strongswan.git
8 years agoAdded a bunch of well known IKEv1 vendor IDs to database
Martin Willi [Tue, 13 Dec 2011 13:39:24 +0000 (14:39 +0100)]
Added a bunch of well known IKEv1 vendor IDs to database

8 years agoUse a generic IKEv1 vendor ID database to send and receive vendor IDs
Martin Willi [Tue, 13 Dec 2011 13:26:31 +0000 (14:26 +0100)]
Use a generic IKEv1 vendor ID database to send and receive vendor IDs

8 years agoFixed compiler warning (set but unused variable)
Martin Willi [Tue, 13 Dec 2011 12:42:41 +0000 (13:42 +0100)]
Fixed compiler warning (set but unused variable)

8 years agoQueue a TRANSACTION message for later processing if Main Mode not yet completed
Martin Willi [Tue, 13 Dec 2011 11:17:35 +0000 (12:17 +0100)]
Queue a TRANSACTION message for later processing if Main Mode not yet completed

8 years agoFixed leak of shared keys in xauth-generic plugin
Martin Willi [Tue, 13 Dec 2011 10:39:54 +0000 (11:39 +0100)]
Fixed leak of shared keys in xauth-generic plugin

8 years agoFree list after removing the last local credential set, fixes a leak report
Martin Willi [Tue, 13 Dec 2011 10:37:02 +0000 (11:37 +0100)]
Free list after removing the last local credential set, fixes a leak report

8 years agoFixed SPI size calculation in DELETE payload
Martin Willi [Tue, 13 Dec 2011 10:30:35 +0000 (11:30 +0100)]
Fixed SPI size calculation in DELETE payload

8 years agoReset task manager state when build() completes an exchange (quick mode)
Martin Willi [Tue, 13 Dec 2011 10:19:08 +0000 (11:19 +0100)]
Reset task manager state when build() completes an exchange (quick mode)

8 years agoInclude COOKIES in IKEv1 delete payloads
Martin Willi [Tue, 13 Dec 2011 10:10:48 +0000 (11:10 +0100)]
Include COOKIES in IKEv1 delete payloads

8 years agoSupport IKEv1 SPIs in IKEv1 delete payload
Martin Willi [Tue, 13 Dec 2011 10:08:53 +0000 (11:08 +0100)]
Support IKEv1 SPIs in IKEv1 delete payload

8 years agoFixed missing shared_key initialization in main_mode task.
Tobias Brunner [Tue, 13 Dec 2011 09:39:36 +0000 (10:39 +0100)]
Fixed missing shared_key initialization in main_mode task.

8 years agoUse version specific DELETE payload identifier in ike_delete task
Martin Willi [Tue, 13 Dec 2011 09:36:42 +0000 (10:36 +0100)]
Use version specific DELETE payload identifier in ike_delete task

8 years agoActivate DELETE tasks when queued
Martin Willi [Tue, 13 Dec 2011 09:36:02 +0000 (10:36 +0100)]
Activate DELETE tasks when queued

8 years agoFix IKEv1 DELETE subtask creation and processing
Martin Willi [Tue, 13 Dec 2011 09:35:18 +0000 (10:35 +0100)]
Fix IKEv1 DELETE subtask creation and processing

8 years agoHandle DELETE as responder as INFORMATIONAL subtask
Martin Willi [Tue, 13 Dec 2011 09:22:49 +0000 (10:22 +0100)]
Handle DELETE as responder as INFORMATIONAL subtask

8 years agoClose SA immediately after sending an INFORMATIONAL error
Martin Willi [Tue, 13 Dec 2011 08:55:37 +0000 (09:55 +0100)]
Close SA immediately after sending an INFORMATIONAL error

8 years agoMoved responder informational handling to task
Martin Willi [Tue, 13 Dec 2011 08:50:31 +0000 (09:50 +0100)]
Moved responder informational handling to task

8 years agoRemove unused status type
Martin Willi [Tue, 13 Dec 2011 08:42:16 +0000 (09:42 +0100)]
Remove unused status type

8 years agoCheck if IKEv1 exchange type matches before handling it as response
Martin Willi [Tue, 13 Dec 2011 08:40:26 +0000 (09:40 +0100)]
Check if IKEv1 exchange type matches before handling it as response

8 years agoUse informational task in quick mode to send notifies
Martin Willi [Mon, 12 Dec 2011 17:13:10 +0000 (18:13 +0100)]
Use informational task in quick mode to send notifies

