strongswan.git
10 years agoRefer to scheduler and processor via lib and not hydra.
Tobias Brunner [Thu, 15 Jul 2010 12:49:41 +0000 (14:49 +0200)]
Refer to scheduler and processor via lib and not hydra.

10 years agoMoved scheduler and thread pool to libstrongswan.
Tobias Brunner [Thu, 15 Jul 2010 12:26:19 +0000 (14:26 +0200)]
Moved scheduler and thread pool to libstrongswan.

10 years agoMoved all kernel plugins to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 16:10:16 +0000 (18:10 +0200)]
Moved all kernel plugins to libhydra.

10 years agoMoved ipsec_transform_t to kernel_ipsec.h in libhydra.
Tobias Brunner [Mon, 12 Jul 2010 15:40:37 +0000 (17:40 +0200)]
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.

Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.

10 years agoRefer to kernel interface via hydra and not charon.
Tobias Brunner [Mon, 12 Jul 2010 09:14:54 +0000 (11:14 +0200)]
Refer to kernel interface via hydra and not charon.

10 years agoMoved kernel interface to libhydra.
Tobias Brunner [Mon, 12 Jul 2010 08:57:46 +0000 (10:57 +0200)]
Moved kernel interface to libhydra.

10 years agoRemoved references to protocol_id_t from kernel interface.
Tobias Brunner [Mon, 12 Jul 2010 08:35:19 +0000 (10:35 +0200)]
Removed references to protocol_id_t from kernel interface.

Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).

10 years agoMigrated child_sa_t to INIT/METHOD macros.
Tobias Brunner [Mon, 12 Jul 2010 07:38:39 +0000 (09:38 +0200)]
Migrated child_sa_t to INIT/METHOD macros.

10 years agoMoved roam job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 14:03:09 +0000 (16:03 +0200)]
Moved roam job creation to kernel event handler.

10 years agoRefer to scheduler via hydra and not charon.
Tobias Brunner [Tue, 6 Jul 2010 11:23:42 +0000 (13:23 +0200)]
Refer to scheduler via hydra and not charon.

10 years agoMoved scheduler_t to libhydra.
Tobias Brunner [Tue, 6 Jul 2010 11:13:39 +0000 (13:13 +0200)]
Moved scheduler_t to libhydra.

10 years agoMoved migrate job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:46:40 +0000 (12:46 +0200)]
Moved migrate job creation to kernel event handler.

10 years agoMoved update SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:34:15 +0000 (12:34 +0200)]
Moved update SA job creation to kernel event handler.

10 years agoMoved delete/rekey CHILD_SA job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 10:09:06 +0000 (12:09 +0200)]
Moved delete/rekey CHILD_SA job creation to kernel event handler.

10 years agoMoved acquire job creation to kernel event handler.
Tobias Brunner [Tue, 6 Jul 2010 09:50:43 +0000 (11:50 +0200)]
Moved acquire job creation to kernel event handler.

10 years agoAdded kernel event handler stub.
Tobias Brunner [Tue, 6 Jul 2010 09:36:58 +0000 (11:36 +0200)]
Added kernel event handler stub.

10 years agoAll kernel listener hooks are optional.
Tobias Brunner [Tue, 6 Jul 2010 14:09:06 +0000 (16:09 +0200)]
All kernel listener hooks are optional.

10 years agoAdded listener handling to kernel interface.
Tobias Brunner [Tue, 6 Jul 2010 11:02:01 +0000 (13:02 +0200)]
Added listener handling to kernel interface.

10 years agoAdded an interface for kernel event listeners.
Tobias Brunner [Tue, 6 Jul 2010 07:28:12 +0000 (09:28 +0200)]
Added an interface for kernel event listeners.

10 years agoSome minor comment fixes.
Tobias Brunner [Tue, 6 Jul 2010 08:48:55 +0000 (10:48 +0200)]
Some minor comment fixes.

10 years agoSome whitespace and code style fixes.
Tobias Brunner [Mon, 5 Jul 2010 16:52:50 +0000 (18:52 +0200)]
Some whitespace and code style fixes.

