strongswan.git
8 years agoSome coding style cleanups
Martin Willi [Sat, 17 Dec 2011 11:47:44 +0000 (12:47 +0100)]
Some coding style cleanups

8 years agoFixed notify enum names
Martin Willi [Sat, 17 Dec 2011 11:19:30 +0000 (12:19 +0100)]
Fixed notify enum names

8 years agoAdded support for iKEIntermediate flag to ipsec pki.
Tobias Brunner [Thu, 15 Dec 2011 15:56:07 +0000 (16:56 +0100)]
Added support for iKEIntermediate flag to ipsec pki.

8 years agoAdded support for iKEIntermediate X.509 extended key usage flag.
Tobias Brunner [Thu, 15 Dec 2011 15:54:49 +0000 (16:54 +0100)]
Added support for iKEIntermediate X.509 extended key usage flag.

Mac OS X requires server certificates to have this flag set.

8 years agoSome whitespace fixes.
Tobias Brunner [Thu, 15 Dec 2011 15:51:19 +0000 (16:51 +0100)]
Some whitespace fixes.

8 years agoLog parsed unsigned ints with proper format strings.
Tobias Brunner [Thu, 15 Dec 2011 10:22:31 +0000 (11:22 +0100)]
Log parsed unsigned ints with proper format strings.

8 years agoSend different notifies if quick mode fails
Martin Willi [Thu, 15 Dec 2011 17:35:55 +0000 (18:35 +0100)]
Send different notifies if quick mode fails

8 years agoSupport flushing of task queue after building message in task fails
Martin Willi [Thu, 15 Dec 2011 17:23:28 +0000 (18:23 +0100)]
Support flushing of task queue after building message in task fails

8 years agoConsider notify errors fatal only during main mode
Martin Willi [Thu, 15 Dec 2011 17:11:00 +0000 (18:11 +0100)]
Consider notify errors fatal only during main mode

8 years agoDelete CHILD_SA if installing SA in third message fails
Martin Willi [Thu, 15 Dec 2011 17:04:39 +0000 (18:04 +0100)]
Delete CHILD_SA if installing SA in third message fails

8 years agoAdded a quick_delete task flag to enforce delete, even if CHILD_SA not found
Martin Willi [Thu, 15 Dec 2011 17:03:14 +0000 (18:03 +0100)]
Added a quick_delete task flag to enforce delete, even if CHILD_SA not found

8 years agoSend delete if Main Mode authentication fails as initiator
Martin Willi [Thu, 15 Dec 2011 16:28:58 +0000 (17:28 +0100)]
Send delete if Main Mode authentication fails as initiator

8 years agoSend notifies in all error cases of Main Mode
Martin Willi [Thu, 15 Dec 2011 16:04:45 +0000 (17:04 +0100)]
Send notifies in all error cases of Main Mode

8 years agoAdd some additional IKEv1 notify types
Martin Willi [Thu, 15 Dec 2011 16:04:29 +0000 (17:04 +0100)]
Add some additional IKEv1 notify types

8 years agoDo not trust unprotected INFORMATIONALS, just print that we got one
Martin Willi [Thu, 15 Dec 2011 15:23:47 +0000 (16:23 +0100)]
Do not trust unprotected INFORMATIONALS, just print that we got one

8 years agoUse (as client) and verify (as server) configured XAuth identities
Martin Willi [Thu, 15 Dec 2011 12:15:34 +0000 (13:15 +0100)]
Use (as client) and verify (as server) configured XAuth identities

8 years agoAdded an identity getter to XAuth methods to query the actually used identity
Martin Willi [Thu, 15 Dec 2011 12:14:33 +0000 (13:14 +0100)]
Added an identity getter to XAuth methods to query the actually used identity

8 years agoBe a little more verbose about XAuth configs in ipsec statusall
Martin Willi [Thu, 15 Dec 2011 12:13:30 +0000 (13:13 +0100)]
Be a little more verbose about XAuth configs in ipsec statusall

8 years agoPass ipsec.conf xauth_identity option via stroke to charon configurations
Martin Willi [Thu, 15 Dec 2011 12:12:42 +0000 (13:12 +0100)]
Pass ipsec.conf xauth_identity option via stroke to charon configurations

8 years agoStore Main Mode identity even if XAuth-only is used for authentication
Martin Willi [Thu, 15 Dec 2011 11:28:43 +0000 (12:28 +0100)]
Store Main Mode identity even if XAuth-only is used for authentication

