strongswan.git
8 years agoUse quick mode task initiator flag instead of passing it as parameter
Martin Willi [Thu, 24 Nov 2011 09:33:43 +0000 (10:33 +0100)]
Use quick mode task initiator flag instead of passing it as parameter

8 years agoAdd quick mode ID payloads only if establishing a non-host2host tunnel
Martin Willi [Thu, 24 Nov 2011 09:28:49 +0000 (10:28 +0100)]
Add quick mode ID payloads only if establishing a non-host2host tunnel

8 years agoRefactored traffic selector handling in quick mode
Martin Willi [Thu, 24 Nov 2011 09:20:59 +0000 (10:20 +0100)]
Refactored traffic selector handling in quick mode

8 years agoRefactored NONCE payload handling in quick mode
Martin Willi [Thu, 24 Nov 2011 08:51:40 +0000 (09:51 +0100)]
Refactored NONCE payload handling in quick mode

8 years agoNo need to build a HASH payload in XAUTH task.
Tobias Brunner [Wed, 23 Nov 2011 15:08:40 +0000 (16:08 +0100)]
No need to build a HASH payload in XAUTH task.

It gets added automatically when the message is generated.

8 years agoCreate host-to-host traffic selectors if quick mode identities missing
Martin Willi [Wed, 23 Nov 2011 14:55:00 +0000 (15:55 +0100)]
Create host-to-host traffic selectors if quick mode identities missing

8 years agoRemoved redundant '=>' when logging binary data in parser and generator.
Tobias Brunner [Wed, 23 Nov 2011 14:30:41 +0000 (15:30 +0100)]
Removed redundant '=>' when logging binary data in parser and generator.

8 years agoFixed encryption of IKEv2 messages.
Tobias Brunner [Wed, 23 Nov 2011 14:23:20 +0000 (15:23 +0100)]
Fixed encryption of IKEv2 messages.

8 years agoPrint message payload names after prepending IKEv1 HASH payload
Martin Willi [Wed, 23 Nov 2011 13:41:07 +0000 (14:41 +0100)]
Print message payload names after prepending IKEv1 HASH payload

8 years agoFixed task_manager_v1 compiler warnings
Martin Willi [Wed, 23 Nov 2011 13:33:03 +0000 (14:33 +0100)]
Fixed task_manager_v1 compiler warnings

8 years agoGenerate a new mid only after we start a new task (and exchange)
Martin Willi [Wed, 23 Nov 2011 13:31:17 +0000 (14:31 +0100)]
Generate a new mid only after we start a new task (and exchange)

8 years agoDerive IKEv1 CHILD_SA keymat twice, once for each IPsec SA
Martin Willi [Wed, 23 Nov 2011 13:26:24 +0000 (14:26 +0100)]
Derive IKEv1 CHILD_SA keymat twice, once for each IPsec SA

8 years agoFix seed construction for IKEv1 key derivation
Martin Willi [Wed, 23 Nov 2011 13:05:19 +0000 (14:05 +0100)]
Fix seed construction for IKEv1 key derivation

8 years agoUse a dedicated message hash to detect IKEv1 retransmissions
Martin Willi [Wed, 23 Nov 2011 12:56:51 +0000 (13:56 +0100)]
Use a dedicated message hash to detect IKEv1 retransmissions

8 years agoInclude hardcoded tunnel mode attribute in porposal, remove ESN attribute
Martin Willi [Wed, 23 Nov 2011 12:56:21 +0000 (13:56 +0100)]
Include hardcoded tunnel mode attribute in porposal, remove ESN attribute

8 years agoAuthenticate and verify Phase 2 IKEv1 messages with appropriate hashes.
Tobias Brunner [Wed, 23 Nov 2011 12:17:46 +0000 (13:17 +0100)]
Authenticate and verify Phase 2 IKEv1 messages with appropriate hashes.

8 years agoFixed verification of DELETE_V1 payloads.
Tobias Brunner [Wed, 23 Nov 2011 11:35:58 +0000 (12:35 +0100)]
Fixed verification of DELETE_V1 payloads.

8 years agoFixed header length calculation of DELETE payload.
Tobias Brunner [Wed, 23 Nov 2011 11:35:10 +0000 (12:35 +0100)]
Fixed header length calculation of DELETE payload.

8 years agoFixed conftests after extending CERT payload.
Tobias Brunner [Wed, 23 Nov 2011 11:11:49 +0000 (12:11 +0100)]
Fixed conftests after extending CERT payload.

