strongswan.git
8 years agoAdded simple adapter for trusted certificates (to be used with a Spinner widget)
Tobias Brunner [Tue, 7 Aug 2012 15:07:44 +0000 (17:07 +0200)]
Added simple adapter for trusted certificates (to be used with a Spinner widget)

8 years agoKeep a global reference to the CharonVpnService object in charonservice
Tobias Brunner [Tue, 7 Aug 2012 13:51:00 +0000 (15:51 +0200)]
Keep a global reference to the CharonVpnService object in charonservice

8 years agoAdd signal handler for fatal signals to libandroidbridge
Tobias Brunner [Tue, 7 Aug 2012 13:30:49 +0000 (15:30 +0200)]
Add signal handler for fatal signals to libandroidbridge

8 years agoSet default log level in libandroidbridge
Tobias Brunner [Tue, 7 Aug 2012 13:25:06 +0000 (15:25 +0200)]
Set default log level in libandroidbridge

8 years agoRenamed main Activity (shorter name in Launcher)
Tobias Brunner [Tue, 7 Aug 2012 13:17:45 +0000 (15:17 +0200)]
Renamed main Activity (shorter name in Launcher)

8 years agoMainActivity starts CharonVpnService if a VpnProfile is clicked in the list
Tobias Brunner [Tue, 7 Aug 2012 12:11:27 +0000 (14:11 +0200)]
MainActivity starts CharonVpnService if a VpnProfile is clicked in the list

This is done by implementing the OnVpnProfileSelectedListener interface
provided by VpnProfileListFragment.

8 years agoMenu option added to reload cached CA certificates
Tobias Brunner [Tue, 7 Aug 2012 12:02:38 +0000 (14:02 +0200)]
Menu option added to reload cached CA certificates

This might be required if the user installs a new CA certificate.

8 years agoShow progress bar in ActionBar while loading cached CA certificates
Tobias Brunner [Tue, 7 Aug 2012 12:00:16 +0000 (14:00 +0200)]
Show progress bar in ActionBar while loading cached CA certificates

8 years agoHelper function added to handle Java exceptions in native code
Tobias Brunner [Tue, 7 Aug 2012 11:40:47 +0000 (13:40 +0200)]
Helper function added to handle Java exceptions in native code

8 years agoDon't attach to actual Java threads (or already attached ones)
Tobias Brunner [Tue, 7 Aug 2012 11:34:44 +0000 (13:34 +0200)]
Don't attach to actual Java threads (or already attached ones)

We check this by trying to retrieve a JNIEnv object from the JVM,
if one is returned the current thread is not native (created from Java)
or the thread is already attached.

8 years agoInitially load CA certificates when the main Activity is created
Tobias Brunner [Wed, 18 Jul 2012 11:43:34 +0000 (13:43 +0200)]
Initially load CA certificates when the main Activity is created

8 years agoTrusted CA certificates are loaded and cached by a static singleton
Tobias Brunner [Wed, 18 Jul 2012 11:40:29 +0000 (13:40 +0200)]
Trusted CA certificates are loaded and cached by a static singleton

8 years agoRemove restriction to portrait orientation
Tobias Brunner [Tue, 17 Jul 2012 18:03:40 +0000 (20:03 +0200)]
Remove restriction to portrait orientation

8 years agoUse Holo as theme
Tobias Brunner [Tue, 17 Jul 2012 18:03:23 +0000 (20:03 +0200)]
Use Holo as theme

8 years agoMake click events on the profile list available to the Activity
Tobias Brunner [Tue, 17 Jul 2012 17:57:51 +0000 (19:57 +0200)]
Make click events on the profile list available to the Activity

If the Activity this fragment is placed in implements the provided interface
it is notified about clicks on any of the profiles.

8 years agoUse a contextual action bar to edit and delete selected VPN profiles
Tobias Brunner [Tue, 17 Jul 2012 17:49:42 +0000 (19:49 +0200)]
Use a contextual action bar to edit and delete selected VPN profiles

8 years agoProvide a menu with options to save VPN profiles
Tobias Brunner [Tue, 17 Jul 2012 17:45:23 +0000 (19:45 +0200)]
Provide a menu with options to save VPN profiles

The ID of the updated/inserted profile is sent back to the activity that
started the detail view.

