strongswan.git
10 years agoKey strength checking stores all key sizes in auth_cfg, verifies all in complies()
Martin Willi [Tue, 7 Dec 2010 16:48:23 +0000 (17:48 +0100)]
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()

10 years agoInstall "ipsec" script with tools or conftest
Martin Willi [Mon, 6 Dec 2010 09:36:51 +0000 (10:36 +0100)]
Install "ipsec" script with tools or conftest

10 years agoUse subject, not issuer, of CRL issuing certificate
Martin Willi [Fri, 3 Dec 2010 13:29:03 +0000 (14:29 +0100)]
Use subject, not issuer, of CRL issuing certificate

10 years agoCRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
Martin Willi [Fri, 3 Dec 2010 12:51:51 +0000 (13:51 +0100)]
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation

10 years agoParse and encode crlSign keyUsage flag in x509 plugin
Martin Willi [Fri, 3 Dec 2010 12:26:38 +0000 (13:26 +0100)]
Parse and encode crlSign keyUsage flag in x509 plugin

10 years agopki tool shows and builds crlSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:25:45 +0000 (13:25 +0100)]
pki tool shows and builds crlSign keyUsage

10 years agoAdded a flag for X509 CRLSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:24:49 +0000 (13:24 +0100)]
Added a flag for X509 CRLSign keyUsage

10 years agoRemove x509_flag_names, flags do not work with ENUM()
Martin Willi [Fri, 3 Dec 2010 12:23:59 +0000 (13:23 +0100)]
Remove x509_flag_names, flags do not work with ENUM()

10 years agoUse certificate CRLIssuer information to look up cacched CRLs or CDPs
Martin Willi [Thu, 2 Dec 2010 14:38:44 +0000 (15:38 +0100)]
Use certificate CRLIssuer information to look up cacched CRLs or CDPs

10 years agoAdded --crlissuer option to pki --issue
Martin Willi [Thu, 2 Dec 2010 14:37:28 +0000 (15:37 +0100)]
Added --crlissuer option to pki --issue

10 years agoAdded support for CRL Issuers to x509 and OpenSSL plugins
Martin Willi [Fri, 3 Dec 2010 09:28:46 +0000 (09:28 +0000)]
Added support for CRL Issuers to x509 and OpenSSL plugins

10 years agoGenerate payload to rebuild_auth, works with injected unknown payloads
Martin Willi [Wed, 1 Dec 2010 13:56:26 +0000 (14:56 +0100)]
Generate payload to rebuild_auth, works with injected unknown payloads

10 years agoMove rebuild_auth functionality to a standalone hook
Martin Willi [Wed, 1 Dec 2010 13:33:57 +0000 (14:33 +0100)]
Move rebuild_auth functionality to a standalone hook

This reverts commit 3c12b239fd55aa36c59eb60224d27af8b8d915d1.

10 years agoAdded key strength constraints support to conftest
Martin Willi [Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)]
Added key strength constraints support to conftest

10 years agoAdded key strength constraints for RSA or ECDSA trustchains
Martin Willi [Thu, 25 Nov 2010 14:26:51 +0000 (15:26 +0100)]
Added key strength constraints for RSA or ECDSA trustchains

10 years agoImplemented hook to log traffic selectors
Martin Willi [Thu, 25 Nov 2010 12:54:31 +0000 (13:54 +0100)]
Implemented hook to log traffic selectors

10 years agoThe set_reserved() hook rebuilds AUTH if it mangles ID payload fields
Martin Willi [Thu, 25 Nov 2010 11:32:41 +0000 (12:32 +0100)]
The set_reserved() hook rebuilds AUTH if it mangles ID payload fields

10 years agoInclude the used reserved bytes from ID payloads in AUTH calculation
Martin Willi [Thu, 25 Nov 2010 10:35:43 +0000 (11:35 +0100)]
Include the used reserved bytes from ID payloads in AUTH calculation

10 years agoMigrated psk/pubkey_authenticators to INIT/METHOD macros
Martin Willi [Thu, 25 Nov 2010 10:13:04 +0000 (11:13 +0100)]
Migrated psk/pubkey_authenticators to INIT/METHOD macros