8 years agoFixed a config reference leak in IKEv2 initiate
Martin Willi [Wed, 23 Nov 2011 10:27:47 +0000 (11:27 +0100)]
Fixed a config reference leak in IKEv2 initiate

8 years agoXAUTH is initiated based on configuration, no need to call externally
Martin Willi [Wed, 23 Nov 2011 10:27:03 +0000 (11:27 +0100)]
XAUTH is initiated based on configuration, no need to call externally

8 years agoMerged IKEv1 attribute payload/data into configuration payload/attribute
Martin Willi [Wed, 23 Nov 2011 10:26:04 +0000 (11:26 +0100)]
Merged IKEv1 attribute payload/data into configuration payload/attribute

8 years agoTemp fix for compile error with XAUTH code.
Clavister OpenSource [Wed, 23 Nov 2011 09:15:52 +0000 (10:15 +0100)]
Temp fix for compile error with XAUTH code.

8 years agoIKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle XAUTH reques...
Clavister OpenSource [Wed, 23 Nov 2011 07:55:59 +0000 (08:55 +0100)]
IKEv1 XAUTH: Added ability to configure XAUTH+PSK.  Added task to handle XAUTH requests.  Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.

8 years agoUpdates ike_cert_post task with modifications needed for dealing with updated cert_pa...
Clavister OpenSource [Wed, 23 Nov 2011 07:40:18 +0000 (08:40 +0100)]
Updates ike_cert_post task with modifications needed for dealing with updated cert_payload class.

8 years agoIKEv1 ConfigMode: Added the payload handlers for attribute_payload and data_attribute...
Clavister OpenSource [Wed, 23 Nov 2011 07:36:22 +0000 (08:36 +0100)]
IKEv1 ConfigMode: Added the payload handlers for attribute_payload and data_attribute payload types.

8 years agoIKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2...
Clavister OpenSource [Wed, 23 Nov 2011 07:29:54 +0000 (08:29 +0100)]
IKEv1 ConfigMode: Added TRANSACTION exchange type.  Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types.  Did not combine with IKEv2 because it wasn't trivial to do so.  This might be a task worth investigating in the future, because there is a decent amount of shared code here.

8 years agoUpdated the CERT payload to work for both IKEv1 and IKEv2.
Clavister OpenSource [Wed, 23 Nov 2011 07:04:52 +0000 (08:04 +0100)]
Updated the CERT payload to work for both IKEv1 and IKEv2.

8 years agoParse proposal substructure with multiple IKEv1 transforms to multiple proposals
Martin Willi [Tue, 22 Nov 2011 16:04:07 +0000 (17:04 +0100)]
Parse proposal substructure with multiple IKEv1 transforms to multiple proposals

8 years agoEncode multiple IKEv1 proposals in a single transform substructure
Martin Willi [Tue, 22 Nov 2011 15:47:17 +0000 (16:47 +0100)]
Encode multiple IKEv1 proposals in a single transform substructure

8 years agoRemove public sa_payload.add_proposal() method
Martin Willi [Tue, 22 Nov 2011 15:28:44 +0000 (16:28 +0100)]
Remove public sa_payload.add_proposal() method

8 years agoOnly add the first algorithm of a kind to IKEv1 transforms
Martin Willi [Tue, 22 Nov 2011 15:16:19 +0000 (16:16 +0100)]
Only add the first algorithm of a kind to IKEv1 transforms

8 years agoInstall negotiated IKEv1 CHILD_SA negotiated in quick mode
Martin Willi [Tue, 22 Nov 2011 14:24:24 +0000 (15:24 +0100)]
Install negotiated IKEv1 CHILD_SA negotiated in quick mode

8 years agoImplemented IKEv1 keymat CHILD_SA key derivation function
Martin Willi [Tue, 22 Nov 2011 13:58:17 +0000 (14:58 +0100)]
Implemented IKEv1 keymat CHILD_SA key derivation function

8 years agoMoved keymat key length lookup functions to keymat.c
Martin Willi [Tue, 22 Nov 2011 13:54:50 +0000 (14:54 +0100)]
Moved keymat key length lookup functions to keymat.c

8 years agoExtended PRF+ by a non-counting variant as used by IKEv1
Martin Willi [Tue, 22 Nov 2011 13:38:43 +0000 (14:38 +0100)]
Extended PRF+ by a non-counting variant as used by IKEv1

8 years agoHardcode some SA lifetimes until we can configure them dynamically
Martin Willi [Tue, 22 Nov 2011 11:37:08 +0000 (12:37 +0100)]
Hardcode some SA lifetimes until we can configure them dynamically

8 years agoAdded missing comma after ME_CONNECT declaration.
Tobias Brunner [Tue, 22 Nov 2011 08:46:31 +0000 (09:46 +0100)]
Added missing comma after ME_CONNECT declaration.

