Tobias Brunner [Tue, 6 Jul 2010 10:46:40 +0000 (12:46 +0200)]
Moved migrate job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:34:15 +0000 (12:34 +0200)]
Moved update SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:09:06 +0000 (12:09 +0200)]
Moved delete/rekey CHILD_SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 09:50:43 +0000 (11:50 +0200)]
Moved acquire job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 09:36:58 +0000 (11:36 +0200)]
Added kernel event handler stub.
Tobias Brunner [Tue, 6 Jul 2010 14:09:06 +0000 (16:09 +0200)]
All kernel listener hooks are optional.
Tobias Brunner [Tue, 6 Jul 2010 11:02:01 +0000 (13:02 +0200)]
Added listener handling to kernel interface.
Tobias Brunner [Tue, 6 Jul 2010 07:28:12 +0000 (09:28 +0200)]
Added an interface for kernel event listeners.
Tobias Brunner [Tue, 6 Jul 2010 08:48:55 +0000 (10:48 +0200)]
Some minor comment fixes.
Tobias Brunner [Mon, 5 Jul 2010 16:52:50 +0000 (18:52 +0200)]
Some whitespace and code style fixes.
Tobias Brunner [Mon, 5 Jul 2010 16:49:41 +0000 (18:49 +0200)]
Do not include files from libcharon in libhydra.
Tobias Brunner [Mon, 5 Jul 2010 13:32:54 +0000 (15:32 +0200)]
Move callback_job_t to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Fixing Doxygen groups after moving processor.
Tobias Brunner [Mon, 5 Jul 2010 11:52:05 +0000 (13:52 +0200)]
Refer to processor via hydra and not charon.
Tobias Brunner [Mon, 5 Jul 2010 11:46:04 +0000 (13:46 +0200)]
Move processor_t (thread-pool) to libhydra.
Martin Willi [Thu, 2 Sep 2010 08:29:32 +0000 (10:29 +0200)]
Support different hash/sig algorithms in handshake signing, including ECDSA
Martin Willi [Thu, 2 Sep 2010 08:05:11 +0000 (10:05 +0200)]
Added TLS ClientCertificateType identifiers
Martin Willi [Thu, 2 Sep 2010 07:21:45 +0000 (09:21 +0200)]
Added TLS specific Hash and Signature Algorithm identifiers
Martin Willi [Thu, 2 Sep 2010 08:28:51 +0000 (10:28 +0200)]
Fixed typos in tls_writer method descriptions
Martin Willi [Thu, 2 Sep 2010 10:37:27 +0000 (12:37 +0200)]
Respect key types in stroke key/certificate backend
Martin Willi [Thu, 2 Sep 2010 07:46:09 +0000 (09:46 +0200)]
Added an enumerator for registered credential builders
Martin Willi [Thu, 2 Sep 2010 07:30:48 +0000 (09:30 +0200)]
Migrated credential_factory to INIT/METHOD macros
Andreas Steffen [Wed, 1 Sep 2010 20:22:27 +0000 (22:22 +0200)]
adapted evaltest.dat to new RULE_OCSP_VALIDATION
Andreas Steffen [Wed, 1 Sep 2010 12:30:14 +0000 (14:30 +0200)]
cosmetics in debug output
Andreas Steffen [Tue, 31 Aug 2010 22:16:19 +0000 (00:16 +0200)]
defined aaa_identity
Andreas Steffen [Tue, 31 Aug 2010 22:11:23 +0000 (00:11 +0200)]
increase number of message due to large certificate payloads
Andreas Steffen [Tue, 31 Aug 2010 21:22:39 +0000 (23:22 +0200)]
clarified debug output
Andreas Steffen [Tue, 31 Aug 2010 19:42:14 +0000 (21:42 +0200)]
fixed typo
Martin Willi [Tue, 31 Aug 2010 16:08:46 +0000 (18:08 +0200)]
Do not process any more TLS handshake messages on fatal alerts
Martin Willi [Tue, 31 Aug 2010 16:02:46 +0000 (18:02 +0200)]
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
Martin Willi [Tue, 31 Aug 2010 16:07:38 +0000 (18:07 +0200)]
Strictly check if the server certificate matches the TLS server identity
Martin Willi [Tue, 31 Aug 2010 16:06:02 +0000 (18:06 +0200)]
Use the AAA Identity for EAP authentication, if given
Martin Willi [Tue, 31 Aug 2010 15:52:52 +0000 (17:52 +0200)]
Added support for the ipsec.conf aaa_identity keyword
Martin Willi [Tue, 31 Aug 2010 15:26:20 +0000 (17:26 +0200)]
Added an AAA identity authentication config option
Martin Willi [Tue, 31 Aug 2010 14:10:55 +0000 (16:10 +0200)]
Added strongswan.conf options for EAP-TLS/TTLS fragment size
