strongswan.git
10 years agoAdded a generic function to check if a DH group is an EC group
Martin Willi [Fri, 3 Sep 2010 14:22:10 +0000 (16:22 +0200)]
Added a generic function to check if a DH group is an EC group

10 years agoAdd ECDHE enabled cipher suites, including ECDSA variants
Martin Willi [Fri, 3 Sep 2010 10:54:40 +0000 (12:54 +0200)]
Add ECDHE enabled cipher suites, including ECDSA variants

10 years agoAdded support for a non-truncated SHA384 HMAC variant, as used by TLS
Martin Willi [Fri, 3 Sep 2010 10:51:26 +0000 (12:51 +0200)]
Added support for a non-truncated SHA384 HMAC variant, as used by TLS

10 years agoSelect private key based on received cipher suites
Martin Willi [Fri, 3 Sep 2010 10:50:18 +0000 (12:50 +0200)]
Select private key based on received cipher suites

10 years agoSupport for EC curve Hello extension, EC curve fallback
Martin Willi [Fri, 3 Sep 2010 09:45:55 +0000 (11:45 +0200)]
Support for EC curve Hello extension, EC curve fallback

10 years agoAdded server support for ECDHE key exchange
Martin Willi [Fri, 3 Sep 2010 09:00:37 +0000 (11:00 +0200)]
Added server support for ECDHE key exchange

10 years agoAdded client support for ECDHE key exchange
Martin Willi [Fri, 3 Sep 2010 09:00:07 +0000 (11:00 +0200)]
Added client support for ECDHE key exchange

10 years agoAdded TLS EC curve type and name identifiers
Martin Willi [Fri, 3 Sep 2010 08:59:01 +0000 (10:59 +0200)]
Added TLS EC curve type and name identifiers

10 years agofixed typo
Andreas Steffen [Fri, 3 Sep 2010 11:30:40 +0000 (13:30 +0200)]
fixed typo

10 years agoupdown script variable is called PLUTO_UDP_ENC
Andreas Steffen [Fri, 3 Sep 2010 10:57:16 +0000 (12:57 +0200)]
updown script variable is called PLUTO_UDP_ENC

10 years agoFixed left-/rightnexthop ipsec.conf options.
Tobias Brunner [Fri, 3 Sep 2010 09:44:01 +0000 (11:44 +0200)]
Fixed left-/rightnexthop ipsec.conf options.

10 years agoCheck for queued TLS alerts after each handshake part
Martin Willi [Fri, 3 Sep 2010 07:32:39 +0000 (09:32 +0200)]
Check for queued TLS alerts after each handshake part

10 years agoAdded support for MODP_CUSTOM to gcrypt plugin
Martin Willi [Fri, 3 Sep 2010 07:32:18 +0000 (09:32 +0200)]
Added support for MODP_CUSTOM to gcrypt plugin

10 years agoAdded support for MODP_CUSTOM to openssl plugin
Martin Willi [Fri, 3 Sep 2010 07:31:51 +0000 (09:31 +0200)]
Added support for MODP_CUSTOM to openssl plugin

10 years agoadapted debug options
Andreas Steffen [Fri, 3 Sep 2010 07:29:56 +0000 (09:29 +0200)]
adapted debug options

10 years agoadapted debug options
Andreas Steffen [Fri, 3 Sep 2010 07:27:16 +0000 (09:27 +0200)]
adapted debug options

10 years agoremoved redundant debug output
Andreas Steffen [Thu, 2 Sep 2010 20:19:25 +0000 (22:19 +0200)]
removed redundant debug output

10 years agoversion bump to 4.5.0dr2
Andreas Steffen [Thu, 2 Sep 2010 20:18:52 +0000 (22:18 +0200)]
version bump to 4.5.0dr2

10 years agooptimized FreeRadius scenarios for debug output
Andreas Steffen [Thu, 2 Sep 2010 12:37:27 +0000 (14:37 +0200)]
optimized FreeRadius scenarios for debug output

10 years agoadded ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Thu, 2 Sep 2010 12:36:52 +0000 (14:36 +0200)]
added ikev2/rw-eap-tnc-radius scenario

10 years agoadded radius init script mit increased debugging
Andreas Steffen [Thu, 2 Sep 2010 11:19:24 +0000 (13:19 +0200)]
added radius init script mit increased debugging

10 years agodisplay configuration and log of FreeRadius servers
Andreas Steffen [Thu, 2 Sep 2010 11:15:49 +0000 (13:15 +0200)]
display configuration and log of FreeRadius servers