8 years agoFixed creation of endpoint notifies.
Tobias Brunner [Tue, 22 Nov 2011 08:44:09 +0000 (09:44 +0100)]
Fixed creation of endpoint notifies.

8 years agoFixed diagram of IKEv1 encrypted "payload".
Tobias Brunner [Tue, 22 Nov 2011 08:41:58 +0000 (09:41 +0100)]
Fixed diagram of IKEv1 encrypted "payload".

8 years agoRefactored main mode NONCE/KE payload processing
Martin Willi [Tue, 22 Nov 2011 08:32:30 +0000 (09:32 +0100)]
Refactored main mode NONCE/KE payload processing

8 years agoRefactored main mode HASH payload processing
Martin Willi [Tue, 22 Nov 2011 08:14:57 +0000 (09:14 +0100)]
Refactored main mode HASH payload processing

8 years agoSkip any payloads in front of SA to extract initiators SA bytes
Martin Willi [Tue, 22 Nov 2011 07:56:01 +0000 (08:56 +0100)]
Skip any payloads in front of SA to extract initiators SA bytes

8 years agoImplemented quick mode protocol handling, no CHILD_SA or HASH payloads yet
Martin Willi [Mon, 21 Nov 2011 16:56:39 +0000 (17:56 +0100)]
Implemented quick mode protocol handling, no CHILD_SA or HASH payloads yet

8 years agoPartially implemented IKEv1 ESP proposal en-/decoding
Martin Willi [Mon, 21 Nov 2011 16:40:42 +0000 (17:40 +0100)]
Partially implemented IKEv1 ESP proposal en-/decoding

8 years agoAdd missing keymat cast to avoid compiler warning
Martin Willi [Mon, 21 Nov 2011 16:32:19 +0000 (17:32 +0100)]
Add missing keymat cast to avoid compiler warning

8 years agoDon't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA...
Martin Willi [Mon, 21 Nov 2011 16:18:43 +0000 (17:18 +0100)]
Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA constructor

8 years agoCreate and verify PSK HASH payloads in IKEv1 main mode
Martin Willi [Mon, 21 Nov 2011 16:16:39 +0000 (17:16 +0100)]
Create and verify PSK HASH payloads in IKEv1 main mode

8 years agoAdded keymat_v1_t.get_hash() to calculate authentication hashes
Martin Willi [Mon, 21 Nov 2011 15:41:48 +0000 (16:41 +0100)]
Added keymat_v1_t.get_hash() to calculate authentication hashes

8 years agoRegister HASH_V1 in payload factory
Martin Willi [Mon, 21 Nov 2011 15:41:16 +0000 (16:41 +0100)]
Register HASH_V1 in payload factory

8 years agoDerive IKE keys as IKEv1 initiator, too
Martin Willi [Mon, 21 Nov 2011 13:36:05 +0000 (14:36 +0100)]
Derive IKE keys as IKEv1 initiator, too

8 years agoFix payload length of id_payload created from a traffic selector
Martin Willi [Mon, 21 Nov 2011 12:43:48 +0000 (13:43 +0100)]
Fix payload length of id_payload created from a traffic selector

8 years agoString for ENCRYPTED_DATA fixed.
Tobias Brunner [Mon, 21 Nov 2011 14:18:40 +0000 (15:18 +0100)]
String for ENCRYPTED_DATA fixed.

8 years agoStrings for ENCRYPTED_V1 payload added.
Tobias Brunner [Mon, 21 Nov 2011 14:16:51 +0000 (15:16 +0100)]
Strings for ENCRYPTED_V1 payload added.

8 years agoSet flags on message according to IKE version when parsing header.
Tobias Brunner [Mon, 21 Nov 2011 12:26:27 +0000 (13:26 +0100)]
Set flags on message according to IKE version when parsing header.

8 years agoEncrypt IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 12:24:17 +0000 (13:24 +0100)]
Encrypt IKEv1 messages.

8 years agoDecrypt IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 12:19:19 +0000 (13:19 +0100)]
Decrypt IKEv1 messages.

8 years agoAdded IV generation to keymat_v1_t.
Tobias Brunner [Mon, 21 Nov 2011 12:11:16 +0000 (13:11 +0100)]
Added IV generation to keymat_v1_t.

