strongswan.git
9 years agoBuild dedicated plugin lists for each strongSwan component
Martin Willi [Thu, 12 Aug 2010 12:37:45 +0000 (14:37 +0200)]
Build dedicated plugin lists for each strongSwan component

9 years agoUse a m4 helper macro to build plugin lists
Martin Willi [Thu, 12 Aug 2010 11:03:04 +0000 (13:03 +0200)]
Use a m4 helper macro to build plugin lists

9 years agoImplemented Smartcard support in NetworkManager frontend
Martin Willi [Wed, 11 Aug 2010 14:32:04 +0000 (16:32 +0200)]
Implemented Smartcard support in NetworkManager frontend

9 years agoImplemented public key encryption/private key decryption in PKCS#11
Martin Willi [Wed, 11 Aug 2010 10:12:37 +0000 (12:12 +0200)]
Implemented public key encryption/private key decryption in PKCS#11

9 years agoDiscard a packet that exceeds the receive buffer
Martin Willi [Wed, 11 Aug 2010 08:51:40 +0000 (10:51 +0200)]
Discard a packet that exceeds the receive buffer

9 years agoAdded a strongswan.conf option to change socket receive buffer size
Martin Willi [Wed, 11 Aug 2010 08:48:17 +0000 (10:48 +0200)]
Added a strongswan.conf option to change socket receive buffer size

9 years agoDouble check that the OpenSSL RNG has been seeded, do so otherwise
Martin Willi [Wed, 11 Aug 2010 08:11:57 +0000 (10:11 +0200)]
Double check that the OpenSSL RNG has been seeded, do so otherwise

9 years agoImplemented RSA en-/decryption in openssl plugin
Martin Willi [Wed, 11 Aug 2010 07:53:45 +0000 (09:53 +0200)]
Implemented RSA en-/decryption in openssl plugin

9 years agodifferentiate between TLS messages and EAP-[T]TLS packets in the debug output
Andreas Steffen [Tue, 10 Aug 2010 17:01:55 +0000 (19:01 +0200)]
differentiate between TLS messages and EAP-[T]TLS packets in the debug output

9 years agoParse important extendedKeyUsage flags in openssl plugin
Martin Willi [Tue, 10 Aug 2010 16:44:17 +0000 (18:44 +0200)]
Parse important extendedKeyUsage flags in openssl plugin

9 years agoParse UPN subjectAltName in openssl plugin
Martin Willi [Tue, 10 Aug 2010 15:43:48 +0000 (17:43 +0200)]
Parse UPN subjectAltName in openssl plugin

9 years agoParse UPN subjectAltNames in x509 plugin
Martin Willi [Tue, 10 Aug 2010 15:27:17 +0000 (17:27 +0200)]
Parse UPN subjectAltNames in x509 plugin

9 years agoAdded Microsoft OID for user principal name (UPN) subjectAltNames
Martin Willi [Tue, 10 Aug 2010 15:26:24 +0000 (17:26 +0200)]
Added Microsoft OID for user principal name (UPN) subjectAltNames

9 years agoAdded a stroke command to export cached x509 certificates to the console
Martin Willi [Tue, 10 Aug 2010 14:57:14 +0000 (16:57 +0200)]
Added a stroke command to export cached x509 certificates to the console

9 years agoUse bits instead of bytes for a private/public key
Martin Willi [Tue, 10 Aug 2010 13:56:10 +0000 (15:56 +0200)]
Use bits instead of bytes for a private/public key

9 years agoAdded support for different encryption schemes to private/public keys
Martin Willi [Tue, 10 Aug 2010 12:38:44 +0000 (14:38 +0200)]
Added support for different encryption schemes to private/public keys

9 years agoMigrated agent plugin to INIT/METHOD macros
Martin Willi [Tue, 10 Aug 2010 12:32:59 +0000 (14:32 +0200)]
Migrated agent plugin to INIT/METHOD macros

9 years agoMigrated remaining classes in openssl plugin to INIT/METHOD macros
Martin Willi [Tue, 10 Aug 2010 12:22:10 +0000 (14:22 +0200)]
Migrated remaining classes in openssl plugin to INIT/METHOD macros

9 years agoMigraded gcrypt plugin to INIT/METHOD macros
Martin Willi [Tue, 10 Aug 2010 11:52:13 +0000 (13:52 +0200)]
Migraded gcrypt plugin to INIT/METHOD macros

9 years agoMigrated gmp plugin to INIT/METHOD macros
Martin Willi [Tue, 10 Aug 2010 10:15:40 +0000 (12:15 +0200)]
Migrated gmp plugin to INIT/METHOD macros

9 years agoAdded support for early and late calls to Vstr wrappers.
Tobias Brunner [Tue, 10 Aug 2010 11:00:20 +0000 (13:00 +0200)]
Added support for early and late calls to Vstr wrappers.