10 years agoDo not include files from libcharon in libhydra.
Tobias Brunner [Mon, 5 Jul 2010 16:49:41 +0000 (18:49 +0200)]
Do not include files from libcharon in libhydra.

10 years agoMove callback_job_t to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 13:32:54 +0000 (15:32 +0200)]
Move callback_job_t to libhydra.

10 years agoFixing Doxygen groups after moving processor.
Tobias Brunner [Mon, 5 Jul 2010 13:24:58 +0000 (15:24 +0200)]
Fixing Doxygen groups after moving processor.

10 years agoRefer to processor via hydra and not charon.
Tobias Brunner [Mon, 5 Jul 2010 11:52:05 +0000 (13:52 +0200)]
Refer to processor via hydra and not charon.

10 years agoMove processor_t (thread-pool) to libhydra.
Tobias Brunner [Mon, 5 Jul 2010 11:46:04 +0000 (13:46 +0200)]
Move processor_t (thread-pool) to libhydra.

10 years agoSupport different hash/sig algorithms in handshake signing, including ECDSA
Martin Willi [Thu, 2 Sep 2010 08:29:32 +0000 (10:29 +0200)]
Support different hash/sig algorithms in handshake signing, including ECDSA

10 years agoAdded TLS ClientCertificateType identifiers
Martin Willi [Thu, 2 Sep 2010 08:05:11 +0000 (10:05 +0200)]
Added TLS ClientCertificateType identifiers

10 years agoAdded TLS specific Hash and Signature Algorithm identifiers
Martin Willi [Thu, 2 Sep 2010 07:21:45 +0000 (09:21 +0200)]
Added TLS specific Hash and Signature Algorithm identifiers

10 years agoFixed typos in tls_writer method descriptions
Martin Willi [Thu, 2 Sep 2010 08:28:51 +0000 (10:28 +0200)]
Fixed typos in tls_writer method descriptions

10 years agoRespect key types in stroke key/certificate backend
Martin Willi [Thu, 2 Sep 2010 10:37:27 +0000 (12:37 +0200)]
Respect key types in stroke key/certificate backend

10 years agoAdded an enumerator for registered credential builders
Martin Willi [Thu, 2 Sep 2010 07:46:09 +0000 (09:46 +0200)]
Added an enumerator for registered credential builders

10 years agoMigrated credential_factory to INIT/METHOD macros
Martin Willi [Thu, 2 Sep 2010 07:30:48 +0000 (09:30 +0200)]
Migrated credential_factory to INIT/METHOD macros

10 years agoadapted evaltest.dat to new RULE_OCSP_VALIDATION
Andreas Steffen [Wed, 1 Sep 2010 20:22:27 +0000 (22:22 +0200)]
adapted evaltest.dat to new RULE_OCSP_VALIDATION

10 years agocosmetics in debug output
Andreas Steffen [Wed, 1 Sep 2010 12:30:14 +0000 (14:30 +0200)]
cosmetics in debug output

10 years agodefined aaa_identity
Andreas Steffen [Tue, 31 Aug 2010 22:16:19 +0000 (00:16 +0200)]
defined aaa_identity

10 years agoincrease number of message due to large certificate payloads
Andreas Steffen [Tue, 31 Aug 2010 22:11:23 +0000 (00:11 +0200)]
increase number of message due to large certificate payloads

10 years agoclarified debug output
Andreas Steffen [Tue, 31 Aug 2010 21:22:39 +0000 (23:22 +0200)]
clarified debug output

10 years agofixed typo
Andreas Steffen [Tue, 31 Aug 2010 19:42:14 +0000 (21:42 +0200)]
fixed typo

10 years agoDo not process any more TLS handshake messages on fatal alerts
Martin Willi [Tue, 31 Aug 2010 16:08:46 +0000 (18:08 +0200)]
Do not process any more TLS handshake messages on fatal alerts

10 years agoLoad a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
Martin Willi [Tue, 31 Aug 2010 16:02:46 +0000 (18:02 +0200)]
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined

10 years agoStrictly check if the server certificate matches the TLS server identity
Martin Willi [Tue, 31 Aug 2010 16:07:38 +0000 (18:07 +0200)]
Strictly check if the server certificate matches the TLS server identity

10 years agoUse the AAA Identity for EAP authentication, if given
Martin Willi [Tue, 31 Aug 2010 16:06:02 +0000 (18:06 +0200)]
Use the AAA Identity for EAP authentication, if given

10 years agoAdded support for the ipsec.conf aaa_identity keyword
Martin Willi [Tue, 31 Aug 2010 15:52:52 +0000 (17:52 +0200)]
Added support for the ipsec.conf aaa_identity keyword

10 years agoAdded an AAA identity authentication config option
Martin Willi [Tue, 31 Aug 2010 15:26:20 +0000 (17:26 +0200)]
Added an AAA identity authentication config option

10 years agoAdded strongswan.conf options for EAP-TLS/TTLS fragment size
Martin Willi [Tue, 31 Aug 2010 14:10:55 +0000 (16:10 +0200)]
Added strongswan.conf options for EAP-TLS/TTLS fragment size

10 years agoSupport processing of partial TLS record headers
Martin Willi [Tue, 31 Aug 2010 08:03:03 +0000 (10:03 +0200)]
Support processing of partial TLS record headers

10 years agoMigrated EAP-TTLS to the generic TLS helper
Martin Willi [Tue, 31 Aug 2010 07:12:40 +0000 (09:12 +0200)]
Migrated EAP-TTLS to the generic TLS helper

10 years agoMigrated EAP-TLS to the generic TLS helper
Martin Willi [Tue, 31 Aug 2010 07:12:20 +0000 (09:12 +0200)]
Migrated EAP-TLS to the generic TLS helper

10 years agoImplemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
Martin Willi [Tue, 31 Aug 2010 07:11:09 +0000 (09:11 +0200)]
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants

10 years agoSupport output fragmentation of TLS records
Martin Willi [Tue, 31 Aug 2010 06:57:26 +0000 (08:57 +0200)]
Support output fragmentation of TLS records

10 years agoMoved EAP type/code definitions to a seprate header file in libstrongswan
Martin Willi [Tue, 31 Aug 2010 06:55:48 +0000 (08:55 +0200)]
Moved EAP type/code definitions to a seprate header file in libstrongswan

10 years agoImplemented buffering of partial records in TLS stack
Martin Willi [Thu, 26 Aug 2010 10:27:56 +0000 (12:27 +0200)]
Implemented buffering of partial records in TLS stack

10 years agoLog TLS handshake subtypes as handshakes
Martin Willi [Thu, 26 Aug 2010 10:18:24 +0000 (12:18 +0200)]
Log TLS handshake subtypes as handshakes

10 years agoAdded a TLS debug level option, use debugging hook
Martin Willi [Thu, 26 Aug 2010 10:17:22 +0000 (12:17 +0200)]
Added a TLS debug level option, use debugging hook

10 years agoDo not strdup() zero length strings in identification_create_from_string()
Martin Willi [Tue, 31 Aug 2010 13:34:08 +0000 (15:34 +0200)]
Do not strdup() zero length strings in identification_create_from_string()

10 years agoCorrected some URLs.
Tobias Brunner [Tue, 31 Aug 2010 12:46:53 +0000 (14:46 +0200)]
Corrected some URLs.

10 years agoEnable the generation of unencrypted messages (e.g. ME connectivity checks).
Tobias Brunner [Mon, 30 Aug 2010 15:24:07 +0000 (17:24 +0200)]
Enable the generation of unencrypted messages (e.g. ME connectivity checks).

