strongswan.git
8 years agoSelect IKEv1 configurations by main/aggressive mode option
Martin Willi [Mon, 9 Jan 2012 16:33:15 +0000 (16:33 +0000)]
Select IKEv1 configurations by main/aggressive mode option

8 years agoAdded an aggressive mode peer_cfg option
Martin Willi [Mon, 9 Jan 2012 16:32:41 +0000 (16:32 +0000)]
Added an aggressive mode peer_cfg option

8 years agoFix sending of CERTREQ/CERT payloads in aggressive mode
Martin Willi [Mon, 9 Jan 2012 16:10:48 +0000 (17:10 +0100)]
Fix sending of CERTREQ/CERT payloads in aggressive mode

8 years agoEncrypt payloads of third aggressive mode message
Martin Willi [Mon, 9 Jan 2012 16:10:18 +0000 (17:10 +0100)]
Encrypt payloads of third aggressive mode message

8 years agoImplemented aggressive mode using Phase 1 helper class
Martin Willi [Mon, 9 Jan 2012 16:09:38 +0000 (17:09 +0100)]
Implemented aggressive mode using Phase 1 helper class

8 years agoMake use of the new Phase 1 helper class in main mode
Martin Willi [Mon, 9 Jan 2012 16:05:16 +0000 (17:05 +0100)]
Make use of the new Phase 1 helper class in main mode

8 years agoImplemented a common Phase 1 helper class to use by main and aggressive modes
Martin Willi [Mon, 9 Jan 2012 16:04:41 +0000 (17:04 +0100)]
Implemented a common Phase 1 helper class to use by main and aggressive modes

8 years agoFix error handling if no PSK found for main mode
Martin Willi [Mon, 9 Jan 2012 12:41:35 +0000 (13:41 +0100)]
Fix error handling if no PSK found for main mode

8 years agoInstall quick mode CHILD_SAs with negotiated encapsulation mode
Martin Willi [Thu, 5 Jan 2012 14:02:40 +0000 (15:02 +0100)]
Install quick mode CHILD_SAs with negotiated encapsulation mode

8 years agoSupport IKEv1 proposal encodings having both lifebytes and a lifetime
Martin Willi [Wed, 4 Jan 2012 13:43:15 +0000 (14:43 +0100)]
Support IKEv1 proposal encodings having both lifebytes and a lifetime

8 years agoTry to detect reauthentication as responder and adopt children to new SA
Martin Willi [Wed, 4 Jan 2012 16:51:22 +0000 (17:51 +0100)]
Try to detect reauthentication as responder and adopt children to new SA

8 years agoDestroy IKE_SA after reauthentication initiatend and lifetime limit reached
Martin Willi [Wed, 4 Jan 2012 16:50:19 +0000 (17:50 +0100)]
Destroy IKE_SA after reauthentication initiatend and lifetime limit reached

8 years agoAdded an IKE_SA manager method to enumerate IKE_SA IDs filtered by identities
Martin Willi [Tue, 3 Jan 2012 15:23:37 +0000 (16:23 +0100)]
Added an IKE_SA manager method to enumerate IKE_SA IDs filtered by identities

8 years agoQuery for XAuth identity in get_other_eap_id(), too
Martin Willi [Wed, 4 Jan 2012 16:32:41 +0000 (17:32 +0100)]
Query for XAuth identity in get_other_eap_id(), too

8 years agoSet ISAKMP SA state to rekeying after triggering reauthentication
Martin Willi [Tue, 3 Jan 2012 13:47:44 +0000 (14:47 +0100)]
Set ISAKMP SA state to rekeying after triggering reauthentication

8 years agoInclude peer config overtime in negotiated ISAKMP SA lifetime
Martin Willi [Tue, 3 Jan 2012 12:33:18 +0000 (13:33 +0100)]
Include peer config overtime in negotiated ISAKMP SA lifetime

8 years agoInitiate IKEv1 reauthentication, take over all children
Martin Willi [Tue, 3 Jan 2012 11:00:12 +0000 (12:00 +0100)]
Initiate IKEv1 reauthentication, take over all children

8 years agoEstablish IKE_SA only once as XAuth responder
Martin Willi [Tue, 3 Jan 2012 10:59:21 +0000 (11:59 +0100)]
Establish IKE_SA only once as XAuth responder

8 years agoSupport initiation of childless IKEv1 ISAKMP SAs
Martin Willi [Tue, 3 Jan 2012 10:58:40 +0000 (11:58 +0100)]
Support initiation of childless IKEv1 ISAKMP SAs

