strongswan.git
8 years agoRegister HASH_V1 in payload factory
Martin Willi [Mon, 21 Nov 2011 15:41:16 +0000 (16:41 +0100)]
Register HASH_V1 in payload factory

8 years agoDerive IKE keys as IKEv1 initiator, too
Martin Willi [Mon, 21 Nov 2011 13:36:05 +0000 (14:36 +0100)]
Derive IKE keys as IKEv1 initiator, too

8 years agoFix payload length of id_payload created from a traffic selector
Martin Willi [Mon, 21 Nov 2011 12:43:48 +0000 (13:43 +0100)]
Fix payload length of id_payload created from a traffic selector

8 years agoString for ENCRYPTED_DATA fixed.
Tobias Brunner [Mon, 21 Nov 2011 14:18:40 +0000 (15:18 +0100)]
String for ENCRYPTED_DATA fixed.

8 years agoStrings for ENCRYPTED_V1 payload added.
Tobias Brunner [Mon, 21 Nov 2011 14:16:51 +0000 (15:16 +0100)]
Strings for ENCRYPTED_V1 payload added.

8 years agoSet flags on message according to IKE version when parsing header.
Tobias Brunner [Mon, 21 Nov 2011 12:26:27 +0000 (13:26 +0100)]
Set flags on message according to IKE version when parsing header.

8 years agoEncrypt IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 12:24:17 +0000 (13:24 +0100)]
Encrypt IKEv1 messages.

8 years agoDecrypt IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 12:19:19 +0000 (13:19 +0100)]
Decrypt IKEv1 messages.

8 years agoAdded IV generation to keymat_v1_t.
Tobias Brunner [Mon, 21 Nov 2011 12:11:16 +0000 (13:11 +0100)]
Added IV generation to keymat_v1_t.

8 years agoUse modified encryption payload to encrypt/decrypt complete IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 10:53:23 +0000 (11:53 +0100)]
Use modified encryption payload to encrypt/decrypt complete IKEv1 messages.

8 years agoUse key derivation in IKEv1 main mode (PSK authentication).
Tobias Brunner [Mon, 21 Nov 2011 10:46:18 +0000 (11:46 +0100)]
Use key derivation in IKEv1 main mode (PSK authentication).

8 years agoAdded a simple AEAD wrapper for IKEv1 encryption/decryption.
Tobias Brunner [Mon, 21 Nov 2011 10:43:43 +0000 (11:43 +0100)]
Added a simple AEAD wrapper for IKEv1 encryption/decryption.

8 years agoAdded IKEv1 key derivation with support for AUTH_CLASS_PSK.
Tobias Brunner [Mon, 21 Nov 2011 10:41:37 +0000 (11:41 +0100)]
Added IKEv1 key derivation with support for AUTH_CLASS_PSK.

8 years agoUpdate cached hosts on ike_sa_t when processing IKEv1 messages.
Tobias Brunner [Mon, 21 Nov 2011 10:24:38 +0000 (11:24 +0100)]
Update cached hosts on ike_sa_t when processing IKEv1 messages.

8 years agoProvide keymat_t to message_t to encrypt/decrypt data.
Tobias Brunner [Mon, 21 Nov 2011 10:18:08 +0000 (11:18 +0100)]
Provide keymat_t to message_t to encrypt/decrypt data.

8 years agoAvoid compiler warnings due to extended enums.
Tobias Brunner [Mon, 21 Nov 2011 10:05:43 +0000 (11:05 +0100)]
Avoid compiler warnings due to extended enums.

8 years agoMoved version specific keymat functions to specific interfaces.
Tobias Brunner [Fri, 18 Nov 2011 09:56:48 +0000 (10:56 +0100)]
Moved version specific keymat functions to specific interfaces.