10 years agoExtended set_reserved hook to mangle sa_payload substructures
Martin Willi [Thu, 25 Nov 2010 09:55:29 +0000 (10:55 +0100)]
Extended set_reserved hook to mangle sa_payload substructures

10 years agoAdded substructure enumerators to sa_payload, proposal_substructure
Martin Willi [Thu, 25 Nov 2010 09:55:08 +0000 (10:55 +0100)]
Added substructure enumerators to sa_payload, proposal_substructure

10 years agoMoved check if packet already encoded to ike_sa, avoids message() hook invocation...
Martin Willi [Wed, 24 Nov 2010 17:09:06 +0000 (18:09 +0100)]
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice

10 years agoThe set_ike_version hook supports version flag mangling
Martin Willi [Wed, 24 Nov 2010 16:45:39 +0000 (17:45 +0100)]
The set_ike_version hook supports version flag mangling

10 years agoAdded a message method to set the "higher version supported" flag
Martin Willi [Wed, 24 Nov 2010 16:45:12 +0000 (17:45 +0100)]
Added a message method to set the "higher version supported" flag

10 years agoImplemented hook to toggle initiator flag in IKE header
Martin Willi [Wed, 24 Nov 2010 16:22:16 +0000 (17:22 +0100)]
Implemented hook to toggle initiator flag in IKE header

10 years agoImplemented a hook to set reserved bits
Martin Willi [Wed, 24 Nov 2010 14:42:08 +0000 (14:42 +0000)]
Implemented a hook to set reserved bits

10 years agoAdded reserved bit mangling wrapper functions to message
Martin Willi [Wed, 24 Nov 2010 15:56:46 +0000 (16:56 +0100)]
Added reserved bit mangling wrapper functions to message

10 years agoUse payload_get_field() to look up payload fields
Martin Willi [Wed, 24 Nov 2010 16:07:45 +0000 (17:07 +0100)]
Use payload_get_field() to look up payload fields

10 years agoImplemented a generic payload field lookup function
Martin Willi [Wed, 24 Nov 2010 15:52:49 +0000 (16:52 +0100)]
Implemented a generic payload field lookup function

10 years agoReserved field get parsed/generated like any other bit/byte field
Martin Willi [Wed, 24 Nov 2010 15:44:48 +0000 (16:44 +0100)]
Reserved field get parsed/generated like any other bit/byte field

10 years agoAdded member fields for reserved bits and bytes in all payloads
Martin Willi [Wed, 24 Nov 2010 15:34:16 +0000 (16:34 +0100)]
Added member fields for reserved bits and bytes in all payloads

10 years agoMigrated vendor_id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:42:22 +0000 (14:42 +0100)]
Migrated vendor_id_payload to INIT/METHOD macros

10 years agoMigrated ts_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:36:47 +0000 (14:36 +0100)]
Migrated ts_payload to INIT/METHOD macros

10 years agoUse enumerator instead of deprecated iterator
Martin Willi [Wed, 24 Nov 2010 13:21:01 +0000 (14:21 +0100)]
Use enumerator instead of deprecated iterator

10 years agoMigrated transform_substructure to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:17:44 +0000 (14:17 +0100)]
Migrated transform_substructure to INIT/METHOD macros

10 years agoRemoved obsolete clone mehtod from proposal_substructure
Martin Willi [Wed, 24 Nov 2010 12:58:33 +0000 (13:58 +0100)]
Removed obsolete clone mehtod from proposal_substructure

10 years agoMigrated transform_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:14:31 +0000 (12:14 +0100)]
Migrated transform_attribute to INIT/METHOD macros

10 years agoMigrated traffic_selector_substructre to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:00:53 +0000 (12:00 +0100)]
Migrated traffic_selector_substructre to INIT/METHOD macros

10 years agoMigrated notify_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:54:12 +0000 (11:54 +0100)]
Migrated notify_payload to INIT/METHOD macros

10 years agoMigrated nonce_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:42:29 +0000 (11:42 +0100)]
Migrated nonce_payload to INIT/METHOD macros