8 years agoDon't trigger reauthentication if initiator authenticated using XAuth
Martin Willi [Tue, 3 Jan 2012 10:28:45 +0000 (11:28 +0100)]
Don't trigger reauthentication if initiator authenticated using XAuth

8 years agoSet a condition flag if peer has been authenticated using XAuth
Martin Willi [Tue, 3 Jan 2012 10:27:41 +0000 (11:27 +0100)]
Set a condition flag if peer has been authenticated using XAuth

8 years agoQueue Mode Config tasks after main mode as initiator, not as responder
Martin Willi [Tue, 3 Jan 2012 10:57:35 +0000 (11:57 +0100)]
Queue Mode Config tasks after main mode as initiator, not as responder

8 years agoSetting Mode Cfg identifier for CFG_ACK messages.
Clavister OpenSource [Wed, 28 Dec 2011 23:06:12 +0000 (00:06 +0100)]
Setting Mode Cfg identifier for CFG_ACK messages.

8 years agoAdd functions to set mode cfg identifier
Clavister OpenSource [Wed, 28 Dec 2011 23:05:04 +0000 (00:05 +0100)]
Add functions to set mode cfg identifier

8 years agoTry all matching XAuth secrets we find, not only the first one
Martin Willi [Mon, 2 Jan 2012 15:38:47 +0000 (16:38 +0100)]
Try all matching XAuth secrets we find, not only the first one

8 years agoFixed create_shared_enumerator method description
Martin Willi [Mon, 2 Jan 2012 15:38:30 +0000 (16:38 +0100)]
Fixed create_shared_enumerator method description

8 years agoAs responder, try to reuse the reqid of the CHILD_SA the initiator is rekeying
Martin Willi [Mon, 2 Jan 2012 15:36:39 +0000 (16:36 +0100)]
As responder, try to reuse the reqid of the CHILD_SA the initiator is rekeying

8 years agoReply quick mode with the same SA lifetime that we received
Martin Willi [Mon, 2 Jan 2012 14:49:20 +0000 (15:49 +0100)]
Reply quick mode with the same SA lifetime that we received

8 years agoDo not query CHILD_SA during delete if they already expired
Martin Willi [Mon, 2 Jan 2012 14:40:31 +0000 (15:40 +0100)]
Do not query CHILD_SA during delete if they already expired

8 years agoBe less verbose when deleting SAs triggered by a hard expire
Martin Willi [Mon, 2 Jan 2012 14:39:16 +0000 (15:39 +0100)]
Be less verbose when deleting SAs triggered by a hard expire

8 years agoImplemented CHILD_SA rekeying
Martin Willi [Mon, 2 Jan 2012 13:27:10 +0000 (14:27 +0100)]
Implemented CHILD_SA rekeying

8 years agoDon't return FAILED if a CHILD_SA to delete could not be found
Martin Willi [Mon, 2 Jan 2012 13:26:32 +0000 (14:26 +0100)]
Don't return FAILED if a CHILD_SA to delete could not be found

8 years agoSupport installing of quick mode SAs with a specific reqid
Martin Willi [Mon, 2 Jan 2012 12:36:10 +0000 (13:36 +0100)]
Support installing of quick mode SAs with a specific reqid

8 years agoDouble check that we could select a TS as quick mode responder
Martin Willi [Thu, 22 Dec 2011 12:26:38 +0000 (13:26 +0100)]
Double check that we could select a TS as quick mode responder

8 years agoImplemented responder retransmission, currently enabled for quick mode only
Martin Willi [Wed, 21 Dec 2011 16:08:08 +0000 (17:08 +0100)]
Implemented responder retransmission, currently enabled for quick mode only

8 years agoQueue IKEv1 INFORMATIONALS with higher priority to process notifies first
Martin Willi [Wed, 21 Dec 2011 14:02:02 +0000 (15:02 +0100)]
Queue IKEv1 INFORMATIONALS with higher priority to process notifies first

8 years agoAccept IKEv1 INVALID_KE_INFORMATION notifies without data
Martin Willi [Wed, 21 Dec 2011 14:01:29 +0000 (15:01 +0100)]
Accept IKEv1 INVALID_KE_INFORMATION notifies without data

8 years agoDon't process notifies in quick mode task when we get an INFORMATIONAL
Martin Willi [Wed, 21 Dec 2011 13:39:05 +0000 (14:39 +0100)]
Don't process notifies in quick mode task when we get an INFORMATIONAL

8 years agoAlways queue a new passive task when receiving an IKEv1 INFORMATIONAL
Martin Willi [Wed, 21 Dec 2011 13:38:36 +0000 (14:38 +0100)]
Always queue a new passive task when receiving an IKEv1 INFORMATIONAL

8 years agoIKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added.
Tobias Brunner [Wed, 21 Dec 2011 12:46:47 +0000 (13:46 +0100)]
IKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added.