8 years agoThe list fragment uses a menu to provide an option to add new VPN profiles
Tobias Brunner [Tue, 17 Jul 2012 17:40:03 +0000 (19:40 +0200)]
The list fragment uses a menu to provide an option to add new VPN profiles

8 years agoAdded an activity to edit basic VPN profile details
Tobias Brunner [Tue, 17 Jul 2012 17:23:21 +0000 (19:23 +0200)]
Added an activity to edit basic VPN profile details

Already load existing data based on extra data delivered with the
Intent, no saving and CA certificate handling yet.

8 years agoShow list fragment in main activity
Tobias Brunner [Tue, 17 Jul 2012 17:12:56 +0000 (19:12 +0200)]
Show list fragment in main activity

8 years agoFragment added to list the VPN profiles
Tobias Brunner [Tue, 17 Jul 2012 17:08:08 +0000 (19:08 +0200)]
Fragment added to list the VPN profiles

8 years agoAdded a custom adapter and layout to display VPN profiles in a ListView
Tobias Brunner [Tue, 17 Jul 2012 17:02:50 +0000 (19:02 +0200)]
Added a custom adapter and layout to display VPN profiles in a ListView

8 years agoAdded class to simplify access to database of VPN profiles
Tobias Brunner [Tue, 17 Jul 2012 16:50:23 +0000 (18:50 +0200)]
Added class to simplify access to database of VPN profiles

8 years agoAdded class to move around VPN profiles in the Android App
Tobias Brunner [Tue, 17 Jul 2012 16:40:30 +0000 (18:40 +0200)]
Added class to move around VPN profiles in the Android App

8 years agoReplaced launcher icon with a more appropriate one
Tobias Brunner [Tue, 17 Jul 2012 16:39:42 +0000 (18:39 +0200)]
Replaced launcher icon with a more appropriate one

8 years agoMoved main Activity to ui sub-package
Tobias Brunner [Sat, 14 Jul 2012 15:12:07 +0000 (17:12 +0200)]
Moved main Activity to ui sub-package

Also force portrait orientation.

8 years agoMoved CharonVpnService to logic sub-package
Tobias Brunner [Sat, 14 Jul 2012 15:03:22 +0000 (17:03 +0200)]
Moved CharonVpnService to logic sub-package

8 years agoGlobal charonservice_t object added to libandroidbridge
Tobias Brunner [Sat, 14 Jul 2012 14:14:34 +0000 (16:14 +0200)]
Global charonservice_t object added to libandroidbridge

This is later used to call Java methods on CharonVpnService via JNI.

8 years agoAdded functions to attach/detach native threads to the JVM
Tobias Brunner [Sat, 14 Jul 2012 14:06:12 +0000 (16:06 +0200)]
Added functions to attach/detach native threads to the JVM

Even though native threads are automatically detached from the JVM with
help of a thread-local destructor it is recommended to detach as soon as
possible as local JNI references are not freed until a thread detaches.

8 years agoMoved JNI helper macros to a separate file
Tobias Brunner [Sat, 14 Jul 2012 14:00:01 +0000 (16:00 +0200)]
Moved JNI helper macros to a separate file

Also initialize a reference to the CharonVpnService class during
JNI_OnLoad, which allows us later to call methods from C to Java.

8 years agoUse strongSwan logo as icon
Tobias Brunner [Sat, 14 Jul 2012 13:31:36 +0000 (15:31 +0200)]
Use strongSwan logo as icon

Due to the transparency and black font this is probably not optimal yet.

8 years agoFixed ip_packet_t if IPv6 is not available
Tobias Brunner [Sat, 14 Jul 2012 09:47:06 +0000 (11:47 +0200)]
Fixed ip_packet_t if IPv6 is not available

8 years agoAdded utility class to create TUN devices
Tobias Brunner [Fri, 13 Jul 2012 14:12:29 +0000 (16:12 +0200)]
Added utility class to create TUN devices

Currently works only on Linux.