10 years agoMigrated ke_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:37:34 +0000 (11:37 +0100)]
Migrated ke_payload to INIT/METHOD macros

10 years agoMigrated id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:29:18 +0000 (11:29 +0100)]
Migrated id_payload to INIT/METHOD macros

10 years agoUse standard ID getter in log_id hook
Martin Willi [Wed, 24 Nov 2010 10:28:58 +0000 (11:28 +0100)]
Use standard ID getter in log_id hook

10 years agoMigrated cp_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:16:37 +0000 (11:16 +0100)]
Migrated cp_payload to INIT/METHOD macros

10 years agoMigrated configuration_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:07:28 +0000 (11:07 +0100)]
Migrated configuration_attribute to INIT/METHOD macros

10 years agoMigrated certreq_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:01:27 +0000 (11:01 +0100)]
Migrated certreq_payload to INIT/METHOD macros

10 years agoMigrated cert_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:53:38 +0000 (10:53 +0100)]
Migrated cert_payload to INIT/METHOD macros

10 years agoMigrated auth_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:38:58 +0000 (10:38 +0100)]
Migrated auth_payload to INIT/METHOD macros

10 years agoImplemented a hook to toggle the IKE message request flag
Martin Willi [Tue, 23 Nov 2010 12:55:32 +0000 (13:55 +0100)]
Implemented a hook to toggle the IKE message request flag

10 years agoImplemented hook to modify IKE header SPIs
Martin Willi [Tue, 23 Nov 2010 12:53:00 +0000 (13:53 +0100)]
Implemented hook to modify IKE header SPIs

10 years agoFixed transport mode configuration option
Martin Willi [Tue, 23 Nov 2010 12:34:08 +0000 (13:34 +0100)]
Fixed transport mode configuration option

10 years agoDisable MOBIKE in conftesting, as it changes port floating behavior
Martin Willi [Tue, 23 Nov 2010 10:43:23 +0000 (11:43 +0100)]
Disable MOBIKE in conftesting, as it changes port floating behavior

10 years agoLoad plugins only once, even if listed twice
Martin Willi [Tue, 23 Nov 2010 10:06:46 +0000 (11:06 +0100)]
Load plugins only once, even if listed twice

10 years agoPreload plugins configured in tests
Martin Willi [Tue, 23 Nov 2010 09:58:39 +0000 (10:58 +0100)]
Preload plugins configured in tests

10 years agoMoved generic infrastructure initialization to libcharon_init(), allows us to preload...
Martin Willi [Tue, 23 Nov 2010 09:50:36 +0000 (10:50 +0100)]
Moved generic infrastructure initialization to libcharon_init(), allows us to preload plugins

10 years agoAdded IKE options to configure source/destination ports
Martin Willi [Tue, 23 Nov 2010 09:45:45 +0000 (10:45 +0100)]
Added IKE options to configure source/destination ports

10 years agoAdded IKE config option to fake NAT situations
Martin Willi [Tue, 23 Nov 2010 09:43:48 +0000 (10:43 +0100)]
Added IKE config option to fake NAT situations

10 years agoShow SPI in proposal logging hook
Martin Willi [Tue, 23 Nov 2010 09:12:32 +0000 (10:12 +0100)]
Show SPI in proposal logging hook

10 years agoImplemented a hook to inject custom proposals
Martin Willi [Tue, 23 Nov 2010 09:01:42 +0000 (10:01 +0100)]
Implemented a hook to inject custom proposals

10 years agoFixed error reporting
Martin Willi [Tue, 23 Nov 2010 09:01:23 +0000 (10:01 +0100)]
Fixed error reporting

10 years agoRemove unused variable
Martin Willi [Tue, 23 Nov 2010 07:42:57 +0000 (08:42 +0100)]
Remove unused variable

10 years agoAdded hook to log ID payload type and data
Martin Willi [Mon, 15 Nov 2010 13:56:34 +0000 (14:56 +0100)]
Added hook to log ID payload type and data

10 years agoAdded hook to log received KE group
Martin Willi [Mon, 15 Nov 2010 13:47:06 +0000 (14:47 +0100)]
Added hook to log received KE group