8 years agoFixed leak of a hash when checking out by hash
Martin Willi [Wed, 21 Dec 2011 12:55:30 +0000 (13:55 +0100)]
Fixed leak of a hash when checking out by hash

8 years agoGive a hint that decryption failed if payload length invalid
Martin Willi [Wed, 21 Dec 2011 12:54:40 +0000 (13:54 +0100)]
Give a hint that decryption failed if payload length invalid

8 years agoCast keymat safely, not based on external input
Martin Willi [Wed, 21 Dec 2011 11:39:21 +0000 (12:39 +0100)]
Cast keymat safely, not based on external input

8 years agoAdded a keymat_t version to cast it safely
Martin Willi [Wed, 21 Dec 2011 11:13:43 +0000 (12:13 +0100)]
Added a keymat_t version to cast it safely

8 years agoHandle initiation of not supported IKE versions properly
Martin Willi [Wed, 21 Dec 2011 11:05:34 +0000 (12:05 +0100)]
Handle initiation of not supported IKE versions properly

8 years agoSend a delete for every CHILD_SA before deleting IKE_SA
Martin Willi [Wed, 21 Dec 2011 09:53:05 +0000 (10:53 +0100)]
Send a delete for every CHILD_SA before deleting IKE_SA

8 years agoSet used auth_class in PSKv1 authenticator to comply to constraints
Martin Willi [Tue, 20 Dec 2011 18:20:51 +0000 (19:20 +0100)]
Set used auth_class in PSKv1 authenticator to comply to constraints

8 years agoFixed scheduling of IKEv2 init tasks in a second keyingtry
Martin Willi [Tue, 20 Dec 2011 18:08:29 +0000 (19:08 +0100)]
Fixed scheduling of IKEv2 init tasks in a second keyingtry

8 years agoDon't requeue IKEv1 init tasks if they already exist in a second keyingtry
Martin Willi [Tue, 20 Dec 2011 18:03:12 +0000 (19:03 +0100)]
Don't requeue IKEv1 init tasks if they already exist in a second keyingtry

8 years agoUse IPSEC DOI also for ISAKMP SA deletes.
Tobias Brunner [Tue, 20 Dec 2011 17:49:49 +0000 (18:49 +0100)]
Use IPSEC DOI also for ISAKMP SA deletes.

8 years agoImplemented resetting of IKEv1 task manager, enabling additional keyingtries
Martin Willi [Tue, 20 Dec 2011 17:02:01 +0000 (18:02 +0100)]
Implemented resetting of IKEv1 task manager, enabling additional keyingtries

8 years agoFixed migration of NATD task
Martin Willi [Tue, 20 Dec 2011 17:01:25 +0000 (18:01 +0100)]
Fixed migration of NATD task

8 years agoImplemented migration of quick mode task
Martin Willi [Tue, 20 Dec 2011 17:01:12 +0000 (18:01 +0100)]
Implemented migration of quick mode task

8 years agoImplemented migration of XAuth task
Martin Willi [Tue, 20 Dec 2011 17:00:57 +0000 (18:00 +0100)]
Implemented migration of XAuth task

8 years agoImplemented migration of certificate handling tasks
Martin Willi [Tue, 20 Dec 2011 17:00:03 +0000 (18:00 +0100)]
Implemented migration of certificate handling tasks

8 years agoImplemented migration of Main Mode task
Martin Willi [Tue, 20 Dec 2011 16:59:45 +0000 (17:59 +0100)]
Implemented migration of Main Mode task

8 years agoCheck message version before processing it on an IKE_SA
Martin Willi [Tue, 20 Dec 2011 15:23:12 +0000 (16:23 +0100)]
Check message version before processing it on an IKE_SA

8 years agoFix ike_version_t enum names
Martin Willi [Tue, 20 Dec 2011 15:22:56 +0000 (16:22 +0100)]
Fix ike_version_t enum names