10 years agofixed typos
Andreas Steffen [Mon, 30 Aug 2010 14:22:33 +0000 (16:22 +0200)]
fixed typos

10 years agofixed copy-and-paste errors
Andreas Steffen [Mon, 30 Aug 2010 13:42:44 +0000 (15:42 +0200)]
fixed copy-and-paste errors

10 years agocreated an eap-tnc method hull
Andreas Steffen [Mon, 30 Aug 2010 13:36:24 +0000 (15:36 +0200)]
created an eap-tnc method hull

10 years agofor the time being assume a single request/response exchange for a given EAP method
Andreas Steffen [Mon, 30 Aug 2010 13:35:13 +0000 (15:35 +0200)]
for the time being assume a single request/response exchange for a given EAP method

10 years agoPort floating patch partially reversed.
Tobias Brunner [Mon, 30 Aug 2010 12:54:31 +0000 (14:54 +0200)]
Port floating patch partially reversed.

If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH request, that is, before we know whether the other peer
actually supports MOBIKE or not.

10 years agoSlightly refactored port floating.
Tobias Brunner [Mon, 30 Aug 2010 10:19:37 +0000 (12:19 +0200)]
Slightly refactored port floating.

In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.

10 years agodefined EAP-TNC
Andreas Steffen [Mon, 30 Aug 2010 11:13:39 +0000 (13:13 +0200)]
defined EAP-TNC

10 years agoUnwrap crlNumber INTEGER in openssl CRL parsing
Martin Willi [Mon, 30 Aug 2010 09:22:54 +0000 (11:22 +0200)]
Unwrap crlNumber INTEGER in openssl CRL parsing

10 years agoAdded crl support to pki --print
Martin Willi [Mon, 30 Aug 2010 09:01:18 +0000 (11:01 +0200)]
Added crl support to pki --print

10 years agoTypo in doxygen comment fixed.
Tobias Brunner [Mon, 30 Aug 2010 08:49:32 +0000 (10:49 +0200)]
Typo in doxygen comment fixed.

10 years agoFixed ME after introduction of AEAD wrapper.
Tobias Brunner [Mon, 30 Aug 2010 08:48:09 +0000 (10:48 +0200)]
Fixed ME after introduction of AEAD wrapper.

10 years agoFixed pluto smartcard support after introducing encryption schemes
Martin Willi [Mon, 30 Aug 2010 08:14:45 +0000 (10:14 +0200)]
Fixed pluto smartcard support after introducing encryption schemes

10 years agoreplaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
Andreas Steffen [Sun, 29 Aug 2010 19:52:08 +0000 (21:52 +0200)]
replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr

10 years agoadded ctr ccm and gcm plugins to ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 19:11:00 +0000 (21:11 +0200)]
added ctr ccm and gcm plugins to ikev2/rw-cert scenario

10 years agoadded ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 19:09:25 +0000 (21:09 +0200)]
added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario

10 years agoadded ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
Andreas Steffen [Sun, 29 Aug 2010 18:50:37 +0000 (20:50 +0200)]
added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario

10 years agoreplaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
Andreas Steffen [Sun, 29 Aug 2010 18:39:51 +0000 (20:39 +0200)]
replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm

10 years agoreplaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
Andreas Steffen [Sun, 29 Aug 2010 18:24:12 +0000 (20:24 +0200)]
replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm

10 years agoWin7 might send up to 7k of certificate requests
Andreas Steffen [Fri, 27 Aug 2010 14:30:05 +0000 (16:30 +0200)]
Win7 might send up to 7k of certificate requests

10 years agoFixed documentation of XAUTH in ipsec.secrets.
Tobias Brunner [Thu, 26 Aug 2010 08:25:08 +0000 (10:25 +0200)]
Fixed documentation of XAUTH in ipsec.secrets.