8 years agoAdded IPsec processor which is responsible for handling in- and outbound packets
Tobias Brunner [Fri, 13 Jul 2012 13:34:51 +0000 (15:34 +0200)]
Added IPsec processor which is responsible for handling in- and outbound packets

Two callbacks can be registered that get called when new inbound plaintext and
outbound ESP packets have been processed. Inbound ESP and outbound plaintext
packets can be queued for processing with two other methods.

8 years agoRepresent the payload of an ESP packet as ip_packet_t instead of a chunk_t
Tobias Brunner [Fri, 13 Jul 2012 13:23:00 +0000 (15:23 +0200)]
Represent the payload of an ESP packet as ip_packet_t instead of a chunk_t

8 years agoIPsec policies can be looked up based on an IP packet
Tobias Brunner [Fri, 13 Jul 2012 13:18:07 +0000 (15:18 +0200)]
IPsec policies can be looked up based on an IP packet

8 years agoip_packet_t parses the header of IP packets
Tobias Brunner [Fri, 13 Jul 2012 13:05:27 +0000 (15:05 +0200)]
ip_packet_t parses the header of IP packets

8 years agoOrder IPsec policies by a pseudo-priority based on the traffic selectors
Tobias Brunner [Fri, 13 Jul 2012 12:41:45 +0000 (14:41 +0200)]
Order IPsec policies by a pseudo-priority based on the traffic selectors

This allows a simple lookup, i.e. just use the first policy that matches
a given IP packet.

8 years agoImplemented a checkout/checkin mechanism for IPsec SAs
Tobias Brunner [Fri, 13 Jul 2012 12:32:03 +0000 (14:32 +0200)]
Implemented a checkout/checkin mechanism for IPsec SAs

SAs can only be checked out by a single thread and all other threads
block until the SA is checked in again.

8 years agoIPsec policy manager added
Tobias Brunner [Fri, 13 Jul 2012 12:27:41 +0000 (14:27 +0200)]
IPsec policy manager added

This version only provides the very simplest management functions.

8 years agoMethod added to easily compare IPsec policies
Tobias Brunner [Fri, 13 Jul 2012 12:17:03 +0000 (14:17 +0200)]
Method added to easily compare IPsec policies

8 years agoClass representing an IPsec policy added
Tobias Brunner [Fri, 13 Jul 2012 12:05:52 +0000 (14:05 +0200)]
Class representing an IPsec policy added

8 years agoSchedule and relay expiration events for created IPsec SAs
Tobias Brunner [Fri, 13 Jul 2012 11:54:29 +0000 (13:54 +0200)]
Schedule and relay expiration events for created IPsec SAs

8 years agoAdded class to relay IPsec events (like expiration) to listeners
Tobias Brunner [Fri, 13 Jul 2012 11:32:27 +0000 (13:32 +0200)]
Added class to relay IPsec events (like expiration) to listeners

Currently, only expiration of IPsec SAs is supported.  Later other events
for e.g. acquires or changed NAT endpoints could be added.

8 years agoAdded IPsec SA manager
Tobias Brunner [Fri, 13 Jul 2012 11:21:45 +0000 (13:21 +0200)]
Added IPsec SA manager

8 years agoAdd methods to easily compare IPsec SAs
Tobias Brunner [Fri, 13 Jul 2012 09:21:25 +0000 (11:21 +0200)]
Add methods to easily compare IPsec SAs

8 years agoClass representing an IPsec SA added
Tobias Brunner [Fri, 13 Jul 2012 09:06:35 +0000 (11:06 +0200)]
Class representing an IPsec SA added

The IPsec SA also manages the respective ESP context.

8 years agoMoved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
Tobias Brunner [Fri, 13 Jul 2012 09:02:08 +0000 (11:02 +0200)]
Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan

This avoids a dependency of libipsec to libhydra.

8 years agoUse a CALLBACK feature to create charon's sender and receiver
Tobias Brunner [Thu, 12 Jul 2012 14:56:35 +0000 (16:56 +0200)]
Use a CALLBACK feature to create charon's sender and receiver

8 years agoAdded a simple blocking queue around linked_list_t
Tobias Brunner [Tue, 10 Jul 2012 08:17:21 +0000 (10:17 +0200)]
Added a simple blocking queue around linked_list_t

8 years agoesp_packet_t implements packet_t interface
Tobias Brunner [Sat, 7 Jul 2012 11:31:07 +0000 (13:31 +0200)]
esp_packet_t implements packet_t interface

This should allow to avoid unnecessary cloning of packet data.