8 years agoCleaned up notification sending in IKEv1 task manager
Martin Willi [Mon, 12 Dec 2011 14:45:45 +0000 (15:45 +0100)]
Cleaned up notification sending in IKEv1 task manager

8 years agoUse informational taks to send notify errors
Martin Willi [Mon, 12 Dec 2011 14:44:58 +0000 (15:44 +0100)]
Use informational taks to send notify errors

8 years agoAdded a task stub to create and process IKEv1 informational exchanges
Martin Willi [Mon, 12 Dec 2011 14:38:20 +0000 (15:38 +0100)]
Added a task stub to create and process IKEv1 informational exchanges

8 years agoAllow IKEv1 tasks to return ALREADY_DONE to flush all active or passive tasks
Martin Willi [Mon, 12 Dec 2011 14:16:15 +0000 (15:16 +0100)]
Allow IKEv1 tasks to return ALREADY_DONE to flush all active or passive tasks

8 years agoSupport flushing of single tasks queues in IKEv1 task manager
Martin Willi [Mon, 12 Dec 2011 17:01:21 +0000 (18:01 +0100)]
Support flushing of single tasks queues in IKEv1 task manager

8 years agoDouble check if we have a packet before retransmitting it
Martin Willi [Mon, 12 Dec 2011 14:43:12 +0000 (15:43 +0100)]
Double check if we have a packet before retransmitting it

8 years agoFixed memory leak when handling IKEv1 error notifications.
Tobias Brunner [Mon, 12 Dec 2011 17:37:49 +0000 (18:37 +0100)]
Fixed memory leak when handling IKEv1 error notifications.

8 years agoDestroy IKE_SA after failed XAuth authentication.
Tobias Brunner [Mon, 12 Dec 2011 17:38:32 +0000 (18:38 +0100)]
Destroy IKE_SA after failed XAuth authentication.

8 years agoAdded generic XAuth backend, using secrets provided by credential sets.
Tobias Brunner [Mon, 12 Dec 2011 17:26:26 +0000 (18:26 +0100)]
Added generic XAuth backend, using secrets provided by credential sets.

8 years agoRemoved xauth-null dummy plugin.
Tobias Brunner [Mon, 12 Dec 2011 13:25:15 +0000 (14:25 +0100)]
Removed xauth-null dummy plugin.

8 years agoAdded possibility to send notifications from the Quick Mode task
Clavister OpenSource [Mon, 12 Dec 2011 14:54:27 +0000 (15:54 +0100)]
Added possibility to send notifications from the Quick Mode task

8 years agoSetting Protocol ID of notifys sent from task manager to ISAKMP
Clavister OpenSource [Mon, 12 Dec 2011 13:35:34 +0000 (14:35 +0100)]
Setting Protocol ID of notifys sent from task manager to ISAKMP

8 years agoIf no IKEv1 shared key found for hosts, try to find one based on config identities
Martin Willi [Mon, 12 Dec 2011 11:33:31 +0000 (12:33 +0100)]
If no IKEv1 shared key found for hosts, try to find one based on config identities

8 years agoLog peer cfg enumeration externally for flexibility
Martin Willi [Mon, 12 Dec 2011 11:30:47 +0000 (12:30 +0100)]
Log peer cfg enumeration externally for flexibility

8 years agoAccept NULL identities passed to peer config enumeration
Martin Willi [Mon, 12 Dec 2011 11:17:13 +0000 (12:17 +0100)]
Accept NULL identities passed to peer config enumeration

8 years agoFixed authentication method selection for main mode PSK authentication
Martin Willi [Mon, 12 Dec 2011 10:28:24 +0000 (11:28 +0100)]
Fixed authentication method selection for main mode PSK authentication

8 years agoUse virtual IP to substitute dynamic traffic selectors in quick mode
Martin Willi [Fri, 9 Dec 2011 15:19:54 +0000 (16:19 +0100)]
Use virtual IP to substitute dynamic traffic selectors in quick mode

8 years agoQueue Mode Config tasks when required
Martin Willi [Fri, 9 Dec 2011 15:19:37 +0000 (16:19 +0100)]
Queue Mode Config tasks when required

8 years agoAdded IKEv1 Mode Config task based on IKEv2 ike_config
Martin Willi [Fri, 9 Dec 2011 15:18:22 +0000 (16:18 +0100)]
Added IKEv1 Mode Config task based on IKEv2 ike_config

8 years agoAdded missing XAuth auth_class enum name
Martin Willi [Fri, 9 Dec 2011 14:22:30 +0000 (15:22 +0100)]
Added missing XAuth auth_class enum name