8 years agoAdded an XAUTH identity to use or require for XAuth authentication
Martin Willi [Thu, 15 Dec 2011 10:58:26 +0000 (11:58 +0100)]
Added an XAUTH identity to use or require for XAuth authentication

8 years agoCheck authorization constraints after main mode completed
Martin Willi [Thu, 15 Dec 2011 10:31:02 +0000 (11:31 +0100)]
Check authorization constraints after main mode completed

8 years agoStop checking once a key size constraint is not fulfilled
Martin Willi [Thu, 15 Dec 2011 10:30:22 +0000 (11:30 +0100)]
Stop checking once a key size constraint is not fulfilled

8 years agoSave authentication info collected during main mode authentication
Martin Willi [Thu, 15 Dec 2011 10:01:35 +0000 (11:01 +0100)]
Save authentication info collected during main mode authentication

8 years agoFlush auth configs, if enabled, for both IKEv1 and IKEv2
Martin Willi [Thu, 15 Dec 2011 10:01:06 +0000 (11:01 +0100)]
Flush auth configs, if enabled, for both IKEv1 and IKEv2

8 years agoFixed return value if SIG payload missing
Martin Willi [Thu, 15 Dec 2011 09:01:35 +0000 (10:01 +0100)]
Fixed return value if SIG payload missing

8 years agoShow auth method of config we are looking for in main mode
Martin Willi [Wed, 14 Dec 2011 18:45:30 +0000 (19:45 +0100)]
Show auth method of config we are looking for in main mode

8 years agoFixed IKEv1 prf+ keymat expansion beyond 320 bits
Martin Willi [Wed, 14 Dec 2011 16:34:57 +0000 (17:34 +0100)]
Fixed IKEv1 prf+ keymat expansion beyond 320 bits

8 years agoRemove executable flag from source code files
Martin Willi [Wed, 14 Dec 2011 15:46:29 +0000 (16:46 +0100)]
Remove executable flag from source code files

8 years agoRemoved IKEv1 specific code from child_delete task
Martin Willi [Wed, 14 Dec 2011 15:41:32 +0000 (16:41 +0100)]
Removed IKEv1 specific code from child_delete task

8 years agoUse IKEv1 specific tasks to close Quick Mode SAs
Martin Willi [Wed, 14 Dec 2011 15:39:44 +0000 (16:39 +0100)]
Use IKEv1 specific tasks to close Quick Mode SAs

8 years agoAdded a dedicated IKEv1 task to delete CHILD_SAs
Martin Willi [Wed, 14 Dec 2011 15:33:39 +0000 (16:33 +0100)]
Added a dedicated IKEv1 task to delete CHILD_SAs

8 years agoClose IKE_SA directly after sending the delete
Martin Willi [Wed, 14 Dec 2011 14:33:06 +0000 (15:33 +0100)]
Close IKE_SA directly after sending the delete

8 years agoRemoved IKEv1 specific code from ike_delete task
Martin Willi [Wed, 14 Dec 2011 14:28:43 +0000 (15:28 +0100)]
Removed IKEv1 specific code from ike_delete task

8 years agoUse the IKEv1 specific delete in IKEv1 SAs
Martin Willi [Wed, 14 Dec 2011 14:27:12 +0000 (15:27 +0100)]
Use the IKEv1 specific delete in IKEv1 SAs

8 years agoAdded a dedicated delete task for IKEv1 IKE_SAs
Martin Willi [Wed, 14 Dec 2011 14:22:39 +0000 (15:22 +0100)]
Added a dedicated delete task for IKEv1 IKE_SAs

8 years agoUse a single task_type_t enum name for ME and non-ME variant
Martin Willi [Wed, 14 Dec 2011 14:21:35 +0000 (15:21 +0100)]
Use a single task_type_t enum name for ME and non-ME variant

8 years agoSend certificates and requests when using Hybrid authentication
Martin Willi [Wed, 14 Dec 2011 09:56:23 +0000 (10:56 +0100)]
Send certificates and requests when using Hybrid authentication

8 years agoLook for an XAuth authentication config both in the first and the second round
Martin Willi [Wed, 14 Dec 2011 08:44:59 +0000 (09:44 +0100)]
Look for an XAuth authentication config both in the first and the second round

8 years agoAdded hybrid authentication support to Main Mode
Martin Willi [Wed, 14 Dec 2011 08:44:39 +0000 (09:44 +0100)]
Added hybrid authentication support to Main Mode

8 years agoSupport encoding of Hybrid initiator authentication method
Martin Willi [Wed, 14 Dec 2011 08:43:44 +0000 (09:43 +0100)]
Support encoding of Hybrid initiator authentication method

8 years agoAdded a IKEv1 hybrid authenticator based on Pubkey/PSK authenticators
Martin Willi [Wed, 14 Dec 2011 08:40:43 +0000 (09:40 +0100)]
Added a IKEv1 hybrid authenticator based on Pubkey/PSK authenticators

8 years agoUse real ID payload to build HASH_I|R for Main Mode authentication.
Tobias Brunner [Tue, 13 Dec 2011 17:56:06 +0000 (18:56 +0100)]
Use real ID payload to build HASH_I|R for Main Mode authentication.