10 years agoAdd DHE enabled RSA variants to the supported TLS suites
Martin Willi [Thu, 2 Sep 2010 17:27:37 +0000 (19:27 +0200)]
Add DHE enabled RSA variants to the supported TLS suites

10 years agoAdded TLS server side support for DHE suites
Martin Willi [Thu, 2 Sep 2010 17:27:13 +0000 (19:27 +0200)]
Added TLS server side support for DHE suites

10 years agoAdded TLS client side support for DHE suites
Martin Willi [Thu, 2 Sep 2010 17:26:19 +0000 (19:26 +0200)]
Added TLS client side support for DHE suites

10 years agoStore a MODP group we use for each TLS suite
Martin Willi [Thu, 2 Sep 2010 17:24:56 +0000 (19:24 +0200)]
Store a MODP group we use for each TLS suite

10 years agoAdded support for MODP_CUSTOM to gmp plugin
Martin Willi [Thu, 2 Sep 2010 17:23:37 +0000 (19:23 +0200)]
Added support for MODP_CUSTOM to gmp plugin

10 years agoAdded a MODP_CUSTOM DH group which takes g and p as constructor arguments
Martin Willi [Thu, 2 Sep 2010 17:06:34 +0000 (19:06 +0200)]
Added a MODP_CUSTOM DH group which takes g and p as constructor arguments

10 years agoImplemented "signature algorithm" hello extension
Martin Willi [Thu, 2 Sep 2010 17:19:17 +0000 (19:19 +0200)]
Implemented "signature algorithm" hello extension

10 years agoAdded TLS extension identifiers
Martin Willi [Thu, 2 Sep 2010 17:07:45 +0000 (19:07 +0200)]
Added TLS extension identifiers

10 years agoAdded generic TLS data sign/verify, hash/sig algorithm construction
Martin Willi [Thu, 2 Sep 2010 17:15:16 +0000 (19:15 +0200)]
Added generic TLS data sign/verify, hash/sig algorithm construction

10 years agoContinue with a randomized premaster if decryption failed / version mismatches
Martin Willi [Thu, 2 Sep 2010 12:48:30 +0000 (14:48 +0200)]
Continue with a randomized premaster if decryption failed / version mismatches

10 years agopluto: Removed unused lifetime from raw_eroute.
Tobias Brunner [Thu, 2 Sep 2010 16:59:53 +0000 (18:59 +0200)]
pluto: Removed unused lifetime from raw_eroute.

10 years agopluto: Added support for statically configured reqids.
Tobias Brunner [Thu, 2 Sep 2010 14:05:21 +0000 (16:05 +0200)]
pluto: Added support for statically configured reqids.

10 years agotesting: Added ikev1 xfrm mark scenarios.
Tobias Brunner [Mon, 30 Aug 2010 08:04:16 +0000 (10:04 +0200)]
testing: Added ikev1 xfrm mark scenarios.

10 years agopluto: Make marks available in updown script.
Tobias Brunner [Mon, 30 Aug 2010 08:01:37 +0000 (10:01 +0200)]
pluto: Make marks available in updown script.

10 years agopluto: Fixed comparison of connections, if marks are specified.
Tobias Brunner [Mon, 30 Aug 2010 07:59:25 +0000 (09:59 +0200)]
pluto: Fixed comparison of connections, if marks are specified.

10 years agopluto: Store xfrm marks on connection and use them when installing SAs and policies.
Tobias Brunner [Mon, 30 Aug 2010 07:56:53 +0000 (09:56 +0200)]
pluto: Store xfrm marks on connection and use them when installing SAs and policies.

10 years agostarter: Some whitespace cleanup.
Tobias Brunner [Mon, 30 Aug 2010 06:58:56 +0000 (08:58 +0200)]
starter: Some whitespace cleanup.

10 years agopluto: Added PLUTO_UDP_ENC argument to updown script.
Tobias Brunner [Mon, 30 Aug 2010 06:54:38 +0000 (08:54 +0200)]
pluto: Added PLUTO_UDP_ENC argument to updown script.

This contains the remote UDP port in case of UDP encapsulated ESP.

10 years agopluto: Return value fixed.
Tobias Brunner [Mon, 30 Aug 2010 06:47:13 +0000 (08:47 +0200)]
pluto: Return value fixed.

10 years agopluto: Removed bare shunt table.
Tobias Brunner [Wed, 18 Aug 2010 07:41:04 +0000 (09:41 +0200)]
pluto: Removed bare shunt table.