8 years agoExtended constructor for packet_t added (takes src, dst and data)
Tobias Brunner [Sat, 7 Jul 2012 10:46:28 +0000 (12:46 +0200)]
Extended constructor for packet_t added (takes src, dst and data)

8 years agoMoved packet_t to libstrongswan
Tobias Brunner [Fri, 6 Jul 2012 14:40:46 +0000 (16:40 +0200)]
Moved packet_t to libstrongswan

8 years agoHeaders from libhydra (kernel interface related) are required in libipsec
Tobias Brunner [Thu, 5 Jul 2012 13:46:54 +0000 (15:46 +0200)]
Headers from libhydra (kernel interface related) are required in libipsec

8 years agoESP packet wrapper added, handles encryption/decryption/verification etc.
Tobias Brunner [Thu, 5 Jul 2012 11:56:24 +0000 (13:56 +0200)]
ESP packet wrapper added, handles encryption/decryption/verification etc.

8 years agoAdding class to manage ESP context (crypto, sequence numbers)
Tobias Brunner [Thu, 5 Jul 2012 11:44:57 +0000 (13:44 +0200)]
Adding class to manage ESP context (crypto, sequence numbers)

8 years agoAdded a method to bio_writer_t that allows to skip a number of bytes
Tobias Brunner [Fri, 29 Jun 2012 08:47:20 +0000 (10:47 +0200)]
Added a method to bio_writer_t that allows to skip a number of bytes

A chunk pointing to the skipped bytes is returned, allowing users of
bio_writer_t to write/copy data to the skipped bytes themselves.

8 years agoAdded a method to bio_writer_t that allows to extract the internal buffer
Tobias Brunner [Fri, 29 Jun 2012 08:12:27 +0000 (10:12 +0200)]
Added a method to bio_writer_t that allows to extract the internal buffer

8 years agoAdded methods to bio_reader_t to read data from end of buffer
Tobias Brunner [Thu, 28 Jun 2012 16:06:31 +0000 (18:06 +0200)]
Added methods to bio_reader_t to read data from end of buffer

8 years agoIncrease log verbosity when sending NAT keep-alives
Tobias Brunner [Thu, 28 Jun 2012 12:32:52 +0000 (14:32 +0200)]
Increase log verbosity when sending NAT keep-alives

8 years agoOnly log the sending of regular packets in sender_t
Tobias Brunner [Wed, 27 Jun 2012 11:43:37 +0000 (13:43 +0200)]
Only log the sending of regular packets in sender_t

When sender_t is used to send ESP packets this would otherwise cause an extreme
amount of debug messages.
With this change all messages sent via sender_t.send_no_marker() cause no extra
DBG1 log message, but for debugging purposes the socket plugins do log the same
message again with DBG2 for all packets.

8 years agoAdded option to prevent socket-default from setting the source address on outbound...
Tobias Brunner [Wed, 8 Aug 2012 13:39:07 +0000 (15:39 +0200)]
Added option to prevent socket-default from setting the source address on outbound packets

8 years agoAllocate UDP ports randomly in Android NDK build.
Tobias Brunner [Fri, 20 Apr 2012 13:16:51 +0000 (15:16 +0200)]
Allocate UDP ports randomly in Android NDK build.

8 years agosocket-default plugin allocates random ports if configured to 0.
Tobias Brunner [Fri, 20 Apr 2012 12:58:02 +0000 (14:58 +0200)]
socket-default plugin allocates random ports if configured to 0.

Also added strongswan.conf options to change the ports.

8 years agoReplaced usages of CHARON_*_PORT with calls to get_port().
Tobias Brunner [Fri, 20 Apr 2012 08:59:14 +0000 (10:59 +0200)]
Replaced usages of CHARON_*_PORT with calls to get_port().

8 years agoAdded get_port() method to socket_t to learn the listening port.
Tobias Brunner [Fri, 20 Apr 2012 08:38:31 +0000 (10:38 +0200)]
Added get_port() method to socket_t to learn the listening port.