10 years agoAdded a hook to modify proposal numbers
Martin Willi [Mon, 15 Nov 2010 13:37:02 +0000 (14:37 +0100)]
Added a hook to modify proposal numbers

10 years agoAdded a hook to print received proposals, including number
Martin Willi [Mon, 15 Nov 2010 13:07:17 +0000 (14:07 +0100)]
Added a hook to print received proposals, including number

10 years agoAdded a hook to alter the payload length field of arbitrary payloads
Martin Willi [Mon, 15 Nov 2010 10:54:35 +0000 (11:54 +0100)]
Added a hook to alter the payload length field of arbitrary payloads

10 years agoDo not update payload length during generation, allows hooks override payload length
Martin Willi [Mon, 15 Nov 2010 10:53:20 +0000 (11:53 +0100)]
Do not update payload length during generation, allows hooks override payload length

10 years agoDo not recalculate payload header length after generation, payloads do length calculation
Martin Willi [Mon, 15 Nov 2010 10:52:30 +0000 (11:52 +0100)]
Do not recalculate payload header length after generation, payloads do length calculation

10 years agoSupport loading of certificate revocation lists
Martin Willi [Fri, 12 Nov 2010 15:10:00 +0000 (16:10 +0100)]
Support loading of certificate revocation lists

10 years agoImplemented a hook that recreates a valid incoming IKE_AUTH response, even if AUTH_FAILED
Martin Willi [Fri, 12 Nov 2010 14:40:29 +0000 (15:40 +0100)]
Implemented a hook that recreates a valid incoming IKE_AUTH response, even if AUTH_FAILED

10 years agoApply IKE major/minor version set on message to IKE header
Martin Willi [Thu, 11 Nov 2010 15:37:26 +0000 (16:37 +0100)]
Apply IKE major/minor version set on message to IKE header

10 years agoAdded setters for IKE major/minor version to ike_header
Martin Willi [Thu, 11 Nov 2010 15:35:35 +0000 (16:35 +0100)]
Added setters for IKE major/minor version to ike_header

10 years agoMigrated ike_header_t to INIT/METHOD macros
Martin Willi [Thu, 11 Nov 2010 15:32:57 +0000 (16:32 +0100)]
Migrated ike_header_t to INIT/METHOD macros

10 years agoAdded hook to set arbitrary IKE major/minor versions in message headers
Martin Willi [Thu, 11 Nov 2010 15:12:58 +0000 (16:12 +0100)]
Added hook to set arbitrary IKE major/minor versions in message headers

10 years agoPrefer test specific over suite specific configuration
Martin Willi [Thu, 11 Nov 2010 14:52:32 +0000 (15:52 +0100)]
Prefer test specific over suite specific configuration

10 years agoAdded a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism
Martin Willi [Thu, 11 Nov 2010 14:38:52 +0000 (15:38 +0100)]
Added a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism

10 years agoThe add_payload hook supports replacing existing payloads of the same type
Martin Willi [Wed, 10 Nov 2010 16:41:51 +0000 (17:41 +0100)]
The add_payload hook supports replacing existing payloads of the same type

10 years agoFix insertion of non hex encoded payload data
Martin Willi [Wed, 10 Nov 2010 16:41:23 +0000 (17:41 +0100)]
Fix insertion of non hex encoded payload data

10 years agoFixed length calculation of unknown payload
Martin Willi [Wed, 10 Nov 2010 16:40:43 +0000 (17:40 +0100)]
Fixed length calculation of unknown payload

10 years agoAdded a hook to set the critical bit on arbitrary payloads
Martin Willi [Wed, 10 Nov 2010 16:23:57 +0000 (17:23 +0100)]
Added a hook to set the critical bit on arbitrary payloads

10 years agoMove critical bit checking to ike_sa, notify payload includes unsupported payload...
Martin Willi [Wed, 10 Nov 2010 15:47:56 +0000 (16:47 +0100)]
Move critical bit checking to ike_sa, notify payload includes unsupported payload type