8 years agoReject quick modes if IKE_SA not yet established
Martin Willi [Fri, 9 Dec 2011 14:18:23 +0000 (15:18 +0100)]
Reject quick modes if IKE_SA not yet established

8 years agoUse a common function to set IKE_SA to established
Martin Willi [Fri, 9 Dec 2011 14:10:38 +0000 (15:10 +0100)]
Use a common function to set IKE_SA to established

8 years agoBe less verbose if plugin dependecy not satisfied
Martin Willi [Wed, 7 Dec 2011 12:40:38 +0000 (13:40 +0100)]
Be less verbose if plugin dependecy not satisfied

8 years agoDon't complain when receiving XAuth or Unity configuration attributes
Martin Willi [Fri, 9 Dec 2011 13:57:51 +0000 (14:57 +0100)]
Don't complain when receiving XAuth or Unity configuration attributes

8 years agoInterpret attribute format correctly in IKEv1 configuration format
Martin Willi [Fri, 9 Dec 2011 13:54:23 +0000 (14:54 +0100)]
Interpret attribute format correctly in IKEv1 configuration format

8 years agoImplemented responder part of XAUTH task
Martin Willi [Thu, 8 Dec 2011 17:30:47 +0000 (18:30 +0100)]
Implemented responder part of XAUTH task

8 years agoImplemented initiator part of xauth task
Martin Willi [Thu, 8 Dec 2011 17:08:54 +0000 (18:08 +0100)]
Implemented initiator part of xauth task

8 years agoAsk for a username/password in xauth-null as XAUTH initiator
Martin Willi [Thu, 8 Dec 2011 17:08:13 +0000 (18:08 +0100)]
Ask for a username/password in xauth-null as XAUTH initiator

8 years agoGet first XAuth backend if none configured
Martin Willi [Thu, 8 Dec 2011 16:19:10 +0000 (17:19 +0100)]
Get first XAuth backend if none configured

8 years agoAccept a xauth backend name appended to left/rightauth
Martin Willi [Thu, 8 Dec 2011 15:57:38 +0000 (16:57 +0100)]
Accept a xauth backend name appended to left/rightauth

8 years agoAdded auth_cfg option to select XAUTH backend to use
Martin Willi [Thu, 8 Dec 2011 15:53:27 +0000 (16:53 +0100)]
Added auth_cfg option to select XAUTH backend to use

8 years agoRemove unused task swap_initiator method
Martin Willi [Thu, 8 Dec 2011 15:53:01 +0000 (16:53 +0100)]
Remove unused task swap_initiator method

8 years agoUse a string to identify xauth backends, no need for integer types
Martin Willi [Thu, 8 Dec 2011 15:42:11 +0000 (16:42 +0100)]
Use a string to identify xauth backends, no need for integer types

8 years agoRemove xauth_authenticator, we handle it in the task
Martin Willi [Thu, 8 Dec 2011 15:38:28 +0000 (15:38 +0000)]
Remove xauth_authenticator, we handle it in the task

8 years agoUse a second authentication config to configure XAUTH authentication
Martin Willi [Thu, 8 Dec 2011 15:20:46 +0000 (16:20 +0100)]
Use a second authentication config to configure XAUTH authentication

8 years agoReplace xauth_request task with a new stub where we reimplement it
Martin Willi [Thu, 8 Dec 2011 15:19:54 +0000 (16:19 +0100)]
Replace xauth_request task with a new stub where we reimplement it

8 years agoAdded missing auth_method_t enum names
Martin Willi [Thu, 8 Dec 2011 14:56:01 +0000 (15:56 +0100)]
Added missing auth_method_t enum names

8 years agoDefined hybrid IKEv1 authentication methods
Martin Willi [Thu, 8 Dec 2011 14:55:43 +0000 (15:55 +0100)]
Defined hybrid IKEv1 authentication methods

8 years agoSome notification errors added to main_mode process_r
Clavister OpenSource [Fri, 9 Dec 2011 15:05:17 +0000 (16:05 +0100)]
Some notification errors added to main_mode process_r

8 years agoEncrypt INFORMATIONAL exchange if needed
Clavister OpenSource [Fri, 9 Dec 2011 15:04:12 +0000 (16:04 +0100)]
Encrypt INFORMATIONAL exchange if needed

8 years agoAdded possibility to send notification if task_manager->process fails
Clavister OpenSource [Fri, 9 Dec 2011 15:03:37 +0000 (16:03 +0100)]
Added possibility to send notification if task_manager->process fails