8 years agoAccept NULL as keymat when generating a message
Martin Willi [Tue, 20 Dec 2011 15:07:00 +0000 (16:07 +0100)]
Accept NULL as keymat when generating a message

8 years agoSend correct INVALID_MAJOR_VERSION when receiving packet with unsupported protocol
Martin Willi [Tue, 20 Dec 2011 12:19:52 +0000 (13:19 +0100)]
Send correct INVALID_MAJOR_VERSION when receiving packet with unsupported protocol

8 years agoDrop IKEv1 main/aggressive modes if peer to aggressive
Martin Willi [Tue, 20 Dec 2011 12:24:43 +0000 (13:24 +0100)]
Drop IKEv1 main/aggressive modes if peer to aggressive

8 years agoAdded description for the xauth-eap plugin
Martin Willi [Tue, 20 Dec 2011 10:25:25 +0000 (11:25 +0100)]
Added description for the xauth-eap plugin

8 years agoCheck if a config has been selected before narrowing selectors in quick mode
Martin Willi [Tue, 20 Dec 2011 10:15:15 +0000 (11:15 +0100)]
Check if a config has been selected before narrowing selectors in quick mode

8 years agoAdded an XAuth plugin that forwards authentication to EAP methods
Martin Willi [Mon, 19 Dec 2011 19:21:02 +0000 (20:21 +0100)]
Added an XAuth plugin that forwards authentication to EAP methods

8 years agoAdded a flag to register local credential sets exclusively, disabling all others
Martin Willi [Mon, 19 Dec 2011 19:22:18 +0000 (20:22 +0100)]
Added a flag to register local credential sets exclusively, disabling all others

8 years agoAdded missing XAuth plugin feature enum names
Martin Willi [Mon, 19 Dec 2011 17:55:41 +0000 (18:55 +0100)]
Added missing XAuth plugin feature enum names

8 years agoAdded a TODO for creating IKE_SAs with unsupported protocol version
Martin Willi [Mon, 19 Dec 2011 14:50:31 +0000 (15:50 +0100)]
Added a TODO for creating IKE_SAs with unsupported protocol version

8 years agoDon't accept IKEv2 packets if IKEv2 disabled
Martin Willi [Mon, 19 Dec 2011 14:45:03 +0000 (15:45 +0100)]
Don't accept IKEv2 packets if IKEv2 disabled

8 years agoDon't include ikev1/ikev2 subfolders in build when using --disable-ikev1/ikev2
Martin Willi [Mon, 19 Dec 2011 14:28:55 +0000 (15:28 +0100)]
Don't include ikev1/ikev2 subfolders in build when using --disable-ikev1/ikev2

8 years agoMoved eap/xauth classes out of protocol specific subdirectories
Martin Willi [Mon, 19 Dec 2011 14:22:50 +0000 (15:22 +0100)]
Moved eap/xauth classes out of protocol specific subdirectories

8 years agoRemoved obsolete task header inclusion in IKE_SA
Martin Willi [Mon, 19 Dec 2011 14:20:36 +0000 (15:20 +0100)]
Removed obsolete task header inclusion in IKE_SA

8 years agoMoved MOBIKE task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 14:04:28 +0000 (15:04 +0100)]
Moved MOBIKE task creation to protocol specific task manager

8 years agoCheck in task manager if we have to requeue IKE tasks in a non-first keyingtry
Martin Willi [Mon, 19 Dec 2011 13:46:56 +0000 (14:46 +0100)]
Check in task manager if we have to requeue IKE tasks in a non-first keyingtry

8 years agoMoved IKE_SA reauth task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:39:05 +0000 (14:39 +0100)]
Moved IKE_SA reauth task creation to protocol specific task manager

8 years agoMoved IKE_SA rekey task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:35:14 +0000 (14:35 +0100)]
Moved IKE_SA rekey task creation to protocol specific task manager

8 years agoMoved IKE_SA delete task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:29:57 +0000 (14:29 +0100)]
Moved IKE_SA delete task creation to protocol specific task manager

8 years agoMoved CHILD_SA delete task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:25:14 +0000 (14:25 +0100)]
Moved CHILD_SA delete task creation to protocol specific task manager

8 years agoMoved CHILD_SA rekey task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:20:33 +0000 (14:20 +0100)]
Moved CHILD_SA rekey task creation to protocol specific task manager

8 years agoMoved CHILD_SA initiate task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:15:21 +0000 (14:15 +0100)]
Moved CHILD_SA initiate task creation to protocol specific task manager