10 years agoDo not install routes for pluto.
Tobias Brunner [Tue, 17 Aug 2010 07:48:59 +0000 (09:48 +0200)]
Do not install routes for pluto.

There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.

10 years agopluto: Handle changed NAT mappings via libhydra's kernel interface.
Tobias Brunner [Mon, 16 Aug 2010 17:07:30 +0000 (19:07 +0200)]
pluto: Handle changed NAT mappings via libhydra's kernel interface.

10 years agopluto: Removed no_klips flag (--noklips option).
Tobias Brunner [Mon, 16 Aug 2010 13:53:56 +0000 (15:53 +0200)]
pluto: Removed no_klips flag (--noklips option).

10 years agopluto: Removed references to KLIPS from documentation, log messages and comments.
Tobias Brunner [Mon, 16 Aug 2010 12:32:55 +0000 (14:32 +0200)]
pluto: Removed references to KLIPS from documentation, log messages and comments.

10 years agopluto: Added --debug-kernel as alias for --debug-klips.
Tobias Brunner [Mon, 16 Aug 2010 12:59:23 +0000 (14:59 +0200)]
pluto: Added --debug-kernel as alias for --debug-klips.

10 years agopluto: Replaced DBG_KLIPS with DBG_KERNEL.
Tobias Brunner [Mon, 16 Aug 2010 12:07:09 +0000 (14:07 +0200)]
pluto: Replaced DBG_KLIPS with DBG_KERNEL.

10 years agopluto: Removed the KLIPS preprocessor flag.
Tobias Brunner [Mon, 16 Aug 2010 12:02:25 +0000 (14:02 +0200)]
pluto: Removed the KLIPS preprocessor flag.

10 years agopluto: Removed unneeded kernel abstractions.
Tobias Brunner [Mon, 16 Aug 2010 09:26:31 +0000 (11:26 +0200)]
pluto: Removed unneeded kernel abstractions.

10 years agopluto: Completely removed struct kernel_ops.
Tobias Brunner [Mon, 16 Aug 2010 09:12:57 +0000 (11:12 +0200)]
pluto: Completely removed struct kernel_ops.

10 years agopluto: Refactored PF_KEY capabilities registration.
Tobias Brunner [Mon, 16 Aug 2010 08:33:37 +0000 (10:33 +0200)]
pluto: Refactored PF_KEY capabilities registration.

Although we use the kernel interface from libhydra we still need this to make
the available algorithms known to pluto.

10 years agopluto: Removed unneeded functions from PF_KEY interface.
Tobias Brunner [Wed, 11 Aug 2010 11:51:03 +0000 (13:51 +0200)]
pluto: Removed unneeded functions from PF_KEY interface.

We still use the algorithm registration.

10 years agopluto: Completely removed orphaned_holds.
Tobias Brunner [Tue, 10 Aug 2010 15:36:38 +0000 (17:36 +0200)]
pluto: Completely removed orphaned_holds.

10 years agoScheduler and processor have been moved to libstrongswan.
Tobias Brunner [Tue, 3 Aug 2010 16:57:30 +0000 (18:57 +0200)]
Scheduler and processor have been moved to libstrongswan.

Also reverts 0c21dc000d3cd5c82eb22c4481e6459978456364 as the dependency
to libcharon is no longer required.

10 years agopluto: Install IN policy of a shunt eroute with protocol.
Tobias Brunner [Tue, 10 Aug 2010 13:09:13 +0000 (15:09 +0200)]
pluto: Install IN policy of a shunt eroute with protocol.

10 years agopluto: Fixed byte-order of ports in traffic selectors.
Tobias Brunner [Tue, 3 Aug 2010 14:40:41 +0000 (16:40 +0200)]
pluto: Fixed byte-order of ports in traffic selectors.

10 years agotesting: Print output of 'make oldconfig' to STDOUT, besides logging it.
Tobias Brunner [Tue, 10 Aug 2010 13:06:41 +0000 (15:06 +0200)]
testing: Print output of 'make oldconfig' to STDOUT, besides logging it.

10 years agotesting: Only sleep after a host has actually been started.
Tobias Brunner [Tue, 3 Aug 2010 14:37:12 +0000 (16:37 +0200)]
testing: Only sleep after a host has actually been started.

10 years agotesting: Build strongSwan a bit faster using make -j.
Tobias Brunner [Tue, 3 Aug 2010 14:34:47 +0000 (16:34 +0200)]
testing: Build strongSwan a bit faster using make -j.