Martin Willi [Tue, 31 Aug 2010 08:03:03 +0000 (10:03 +0200)]
Support processing of partial TLS record headers
Martin Willi [Tue, 31 Aug 2010 07:12:40 +0000 (09:12 +0200)]
Migrated EAP-TTLS to the generic TLS helper
Martin Willi [Tue, 31 Aug 2010 07:12:20 +0000 (09:12 +0200)]
Migrated EAP-TLS to the generic TLS helper
Martin Willi [Tue, 31 Aug 2010 07:11:09 +0000 (09:11 +0200)]
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
Martin Willi [Tue, 31 Aug 2010 06:57:26 +0000 (08:57 +0200)]
Support output fragmentation of TLS records
Martin Willi [Tue, 31 Aug 2010 06:55:48 +0000 (08:55 +0200)]
Moved EAP type/code definitions to a seprate header file in libstrongswan
Martin Willi [Thu, 26 Aug 2010 10:27:56 +0000 (12:27 +0200)]
Implemented buffering of partial records in TLS stack
Martin Willi [Thu, 26 Aug 2010 10:18:24 +0000 (12:18 +0200)]
Log TLS handshake subtypes as handshakes
Martin Willi [Thu, 26 Aug 2010 10:17:22 +0000 (12:17 +0200)]
Added a TLS debug level option, use debugging hook
Martin Willi [Tue, 31 Aug 2010 13:34:08 +0000 (15:34 +0200)]
Do not strdup() zero length strings in identification_create_from_string()
Tobias Brunner [Tue, 31 Aug 2010 12:46:53 +0000 (14:46 +0200)]
Corrected some URLs.
Tobias Brunner [Mon, 30 Aug 2010 15:24:07 +0000 (17:24 +0200)]
Enable the generation of unencrypted messages (e.g. ME connectivity checks).
Andreas Steffen [Mon, 30 Aug 2010 14:22:33 +0000 (16:22 +0200)]
fixed typos
Andreas Steffen [Mon, 30 Aug 2010 13:42:44 +0000 (15:42 +0200)]
fixed copy-and-paste errors
Andreas Steffen [Mon, 30 Aug 2010 13:36:24 +0000 (15:36 +0200)]
created an eap-tnc method hull
Andreas Steffen [Mon, 30 Aug 2010 13:35:13 +0000 (15:35 +0200)]
for the time being assume a single request/response exchange for a given EAP method
Tobias Brunner [Mon, 30 Aug 2010 12:54:31 +0000 (14:54 +0200)]
Port floating patch partially reversed.
If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH request, that is, before we know whether the other peer
actually supports MOBIKE or not.
Tobias Brunner [Mon, 30 Aug 2010 10:19:37 +0000 (12:19 +0200)]
Slightly refactored port floating.
In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
Andreas Steffen [Mon, 30 Aug 2010 11:13:39 +0000 (13:13 +0200)]
defined EAP-TNC
Martin Willi [Mon, 30 Aug 2010 09:22:54 +0000 (11:22 +0200)]
Unwrap crlNumber INTEGER in openssl CRL parsing
Martin Willi [Mon, 30 Aug 2010 09:01:18 +0000 (11:01 +0200)]
Added crl support to pki --print
Tobias Brunner [Mon, 30 Aug 2010 08:49:32 +0000 (10:49 +0200)]
Typo in doxygen comment fixed.
Tobias Brunner [Mon, 30 Aug 2010 08:48:09 +0000 (10:48 +0200)]
Fixed ME after introduction of AEAD wrapper.
Martin Willi [Mon, 30 Aug 2010 08:14:45 +0000 (10:14 +0200)]
Fixed pluto smartcard support after introducing encryption schemes
Andreas Steffen [Sun, 29 Aug 2010 19:52:08 +0000 (21:52 +0200)]
replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
Andreas Steffen [Sun, 29 Aug 2010 19:11:00 +0000 (21:11 +0200)]
added ctr ccm and gcm plugins to ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 19:09:25 +0000 (21:09 +0200)]
added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 18:50:37 +0000 (20:50 +0200)]
added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 18:39:51 +0000 (20:39 +0200)]
replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
Andreas Steffen [Sun, 29 Aug 2010 18:24:12 +0000 (20:24 +0200)]
replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
Andreas Steffen [Fri, 27 Aug 2010 14:30:05 +0000 (16:30 +0200)]
Win7 might send up to 7k of certificate requests
Tobias Brunner [Thu, 26 Aug 2010 08:25:08 +0000 (10:25 +0200)]
Fixed documentation of XAUTH in ipsec.secrets.