This is required for clients like the iPhone which set the protocol
and/or port fields of the ID payload.

8 years agoCreate authenticators right when they are used during Main Mode.
Tobias Brunner [Tue, 13 Dec 2011 17:53:44 +0000 (18:53 +0100)]
Create authenticators right when they are used during Main Mode.

8 years agoAdded method to get encoded version if ID_V1 payload.
Tobias Brunner [Tue, 13 Dec 2011 16:12:23 +0000 (17:12 +0100)]
Added method to get encoded version if ID_V1 payload.

8 years agoIgnore additional TRANSACTION request if we already queued one
Martin Willi [Tue, 13 Dec 2011 15:21:47 +0000 (16:21 +0100)]
Ignore additional TRANSACTION request if we already queued one

8 years agoKeep a history of received response hashes to detect late retransmissions
Martin Willi [Tue, 13 Dec 2011 15:14:17 +0000 (16:14 +0100)]
Keep a history of received response hashes to detect late retransmissions

If we receive an old response and we already sent out the next request,
we must be able to identify that it is not the response to the new
request.

8 years agoNarrow down received and configured traffic selector to a common subset
Martin Willi [Tue, 13 Dec 2011 14:32:53 +0000 (15:32 +0100)]
Narrow down received and configured traffic selector to a common subset

8 years agoDon't send a retransmit for a request we never have sent a response
Martin Willi [Tue, 13 Dec 2011 14:10:26 +0000 (15:10 +0100)]
Don't send a retransmit for a request we never have sent a response

8 years agoPrint unsigned IKEv1 message IDs
Martin Willi [Tue, 13 Dec 2011 13:52:50 +0000 (14:52 +0100)]
Print unsigned IKEv1 message IDs

8 years agoLog selected peer config during Main Mode.
Tobias Brunner [Tue, 13 Dec 2011 12:09:56 +0000 (13:09 +0100)]
Log selected peer config during Main Mode.

8 years agoLog configured IKE version in stroke plugin.
Tobias Brunner [Tue, 13 Dec 2011 12:09:37 +0000 (13:09 +0100)]
Log configured IKE version in stroke plugin.

8 years agoFixed SIGSEGV when logging peer config matches.
Tobias Brunner [Tue, 13 Dec 2011 12:08:54 +0000 (13:08 +0100)]
Fixed SIGSEGV when logging peer config matches.

8 years agoAdded a bunch of well known IKEv1 vendor IDs to database
Martin Willi [Tue, 13 Dec 2011 13:39:24 +0000 (14:39 +0100)]
Added a bunch of well known IKEv1 vendor IDs to database

8 years agoUse a generic IKEv1 vendor ID database to send and receive vendor IDs
Martin Willi [Tue, 13 Dec 2011 13:26:31 +0000 (14:26 +0100)]
Use a generic IKEv1 vendor ID database to send and receive vendor IDs

8 years agoFixed compiler warning (set but unused variable)
Martin Willi [Tue, 13 Dec 2011 12:42:41 +0000 (13:42 +0100)]
Fixed compiler warning (set but unused variable)

8 years agoQueue a TRANSACTION message for later processing if Main Mode not yet completed
Martin Willi [Tue, 13 Dec 2011 11:17:35 +0000 (12:17 +0100)]
Queue a TRANSACTION message for later processing if Main Mode not yet completed

8 years agoFixed leak of shared keys in xauth-generic plugin
Martin Willi [Tue, 13 Dec 2011 10:39:54 +0000 (11:39 +0100)]
Fixed leak of shared keys in xauth-generic plugin

8 years agoFree list after removing the last local credential set, fixes a leak report
Martin Willi [Tue, 13 Dec 2011 10:37:02 +0000 (11:37 +0100)]
Free list after removing the last local credential set, fixes a leak report