8 years agoAdded a generic TASK_ prefix to all task types
Martin Willi [Mon, 21 Nov 2011 11:18:24 +0000 (12:18 +0100)]
Added a generic TASK_ prefix to all task types

8 years agoInitiate and respond to quick mode task (stub)
Martin Willi [Mon, 21 Nov 2011 10:56:58 +0000 (11:56 +0100)]
Initiate and respond to quick mode task (stub)

8 years agoPrint message ID as unsigned integer
Martin Willi [Mon, 21 Nov 2011 10:54:29 +0000 (11:54 +0100)]
Print message ID as unsigned integer

8 years agoAdded message encoding rules for quick mode
Martin Willi [Mon, 21 Nov 2011 10:51:16 +0000 (11:51 +0100)]
Added message encoding rules for quick mode

8 years agoFixed reference counting bugs in main mode
Martin Willi [Mon, 21 Nov 2011 10:42:53 +0000 (11:42 +0100)]
Fixed reference counting bugs in main mode

8 years agoImplemented basic message id handling for IKEv1
Martin Willi [Mon, 21 Nov 2011 10:21:21 +0000 (11:21 +0100)]
Implemented basic message id handling for IKEv1

8 years agoAdded a quick mode task stub
Martin Willi [Mon, 21 Nov 2011 10:20:34 +0000 (11:20 +0100)]
Added a quick mode task stub

8 years agoFixed length calculation of delete payload
Martin Willi [Mon, 21 Nov 2011 09:22:50 +0000 (10:22 +0100)]
Fixed length calculation of delete payload

8 years agoUpdate header length after each parsed rule, as it might change when parsing SPI...
Martin Willi [Mon, 21 Nov 2011 09:10:48 +0000 (10:10 +0100)]
Update header length after each parsed rule, as it might change when parsing SPI size

8 years agoFix rule selection in transform substructure
Martin Willi [Mon, 21 Nov 2011 09:10:29 +0000 (10:10 +0100)]
Fix rule selection in transform substructure

8 years agoFixed proposal numbering check in sa_payload
Martin Willi [Mon, 21 Nov 2011 08:10:50 +0000 (09:10 +0100)]
Fixed proposal numbering check in sa_payload

8 years agoDon't clone chunk in message.get_packet_data
Martin Willi [Fri, 18 Nov 2011 16:49:53 +0000 (17:49 +0100)]
Don't clone chunk in message.get_packet_data

8 years agoVerify IKEv1 nonce size, send 32 byte nonces
Martin Willi [Fri, 18 Nov 2011 16:14:36 +0000 (17:14 +0100)]
Verify IKEv1 nonce size, send 32 byte nonces

8 years agoPartially implemented third main mode exchange (identities)
Martin Willi [Fri, 18 Nov 2011 15:12:15 +0000 (16:12 +0100)]
Partially implemented third main mode exchange (identities)

8 years agoAdded IKEv1 ID payload <-> traffic selector conversion functions
Martin Willi [Fri, 18 Nov 2011 13:31:13 +0000 (14:31 +0100)]
Added IKEv1 ID payload <-> traffic selector conversion functions

8 years agots.get_subnet() returns TRUE if the selector actually is a subnet
Martin Willi [Fri, 18 Nov 2011 13:30:15 +0000 (14:30 +0100)]
ts.get_subnet() returns TRUE if the selector actually is a subnet

8 years agoImplemented first two exchanges of Main Mode as initiator
Martin Willi [Fri, 18 Nov 2011 09:56:02 +0000 (10:56 +0100)]
Implemented first two exchanges of Main Mode as initiator

8 years agoAdded enum name for MAIN_MODE task
Martin Willi [Fri, 18 Nov 2011 09:55:23 +0000 (10:55 +0100)]
Added enum name for MAIN_MODE task

8 years agoDo not ignore configs for IKEv1 in charon anymore
Martin Willi [Fri, 18 Nov 2011 09:08:18 +0000 (10:08 +0100)]
Do not ignore configs for IKEv1 in charon anymore

8 years agoAdded missing task manager factory declaration
Martin Willi [Fri, 18 Nov 2011 08:50:22 +0000 (09:50 +0100)]
Added missing task manager factory declaration

8 years agoRe-enable static inclusion of PSK auth method into IKEv1 proposal
Martin Willi [Fri, 18 Nov 2011 08:16:54 +0000 (09:16 +0100)]
Re-enable static inclusion of PSK auth method into IKEv1 proposal

8 years agoAdded IKEv1 support to delete payload
Martin Willi [Thu, 17 Nov 2011 17:14:51 +0000 (18:14 +0100)]
Added IKEv1 support to delete payload

8 years agoAdded IKEv1 support to notify payload
Martin Willi [Thu, 17 Nov 2011 17:01:41 +0000 (18:01 +0100)]
Added IKEv1 support to notify payload

8 years agoMemory leak fixed.
Tobias Brunner [Thu, 17 Nov 2011 16:06:14 +0000 (17:06 +0100)]
Memory leak fixed.

