strongswan.git
12 years agofor the time being assume a single request/response exchange for a given EAP method
Andreas Steffen [Mon, 30 Aug 2010 13:35:13 +0000 (15:35 +0200)]
for the time being assume a single request/response exchange for a given EAP method

12 years agoPort floating patch partially reversed.
Tobias Brunner [Mon, 30 Aug 2010 12:54:31 +0000 (14:54 +0200)]
Port floating patch partially reversed.

If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH request, that is, before we know whether the other peer
actually supports MOBIKE or not.

12 years agoSlightly refactored port floating.
Tobias Brunner [Mon, 30 Aug 2010 10:19:37 +0000 (12:19 +0200)]
Slightly refactored port floating.

In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.

12 years agodefined EAP-TNC
Andreas Steffen [Mon, 30 Aug 2010 11:13:39 +0000 (13:13 +0200)]
defined EAP-TNC

12 years agoUnwrap crlNumber INTEGER in openssl CRL parsing
Martin Willi [Mon, 30 Aug 2010 09:22:54 +0000 (11:22 +0200)]
Unwrap crlNumber INTEGER in openssl CRL parsing

12 years agoAdded crl support to pki --print
Martin Willi [Mon, 30 Aug 2010 09:01:18 +0000 (11:01 +0200)]
Added crl support to pki --print

12 years agoTypo in doxygen comment fixed.
Tobias Brunner [Mon, 30 Aug 2010 08:49:32 +0000 (10:49 +0200)]
Typo in doxygen comment fixed.

12 years agoFixed ME after introduction of AEAD wrapper.
Tobias Brunner [Mon, 30 Aug 2010 08:48:09 +0000 (10:48 +0200)]
Fixed ME after introduction of AEAD wrapper.

12 years agoFixed pluto smartcard support after introducing encryption schemes
Martin Willi [Mon, 30 Aug 2010 08:14:45 +0000 (10:14 +0200)]
Fixed pluto smartcard support after introducing encryption schemes

12 years agoreplaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
Andreas Steffen [Sun, 29 Aug 2010 19:52:08 +0000 (21:52 +0200)]
replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr

12 years agoadded ctr ccm and gcm plugins to ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 19:11:00 +0000 (21:11 +0200)]
added ctr ccm and gcm plugins to ikev2/rw-cert scenario

12 years agoadded ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 19:09:25 +0000 (21:09 +0200)]
added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario

12 years agoadded ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 18:50:37 +0000 (20:50 +0200)]
added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario

12 years agoreplaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
Andreas Steffen [Sun, 29 Aug 2010 18:39:51 +0000 (20:39 +0200)]
replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm

12 years agoreplaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
Andreas Steffen [Sun, 29 Aug 2010 18:24:12 +0000 (20:24 +0200)]
replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm

12 years agoWin7 might send up to 7k of certificate requests
Andreas Steffen [Fri, 27 Aug 2010 14:30:05 +0000 (16:30 +0200)]
Win7 might send up to 7k of certificate requests

12 years agoFixed documentation of XAUTH in ipsec.secrets.
Tobias Brunner [Thu, 26 Aug 2010 08:25:08 +0000 (10:25 +0200)]
Fixed documentation of XAUTH in ipsec.secrets.

12 years agoPrefer AES/Camellia suites over 3DES/NULL encryption
Martin Willi [Wed, 25 Aug 2010 16:30:09 +0000 (18:30 +0200)]
Prefer AES/Camellia suites over 3DES/NULL encryption

12 years agoSend TLS alerts for errors in TLS handshake building
Martin Willi [Wed, 25 Aug 2010 16:24:27 +0000 (18:24 +0200)]
Send TLS alerts for errors in TLS handshake building

12 years agoRefactored fragment building, use correct TLS content type for non-first fragments
Martin Willi [Wed, 25 Aug 2010 16:04:59 +0000 (18:04 +0200)]
Refactored fragment building, use correct TLS content type for non-first fragments

12 years agoUpdate delete_payload length when adding SPIs
Martin Willi [Wed, 25 Aug 2010 15:03:09 +0000 (17:03 +0200)]
Update delete_payload length when adding SPIs