Martin Willi [Wed, 25 Aug 2010 16:30:09 +0000 (18:30 +0200)]
Prefer AES/Camellia suites over 3DES/NULL encryption
Martin Willi [Wed, 25 Aug 2010 16:24:27 +0000 (18:24 +0200)]
Send TLS alerts for errors in TLS handshake building
Martin Willi [Wed, 25 Aug 2010 16:04:59 +0000 (18:04 +0200)]
Refactored fragment building, use correct TLS content type for non-first fragments
Martin Willi [Wed, 25 Aug 2010 15:03:09 +0000 (17:03 +0200)]
Update delete_payload length when adding SPIs
Martin Willi [Wed, 25 Aug 2010 15:00:01 +0000 (17:00 +0200)]
Migrated delete_payload to INIT/METHOD macros, replaced iterator
Martin Willi [Wed, 25 Aug 2010 13:29:53 +0000 (15:29 +0200)]
Use different return values in payload decryption to distinguish between integrity and syntax errors
Martin Willi [Wed, 25 Aug 2010 10:57:13 +0000 (12:57 +0200)]
Implemented a TLS utility to test on any TLS secured TCP connection
Martin Willi [Wed, 25 Aug 2010 10:51:01 +0000 (12:51 +0200)]
Added a simple high level TLS wrapper for sockets
Martin Willi [Wed, 25 Aug 2010 10:43:21 +0000 (12:43 +0200)]
Initialize output chunk before appending data to it
Martin Willi [Tue, 24 Aug 2010 16:17:34 +0000 (18:17 +0200)]
Added private key support to in-memory credential set
Martin Willi [Tue, 24 Aug 2010 14:59:45 +0000 (16:59 +0200)]
Added certificate support to in-memory credential set
Thomas Egerer [Tue, 24 Aug 2010 12:55:47 +0000 (14:55 +0200)]
Check if colliding rekey actually created an IKE_INIT
In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.
Martin Willi [Wed, 25 Aug 2010 07:53:43 +0000 (09:53 +0200)]
Added a ike_name logger option to prefix the IKE_SA name on each line
Andreas Steffen [Tue, 24 Aug 2010 17:18:44 +0000 (19:18 +0200)]
removed tls_record_t definition
Martin Willi [Tue, 24 Aug 2010 09:34:43 +0000 (11:34 +0200)]
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
Martin Willi [Tue, 24 Aug 2010 08:29:54 +0000 (10:29 +0200)]
Skip the close notify if application layer completes successfully
Andreas Steffen [Tue, 24 Aug 2010 08:12:15 +0000 (10:12 +0200)]
added ikev2/rw-eap-tls-fragments scenario
Andreas Steffen [Tue, 24 Aug 2010 08:09:58 +0000 (10:09 +0200)]
use correct network diagram
Andreas Steffen [Tue, 24 Aug 2010 07:02:40 +0000 (09:02 +0200)]
support fragmentation in AVPs
Andreas Steffen [Tue, 24 Aug 2010 07:00:52 +0000 (09:00 +0200)]
removed some redundant debug output
Martin Willi [Tue, 24 Aug 2010 06:42:10 +0000 (08:42 +0200)]
Added generic TLS purposes
Martin Willi [Tue, 24 Aug 2010 06:41:12 +0000 (08:41 +0200)]
Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
Martin Willi [Tue, 24 Aug 2010 06:40:28 +0000 (08:40 +0200)]
Check if the application layer has completed successfully
Martin Willi [Mon, 23 Aug 2010 14:21:49 +0000 (16:21 +0200)]
Moved TLS record parsing/generation to tls.c
Andreas Steffen [Mon, 23 Aug 2010 15:51:40 +0000 (17:51 +0200)]
added debug-tls comand line option
Martin Willi [Mon, 23 Aug 2010 12:31:21 +0000 (14:31 +0200)]
Added a TLS purpose for EAP-TTLS with client authentication
Martin Willi [Mon, 23 Aug 2010 12:22:54 +0000 (14:22 +0200)]
EAP-TLS clients send an empty packet on failure to properly shut down a TLS session
Martin Willi [Mon, 23 Aug 2010 12:22:38 +0000 (14:22 +0200)]
Implemented TLS Alert handling
Martin Willi [Mon, 23 Aug 2010 10:01:48 +0000 (12:01 +0200)]
Rebuild library.lo after changing ./configure options
Martin Willi [Mon, 23 Aug 2010 09:57:40 +0000 (11:57 +0200)]
Build a trustchain even if no trust anchor is given
Martin Willi [Mon, 23 Aug 2010 09:30:36 +0000 (11:30 +0200)]
Accept encryption payloads with no wrapped payloads
Martin Willi [Mon, 23 Aug 2010 08:10:36 +0000 (10:10 +0200)]
Fall back to shifting with 32-bit words if 64-bit byte order conversion function missing
Martin Willi [Fri, 20 Aug 2010 18:45:31 +0000 (20:45 +0200)]
Use enum mappings to resolve debug group