8 years agoFixed SPI size calculation in DELETE payload
Martin Willi [Tue, 13 Dec 2011 10:30:35 +0000 (11:30 +0100)]
Fixed SPI size calculation in DELETE payload

8 years agoReset task manager state when build() completes an exchange (quick mode)
Martin Willi [Tue, 13 Dec 2011 10:19:08 +0000 (11:19 +0100)]
Reset task manager state when build() completes an exchange (quick mode)

8 years agoInclude COOKIES in IKEv1 delete payloads
Martin Willi [Tue, 13 Dec 2011 10:10:48 +0000 (11:10 +0100)]
Include COOKIES in IKEv1 delete payloads

8 years agoSupport IKEv1 SPIs in IKEv1 delete payload
Martin Willi [Tue, 13 Dec 2011 10:08:53 +0000 (11:08 +0100)]
Support IKEv1 SPIs in IKEv1 delete payload

8 years agoFixed missing shared_key initialization in main_mode task.
Tobias Brunner [Tue, 13 Dec 2011 09:39:36 +0000 (10:39 +0100)]
Fixed missing shared_key initialization in main_mode task.

8 years agoUse version specific DELETE payload identifier in ike_delete task
Martin Willi [Tue, 13 Dec 2011 09:36:42 +0000 (10:36 +0100)]
Use version specific DELETE payload identifier in ike_delete task

8 years agoActivate DELETE tasks when queued
Martin Willi [Tue, 13 Dec 2011 09:36:02 +0000 (10:36 +0100)]
Activate DELETE tasks when queued

8 years agoFix IKEv1 DELETE subtask creation and processing
Martin Willi [Tue, 13 Dec 2011 09:35:18 +0000 (10:35 +0100)]
Fix IKEv1 DELETE subtask creation and processing

8 years agoHandle DELETE as responder as INFORMATIONAL subtask
Martin Willi [Tue, 13 Dec 2011 09:22:49 +0000 (10:22 +0100)]
Handle DELETE as responder as INFORMATIONAL subtask

8 years agoClose SA immediately after sending an INFORMATIONAL error
Martin Willi [Tue, 13 Dec 2011 08:55:37 +0000 (09:55 +0100)]
Close SA immediately after sending an INFORMATIONAL error

8 years agoMoved responder informational handling to task
Martin Willi [Tue, 13 Dec 2011 08:50:31 +0000 (09:50 +0100)]
Moved responder informational handling to task

8 years agoRemove unused status type
Martin Willi [Tue, 13 Dec 2011 08:42:16 +0000 (09:42 +0100)]
Remove unused status type

8 years agoCheck if IKEv1 exchange type matches before handling it as response
Martin Willi [Tue, 13 Dec 2011 08:40:26 +0000 (09:40 +0100)]
Check if IKEv1 exchange type matches before handling it as response

8 years agoUse informational task in quick mode to send notifies
Martin Willi [Mon, 12 Dec 2011 17:13:10 +0000 (18:13 +0100)]
Use informational task in quick mode to send notifies

8 years agoCleaned up notification sending in IKEv1 task manager
Martin Willi [Mon, 12 Dec 2011 14:45:45 +0000 (15:45 +0100)]
Cleaned up notification sending in IKEv1 task manager

8 years agoUse informational taks to send notify errors
Martin Willi [Mon, 12 Dec 2011 14:44:58 +0000 (15:44 +0100)]
Use informational taks to send notify errors

8 years agoAdded a task stub to create and process IKEv1 informational exchanges
Martin Willi [Mon, 12 Dec 2011 14:38:20 +0000 (15:38 +0100)]
Added a task stub to create and process IKEv1 informational exchanges

8 years agoAllow IKEv1 tasks to return ALREADY_DONE to flush all active or passive tasks
Martin Willi [Mon, 12 Dec 2011 14:16:15 +0000 (15:16 +0100)]
Allow IKEv1 tasks to return ALREADY_DONE to flush all active or passive tasks

8 years agoSupport flushing of single tasks queues in IKEv1 task manager
Martin Willi [Mon, 12 Dec 2011 17:01:21 +0000 (18:01 +0100)]
Support flushing of single tasks queues in IKEv1 task manager

8 years agoDouble check if we have a packet before retransmitting it
Martin Willi [Mon, 12 Dec 2011 14:43:12 +0000 (15:43 +0100)]
Double check if we have a packet before retransmitting it

8 years agoFixed memory leak when handling IKEv1 error notifications.
Tobias Brunner [Mon, 12 Dec 2011 17:37:49 +0000 (18:37 +0100)]
Fixed memory leak when handling IKEv1 error notifications.