That is, prevent a SIGSEGV if Vstr wrappers are called before printf_hook_t
is initialized and after it is destroyed.

9 years agoFixed settings lookup if the section/key contains dots, second try
Martin Willi [Thu, 29 Jul 2010 10:00:21 +0000 (12:00 +0200)]
Fixed settings lookup if the section/key contains dots, second try

9 years agolog final TLS acknowledgement packet
Andreas Steffen [Sun, 8 Aug 2010 17:14:53 +0000 (19:14 +0200)]
log final TLS acknowledgement packet

9 years agoadded level 2 debug info on sent TLS packets
Andreas Steffen [Sat, 7 Aug 2010 09:24:59 +0000 (11:24 +0200)]
added level 2 debug info on sent TLS packets

9 years agolog EAP-TTLS version
Andreas Steffen [Fri, 6 Aug 2010 20:39:11 +0000 (22:39 +0200)]
log EAP-TTLS version

9 years agofixed typo
Andreas Steffen [Fri, 6 Aug 2010 20:18:22 +0000 (22:18 +0200)]
fixed typo

9 years agoEAP-TLS and EAP-TTLS use different constant MSK PRF label
Andreas Steffen [Fri, 6 Aug 2010 15:33:46 +0000 (17:33 +0200)]
EAP-TLS and EAP-TTLS use different constant MSK PRF label

9 years agosupport server authentication only for EAP-TTLS
Andreas Steffen [Fri, 6 Aug 2010 14:24:56 +0000 (16:24 +0200)]
support server authentication only for EAP-TTLS

9 years agoadded eap_ttls plugin configuration
Andreas Steffen [Fri, 6 Aug 2010 05:45:03 +0000 (07:45 +0200)]
added eap_ttls plugin configuration

9 years agoProperly initialize libstrongswan in _copyright.
Tobias Brunner [Fri, 6 Aug 2010 17:28:28 +0000 (19:28 +0200)]
Properly initialize libstrongswan in _copyright.

This is required if libvstr is used.

9 years agoAdded missing Vstr wrappers for asprintf.
Tobias Brunner [Fri, 6 Aug 2010 17:27:10 +0000 (19:27 +0200)]
Added missing Vstr wrappers for asprintf.

9 years agoCreate a PKCS#11 session public key if we don't find one
Martin Willi [Fri, 6 Aug 2010 15:32:32 +0000 (17:32 +0200)]
Create a PKCS#11 session public key if we don't find one

9 years agoImplemented PKCS#11 RSA public key for keys found on a token
Martin Willi [Fri, 6 Aug 2010 15:02:41 +0000 (17:02 +0200)]
Implemented PKCS#11 RSA public key for keys found on a token

9 years agoExport scheme_to_mechanism conversion function
Martin Willi [Fri, 6 Aug 2010 15:02:01 +0000 (17:02 +0200)]
Export scheme_to_mechanism conversion function

9 years agoLoad certificate after enumeration
Martin Willi [Fri, 6 Aug 2010 15:00:23 +0000 (17:00 +0200)]
Load certificate after enumeration

9 years agofix error-type range in parsing of NOTIFY payloads
Jiri Bohac [Thu, 5 Aug 2010 15:13:38 +0000 (17:13 +0200)]
fix error-type range in parsing of NOTIFY payloads

9 years agoadded TTLS to EAP short names, too
Andreas Steffen [Fri, 6 Aug 2010 04:06:40 +0000 (06:06 +0200)]
added TTLS to EAP short names, too

9 years agoadded EAP_TTLS method
Andreas Steffen [Thu, 5 Aug 2010 19:01:39 +0000 (21:01 +0200)]
added EAP_TTLS method

9 years agoadded ikev2/rw-eap-tls-radius
Andreas Steffen [Thu, 5 Aug 2010 17:28:06 +0000 (19:28 +0200)]
added ikev2/rw-eap-tls-radius