10 years agoPrefer AES/Camellia suites over 3DES/NULL encryption
Martin Willi [Wed, 25 Aug 2010 16:30:09 +0000 (18:30 +0200)]
Prefer AES/Camellia suites over 3DES/NULL encryption

10 years agoSend TLS alerts for errors in TLS handshake building
Martin Willi [Wed, 25 Aug 2010 16:24:27 +0000 (18:24 +0200)]
Send TLS alerts for errors in TLS handshake building

10 years agoRefactored fragment building, use correct TLS content type for non-first fragments
Martin Willi [Wed, 25 Aug 2010 16:04:59 +0000 (18:04 +0200)]
Refactored fragment building, use correct TLS content type for non-first fragments

10 years agoUpdate delete_payload length when adding SPIs
Martin Willi [Wed, 25 Aug 2010 15:03:09 +0000 (17:03 +0200)]
Update delete_payload length when adding SPIs

10 years agoMigrated delete_payload to INIT/METHOD macros, replaced iterator
Martin Willi [Wed, 25 Aug 2010 15:00:01 +0000 (17:00 +0200)]
Migrated delete_payload to INIT/METHOD macros, replaced iterator

10 years agoUse different return values in payload decryption to distinguish between integrity...
Martin Willi [Wed, 25 Aug 2010 13:29:53 +0000 (15:29 +0200)]
Use different return values in payload decryption to distinguish between integrity and syntax errors

10 years agoImplemented a TLS utility to test on any TLS secured TCP connection
Martin Willi [Wed, 25 Aug 2010 10:57:13 +0000 (12:57 +0200)]
Implemented a TLS utility to test on any TLS secured TCP connection

10 years agoAdded a simple high level TLS wrapper for sockets
Martin Willi [Wed, 25 Aug 2010 10:51:01 +0000 (12:51 +0200)]
Added a simple high level TLS wrapper for sockets

10 years agoInitialize output chunk before appending data to it
Martin Willi [Wed, 25 Aug 2010 10:43:21 +0000 (12:43 +0200)]
Initialize output chunk before appending data to it

10 years agoAdded private key support to in-memory credential set
Martin Willi [Tue, 24 Aug 2010 16:17:34 +0000 (18:17 +0200)]
Added private key support to in-memory credential set

10 years agoAdded certificate support to in-memory credential set
Martin Willi [Tue, 24 Aug 2010 14:59:45 +0000 (16:59 +0200)]
Added certificate support to in-memory credential set

10 years agoCheck if colliding rekey actually created an IKE_INIT
Thomas Egerer [Tue, 24 Aug 2010 12:55:47 +0000 (14:55 +0200)]
Check if colliding rekey actually created an IKE_INIT

In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.

10 years agoAdded a ike_name logger option to prefix the IKE_SA name on each line
Martin Willi [Wed, 25 Aug 2010 07:53:43 +0000 (09:53 +0200)]
Added a ike_name logger option to prefix the IKE_SA name on each line

10 years agoremoved tls_record_t definition
Andreas Steffen [Tue, 24 Aug 2010 17:18:44 +0000 (19:18 +0200)]
removed tls_record_t definition

10 years agoPass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_...
Martin Willi [Tue, 24 Aug 2010 09:34:43 +0000 (11:34 +0200)]
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option

10 years agoSkip the close notify if application layer completes successfully
Martin Willi [Tue, 24 Aug 2010 08:29:54 +0000 (10:29 +0200)]
Skip the close notify if application layer completes successfully

10 years agoadded ikev2/rw-eap-tls-fragments scenario
Andreas Steffen [Tue, 24 Aug 2010 08:12:15 +0000 (10:12 +0200)]
added ikev2/rw-eap-tls-fragments scenario

10 years agouse correct network diagram
Andreas Steffen [Tue, 24 Aug 2010 08:09:58 +0000 (10:09 +0200)]
use correct network diagram

10 years agosupport fragmentation in AVPs
Andreas Steffen [Tue, 24 Aug 2010 07:02:40 +0000 (09:02 +0200)]
support fragmentation in AVPs

10 years agoremoved some redundant debug output
Andreas Steffen [Tue, 24 Aug 2010 07:00:52 +0000 (09:00 +0200)]
removed some redundant debug output

10 years agoAdded generic TLS purposes
Martin Willi [Tue, 24 Aug 2010 06:42:10 +0000 (08:42 +0200)]
Added generic TLS purposes

10 years agoClient sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
Martin Willi [Tue, 24 Aug 2010 06:41:12 +0000 (08:41 +0200)]
Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS