13:22:11 +0000 (14:22 +0100)]
signature payload handling.

8 years agocertificate tasks added to passive list for responder
Clavister OpenSource [Mon, 5 Dec 2011 13:17:17 +0000 (14:17 +0100)]
certificate tasks added to passive list for responder

8 years agocertificate handling for XAuth responder.
Clavister OpenSource [Mon, 5 Dec 2011 13:11:48 +0000 (14:11 +0100)]
certificate handling for XAuth responder.

8 years agokeymat: derive_ike_keys updated with XAUTH RSA:s
Clavister OpenSource [Mon, 5 Dec 2011 12:54:54 +0000 (13:54 +0100)]
keymat: derive_ike_keys updated with XAUTH RSA:s

8 years agoSetting transform number in esp proposal.
Clavister OpenSource [Mon, 5 Dec 2011 12:44:22 +0000 (13:44 +0100)]
Setting transform number in esp proposal.

iPhone (racoon) fails quick mode when transform number is 0

8 years agoID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_ts
Clavister OpenSource [Mon, 5 Dec 2011 11:48:14 +0000 (12:48 +0100)]
ID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_ts

8 years agoversion bump to 5.0.0dr1
Andreas Steffen [Sat, 3 Dec 2011 14:12:14 +0000 (15:12 +0100)]
version bump to 5.0.0dr1

8 years agoIKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messag...
Clavister OpenSource [Fri, 2 Dec 2011 15:22:42 +0000 (16:22 +0100)]
IKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messages in the 3rd message in quick_mode.

8 years agoIKEv1 XAuth: Added changes to Makefile.am to compile the xauth_null plugin.
Clavister OpenSource [Fri, 2 Dec 2011 14:39:09 +0000 (15:39 +0100)]
IKEv1 XAuth: Added changes to Makefile.am to compile the xauth_null plugin.

8 years agoDon't stop processing tasks if one returns SUCCESS.
Tobias Brunner [Fri, 2 Dec 2011 07:38:43 +0000 (08:38 +0100)]
Don't stop processing tasks if one returns SUCCESS.

Only send a response if at least one of the tasks requires it.

8 years agoIKEv1 XAuth: Added a "NULL" XAuth plugin which sends a hardcoded user/pass, and blind...
Clavister OpenSource [Thu, 1 Dec 2011 15:34:30 +0000 (16:34 +0100)]
IKEv1 XAuth: Added a "NULL" XAuth plugin which sends a hardcoded user/pass, and blindly accepts whatever user/pass is sent it.  Changed the xauth_request task to use this new plugin.  Add --enable-xauth-null to your configure line to build with the new plugin.

8 years agoIKEv1 XAuth: Added plugin support for XAuth, which allows us to have plugins to talk...
Clavister OpenSource [Thu, 1 Dec 2011 13:08:24 +0000 (14:08 +0100)]
IKEv1 XAuth: Added plugin support for XAuth, which allows us to have plugins to talk to servers with different quirks for XAuth authentication.

8 years agoIKEv1 XAuth: Add XAuth defines for plugin types.
Clavister OpenSource [Thu, 1 Dec 2011 12:11:36 +0000 (13:11 +0100)]
IKEv1 XAuth: Add XAuth defines for plugin types.

8 years agoAdd NAT-OA payloads during Quick Mode if transport mode is used.
Tobias Brunner [Wed, 30 Nov 2011 17:03:06 +0000 (18:03 +0100)]
Add NAT-OA payloads during Quick Mode if transport mode is used.

We don't parse them currently, as the Linux kernel does not need them to fix
the IP header checksum.

8 years agoNegotiate UDP encapsulation during Quick Mode if NAT is detected.
Tobias Brunner [Wed, 30 Nov 2011 16:52:14 +0000 (17:52 +0100)]
Negotiate UDP encapsulation during Quick Mode if NAT is detected.

8 years agoTask added for IKEv1 NAT detection.
Tobias Brunner [Wed, 30 Nov 2011 16:09:42 +0000 (17:09 +0100)]
Task added for IKEv1 NAT detection.

There is already support for both Main and Aggressive Mode.

8 years agoCreate negotiated hasher earlier during Main Mode so it is available for building...
Tobias Brunner [Wed, 30 Nov 2011 16:04:21 +0000 (17:04 +0100)]
Create negotiated hasher earlier during Main Mode so it is available for building NAT-D payloads.

8 years agoAdded a function to keymat_v1 to create the hasher earlier than during key derivation.
Tobias Brunner [Wed, 30 Nov 2011 16:03:01 +0000 (17:03 +0100)]
Added a function to keymat_v1 to create the hasher earlier than during key derivation.

The negotiated hasher is also used to generate NAT-D payloads.

8 years agoMessage rules for IKEv1 NAT-T payloads added.
Tobias Brunner [Wed, 30 Nov 2011 15:55:24 +0000 (16:55 +0100)]
Message rules for IKEv1 NAT-T payloads added.

8 years agoIKEv1 XAuth: Moving the state change to IKE_CONNECTED until after XAuth exchanges...
Clavister OpenSource [Wed, 30 Nov 2011 09:43:38 +0000 (10:43 +0100)]
IKEv1 XAuth: Moving the state change to IKE_CONNECTED until after XAuth exchanges are complete.

8 years agoIKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, signallin...
Clavister OpenSource [Wed, 30 Nov 2011 09:39:29 +0000 (10:39 +0100)]
IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, signalling whether or not to call the task_manager->initiate method after queueing the task.

8 years agoHandle IKEv1 NAT-T vendor ID payload (only RFC 3947 for now).
Tobias Brunner [Tue, 29 Nov 2011 13:26:52 +0000 (14:26 +0100)]
Handle IKEv1 NAT-T vendor ID payload (only RFC 3947 for now).

8 years agoAdded payloads for IKEv1 NAT-Traversal negotiation.
Tobias Brunner [Tue, 29 Nov 2011 10:14:25 +0000 (11:14 +0100)]
Added payloads for IKEv1 NAT-Traversal negotiation.

8 years agoIKEv1 XAuth: Clean up debug prints in xauth_request task.
Clavister OpenSource [Tue, 29 Nov 2011 10:41:56 +0000 (11:41 +0100)]
IKEv1 XAuth: Clean up debug prints in xauth_request task.

8 years agoIKEv1 XAuth: Remove XAuth task from the passive task list for ID_PROT.
Clavister OpenSource [Tue, 29 Nov 2011 10:36:53 +0000 (11:36 +0100)]
IKEv1 XAuth: Remove XAuth task from the passive task list for ID_PROT.

8 years agoRevert "IKEv1 XAuth: Added new MIGRATE status type to status_t."
Clavister OpenSource [Tue, 29 Nov 2011 10:21:54 +0000 (11:21 +0100)]
Revert "IKEv1 XAuth: Added new MIGRATE status type to status_t."

This reverts commit b57df8310a867a0a65abf17279bf1b6e6bb2f5d3.

Conflicts:

src/libcharon/sa/task_manager_v1.c

8 years agoIKEv1 XAuth + CfgMode: Added ability to process CfgMode messages in the xauth task...
Clavister OpenSource [Tue, 29 Nov 2011 10:04:36 +0000 (11:04 +0100)]
IKEv1 XAuth + CfgMode: Added ability to process CfgMode messages in the xauth task.  Migrated away from using the MIGRATE method to switch queues.

8 years agoIKEv1 XAuth: Change the main_mode task to use the new initiate_xauth job instead...
Clavister OpenSource [Tue, 29 Nov 2011 09:52:31 +0000 (10:52 +0100)]
IKEv1 XAuth: Change the main_mode task to use the new initiate_xauth job instead of the old MIGRATE method.

8 years agoIKEv1 XAuth: Added XAuthResp authentication modes.
Clavister OpenSource [Tue, 29 Nov 2011 09:42:31 +0000 (10:42 +0100)]
IKEv1 XAuth: Added XAuthResp authentication modes.

8 years agoIKEv1 XAuth: Added a job to call the initiate_xauth method of ike_sa after the comple...
Clavister OpenSource [Tue, 29 Nov 2011 08:24:29 +0000 (09:24 +0100)]
IKEv1 XAuth: Added a job to call the initiate_xauth method of ike_sa after the completion of the current set of tasks is complete.

8 years agoIKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the queue...
Clavister OpenSource [Tue, 29 Nov 2011 08:15:59 +0000 (09:15 +0100)]
IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the queue for initiation.

8 years agoUse quiet generator when creating IKEv1 message hashes.
Tobias Brunner [Fri, 25 Nov 2011 17:58:18 +0000 (18:58 +0100)]
Use quiet generator when creating IKEv1 message hashes.

This avoids cluttering the log with duplicate log messages when
generating and especially confusing log messages when parsing
authenticated messages.

8 years agoAdded an option to create a generator that does not log debug messages.
Tobias Brunner [Fri, 25 Nov 2011 17:57:03 +0000 (18:57 +0100)]
Added an option to create a generator that does not log debug messages.

8 years agoRespond with NO_PROPOSAL_CHOSEN, if we don't find an ike_cfg.
Tobias Brunner [Fri, 25 Nov 2011 17:01:25 +0000 (18:01 +0100)]
Respond with NO_PROPOSAL_CHOSEN, if we don't find an ike_cfg.

8 years agoDon't respond to malformed INFORMATIONAL_V1 messages with another INFORMATIONAL_V1...
Tobias Brunner [Fri, 25 Nov 2011 17:00:06 +0000 (18:00 +0100)]
Don't respond to malformed INFORMATIONAL_V1 messages with another INFORMATIONAL_V1 exchange.

8 years agoHandle invalid IKEv1 hashes more specifically.
Tobias Brunner [Fri, 25 Nov 2011 16:59:39 +0000 (17:59 +0100)]
Handle invalid IKEv1 hashes more specifically.

8 years agoHandle unsupported IKEv1 exchange types more specifically.
Tobias Brunner [Fri, 25 Nov 2011 16:58:37 +0000 (17:58 +0100)]
Handle unsupported IKEv1 exchange types more specifically.

8 years agoSend an INFORMATIONAL message on IKEv1 parse errors.
Tobias Brunner [Fri, 25 Nov 2011 16:54:28 +0000 (17:54 +0100)]
Send an INFORMATIONAL message on IKEv1 parse errors.

8 years agoHandle INFORMATIONAL_V1 messages when no keys have been derived yet.
Tobias Brunner [Fri, 25 Nov 2011 16:45:30 +0000 (17:45 +0100)]
Handle INFORMATIONAL_V1 messages when no keys have been derived yet.

This allows to gracefully process the INFORMATIONAL_V1 message rules which
require the payloads to be encrypted and thus the exchange to be
authenticated with a HASH payload.  If such an exchange is now initiated
before the ISAKMP_SA is established, the message is simply sent unencrypted
and without HASH payload.

8 years agoError reporting for invalid IKEv2 responses fixed.
Tobias Brunner [Fri, 25 Nov 2011 15:24:32 +0000 (16:24 +0100)]
Error reporting for invalid IKEv2 responses fixed.

8 years agoSet request flag to proper value for IKEv1 messages before parsing them.
Tobias Brunner [Fri, 25 Nov 2011 15:08:12 +0000 (16:08 +0100)]
Set request flag to proper value for IKEv1 messages before parsing them.

8 years agoAvoid parsing retransmits we already responded to.
Tobias Brunner [Fri, 25 Nov 2011 15:05:00 +0000 (16:05 +0100)]
Avoid parsing retransmits we already responded to.

Decryption will fail as we already moved the IV when we sent the
response. Without this change, encrypted retransmits would have been
discarded during parsing already.

8 years agoMoved main part of message processing to task managers.
Tobias Brunner [Fri, 25 Nov 2011 14:53:23 +0000 (15:53 +0100)]
Moved main part of message processing to task managers.

This will allow individual error handling for each IKE version and should
allow better handling of IKEv1 retransmits.

8 years agoAddded ike_sa_t.set_statistic to set timestamps from task manager.
Tobias Brunner [Fri, 25 Nov 2011 13:48:57 +0000 (14:48 +0100)]
Addded ike_sa_t.set_statistic to set timestamps from task manager.

8 years agoCompiler warning fixed in prf_plus_t.
Tobias Brunner [Fri, 25 Nov 2011 10:26:20 +0000 (11:26 +0100)]
Compiler warning fixed in prf_plus_t.

8 years agoUse proper enum types in proposal_substructure.
Tobias Brunner [Fri, 25 Nov 2011 10:25:45 +0000 (11:25 +0100)]
Use proper enum types in proposal_substructure.

8 years agoIKEv1 XAuth: Fix XAuth task so that it reinitiates.
Clavister OpenSource [Fri, 25 Nov 2011 07:45:42 +0000 (08:45 +0100)]
IKEv1 XAuth: Fix XAuth task so that it reinitiates.

8 years agoRevert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager...
Clavister OpenSource [Fri, 25 Nov 2011 07:41:41 +0000 (08:41 +0100)]
Revert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager.  When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place."

This reverts commit c6c28f4ac522dd8afb457847bca79eee77f78706.

Revert "IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t.  This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode.  This change should be reverted once we have a better method to initiate this exchange."

This reverts commit 5529dc50477e25df9dd5f3c442bb1521c0baf225.

8 years agoIKEv1 XAuth: Fix main mode to work with XAuth PSK.
Clavister OpenSource [Fri, 25 Nov 2011 07:24:30 +0000 (08:24 +0100)]
IKEv1 XAuth: Fix main mode to work with XAuth PSK.

8 years agoUse a dedicated IKEv1 vendor ID task to fix using IKEv2 payloads in IKEv1
Martin Willi [Thu, 24 Nov 2011 15:32:14 +0000 (16:32 +0100)]
Use a dedicated IKEv1 vendor ID task to fix using IKEv2 payloads in IKEv1

8 years agoPass concrete auth_method to key derivation, as we have that as a responder
Martin Willi [Thu, 24 Nov 2011 15:11:05 +0000 (16:11 +0100)]
Pass concrete auth_method to key derivation, as we have that as a responder

8 years agoMap auth_class to auth method and IKEv1 proposal attribute
Martin Willi [Thu, 24 Nov 2011 15:07:13 +0000 (16:07 +0100)]
Map auth_class to auth method and IKEv1 proposal attribute

8 years agoRemoved obsolete transform attribute setters
Martin Willi [Thu, 24 Nov 2011 14:32:13 +0000 (15:32 +0100)]
Removed obsolete transform attribute setters

8 years agoImplemented IKEv1 attribute encoding in SA payload
Martin Willi [Thu, 24 Nov 2011 14:25:22 +0000 (15:25 +0100)]
Implemented IKEv1 attribute encoding in SA payload

8 years agoImplemented encoding of additional IKEv1 proposal attributes
Martin Willi [Thu, 24 Nov 2011 11:52:11 +0000 (12:52 +0100)]
Implemented encoding of additional IKEv1 proposal attributes

8 years agoExchange IKEv1 ESP SA proposal information
Martin Willi [Thu, 24 Nov 2011 14:25:00 +0000 (15:25 +0100)]
Exchange IKEv1 ESP SA proposal information

8 years agoExchange IKEv1 SA specific proposal data with SA payload
Martin Willi [Thu, 24 Nov 2011 13:51:04 +0000 (14:51 +0100)]
Exchange IKEv1 SA specific proposal data with SA payload

8 years agoAdded not-yet used sa_payload parameters used in IKEv1
Martin Willi [Thu, 24 Nov 2011 10:39:31 +0000 (11:39 +0100)]
Added not-yet used sa_payload parameters used in IKEv1

8 years agoAdded a get_rekey/reauth_time() jitter parameter to get time without randomization
Martin Willi [Thu, 24 Nov 2011 10:38:37 +0000 (11:38 +0100)]
Added a get_rekey/reauth_time() jitter parameter to get time without randomization

8 years agoIKEv1 XAuth: Changed the xauth_request task to use the new MIGRATE status.
Clavister OpenSource [Thu, 24 Nov 2011 15:57:10 +0000 (16:57 +0100)]
IKEv1 XAuth: Changed the xauth_request task to use the new MIGRATE status.

8 years agoIKEv1 XAuth: Added new MIGRATE status type to status_t.
Clavister OpenSource [Thu, 24 Nov 2011 15:48:41 +0000 (16:48 +0100)]
IKEv1 XAuth: Added new MIGRATE status type to status_t.
  When a task returns this status from a build or process method, it is a signal to the task manager that it should treat it as if the task returned SUCCESS.
  Additionally it will migrate all remaining tasks from the current queue to a different one, calling swap_initiator for each applicable task.
  Finally, the task manager will call "initiate", if applicable, to kick off tasks in the "queued_tasks" queue.
  Task queue relocation mapping:
  passive_tasks moves to queued_tasks (which is then fed to active by the initiate call).
  active_tasks moves to passive_tasks

8 years agoIKEv1 XAuth: Added new "swap_initiator" method to the standard task_t interface....
Clavister OpenSource [Thu, 24 Nov 2011 15:35:22 +0000 (16:35 +0100)]
IKEv1 XAuth: Added new "swap_initiator" method to the standard task_t interface.  This is needed for when we move a task from the passive queue to the active one.  I'm not a huge fan of this method of doing things.  Perhaps we should change task_t to have build_i, build_r, process_i, and process_r methods, and call the appropriate one from the task manager, since we have these methods for most tasks anyways.