8 years agoDestroy IKE_SA after failed XAuth authentication.
Tobias Brunner [Mon, 12 Dec 2011 17:38:32 +0000 (18:38 +0100)]
Destroy IKE_SA after failed XAuth authentication.

8 years agoAdded generic XAuth backend, using secrets provided by credential sets.
Tobias Brunner [Mon, 12 Dec 2011 17:26:26 +0000 (18:26 +0100)]
Added generic XAuth backend, using secrets provided by credential sets.

8 years agoRemoved xauth-null dummy plugin.
Tobias Brunner [Mon, 12 Dec 2011 13:25:15 +0000 (14:25 +0100)]
Removed xauth-null dummy plugin.

8 years agoAdded possibility to send notifications from the Quick Mode task
Clavister OpenSource [Mon, 12 Dec 2011 14:54:27 +0000 (15:54 +0100)]
Added possibility to send notifications from the Quick Mode task

8 years agoSetting Protocol ID of notifys sent from task manager to ISAKMP
Clavister OpenSource [Mon, 12 Dec 2011 13:35:34 +0000 (14:35 +0100)]
Setting Protocol ID of notifys sent from task manager to ISAKMP

8 years agoIf no IKEv1 shared key found for hosts, try to find one based on config identities
Martin Willi [Mon, 12 Dec 2011 11:33:31 +0000 (12:33 +0100)]
If no IKEv1 shared key found for hosts, try to find one based on config identities

8 years agoLog peer cfg enumeration externally for flexibility
Martin Willi [Mon, 12 Dec 2011 11:30:47 +0000 (12:30 +0100)]
Log peer cfg enumeration externally for flexibility

8 years agoAccept NULL identities passed to peer config enumeration
Martin Willi [Mon, 12 Dec 2011 11:17:13 +0000 (12:17 +0100)]
Accept NULL identities passed to peer config enumeration

8 years agoFixed authentication method selection for main mode PSK authentication
Martin Willi [Mon, 12 Dec 2011 10:28:24 +0000 (11:28 +0100)]
Fixed authentication method selection for main mode PSK authentication

8 years agoUse virtual IP to substitute dynamic traffic selectors in quick mode
Martin Willi [Fri, 9 Dec 2011 15:19:54 +0000 (16:19 +0100)]
Use virtual IP to substitute dynamic traffic selectors in quick mode

8 years agoQueue Mode Config tasks when required
Martin Willi [Fri, 9 Dec 2011 15:19:37 +0000 (16:19 +0100)]
Queue Mode Config tasks when required

8 years agoAdded IKEv1 Mode Config task based on IKEv2 ike_config
Martin Willi [Fri, 9 Dec 2011 15:18:22 +0000 (16:18 +0100)]
Added IKEv1 Mode Config task based on IKEv2 ike_config

8 years agoAdded missing XAuth auth_class enum name
Martin Willi [Fri, 9 Dec 2011 14:22:30 +0000 (15:22 +0100)]
Added missing XAuth auth_class enum name

8 years agoReject quick modes if IKE_SA not yet established
Martin Willi [Fri, 9 Dec 2011 14:18:23 +0000 (15:18 +0100)]
Reject quick modes if IKE_SA not yet established

8 years agoUse a common function to set IKE_SA to established
Martin Willi [Fri, 9 Dec 2011 14:10:38 +0000 (15:10 +0100)]
Use a common function to set IKE_SA to established

8 years agoBe less verbose if plugin dependecy not satisfied
Martin Willi [Wed, 7 Dec 2011 12:40:38 +0000 (13:40 +0100)]
Be less verbose if plugin dependecy not satisfied

8 years agoDon't complain when receiving XAuth or Unity configuration attributes
Martin Willi [Fri, 9 Dec 2011 13:57:51 +0000 (14:57 +0100)]
Don't complain when receiving XAuth or Unity configuration attributes

8 years agoInterpret attribute format correctly in IKEv1 configuration format
Martin Willi [Fri, 9 Dec 2011 13:54:23 +0000 (14:54 +0100)]
Interpret attribute format correctly in IKEv1 configuration format

8 years agoImplemented responder part of XAUTH task
Martin Willi [Thu, 8 Dec 2011 17:30:47 +0000 (18:30 +0100)]
Implemented responder part of XAUTH task

8 years agoImplemented initiator part of xauth task
Martin Willi [Thu, 8 Dec 2011 17:08:54 +0000 (18:08 +0100)]
Implemented initiator part of xauth task