8 years agoAdded factory function to create task_manager_t implementations.
Tobias Brunner [Thu, 17 Nov 2011 15:54:25 +0000 (16:54 +0100)]
Added factory function to create task_manager_t implementations.

8 years agoAdded factory function to create keymat_t implementations.
Tobias Brunner [Thu, 17 Nov 2011 15:45:14 +0000 (16:45 +0100)]
Added factory function to create keymat_t implementations.

8 years agoStore IKE version of an SA on ike_sa_t.
Tobias Brunner [Thu, 17 Nov 2011 15:26:52 +0000 (16:26 +0100)]
Store IKE version of an SA on ike_sa_t.

8 years agoAdded stub for IKEv1 keymat_t implementation.
Tobias Brunner [Thu, 17 Nov 2011 15:22:34 +0000 (16:22 +0100)]
Added stub for IKEv1 keymat_t implementation.

8 years agoUse keymat_t as common interface, renamed current implementation to _v2.
Tobias Brunner [Thu, 17 Nov 2011 15:19:47 +0000 (16:19 +0100)]
Use keymat_t as common interface, renamed current implementation to _v2.

8 years agoUse a generic list encoding rule we can use to specify the wrapped payload type
Martin Willi [Thu, 17 Nov 2011 14:44:42 +0000 (15:44 +0100)]
Use a generic list encoding rule we can use to specify the wrapped payload type

8 years agoUse a generic encoding type for all variable length chunks
Martin Willi [Thu, 17 Nov 2011 14:20:16 +0000 (14:20 +0000)]
Use a generic encoding type for all variable length chunks

8 years agoImplemented IKEv1 hash payload
Martin Willi [Thu, 17 Nov 2011 14:00:04 +0000 (15:00 +0100)]
Implemented IKEv1 hash payload

8 years agoExtended ID payload for (non-TS) IKEv1 use
Martin Willi [Thu, 17 Nov 2011 13:46:02 +0000 (13:46 +0000)]
Extended ID payload for (non-TS) IKEv1 use

8 years agoImplement second exchange in IKEv1 main mode
Martin Willi [Thu, 17 Nov 2011 12:47:08 +0000 (13:47 +0100)]
Implement second exchange in IKEv1 main mode

8 years agoAdd a payload.get_header_length() method, remove header length definitions
Martin Willi [Thu, 17 Nov 2011 11:27:46 +0000 (11:27 +0000)]
Add a payload.get_header_length() method, remove header length definitions

8 years agoSimplify signature of get_encoding_rules(), make all rules static
Martin Willi [Thu, 17 Nov 2011 10:27:55 +0000 (11:27 +0100)]
Simplify signature of get_encoding_rules(), make all rules static

8 years agoExtended KE payload for IKEv1 support
Martin Willi [Thu, 17 Nov 2011 10:16:02 +0000 (11:16 +0100)]
Extended KE payload for IKEv1 support

8 years agoExtended nonce payload for IKEv1 support
Martin Willi [Thu, 17 Nov 2011 09:53:35 +0000 (10:53 +0100)]
Extended nonce payload for IKEv1 support

8 years agoAdd fixed PSK authentication method to IKEv1 proposal for now
Martin Willi [Thu, 17 Nov 2011 09:45:41 +0000 (10:45 +0100)]
Add fixed PSK authentication method to IKEv1 proposal for now

8 years agoHandle first exchange in IKEv1 main mode as responder
Martin Willi [Wed, 16 Nov 2011 17:24:47 +0000 (18:24 +0100)]
Handle first exchange in IKEv1 main mode as responder