9 years agoWhitespace cleanups
Martin Willi [Thu, 5 Aug 2010 11:58:49 +0000 (13:58 +0200)]
Whitespace cleanups

9 years agoUse certificate subject to get a public key of the TLS server
Martin Willi [Thu, 5 Aug 2010 11:13:04 +0000 (13:13 +0200)]
Use certificate subject to get a public key of the TLS server

9 years agono need for strongSwan VID since the EAP_ONLY notification has been officially regist...
Andreas Steffen [Thu, 5 Aug 2010 10:47:09 +0000 (12:47 +0200)]
no need for strongSwan VID since the EAP_ONLY notification has been officially registered with IANA

9 years agoSome Doxygen fixes.
Tobias Brunner [Thu, 5 Aug 2010 09:53:35 +0000 (11:53 +0200)]
Some Doxygen fixes.

9 years agoadded some more TLS debug output
Andreas Steffen [Thu, 5 Aug 2010 07:51:05 +0000 (09:51 +0200)]
added some more TLS debug output

9 years agofixed type in cipher suite list build
Andreas Steffen [Wed, 4 Aug 2010 23:26:10 +0000 (01:26 +0200)]
fixed type in cipher suite list build

9 years agolog selected TLS version and cipher suite
Andreas Steffen [Wed, 4 Aug 2010 23:21:59 +0000 (01:21 +0200)]
log selected TLS version and cipher suite

9 years agolog TLS handshake messages in debug level 2
Andreas Steffen [Wed, 4 Aug 2010 14:55:47 +0000 (16:55 +0200)]
log TLS handshake messages in debug level 2

9 years agoFixed loading of secrets with IDs.
Tobias Brunner [Wed, 4 Aug 2010 13:59:15 +0000 (15:59 +0200)]
Fixed loading of secrets with IDs.

Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.

9 years agoFixed loading of private keys without password.
Tobias Brunner [Wed, 4 Aug 2010 12:22:48 +0000 (14:22 +0200)]
Fixed loading of private keys without password.

The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.

9 years agoAccept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated...
Tobias Brunner [Wed, 4 Aug 2010 10:55:09 +0000 (12:55 +0200)]
Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated an ID.

9 years agogenerated aaa certificate
Andreas Steffen [Wed, 4 Aug 2010 10:44:32 +0000 (12:44 +0200)]
generated aaa certificate

9 years agoIKEv2 notification types updated.
Tobias Brunner [Wed, 4 Aug 2010 08:02:09 +0000 (10:02 +0200)]
IKEv2 notification types updated.

9 years agoReimplemented mem pool to support multiple leases for a single identity
Martin Willi [Tue, 27 Jul 2010 10:04:19 +0000 (12:04 +0200)]
Reimplemented mem pool to support multiple leases for a single identity

9 years agoSave/Load state of PKCS#11 hasher
Martin Willi [Tue, 20 Jul 2010 10:37:06 +0000 (12:37 +0200)]
Save/Load state of PKCS#11 hasher

9 years agoRegister hmac/xcbc algorithms after potentially underlying PKCS#11
Martin Willi [Tue, 20 Jul 2010 10:35:45 +0000 (12:35 +0200)]
Register hmac/xcbc algorithms after potentially underlying PKCS#11

9 years agoDo initial slot enumeration manually
Martin Willi [Tue, 20 Jul 2010 10:23:06 +0000 (12:23 +0200)]
Do initial slot enumeration manually

9 years agoImplemented hasher_t using PKCS#11
Martin Willi [Tue, 20 Jul 2010 09:01:39 +0000 (11:01 +0200)]
Implemented hasher_t using PKCS#11

9 years agoDefer certificate loading until all PKCS#11 modules are loaded
Martin Willi [Tue, 20 Jul 2010 08:59:21 +0000 (10:59 +0200)]
Defer certificate loading until all PKCS#11 modules are loaded

9 years agoDestroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
Martin Willi [Tue, 20 Jul 2010 08:58:17 +0000 (10:58 +0200)]
Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy

9 years agoProvide a public PKCS#11 mechanism enumerator
Martin Willi [Tue, 20 Jul 2010 07:16:05 +0000 (09:16 +0200)]
Provide a public PKCS#11 mechanism enumerator

9 years agoAdded PKCS#11 private key support to the pki tool
Martin Willi [Mon, 19 Jul 2010 15:36:17 +0000 (17:36 +0200)]
Added PKCS#11 private key support to the pki tool

9 years agoThe pki tool uses a callback credential set to read in passphrase/PIN
Martin Willi [Mon, 19 Jul 2010 15:35:42 +0000 (17:35 +0200)]
The pki tool uses a callback credential set to read in passphrase/PIN

9 years agoPass type of requested key in the callback credential set
Martin Willi [Mon, 19 Jul 2010 14:25:26 +0000 (16:25 +0200)]
Pass type of requested key in the callback credential set

9 years agoSupport PKCS#11 keys requiring reauthentication for each operation
Martin Willi [Mon, 19 Jul 2010 14:02:57 +0000 (16:02 +0200)]
Support PKCS#11 keys requiring reauthentication for each operation

9 years agoDo not try to log in if we already have a user session
Martin Willi [Mon, 19 Jul 2010 13:53:31 +0000 (15:53 +0200)]
Do not try to log in if we already have a user session

9 years agoObseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
Martin Willi [Mon, 19 Jul 2010 12:12:05 +0000 (14:12 +0200)]
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets

9 years agoUse a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete
Martin Willi [Mon, 19 Jul 2010 11:16:32 +0000 (13:16 +0200)]
Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete

9 years agoUse credential sets to load smartcard keys
Martin Willi [Mon, 19 Jul 2010 08:25:51 +0000 (10:25 +0200)]
Use credential sets to load smartcard keys

9 years agoHandle PIN: as a magic keyword for prompt, use getpass() to silently read credentials
Martin Willi [Mon, 19 Jul 2010 07:43:11 +0000 (09:43 +0200)]
Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials

9 years agoImplemented a callback based credential set, currently for shared keys only
Martin Willi [Fri, 16 Jul 2010 14:55:29 +0000 (16:55 +0200)]
Implemented a callback based credential set, currently for shared keys only

9 years agoImplemented a generic in-memory credential set, currently for shared keys only
Martin Willi [Fri, 16 Jul 2010 14:53:03 +0000 (16:53 +0200)]
Implemented a generic in-memory credential set, currently for shared keys only

9 years agommap() ipsec.secrets instead malloc(), proper error checking
Martin Willi [Fri, 16 Jul 2010 12:40:02 +0000 (14:40 +0200)]
mmap() ipsec.secrets instead malloc(), proper error checking

9 years agoSplitted up the load_secrets() function
Martin Willi [Fri, 16 Jul 2010 12:31:50 +0000 (14:31 +0200)]
Splitted up the load_secrets() function

9 years agoUpdated ipsec.secrets.5 regarding IKEv2 smartcard support
Martin Willi [Fri, 16 Jul 2010 10:18:20 +0000 (12:18 +0200)]
Updated ipsec.secrets.5 regarding IKEv2 smartcard support

9 years ago%prompt support for smartcard PIN via "ipsec secrets"
Martin Willi [Fri, 16 Jul 2010 10:17:21 +0000 (12:17 +0200)]
%prompt support for smartcard PIN via "ipsec secrets"

9 years agoImplemented callback PIN invocation for PKCS#11 login
Martin Willi [Fri, 16 Jul 2010 10:16:32 +0000 (12:16 +0200)]
Implemented callback PIN invocation for PKCS#11 login

9 years agoImplemented keyid discovery on all modules/slots
Martin Willi [Fri, 16 Jul 2010 09:17:06 +0000 (11:17 +0200)]
Implemented keyid discovery on all modules/slots

9 years agoPass the PKCS11 keyid as chunk, not as string
Martin Willi [Fri, 16 Jul 2010 08:48:29 +0000 (10:48 +0200)]
Pass the PKCS11 keyid as chunk, not as string

9 years agoReuse generic passphrase build part, not a dedicated PIN part
Martin Willi [Fri, 16 Jul 2010 08:12:22 +0000 (10:12 +0200)]
Reuse generic passphrase build part, not a dedicated PIN part

9 years agoImplemented private key on top of a PKCS#11 token
Martin Willi [Thu, 15 Jul 2010 15:54:26 +0000 (17:54 +0200)]
Implemented private key on top of a PKCS#11 token