8 years agoIKEv1 XAuth: XAuthInitPreShared working for XAuth initiator (Main Mode responder...
Clavister OpenSource [Thu, 24 Nov 2011 10:46:02 +0000 (11:46 +0100)]
IKEv1 XAuth: XAuthInitPreShared working for XAuth initiator (Main Mode responder).  Creates USER/PASS request, retrieves the result and sends status.

8 years agoIKEv1 XAuth: Added ability to initiate the XAuth transactions under a flag, default...
Clavister OpenSource [Thu, 24 Nov 2011 10:40:55 +0000 (11:40 +0100)]
IKEv1 XAuth: Added ability to initiate the XAuth transactions under a flag, default not to initiate XAuth.

8 years agoIKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability to switch...
Clavister OpenSource [Thu, 24 Nov 2011 10:37:36 +0000 (11:37 +0100)]
IKEv1 XAuth: Add XAUTH authentication types to the enum.  Added the ability to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK.

8 years agoIKEv1 ConfigMode: Fix configuration_attribute encoding rules for IKEv1 to use the...
Clavister OpenSource [Thu, 24 Nov 2011 10:33:38 +0000 (11:33 +0100)]
IKEv1 ConfigMode: Fix configuration_attribute encoding rules for IKEv1 to use the attribute type instead of the internal only payload type.

8 years agoIKEv1 ConfigMode: Fixed cp_payload to use CONFIGURATION_ATTRIBUTE_V1 in all appropria...
Clavister OpenSource [Thu, 24 Nov 2011 10:30:19 +0000 (11:30 +0100)]
IKEv1 ConfigMode: Fixed cp_payload to use CONFIGURATION_ATTRIBUTE_V1 in all appropriate places, so the parsing is done correctly.

8 years agoIKEv1 XAuth: Added ike_vendor task to the ID_PROT exchange type processing. We need...
Clavister OpenSource [Thu, 24 Nov 2011 10:26:04 +0000 (11:26 +0100)]
IKEv1 XAuth: Added ike_vendor task to the ID_PROT exchange type processing.  We need to process vendor payloads to check to see if our peer understands XAuth before using any of these payload types.

8 years agoIKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. This allows...
Clavister OpenSource [Thu, 24 Nov 2011 10:21:43 +0000 (11:21 +0100)]
IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t.  This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode.  This change should be reverted once we have a better method to initiate this exchange.

8 years agoIKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager. When...
Clavister OpenSource [Thu, 24 Nov 2011 10:12:59 +0000 (11:12 +0100)]
IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager.  When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place.

8 years agoUse quick mode task initiator flag instead of passing it as parameter
Martin Willi [Thu, 24 Nov 2011 09:33:43 +0000 (10:33 +0100)]
Use quick mode task initiator flag instead of passing it as parameter

8 years agoAdd quick mode ID payloads only if establishing a non-host2host tunnel
Martin Willi [Thu, 24 Nov 2011 09:28:49 +0000 (10:28 +0100)]
Add quick mode ID payloads only if establishing a non-host2host tunnel

8 years agoRefactored traffic selector handling in quick mode
Martin Willi [Thu, 24 Nov 2011 09:20:59 +0000 (10:20 +0100)]
Refactored traffic selector handling in quick mode

8 years agoRefactored NONCE payload handling in quick mode
Martin Willi [Thu, 24 Nov 2011 08:51:40 +0000 (09:51 +0100)]
Refactored NONCE payload handling in quick mode

8 years agoNo need to build a HASH payload in XAUTH task.
Tobias Brunner [Wed, 23 Nov 2011 15:08:40 +0000 (16:08 +0100)]
No need to build a HASH payload in XAUTH task.

It gets added automatically when the message is generated.