8 years agoUse modified encryption payload to encrypt/decrypt complete IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 10:53:23 +0000 (11:53 +0100)]
Use modified encryption payload to encrypt/decrypt complete IKEv1 messages.

8 years agoUse key derivation in IKEv1 main mode (PSK authentication).
Tobias Brunner [Mon, 21 Nov 2011 10:46:18 +0000 (11:46 +0100)]
Use key derivation in IKEv1 main mode (PSK authentication).

8 years agoAdded a simple AEAD wrapper for IKEv1 encryption/decryption.
Tobias Brunner [Mon, 21 Nov 2011 10:43:43 +0000 (11:43 +0100)]
Added a simple AEAD wrapper for IKEv1 encryption/decryption.

8 years agoAdded IKEv1 key derivation with support for AUTH_CLASS_PSK.
Tobias Brunner [Mon, 21 Nov 2011 10:41:37 +0000 (11:41 +0100)]
Added IKEv1 key derivation with support for AUTH_CLASS_PSK.

8 years agoUpdate cached hosts on ike_sa_t when processing IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 10:24:38 +0000 (11:24 +0100)]
Update cached hosts on ike_sa_t when processing IKEv1 messages.

8 years agoProvide keymat_t to message_t to encrypt/decrypt data.
Tobias Brunner [Mon, 21 Nov 2011 10:18:08 +0000 (11:18 +0100)]
Provide keymat_t to message_t to encrypt/decrypt data.

8 years agoAvoid compiler warnings due to extended enums.
Tobias Brunner [Mon, 21 Nov 2011 10:05:43 +0000 (11:05 +0100)]
Avoid compiler warnings due to extended enums.

8 years agoMoved version specific keymat functions to specific interfaces.
Tobias Brunner [Fri, 18 Nov 2011 09:56:48 +0000 (10:56 +0100)]
Moved version specific keymat functions to specific interfaces.

8 years agoAdded a generic TASK_ prefix to all task types
Martin Willi [Mon, 21 Nov 2011 11:18:24 +0000 (12:18 +0100)]
Added a generic TASK_ prefix to all task types

8 years agoInitiate and respond to quick mode task (stub)
Martin Willi [Mon, 21 Nov 2011 10:56:58 +0000 (11:56 +0100)]
Initiate and respond to quick mode task (stub)

8 years agoPrint message ID as unsigned integer
Martin Willi [Mon, 21 Nov 2011 10:54:29 +0000 (11:54 +0100)]
Print message ID as unsigned integer

8 years agoAdded message encoding rules for quick mode
Martin Willi [Mon, 21 Nov 2011 10:51:16 +0000 (11:51 +0100)]
Added message encoding rules for quick mode

8 years agoFixed reference counting bugs in main mode
Martin Willi [Mon, 21 Nov 2011 10:42:53 +0000 (11:42 +0100)]
Fixed reference counting bugs in main mode

8 years agoImplemented basic message id handling for IKEv1
Martin Willi [Mon, 21 Nov 2011 10:21:21 +0000 (11:21 +0100)]
Implemented basic message id handling for IKEv1

8 years agoAdded a quick mode task stub
Martin Willi [Mon, 21 Nov 2011 10:20:34 +0000 (11:20 +0100)]
Added a quick mode task stub

8 years agoFixed length calculation of delete payload
Martin Willi [Mon, 21 Nov 2011 09:22:50 +0000 (10:22 +0100)]
Fixed length calculation of delete payload

8 years agoUpdate header length after each parsed rule, as it might change when parsing SPI...
Martin Willi [Mon, 21 Nov 2011 09:10:48 +0000 (10:10 +0100)]
Update header length after each parsed rule, as it might change when parsing SPI size

8 years agoFix rule selection in transform substructure
Martin Willi [Mon, 21 Nov 2011 09:10:29 +0000 (10:10 +0100)]
Fix rule selection in transform substructure

8 years agoFixed proposal numbering check in sa_payload
Martin Willi [Mon, 21 Nov 2011 08:10:50 +0000 (09:10 +0100)]
Fixed proposal numbering check in sa_payload

8 years agoDon't clone chunk in message.get_packet_data
Martin Willi [Fri, 18 Nov 2011 16:49:53 +0000 (17:49 +0100)]
Don't clone chunk in message.get_packet_data

8 years agoVerify IKEv1 nonce size, send 32 byte nonces
Martin Willi [Fri, 18 Nov 2011 16:14:36 +0000 (17:14 +0100)]
Verify IKEv1 nonce size, send 32 byte nonces