10 years agoHandle all error notifies in CREATE_CHILD_SA exchanges
Martin Willi [Wed, 10 Nov 2010 15:30:25 +0000 (16:30 +0100)]
Handle all error notifies in CREATE_CHILD_SA exchanges

10 years agoSupport encoding of UKNOWN_DATA
Martin Willi [Wed, 10 Nov 2010 15:29:59 +0000 (16:29 +0100)]
Support encoding of UKNOWN_DATA

10 years agoMoved our substructure identifiers above 255, ignore private payloads properly
Martin Willi [Wed, 10 Nov 2010 14:41:46 +0000 (15:41 +0100)]
Moved our substructure identifiers above 255, ignore private payloads properly

10 years agoCheck for exceeded payload count even if we have a found one flagged as sufficient
Martin Willi [Wed, 10 Nov 2010 14:34:38 +0000 (15:34 +0100)]
Check for exceeded payload count even if we have a found one flagged as sufficient

10 years agoAdded a hook to inject custom payloads with critical bit
Martin Willi [Wed, 10 Nov 2010 13:26:03 +0000 (14:26 +0100)]
Added a hook to inject custom payloads with critical bit

10 years agoAdded a constructor for custom uknown payloads
Martin Willi [Wed, 10 Nov 2010 13:21:23 +0000 (14:21 +0100)]
Added a constructor for custom uknown payloads

10 years agoUse the payloads actual type in unknown_payload_t
Martin Willi [Wed, 10 Nov 2010 13:17:03 +0000 (14:17 +0100)]
Use the payloads actual type in unknown_payload_t

10 years agoMigrated unknown payload to INIT/METHOD macros
Martin Willi [Wed, 10 Nov 2010 12:56:18 +0000 (13:56 +0100)]
Migrated unknown payload to INIT/METHOD macros

10 years agoAdded a short README about the conftest utility
Martin Willi [Tue, 9 Nov 2010 14:37:41 +0000 (15:37 +0100)]
Added a short README about the conftest utility

10 years agoSpecify the type of the certificate to load, currently X509 only
Martin Willi [Tue, 9 Nov 2010 13:19:59 +0000 (14:19 +0100)]
Specify the type of the certificate to load, currently X509 only

10 years agoBe a little more verbose about cert payload injection
Martin Willi [Tue, 9 Nov 2010 11:05:30 +0000 (12:05 +0100)]
Be a little more verbose about cert payload injection

10 years agoSupport hook suffixes to use the same hook multiple times
Martin Willi [Tue, 9 Nov 2010 10:17:20 +0000 (11:17 +0100)]
Support hook suffixes to use the same hook multiple times

10 years agoSupport arbitrary suffixes for actions, same action multiple times
Martin Willi [Tue, 9 Nov 2010 10:07:37 +0000 (11:07 +0100)]
Support arbitrary suffixes for actions, same action multiple times

10 years agoAdded a hook to ignore specific messages
Martin Willi [Tue, 9 Nov 2010 09:19:56 +0000 (10:19 +0100)]
Added a hook to ignore specific messages

10 years agoIngore messages with exchange type altered to UNDEFINED in message() hook
Martin Willi [Tue, 9 Nov 2010 09:19:09 +0000 (10:19 +0100)]
Ingore messages with exchange type altered to UNDEFINED in message() hook

10 years agoAdded a hook to send unencrypted notifies in established IKE_SAs
Martin Willi [Tue, 9 Nov 2010 08:59:56 +0000 (09:59 +0100)]
Added a hook to send unencrypted notifies in established IKE_SAs

10 years agoFail silently without INVALID_SYNTAX if message not verified
Martin Willi [Tue, 9 Nov 2010 08:55:20 +0000 (09:55 +0100)]
Fail silently without INVALID_SYNTAX if message not verified

10 years agoInclude suiteb test suite config in distribution
Martin Willi [Mon, 8 Nov 2010 15:45:48 +0000 (16:45 +0100)]
Include suiteb test suite config in distribution

10 years agoFixed loading of credentials using a relative path
Martin Willi [Tue, 2 Nov 2010 15:12:29 +0000 (16:12 +0100)]
Fixed loading of credentials using a relative path