8 years agoAdded ESP log group for libipsec log messages.
Tobias Brunner [Wed, 28 Mar 2012 13:41:31 +0000 (15:41 +0200)]
Added ESP log group for libipsec log messages.

8 years agoUse send_no_marker to send NAT keepalives.
Tobias Brunner [Fri, 24 Feb 2012 12:09:09 +0000 (13:09 +0100)]
Use send_no_marker to send NAT keepalives.

8 years agoAvoid double-free when prepending Non-ESP marker.
Tobias Brunner [Fri, 24 Feb 2012 12:04:16 +0000 (13:04 +0100)]
Avoid double-free when prepending Non-ESP marker.

8 years agoFunction added to send packets without Non-ESP marker.
Tobias Brunner [Fri, 24 Feb 2012 12:01:51 +0000 (13:01 +0100)]
Function added to send packets without Non-ESP marker.

8 years agoAvoid unnecessary copy of packet data when removing Non-ESP marker.
Tobias Brunner [Fri, 24 Feb 2012 10:44:05 +0000 (11:44 +0100)]
Avoid unnecessary copy of packet data when removing Non-ESP marker.

8 years agoAdded packet_t.skip_bytes method to skip bytes at the start of a packet.
Tobias Brunner [Fri, 24 Feb 2012 10:42:32 +0000 (11:42 +0100)]
Added packet_t.skip_bytes method to skip bytes at the start of a packet.

8 years agoImproved how NAT-T keepalives are handled in sockets/receiver.
Tobias Brunner [Fri, 24 Feb 2012 10:19:53 +0000 (11:19 +0100)]
Improved how NAT-T keepalives are handled in sockets/receiver.

8 years agoLet kernel interfaces decide how to enable UDP decapsulation of ESP packets.
Tobias Brunner [Fri, 24 Feb 2012 10:07:34 +0000 (11:07 +0100)]
Let kernel interfaces decide how to enable UDP decapsulation of ESP packets.

8 years agoCallback for ESP packets added to receiver.
Tobias Brunner [Thu, 23 Feb 2012 14:36:02 +0000 (15:36 +0100)]
Callback for ESP packets added to receiver.

8 years agoAdd Non-ESP marker in sender and not individual socket plugins.
Tobias Brunner [Thu, 23 Feb 2012 10:51:53 +0000 (11:51 +0100)]
Add Non-ESP marker in sender and not individual socket plugins.

8 years agoHandle Non-ESP marker in receiver and not individual socket plugins.
Tobias Brunner [Thu, 23 Feb 2012 10:35:16 +0000 (11:35 +0100)]
Handle Non-ESP marker in receiver and not individual socket plugins.

8 years agoJava code style fixed (analogous to C code).
Tobias Brunner [Wed, 22 Feb 2012 14:36:51 +0000 (15:36 +0100)]
Java code style fixed (analogous to C code).

8 years agoLoad libipsec in Android app.
Tobias Brunner [Wed, 22 Feb 2012 14:36:33 +0000 (15:36 +0100)]
Load libipsec in Android app.

8 years agoStub library for user space IPsec implementation added.
Tobias Brunner [Wed, 22 Feb 2012 14:32:37 +0000 (15:32 +0100)]
Stub library for user space IPsec implementation added.

8 years agoSome NDK build info updated.
Tobias Brunner [Wed, 22 Feb 2012 11:05:38 +0000 (12:05 +0100)]
Some NDK build info updated.

8 years agoChanged minimal SDK/API level to 14.
Tobias Brunner [Wed, 22 Feb 2012 10:40:43 +0000 (11:40 +0100)]
Changed minimal SDK/API level to 14.

8 years agoAdded android.net.VpnService wrapper around charon (loaded via JNI).
Tobias Brunner [Fri, 17 Feb 2012 16:16:07 +0000 (17:16 +0100)]
Added android.net.VpnService wrapper around charon (loaded via JNI).

8 years agoAdded Android shell app created with Android SDK.
Tobias Brunner [Fri, 17 Feb 2012 15:59:23 +0000 (16:59 +0100)]
Added Android shell app created with Android SDK.