8 years agoAdded status code to status_t
Clavister OpenSource [Fri, 9 Dec 2011 14:49:07 +0000 (15:49 +0100)]
Added status code to status_t

New status_t enum to allow packets to be sent to peer in task_manager->process

8 years agoadded functions for getting/setting ISAKMP SPI to notify payload
Clavister OpenSource [Fri, 9 Dec 2011 14:43:36 +0000 (15:43 +0100)]
added functions for getting/setting ISAKMP SPI to notify payload

8 years agoHandling of initial contact
Clavister OpenSource [Fri, 9 Dec 2011 10:41:26 +0000 (11:41 +0100)]
Handling of initial contact

8 years agoAdded retransmissions for initiator.
Clavister OpenSource [Thu, 8 Dec 2011 12:47:16 +0000 (13:47 +0100)]
Added retransmissions for initiator.

8 years agoCleaned up quick mode notify processing
Martin Willi [Wed, 7 Dec 2011 16:51:35 +0000 (17:51 +0100)]
Cleaned up quick mode notify processing

8 years agoAdd support for KE payloads in IKEv1 quick mode (PFS)
Martin Willi [Wed, 7 Dec 2011 16:43:58 +0000 (17:43 +0100)]
Add support for KE payloads in IKEv1 quick mode (PFS)

8 years agoEn- and decode DH group attribute in quick mode SA payloads
Martin Willi [Wed, 7 Dec 2011 16:41:16 +0000 (17:41 +0100)]
En- and decode DH group attribute in quick mode SA payloads

8 years agoUse authenticators in IKEv1 main mode
Martin Willi [Wed, 7 Dec 2011 14:10:05 +0000 (14:10 +0000)]
Use authenticators in IKEv1 main mode

8 years agoAdded a factory function for IKEv1 authenticators
Martin Willi [Wed, 7 Dec 2011 14:09:34 +0000 (14:09 +0000)]
Added a factory function for IKEv1 authenticators

8 years agoImplemented IKEv1 pubkey SIG payload processing in an authenticator
Martin Willi [Wed, 7 Dec 2011 14:08:06 +0000 (14:08 +0000)]
Implemented IKEv1 pubkey SIG payload processing in an authenticator

8 years agoImplemented IKEv1 PSK HASH payload processing in separated authenticator
Martin Willi [Wed, 7 Dec 2011 13:52:02 +0000 (14:52 +0100)]
Implemented IKEv1 PSK HASH payload processing in separated authenticator

8 years agoHandle incoming delete messages
Clavister OpenSource [Wed, 7 Dec 2011 12:30:53 +0000 (13:30 +0100)]
Handle incoming delete messages

8 years agouse untoh64 instead of non-portable be64toh
Andreas Steffen [Tue, 6 Dec 2011 14:15:40 +0000 (15:15 +0100)]
use untoh64 instead of non-portable be64toh

8 years agoImplemented post-authentication certificate handling for IKEv1
Martin Willi [Tue, 6 Dec 2011 12:38:27 +0000 (13:38 +0100)]
Implemented post-authentication certificate handling for IKEv1

8 years agoCleanup CERT payload constructors
Martin Willi [Tue, 6 Dec 2011 12:37:57 +0000 (13:37 +0100)]
Cleanup CERT payload constructors

8 years agoImplemented pre-authentication certificate handling for IKEv1
Martin Willi [Tue, 6 Dec 2011 11:14:48 +0000 (12:14 +0100)]
Implemented pre-authentication certificate handling for IKEv1

8 years agoAdded task types for IKEv1 certificate handling
Martin Willi [Tue, 6 Dec 2011 10:44:17 +0000 (11:44 +0100)]
Added task types for IKEv1 certificate handling

8 years agoCleaned up certreq payload for IKEv2/IKEv1 use
Martin Willi [Tue, 6 Dec 2011 09:56:39 +0000 (10:56 +0100)]
Cleaned up certreq payload for IKEv2/IKEv1 use

8 years agoReverted ike_cert tasks to IKEv2 only, we use dedicated IKEv1 tasks
Martin Willi [Tue, 6 Dec 2011 09:55:15 +0000 (10:55 +0100)]
Reverted ike_cert tasks to IKEv2 only, we use dedicated IKEv1 tasks

8 years agoInstall SAs with UDP encapsulation during Quick Mode.
Tobias Brunner [Tue, 6 Dec 2011 09:33:10 +0000 (10:33 +0100)]
Install SAs with UDP encapsulation during Quick Mode.