10 years agotesting: Force the UML Kernel to x86.
Tobias Brunner [Tue, 3 Aug 2010 14:33:55 +0000 (16:33 +0200)]
testing: Force the UML Kernel to x86.

10 years agotesting: Adding kernel-netlink to pluto.load statements.
Tobias Brunner [Tue, 3 Aug 2010 11:05:33 +0000 (13:05 +0200)]
testing: Adding kernel-netlink to pluto.load statements.

10 years agotesting: Added missing host alice to test.conf.
Tobias Brunner [Tue, 3 Aug 2010 11:30:16 +0000 (13:30 +0200)]
testing: Added missing host alice to test.conf.

10 years agoCharon specific strongswan.conf options generalized.
Tobias Brunner [Tue, 3 Aug 2010 10:23:14 +0000 (12:23 +0200)]
Charon specific strongswan.conf options generalized.

10 years agopluto: Listen for kernel events via libhydra's kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:58:47 +0000 (11:58 +0200)]
pluto: Listen for kernel events via libhydra's kernel interface.

10 years agopluto: Adapted kernel.c to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:53:40 +0000 (11:53 +0200)]
pluto: Adapted kernel.c to changed kernel interface.

10 years agoAdapted child_sa_t to changed kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:50:56 +0000 (11:50 +0200)]
Adapted child_sa_t to changed kernel interface.

10 years agoFixing installation of trap policies (SPI=0) in kernel interface.
Tobias Brunner [Tue, 3 Aug 2010 09:49:28 +0000 (11:49 +0200)]
Fixing installation of trap policies (SPI=0) in kernel interface.

10 years agopluto: Do not close all file descriptors on startup, just redirect stdin, stdout...
Tobias Brunner [Fri, 30 Jul 2010 10:16:24 +0000 (12:16 +0200)]
pluto: Do not close all file descriptors on startup, just redirect stdin, stdout and stderr to /dev/null.

Otherwise the pipe used to synchronize pluto->events with the main
thread would be closed.

10 years agopluto: Added a generic event queue.
Tobias Brunner [Fri, 30 Jul 2010 09:51:15 +0000 (11:51 +0200)]
pluto: Added a generic event queue.

This allows to easily execute arbitrary callbacks in the context of the pluto
main thread (e.g. in order to synchronize with threads from the thread-pool).

10 years agopluto: Fixed the reqid that is passed to the updown script.
Tobias Brunner [Thu, 29 Jul 2010 11:37:39 +0000 (13:37 +0200)]
pluto: Fixed the reqid that is passed to the updown script.

10 years agopluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 11:36:23 +0000 (13:36 +0200)]
pluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.

10 years agopluto: Removed unneeded get_proto_reqid.
Tobias Brunner [Thu, 29 Jul 2010 11:33:48 +0000 (13:33 +0200)]
pluto: Removed unneeded get_proto_reqid.

We will use the same reqid for all protocols, as in charon.

10 years agopluto: Added missing return_on in out_sa.
Tobias Brunner [Thu, 29 Jul 2010 10:24:18 +0000 (12:24 +0200)]
pluto: Added missing return_on in out_sa.

10 years agopluto: Use time_monotonic() instead of time() for use time calculation.
Tobias Brunner [Thu, 29 Jul 2010 10:19:48 +0000 (12:19 +0200)]
pluto: Use time_monotonic() instead of time() for use time calculation.

That's because get_sa_info now returns a monotonic timestamp.

10 years agopluto: Removed KLIPS specific code from was_eroute_idle.
Tobias Brunner [Thu, 29 Jul 2010 16:09:44 +0000 (18:09 +0200)]
pluto: Removed KLIPS specific code from was_eroute_idle.

10 years agopluto: Migrated get_sa_info to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 10:19:03 +0000 (12:19 +0200)]
pluto: Migrated get_sa_info to libhydra's kernel interface.

10 years agopluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 09:24:46 +0000 (11:24 +0200)]
pluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.

10 years agopluto: Adapted sag_eroute to the new signature of eroute_connection.
Tobias Brunner [Thu, 29 Jul 2010 09:01:30 +0000 (11:01 +0200)]
pluto: Adapted sag_eroute to the new signature of eroute_connection.

10 years agopluto: Migrated raw_eroute to libhydra's kernel interface.
Tobias Brunner [Thu, 29 Jul 2010 08:41:36 +0000 (10:41 +0200)]
pluto: Migrated raw_eroute to libhydra's kernel interface.

This introduces a new struct to pass the protocol information like spis.
Also adapted eroute_connection and the simple calls of raw_eroute to
the new signature.