12 years agoMigrated delete_payload to INIT/METHOD macros, replaced iterator
Martin Willi [Wed, 25 Aug 2010 15:00:01 +0000 (17:00 +0200)]
Migrated delete_payload to INIT/METHOD macros, replaced iterator

12 years agoUse different return values in payload decryption to distinguish between integrity...
Martin Willi [Wed, 25 Aug 2010 13:29:53 +0000 (15:29 +0200)]
Use different return values in payload decryption to distinguish between integrity and syntax errors

12 years agoImplemented a TLS utility to test on any TLS secured TCP connection
Martin Willi [Wed, 25 Aug 2010 10:57:13 +0000 (12:57 +0200)]
Implemented a TLS utility to test on any TLS secured TCP connection

12 years agoAdded a simple high level TLS wrapper for sockets
Martin Willi [Wed, 25 Aug 2010 10:51:01 +0000 (12:51 +0200)]
Added a simple high level TLS wrapper for sockets

12 years agoInitialize output chunk before appending data to it
Martin Willi [Wed, 25 Aug 2010 10:43:21 +0000 (12:43 +0200)]
Initialize output chunk before appending data to it

12 years agoAdded private key support to in-memory credential set
Martin Willi [Tue, 24 Aug 2010 16:17:34 +0000 (18:17 +0200)]
Added private key support to in-memory credential set

12 years agoAdded certificate support to in-memory credential set
Martin Willi [Tue, 24 Aug 2010 14:59:45 +0000 (16:59 +0200)]
Added certificate support to in-memory credential set

12 years agoCheck if colliding rekey actually created an IKE_INIT
Thomas Egerer [Tue, 24 Aug 2010 12:55:47 +0000 (14:55 +0200)]
Check if colliding rekey actually created an IKE_INIT

In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.

12 years agoAdded a ike_name logger option to prefix the IKE_SA name on each line
Martin Willi [Wed, 25 Aug 2010 07:53:43 +0000 (09:53 +0200)]
Added a ike_name logger option to prefix the IKE_SA name on each line

12 years agoremoved tls_record_t definition
Andreas Steffen [Tue, 24 Aug 2010 17:18:44 +0000 (19:18 +0200)]
removed tls_record_t definition

12 years agoPass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_...
Martin Willi [Tue, 24 Aug 2010 09:34:43 +0000 (11:34 +0200)]
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option

12 years agoSkip the close notify if application layer completes successfully
Martin Willi [Tue, 24 Aug 2010 08:29:54 +0000 (10:29 +0200)]
Skip the close notify if application layer completes successfully

12 years agoadded ikev2/rw-eap-tls-fragments scenario
Andreas Steffen [Tue, 24 Aug 2010 08:12:15 +0000 (10:12 +0200)]
added ikev2/rw-eap-tls-fragments scenario

12 years agouse correct network diagram
Andreas Steffen [Tue, 24 Aug 2010 08:09:58 +0000 (10:09 +0200)]
use correct network diagram

12 years agosupport fragmentation in AVPs
Andreas Steffen [Tue, 24 Aug 2010 07:02:40 +0000 (09:02 +0200)]
support fragmentation in AVPs

12 years agoremoved some redundant debug output
Andreas Steffen [Tue, 24 Aug 2010 07:00:52 +0000 (09:00 +0200)]
removed some redundant debug output

12 years agoAdded generic TLS purposes
Martin Willi [Tue, 24 Aug 2010 06:42:10 +0000 (08:42 +0200)]
Added generic TLS purposes

12 years agoClient sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
Martin Willi [Tue, 24 Aug 2010 06:41:12 +0000 (08:41 +0200)]
Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS

12 years agoCheck if the application layer has completed successfully
Martin Willi [Tue, 24 Aug 2010 06:40:28 +0000 (08:40 +0200)]
Check if the application layer has completed successfully

12 years agoMoved TLS record parsing/generation to tls.c
Martin Willi [Mon, 23 Aug 2010 14:21:49 +0000 (16:21 +0200)]
Moved TLS record parsing/generation to tls.c

12 years agoadded debug-tls comand line option
Andreas Steffen [Mon, 23 Aug 2010 15:51:40 +0000 (17:51 +0200)]
added debug-tls comand line option