8 years agoMoved IKE_SA initiate task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:15:02 +0000 (14:15 +0100)]
Moved IKE_SA initiate task creation to protocol specific task manager

8 years agoMoved liveness checking task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 12:49:09 +0000 (13:49 +0100)]
Moved liveness checking task creation to protocol specific task manager

8 years agoFactories honor charon IKEv1/IKEv2 protocol support flags
Martin Willi [Mon, 19 Dec 2011 12:32:41 +0000 (13:32 +0100)]
Factories honor charon IKEv1/IKEv2 protocol support flags

8 years agoAdded a --disable-ikev2 option to disable IKEv2 support in charon
Martin Willi [Mon, 19 Dec 2011 12:13:45 +0000 (13:13 +0100)]
Added a --disable-ikev2 option to disable IKEv2 support in charon

8 years agoSeparated libcharon/sa directory with ikev1 and ikev2 subfolders
Martin Willi [Mon, 19 Dec 2011 12:10:29 +0000 (13:10 +0100)]
Separated libcharon/sa directory with ikev1 and ikev2 subfolders

8 years agoRenamed ike_vendor_v1 to isakmp_vendor
Martin Willi [Mon, 19 Dec 2011 10:28:54 +0000 (11:28 +0100)]
Renamed ike_vendor_v1 to isakmp_vendor

8 years agoRenamed ike_natd_v1 to isakmp_natd
Martin Willi [Mon, 19 Dec 2011 10:24:03 +0000 (11:24 +0100)]
Renamed ike_natd_v1 to isakmp_natd

8 years agoRenamed ike_cert_pre_v1 to isakmp_cert_pre
Martin Willi [Mon, 19 Dec 2011 10:17:31 +0000 (11:17 +0100)]
Renamed ike_cert_pre_v1 to isakmp_cert_pre

8 years agoRenamed ike_cert_post_v1 to isakmp_cert_post
Martin Willi [Mon, 19 Dec 2011 10:12:27 +0000 (11:12 +0100)]
Renamed ike_cert_post_v1 to isakmp_cert_post

8 years agoFixed fix for XAuth plugin feature matching
Martin Willi [Mon, 19 Dec 2011 10:33:06 +0000 (11:33 +0100)]
Fixed fix for XAuth plugin feature matching

8 years agoDoxygen fixes
Martin Willi [Mon, 19 Dec 2011 09:27:40 +0000 (10:27 +0100)]
Doxygen fixes

8 years agoRemoved obsolete XAuth job
Martin Willi [Mon, 19 Dec 2011 09:22:47 +0000 (10:22 +0100)]
Removed obsolete XAuth job

8 years agoAlways use a transform number of 1 when encoding a single transform
Martin Willi [Mon, 19 Dec 2011 09:12:52 +0000 (10:12 +0100)]
Always use a transform number of 1 when encoding a single transform

8 years agoAnother set of cleanups in message.c
Martin Willi [Mon, 19 Dec 2011 09:12:33 +0000 (10:12 +0100)]
Another set of cleanups in message.c

8 years agoFix XAuth plugin feature matching
Martin Willi [Mon, 19 Dec 2011 09:10:57 +0000 (10:10 +0100)]
Fix XAuth plugin feature matching

8 years agoInitiate IKE_ANY configurations with IKEv2
Martin Willi [Sat, 17 Dec 2011 13:26:04 +0000 (14:26 +0100)]
Initiate IKE_ANY configurations with IKEv2

8 years agoPass IKE version to peer config enumerator, filter configs
Martin Willi [Sat, 17 Dec 2011 12:31:27 +0000 (13:31 +0100)]
Pass IKE version to peer config enumerator, filter configs

8 years agoSupport an "any" IKE version for both IKEv1 or IKEv2
Martin Willi [Sat, 17 Dec 2011 11:48:14 +0000 (12:48 +0100)]
Support an "any" IKE version for both IKEv1 or IKEv2

8 years agoSome coding style cleanups
Martin Willi [Sat, 17 Dec 2011 11:47:44 +0000 (12:47 +0100)]
Some coding style cleanups

8 years agoFixed notify enum names
Martin Willi [Sat, 17 Dec 2011 11:19:30 +0000 (12:19 +0100)]
Fixed notify enum names

8 years agoAdded support for iKEIntermediate flag to ipsec pki.
Tobias Brunner [Thu, 15 Dec 2011 15:56:07 +0000 (16:56 +0100)]
Added support for iKEIntermediate flag to ipsec pki.