10 years agopluto: Added a function to create a traffic_selector_t from an ip_subnet.
Tobias Brunner [Thu, 29 Jul 2010 08:46:45 +0000 (10:46 +0200)]
pluto: Added a function to create a traffic_selector_t from an ip_subnet.

10 years agopluto: Migrated update_ipsec_sa to libhydra's kernel interface.
Tobias Brunner [Tue, 27 Jul 2010 17:13:51 +0000 (19:13 +0200)]
pluto: Migrated update_ipsec_sa to libhydra's kernel interface.

10 years agopluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.
Tobias Brunner [Tue, 27 Jul 2010 16:05:38 +0000 (18:05 +0200)]
pluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.

10 years agopluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.
Tobias Brunner [Tue, 27 Jul 2010 16:01:40 +0000 (18:01 +0200)]
pluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.

10 years agoDo not overwrite the original mode when installing policies.
Tobias Brunner [Tue, 27 Jul 2010 15:38:03 +0000 (17:38 +0200)]
Do not overwrite the original mode when installing policies.

The mode is later used to decide if a route has to be installed.

10 years agopluto: Removed KLIPS specific algorithm detection.
Tobias Brunner [Mon, 26 Jul 2010 08:41:18 +0000 (10:41 +0200)]
pluto: Removed KLIPS specific algorithm detection.

10 years agopluto: Removed KLIPS specific bare shunt scanning.
Tobias Brunner [Tue, 20 Jul 2010 11:25:29 +0000 (13:25 +0200)]
pluto: Removed KLIPS specific bare shunt scanning.

10 years agoAdded support for different policy types in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 16:50:19 +0000 (18:50 +0200)]
Added support for different policy types in kernel_netlink plugin.

10 years agoAdded an option to specify the type of a policy to kernel_ipsec.add_policy.
Tobias Brunner [Mon, 19 Jul 2010 16:38:29 +0000 (18:38 +0200)]
Added an option to specify the type of a policy to kernel_ipsec.add_policy.

This will later allow us to support pluto's passthrough and drop
policies in charon.

10 years agopluto: Migrated get_my_cpi to libhydra's kernel interface.
Tobias Brunner [Mon, 19 Jul 2010 08:19:29 +0000 (10:19 +0200)]
pluto: Migrated get_my_cpi to libhydra's kernel interface.

10 years agopluto: Migrated get_ipsec_spi to libhydra's kernel interface.
Tobias Brunner [Thu, 15 Jul 2010 12:10:25 +0000 (14:10 +0200)]
pluto: Migrated get_ipsec_spi to libhydra's kernel interface.

10 years agoAdded support for combined IPComp/ESP/AH policies in kernel_netlink plugin.
Tobias Brunner [Mon, 19 Jul 2010 10:31:39 +0000 (12:31 +0200)]
Added support for combined IPComp/ESP/AH policies in kernel_netlink plugin.

10 years agoReplaced the protocol argument in add_policy with an optional SPI for an AH SA.
Tobias Brunner [Mon, 19 Jul 2010 09:25:47 +0000 (11:25 +0200)]
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.

10 years agoInitialize the thread pool in pluto.
Tobias Brunner [Tue, 13 Jul 2010 11:18:04 +0000 (13:18 +0200)]
Initialize the thread pool in pluto.

10 years agoRefer to scheduler and processor via lib and not hydra.
Tobias Brunner [Thu, 15 Jul 2010 12:49:41 +0000 (14:49 +0200)]
Refer to scheduler and processor via lib and not hydra.

10 years agoMoved scheduler and thread pool to libstrongswan.
Tobias Brunner [Thu, 15 Jul 2010 12:26:19 +0000 (14:26 +0200)]
Moved scheduler and thread pool to libstrongswan.

10 years agoMoved all kernel plugins to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 16:10:16 +0000 (18:10 +0200)]
Moved all kernel plugins to libhydra.

10 years agoMoved ipsec_transform_t to kernel_ipsec.h in libhydra.
Tobias Brunner [Mon, 12 Jul 2010 15:40:37 +0000 (17:40 +0200)]
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.

Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.

10 years agoRefer to kernel interface via hydra and not charon.
Tobias Brunner [Mon, 12 Jul 2010 09:14:54 +0000 (11:14 +0200)]
Refer to kernel interface via hydra and not charon.

10 years agoMoved kernel interface to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 08:57:46 +0000 (10:57 +0200)]
Moved kernel interface to libhydra.