12 years agoAdded a TLS purpose for EAP-TTLS with client authentication
Martin Willi [Mon, 23 Aug 2010 12:31:21 +0000 (14:31 +0200)]
Added a TLS purpose for EAP-TTLS with client authentication

12 years agoEAP-TLS clients send an empty packet on failure to properly shut down a TLS session
Martin Willi [Mon, 23 Aug 2010 12:22:54 +0000 (14:22 +0200)]
EAP-TLS clients send an empty packet on failure to properly shut down a TLS session

12 years agoImplemented TLS Alert handling
Martin Willi [Mon, 23 Aug 2010 12:22:38 +0000 (14:22 +0200)]
Implemented TLS Alert handling

12 years agoRebuild library.lo after changing ./configure options
Martin Willi [Mon, 23 Aug 2010 10:01:48 +0000 (12:01 +0200)]
Rebuild library.lo after changing ./configure options

12 years agoBuild a trustchain even if no trust anchor is given
Martin Willi [Mon, 23 Aug 2010 09:57:40 +0000 (11:57 +0200)]
Build a trustchain even if no trust anchor is given

12 years agoAccept encryption payloads with no wrapped payloads
Martin Willi [Mon, 23 Aug 2010 09:30:36 +0000 (11:30 +0200)]
Accept encryption payloads with no wrapped payloads

12 years agoFall back to shifting with 32-bit words if 64-bit byte order conversion function...
Martin Willi [Mon, 23 Aug 2010 08:10:36 +0000 (10:10 +0200)]
Fall back to shifting with 32-bit words if 64-bit byte order conversion function missing

12 years agoUse enum mappings to resolve debug group
Martin Willi [Fri, 20 Aug 2010 18:45:31 +0000 (20:45 +0200)]
Use enum mappings to resolve debug group

12 years agoImplemented generic enum name to enum value mapping
Martin Willi [Fri, 20 Aug 2010 18:45:05 +0000 (20:45 +0200)]
Implemented generic enum name to enum value mapping

12 years agoVerify negotiated TLS version
Martin Willi [Fri, 20 Aug 2010 14:08:59 +0000 (16:08 +0200)]
Verify negotiated TLS version

12 years agoIntroducing a dedicated debug message group for libtls
Martin Willi [Fri, 20 Aug 2010 13:57:47 +0000 (15:57 +0200)]
Introducing a dedicated debug message group for libtls

12 years agoStreamlined TLS debugging output
Martin Willi [Fri, 20 Aug 2010 13:52:06 +0000 (15:52 +0200)]
Streamlined TLS debugging output

12 years agofixed build_cipher_suite_list()
Andreas Steffen [Sat, 21 Aug 2010 10:51:54 +0000 (12:51 +0200)]
fixed build_cipher_suite_list()

12 years agoIntroducing simple purposes for the TLS stack, switches various options
Martin Willi [Fri, 20 Aug 2010 13:02:25 +0000 (15:02 +0200)]
Introducing simple purposes for the TLS stack, switches various options

12 years agoFixed compiler warning
Martin Willi [Fri, 20 Aug 2010 12:57:14 +0000 (14:57 +0200)]
Fixed compiler warning

12 years agoenable the ccm and gcm plugins in the UML scenarios
Andreas Steffen [Fri, 20 Aug 2010 10:47:15 +0000 (12:47 +0200)]
enable the ccm and gcm plugins in the UML scenarios

12 years agoRegister missing SHA256 authenticator with no truncation, as used by TLS
Martin Willi [Fri, 20 Aug 2010 09:59:49 +0000 (11:59 +0200)]
Register missing SHA256 authenticator with no truncation, as used by TLS

12 years agoAdded more TLS cipher suites we already support
Martin Willi [Fri, 20 Aug 2010 09:01:57 +0000 (11:01 +0200)]
Added more TLS cipher suites we already support

12 years agoBuild TLS cipher suite list in a generic fashion
Martin Willi [Fri, 20 Aug 2010 10:10:21 +0000 (12:10 +0200)]
Build TLS cipher suite list in a generic fashion

12 years agoFixed crypter keymat derivation bug
Martin Willi [Thu, 19 Aug 2010 17:28:08 +0000 (19:28 +0200)]
Fixed crypter keymat derivation bug