8 years agoFix support for plain RSA authentication in IKEv1, both as initiator and responder
Martin Willi [Mon, 5 Dec 2011 16:24:17 +0000 (17:24 +0100)]
Fix support for plain RSA authentication in IKEv1, both as initiator and responder

8 years agoFix referencing of multiple CERTREQ payload with IKEv1, other cleanups
Martin Willi [Mon, 5 Dec 2011 16:07:48 +0000 (17:07 +0100)]
Fix referencing of multiple CERTREQ payload with IKEv1, other cleanups

8 years agoEncode a single IP traffic selector as ID_IPV?_ADDRESS identity
Martin Willi [Mon, 5 Dec 2011 15:20:56 +0000 (16:20 +0100)]
Encode a single IP traffic selector as ID_IPV?_ADDRESS identity

8 years agoAdded missing break;s when converting ID_IP_ADDRESS types to ts, extracted function
Martin Willi [Mon, 5 Dec 2011 15:14:52 +0000 (16:14 +0100)]
Added missing break;s when converting ID_IP_ADDRESS types to ts, extracted function

8 years agoDon't use unportable htobe64 macro directly
Martin Willi [Mon, 5 Dec 2011 14:45:01 +0000 (15:45 +0100)]
Don't use unportable htobe64 macro directly

8 years agoImplement htoun/untoh64 with potentially faster htobe64/be64toh macros, if available
Martin Willi [Mon, 5 Dec 2011 14:44:51 +0000 (15:44 +0100)]
Implement htoun/untoh64 with potentially faster htobe64/be64toh macros, if available

8 years agofixed copy-and-paste error
Andreas Steffen [Sun, 4 Dec 2011 11:53:47 +0000 (12:53 +0100)]
fixed copy-and-paste error

8 years agoextended bio_reader and bio_writer to handle u_int64_t
Andreas Steffen [Wed, 26 Oct 2011 22:37:24 +0000 (00:37 +0200)]
extended bio_reader and bio_writer to handle u_int64_t

8 years agoXAUTH additions for certificates.
Clavister OpenSource [Mon, 5 Dec 2011 13:27:53 +0000 (14:27 +0100)]
XAUTH additions for certificates.

8 years agosignature payload handling.
Clavister OpenSource [Mon, 5 Dec 2011 13:22:11 +0000 (14:22 +0100)]
signature payload handling.

8 years agocertificate tasks added to passive list for responder
Clavister OpenSource [Mon, 5 Dec 2011 13:17:17 +0000 (14:17 +0100)]
certificate tasks added to passive list for responder

8 years agocertificate handling for XAuth responder.
Clavister OpenSource [Mon, 5 Dec 2011 13:11:48 +0000 (14:11 +0100)]
certificate handling for XAuth responder.

8 years agokeymat: derive_ike_keys updated with XAUTH RSA:s
Clavister OpenSource [Mon, 5 Dec 2011 12:54:54 +0000 (13:54 +0100)]
keymat: derive_ike_keys updated with XAUTH RSA:s

8 years agoSetting transform number in esp proposal.
Clavister OpenSource [Mon, 5 Dec 2011 12:44:22 +0000 (13:44 +0100)]
Setting transform number in esp proposal.

iPhone (racoon) fails quick mode when transform number is 0

8 years agoID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_ts
Clavister OpenSource [Mon, 5 Dec 2011 11:48:14 +0000 (12:48 +0100)]
ID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_ts

8 years agoversion bump to 5.0.0dr1
Andreas Steffen [Sat, 3 Dec 2011 14:12:14 +0000 (15:12 +0100)]
version bump to 5.0.0dr1

8 years agoIKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messag...
Clavister OpenSource [Fri, 2 Dec 2011 15:22:42 +0000 (16:22 +0100)]
IKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messages in the 3rd message in quick_mode.

8 years agoIKEv1 XAuth: Added changes to Makefile.am to compile the xauth_null plugin.
Clavister OpenSource [Fri, 2 Dec 2011 14:39:09 +0000 (15:39 +0100)]
IKEv1 XAuth: Added changes to Makefile.am to compile the xauth_null plugin.

8 years agoDon't stop processing tasks if one returns SUCCESS.
Tobias Brunner [Fri, 2 Dec 2011 07:38:43 +0000 (08:38 +0100)]
Don't stop processing tasks if one returns SUCCESS.

Only send a response if at least one of the tasks requires it.