8 years agoPartially implemented third main mode exchange (identities)
Martin Willi [Fri, 18 Nov 2011 15:12:15 +0000 (16:12 +0100)]
Partially implemented third main mode exchange (identities)

8 years agoAdded IKEv1 ID payload <-> traffic selector conversion functions
Martin Willi [Fri, 18 Nov 2011 13:31:13 +0000 (14:31 +0100)]
Added IKEv1 ID payload <-> traffic selector conversion functions

8 years agots.get_subnet() returns TRUE if the selector actually is a subnet
Martin Willi [Fri, 18 Nov 2011 13:30:15 +0000 (14:30 +0100)]
ts.get_subnet() returns TRUE if the selector actually is a subnet

8 years agoImplemented first two exchanges of Main Mode as initiator
Martin Willi [Fri, 18 Nov 2011 09:56:02 +0000 (10:56 +0100)]
Implemented first two exchanges of Main Mode as initiator

8 years agoAdded enum name for MAIN_MODE task
Martin Willi [Fri, 18 Nov 2011 09:55:23 +0000 (10:55 +0100)]
Added enum name for MAIN_MODE task

8 years agoDo not ignore configs for IKEv1 in charon anymore
Martin Willi [Fri, 18 Nov 2011 09:08:18 +0000 (10:08 +0100)]
Do not ignore configs for IKEv1 in charon anymore

8 years agoAdded missing task manager factory declaration
Martin Willi [Fri, 18 Nov 2011 08:50:22 +0000 (09:50 +0100)]
Added missing task manager factory declaration

8 years agoRe-enable static inclusion of PSK auth method into IKEv1 proposal
Martin Willi [Fri, 18 Nov 2011 08:16:54 +0000 (09:16 +0100)]
Re-enable static inclusion of PSK auth method into IKEv1 proposal

8 years agoAdded IKEv1 support to delete payload
Martin Willi [Thu, 17 Nov 2011 17:14:51 +0000 (18:14 +0100)]
Added IKEv1 support to delete payload

8 years agoAdded IKEv1 support to notify payload
Martin Willi [Thu, 17 Nov 2011 17:01:41 +0000 (18:01 +0100)]
Added IKEv1 support to notify payload

8 years agoMemory leak fixed.
Tobias Brunner [Thu, 17 Nov 2011 16:06:14 +0000 (17:06 +0100)]
Memory leak fixed.

8 years agoAdded factory function to create task_manager_t implementations.
Tobias Brunner [Thu, 17 Nov 2011 15:54:25 +0000 (16:54 +0100)]
Added factory function to create task_manager_t implementations.

8 years agoAdded factory function to create keymat_t implementations.
Tobias Brunner [Thu, 17 Nov 2011 15:45:14 +0000 (16:45 +0100)]
Added factory function to create keymat_t implementations.

8 years agoStore IKE version of an SA on ike_sa_t.
Tobias Brunner [Thu, 17 Nov 2011 15:26:52 +0000 (16:26 +0100)]
Store IKE version of an SA on ike_sa_t.

8 years agoAdded stub for IKEv1 keymat_t implementation.
Tobias Brunner [Thu, 17 Nov 2011 15:22:34 +0000 (16:22 +0100)]
Added stub for IKEv1 keymat_t implementation.

8 years agoUse keymat_t as common interface, renamed current implementation to _v2.
Tobias Brunner [Thu, 17 Nov 2011 15:19:47 +0000 (16:19 +0100)]
Use keymat_t as common interface, renamed current implementation to _v2.

8 years agoUse a generic list encoding rule we can use to specify the wrapped payload type
Martin Willi [Thu, 17 Nov 2011 14:44:42 +0000 (15:44 +0100)]
Use a generic list encoding rule we can use to specify the wrapped payload type

8 years agoUse a generic encoding type for all variable length chunks
Martin Willi [Thu, 17 Nov 2011 14:20:16 +0000 (14:20 +0000)]
Use a generic encoding type for all variable length chunks

8 years agoImplemented IKEv1 hash payload
Martin Willi [Thu, 17 Nov 2011 14:00:04 +0000 (15:00 +0100)]
Implemented IKEv1 hash payload

8 years agoExtended ID payload for (non-TS) IKEv1 use
Martin Willi [Thu, 17 Nov 2011 13:46:02 +0000 (13:46 +0000)]
Extended ID payload for (non-TS) IKEv1 use

8 years agoImplement second exchange in IKEv1 main mode
Martin Willi [Thu, 17 Nov 2011 12:47:08 +0000 (13:47 +0100)]
Implement second exchange in IKEv1 main mode