12 years agoAdded ctr, ccm, gcm plugin NEWS
Martin Willi [Thu, 19 Aug 2010 17:01:03 +0000 (19:01 +0200)]
Added ctr, ccm, gcm plugin NEWS

12 years agoImprove GCM performance by factor 2-3 by shifting full 32/64 bit words
Martin Willi [Thu, 19 Aug 2010 16:49:35 +0000 (18:49 +0200)]
Improve GCM performance by factor 2-3 by shifting full 32/64 bit words

12 years agoImplemented a gcm plugin providing GCM mode based on CBC crypters
Martin Willi [Thu, 19 Aug 2010 15:58:30 +0000 (17:58 +0200)]
Implemented a gcm plugin providing GCM mode based on CBC crypters

12 years agoAdded AES-GCM test vectors
Martin Willi [Thu, 19 Aug 2010 15:57:03 +0000 (17:57 +0200)]
Added AES-GCM test vectors

12 years agoAdded a crypto transform stress test for profiling
Martin Willi [Thu, 19 Aug 2010 10:18:11 +0000 (12:18 +0200)]
Added a crypto transform stress test for profiling

12 years agoGive a benchmark point for each operation to compare different transforms
Martin Willi [Thu, 19 Aug 2010 10:17:03 +0000 (12:17 +0200)]
Give a benchmark point for each operation to compare different transforms

12 years agoImplemented a ccm plugin providing CCM mode based on CBC crypters
Martin Willi [Wed, 18 Aug 2010 18:38:02 +0000 (20:38 +0200)]
Implemented a ccm plugin providing CCM mode based on CBC crypters

12 years agoAdded helper macros to define portable bitfields with gcc
Martin Willi [Thu, 19 Aug 2010 09:23:07 +0000 (11:23 +0200)]
Added helper macros to define portable bitfields with gcc

12 years agoAdded AES-CCM test vectors
Martin Willi [Thu, 19 Aug 2010 09:24:34 +0000 (11:24 +0200)]
Added AES-CCM test vectors

12 years agoAdded support for AEAD test vectors to test-vectors plugin
Martin Willi [Thu, 19 Aug 2010 08:08:18 +0000 (10:08 +0200)]
Added support for AEAD test vectors to test-vectors plugin

12 years agoInclude CCM/GCM algorithms in IKEv2 proposals, if supported
Martin Willi [Wed, 18 Aug 2010 18:32:57 +0000 (20:32 +0200)]
Include CCM/GCM algorithms in IKEv2 proposals, if supported

12 years agoAdded proposal strings for Camellia CCM algorithm identifiers
Martin Willi [Wed, 18 Aug 2010 18:32:13 +0000 (20:32 +0200)]
Added proposal strings for Camellia CCM algorithm identifiers

12 years agoImplemented IKEv2 keymat derivation for AEAD algorithms
Martin Willi [Wed, 18 Aug 2010 18:18:20 +0000 (20:18 +0200)]
Implemented IKEv2 keymat derivation for AEAD algorithms

12 years agoList registered AEAD algorithms in listalgs
Martin Willi [Wed, 18 Aug 2010 18:17:09 +0000 (20:17 +0200)]
List registered AEAD algorithms in listalgs

12 years agoAdded support for AEAD algorithms to crypto factory
Martin Willi [Wed, 18 Aug 2010 18:16:03 +0000 (20:16 +0200)]
Added support for AEAD algorithms to crypto factory

12 years agoAdded AEAD support to crypto tester
Martin Willi [Wed, 18 Aug 2010 18:15:18 +0000 (20:15 +0200)]
Added AEAD support to crypto tester

12 years agoUse AEAD wrapper for encryption payload encryption/decryption
Martin Willi [Tue, 17 Aug 2010 15:36:09 +0000 (17:36 +0200)]
Use AEAD wrapper for encryption payload encryption/decryption

12 years agoMake function to test if an encryption algorithm is an AEAD alg public
Martin Willi [Tue, 17 Aug 2010 15:27:21 +0000 (17:27 +0200)]
Make function to test if an encryption algorithm is an AEAD alg public

12 years agoImplemented an AEAD wrapper for traditional crypter/signer transforms
Martin Willi [Tue, 17 Aug 2010 15:26:15 +0000 (17:26 +0200)]
Implemented an AEAD wrapper for traditional crypter/signer transforms