9 years agoExtended the PKCS#11 object enumerator by attribute retrieval
Martin Willi [Thu, 15 Jul 2010 14:25:30 +0000 (16:25 +0200)]
Extended the PKCS#11 object enumerator by attribute retrieval

9 years agoUse the PKCS#11 object enumerator
Martin Willi [Thu, 15 Jul 2010 13:44:17 +0000 (15:44 +0200)]
Use the PKCS#11 object enumerator

9 years agoImplemented a generic PKCS#11 object enumerator
Martin Willi [Thu, 15 Jul 2010 13:43:30 +0000 (15:43 +0200)]
Implemented a generic PKCS#11 object enumerator

9 years agoUnload plugins in reverse order
Martin Willi [Thu, 15 Jul 2010 12:05:02 +0000 (14:05 +0200)]
Unload plugins in reverse order

9 years agoSupport module names in %smartcard specifier, streamlined smartcard building
Martin Willi [Thu, 15 Jul 2010 10:23:50 +0000 (12:23 +0200)]
Support module names in %smartcard specifier, streamlined smartcard building

9 years agoAdded enumerator for PKCS#11 tokens
Martin Willi [Thu, 15 Jul 2010 10:22:36 +0000 (12:22 +0200)]
Added enumerator for PKCS#11 tokens

9 years agoHandle NOT_SUPPORT return value from WaitForSlot
Martin Willi [Thu, 15 Jul 2010 08:10:14 +0000 (10:10 +0200)]
Handle NOT_SUPPORT return value from WaitForSlot

9 years agoReenabled dlclose
Martin Willi [Thu, 15 Jul 2010 06:26:46 +0000 (08:26 +0200)]
Reenabled dlclose

9 years agoImplemented a credential set on top of a PKCS#11 token
Martin Willi [Wed, 14 Jul 2010 15:44:27 +0000 (17:44 +0200)]
Implemented a credential set on top of a PKCS#11 token

9 years agoAdded NSPR PR_CallOnce to leak detective whitelist
Martin Willi [Wed, 14 Jul 2010 15:42:18 +0000 (17:42 +0200)]
Added NSPR PR_CallOnce to leak detective whitelist

9 years agoAdded buffer checking variants of syslog functions to leak detective
Martin Willi [Wed, 14 Jul 2010 15:40:06 +0000 (17:40 +0200)]
Added buffer checking variants of syslog functions to leak detective

9 years agoMoved gmp plugin before users of it
Martin Willi [Wed, 14 Jul 2010 15:34:48 +0000 (17:34 +0200)]
Moved gmp plugin before users of it

9 years agoAdded a token add/remove callback function to the manager
Martin Willi [Wed, 14 Jul 2010 13:09:12 +0000 (15:09 +0200)]
Added a token add/remove callback function to the manager

9 years agoEnumerate tokens and their mechanisms, wait for slot events
Martin Willi [Wed, 14 Jul 2010 12:44:08 +0000 (14:44 +0200)]
Enumerate tokens and their mechanisms, wait for slot events

9 years agoDepend on libcharon until we have a thread pool to use
Martin Willi [Wed, 14 Jul 2010 12:13:24 +0000 (14:13 +0200)]
Depend on libcharon until we have a thread pool to use

9 years agoAdd enum names for CK_MECHANISM_TYPE constants
Martin Willi [Wed, 14 Jul 2010 12:13:02 +0000 (14:13 +0200)]
Add enum names for CK_MECHANISM_TYPE constants

9 years agoMake the PKCS#11 padding string trimming public, add null terminator
Martin Willi [Wed, 14 Jul 2010 10:43:42 +0000 (12:43 +0200)]
Make the PKCS#11 padding string trimming public, add null terminator

9 years agoAdded a getter for the library alias
Martin Willi [Wed, 14 Jul 2010 10:32:40 +0000 (12:32 +0200)]
Added a getter for the library alias

9 years agoMoved PKCS#11 library loading to dedicated manager
Martin Willi [Wed, 14 Jul 2010 09:15:22 +0000 (11:15 +0200)]
Moved PKCS#11 library loading to dedicated manager

9 years agoUse locking, prefer our mutex abstraction layer
Martin Willi [Wed, 14 Jul 2010 08:39:28 +0000 (10:39 +0200)]
Use locking, prefer our mutex abstraction layer