8 years agoAndroid.mk for NDK build added.
Tobias Brunner [Fri, 17 Feb 2012 14:40:57 +0000 (15:40 +0100)]
Android.mk for NDK build added.

8 years agoExtracted some parts from Android.mk.in which can be used for NDK builds.
Tobias Brunner [Fri, 17 Feb 2012 14:39:25 +0000 (15:39 +0100)]
Extracted some parts from Android.mk.in which can be used for NDK builds.

8 years agoUse filter instead of findstring to check for enabled plugins in Android.mk.
Tobias Brunner [Thu, 16 Feb 2012 17:41:10 +0000 (18:41 +0100)]
Use filter instead of findstring to check for enabled plugins in Android.mk.

findstring is not prefix-safe (i.e. android matches android-log). On
the other hand filter matches words separated by whitespace and if no
wildcard (%) is used the full word has to match.

8 years agoMoved Android specific logger to separate plugin.
Tobias Brunner [Thu, 16 Feb 2012 17:17:09 +0000 (18:17 +0100)]
Moved Android specific logger to separate plugin.

This is mainly because the other parts of the existing android plugin
can not be built in the NDK (access to keystore and system properties are
not part of the stable NDK libraries).

8 years agoLink android plugin against liblog in the NDK.
Tobias Brunner [Thu, 16 Feb 2012 16:13:37 +0000 (17:13 +0100)]
Link android plugin against liblog in the NDK.

Doesn't seem to hurt the build within the source tree.

8 years agoMake the UDP ports charon listens for packets on (and uses as source ports) configurable.
Tobias Brunner [Mon, 13 Feb 2012 17:04:04 +0000 (18:04 +0100)]
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.

8 years agoMake path to Android OpenSSL headers configurable.
Tobias Brunner [Fri, 10 Feb 2012 13:51:18 +0000 (14:51 +0100)]
Make path to Android OpenSSL headers configurable.

8 years agoDon't require STRONGSWAN_CONF to be defined.
Tobias Brunner [Fri, 10 Feb 2012 13:16:54 +0000 (14:16 +0100)]
Don't require STRONGSWAN_CONF to be defined.

8 years agoDon't require PLUGINDIR to be defined.
Tobias Brunner [Fri, 10 Feb 2012 13:11:19 +0000 (14:11 +0100)]
Don't require PLUGINDIR to be defined.

If it is not available, we just load monolithically built plugins.

8 years agoRemove queued IKEv1 message before processing it
Martin Willi [Wed, 8 Aug 2012 12:54:03 +0000 (14:54 +0200)]
Remove queued IKEv1 message before processing it

Avoids destruction or processing of a queued message in
recursive process_message() call.

8 years agoInclude src address in hash of initial message for Main Mode
Tobias Brunner [Thu, 2 Aug 2012 14:16:58 +0000 (16:16 +0200)]
Include src address in hash of initial message for Main Mode

If two initiators use the same SPI and also use the same SA proposal the
hash for the initial message would be exactly the same.  For IKEv2 and
Aggressive Mode that's not a problem as these messages include random
data (Ni, KEi payloads).

8 years agoimplemented deletion of product_file database entries
Andreas Steffen [Tue, 7 Aug 2012 13:05:59 +0000 (15:05 +0200)]
implemented deletion of product_file database entries

8 years agoAdd DH group 15 (MODP-3072) to IKE proposal
Adrian-Ken Rueegsegger [Mon, 6 Aug 2012 09:12:25 +0000 (11:12 +0200)]
Add DH group 15 (MODP-3072) to IKE proposal

8 years agoPEM loading soft-depends on MD5 only, as unencrypted files don't need MD5
Martin Willi [Fri, 3 Aug 2012 13:25:17 +0000 (15:25 +0200)]
PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5

Fixes #211.

8 years agoRebuild charon after running ./configure to reflect plugin changes
Martin Willi [Fri, 3 Aug 2012 11:11:45 +0000 (13:11 +0200)]
Rebuild charon after running ./configure to reflect plugin changes

8 years agoBlock XAuth transaction on established IKE_SAs, but allow Mode Config
Martin Willi [Fri, 3 Aug 2012 11:07:19 +0000 (13:07 +0200)]
Block XAuth transaction on established IKE_SAs, but allow Mode Config