12 years agoMigrated generator_t to INIT/METHOD macros
Martin Willi [Tue, 17 Aug 2010 10:54:16 +0000 (12:54 +0200)]
Migrated generator_t to INIT/METHOD macros

12 years agoMigrated encryption_payload to INIT/METHOD macros
Martin Willi [Tue, 17 Aug 2010 10:05:51 +0000 (12:05 +0200)]
Migrated encryption_payload to INIT/METHOD macros

12 years agoMigrated message_t to INIT/METHOD macros
Martin Willi [Tue, 17 Aug 2010 09:10:38 +0000 (11:10 +0200)]
Migrated message_t to INIT/METHOD macros

12 years agoMigrated keymat to INIT/METHOD macros
Martin Willi [Tue, 17 Aug 2010 08:42:56 +0000 (10:42 +0200)]
Migrated keymat to INIT/METHOD macros

12 years agoTest append mode for signers verify_signature
Martin Willi [Tue, 17 Aug 2010 08:12:20 +0000 (10:12 +0200)]
Test append mode for signers verify_signature

12 years agoremoved debug output for TLS application data
Andreas Steffen [Thu, 19 Aug 2010 05:27:30 +0000 (07:27 +0200)]
removed debug output for TLS application data

12 years agoadded EAP-TTLS debug output
Andreas Steffen [Wed, 18 Aug 2010 21:21:00 +0000 (23:21 +0200)]
added EAP-TTLS debug output

12 years agoadded TLS record debug output
Andreas Steffen [Wed, 18 Aug 2010 20:52:42 +0000 (22:52 +0200)]
added TLS record debug output

12 years agoadd TLS handshake packet size to debug output
Andreas Steffen [Wed, 18 Aug 2010 20:07:27 +0000 (22:07 +0200)]
add TLS handshake packet size to debug output

12 years agoUse a seperate section for each nested struct member in INIT macro
Martin Willi [Wed, 18 Aug 2010 10:15:03 +0000 (12:15 +0200)]
Use a seperate section for each nested struct member in INIT macro

12 years agosome simplifications using the INIT macro
Andreas Steffen [Tue, 17 Aug 2010 18:09:32 +0000 (20:09 +0200)]
some simplifications using the INIT macro

12 years agodescribe EAP-TTLS phase2 start options using the phase2_piggyback parameter
Andreas Steffen [Mon, 16 Aug 2010 17:29:39 +0000 (19:29 +0200)]
describe EAP-TTLS phase2 start options using the phase2_piggyback parameter

12 years agoadded ikev2/rw-eap-ttls-phase2-piggyback scenario
Andreas Steffen [Mon, 16 Aug 2010 16:32:00 +0000 (18:32 +0200)]
added ikev2/rw-eap-ttls-phase2-piggyback scenario

12 years agoimplemented server-initiated phase2 of EAP-TTLS authentication
Andreas Steffen [Mon, 16 Aug 2010 16:30:29 +0000 (18:30 +0200)]
implemented server-initiated phase2 of EAP-TTLS authentication

12 years agochanged ikev2/rw-eap-ttls-only description
Andreas Steffen [Mon, 16 Aug 2010 15:29:20 +0000 (17:29 +0200)]
changed ikev2/rw-eap-ttls-only description

12 years agoDo not free registered algorithms, plugins are responsible for unregistering
Martin Willi [Mon, 16 Aug 2010 14:28:35 +0000 (16:28 +0200)]
Do not free registered algorithms, plugins are responsible for unregistering

12 years agoImplemented algorithm benchmarking during registration
Martin Willi [Mon, 16 Aug 2010 13:21:22 +0000 (15:21 +0200)]
Implemented algorithm benchmarking during registration

12 years agoVariable key length crypters use default key length if zero given
Martin Willi [Mon, 16 Aug 2010 13:12:49 +0000 (15:12 +0200)]
Variable key length crypters use default key length if zero given

12 years agoProperly handle zero length in chunk_alloc[a]/chunk_clone[a]
Martin Willi [Mon, 16 Aug 2010 13:11:51 +0000 (15:11 +0200)]
Properly handle zero length in chunk_alloc[a]/chunk_clone[a]