8 years agoAdded limiting encoding of IKEv1 SA payloads
Martin Willi [Wed, 16 Nov 2011 17:24:14 +0000 (18:24 +0100)]
Added limiting encoding of IKEv1 SA payloads

8 years agoAdded SA payload IKEv1 encoding types to generator
Martin Willi [Wed, 16 Nov 2011 17:23:37 +0000 (18:23 +0100)]
Added SA payload IKEv1 encoding types to generator

8 years agoDon't set IKEv2 only header flags when using IKEv1
Martin Willi [Wed, 16 Nov 2011 17:23:00 +0000 (18:23 +0100)]
Don't set IKEv2 only header flags when using IKEv1

8 years agoSet default IKE header initiator flag in IKEv2 only
Martin Willi [Wed, 16 Nov 2011 15:09:02 +0000 (15:09 +0000)]
Set default IKE header initiator flag in IKEv2 only

8 years agoAdded an IKEv1 main mode task stub
Martin Willi [Wed, 16 Nov 2011 14:44:06 +0000 (14:44 +0000)]
Added an IKEv1 main mode task stub

8 years agoAdded a stub for a IKEv1 task manager
Martin Willi [Wed, 16 Nov 2011 14:27:04 +0000 (15:27 +0100)]
Added a stub for a IKEv1 task manager

8 years agoUse task manager as generic interface, renamed implementation to _v2.
Martin Willi [Wed, 16 Nov 2011 13:53:54 +0000 (13:53 +0000)]
Use task manager as generic interface, renamed implementation to _v2.

8 years agoFix unaligned aliasing warning in raw socket
Martin Willi [Wed, 16 Nov 2011 13:45:19 +0000 (13:45 +0000)]
Fix unaligned aliasing warning in raw socket

8 years agoUse enum to define IKE version on peer_cfg_t.
Tobias Brunner [Wed, 16 Nov 2011 16:28:06 +0000 (17:28 +0100)]
Use enum to define IKE version on peer_cfg_t.

Replaced all those magic numbers.

8 years agoFix init message arrival check.
Tobias Brunner [Wed, 16 Nov 2011 15:19:13 +0000 (16:19 +0100)]
Fix init message arrival check.

8 years agoCompile error fixed.
Tobias Brunner [Wed, 16 Nov 2011 14:05:08 +0000 (15:05 +0100)]
Compile error fixed.

8 years agoMessage parsing slightly refactored, allows parsing of unencrypted IKEv1 messages.
Tobias Brunner [Wed, 16 Nov 2011 13:23:50 +0000 (14:23 +0100)]
Message parsing slightly refactored, allows parsing of unencrypted IKEv1 messages.

8 years agoAllow creation of message_t objects for IKEv1 packets.
Tobias Brunner [Wed, 16 Nov 2011 11:06:55 +0000 (12:06 +0100)]
Allow creation of message_t objects for IKEv1 packets.

8 years agoCertificate request payloads can be sent in pretty much any IKEv1 message.
Tobias Brunner [Wed, 16 Nov 2011 09:31:53 +0000 (10:31 +0100)]
Certificate request payloads can be sent in pretty much any IKEv1 message.

8 years agoImplemented limited payload parsing for IKEv1 SA payloads
Martin Willi [Wed, 16 Nov 2011 12:46:54 +0000 (13:46 +0100)]
Implemented limited payload parsing for IKEv1 SA payloads

8 years agoAdded additional IKEv1 payload and encoding identifiers
Martin Willi [Wed, 16 Nov 2011 12:40:09 +0000 (12:40 +0000)]
Added additional IKEv1 payload and encoding identifiers

8 years agoExtend sa_payload for IKEv1 support
Martin Willi [Wed, 16 Nov 2011 08:29:38 +0000 (09:29 +0100)]
Extend sa_payload for IKEv1 support

8 years agoMessage rules for IKEv1 INFORMATIONAL exchange added.
Tobias Brunner [Tue, 15 Nov 2011 17:23:15 +0000 (18:23 +0100)]
Message rules for IKEv1 INFORMATIONAL exchange added.

Since INFORMATIONAL "exchanges" are actually unidirectionally sent
message we don't have any responder rules.

8 years agoMessage rules for IKEv1 AGGRESSIVE exchange added.
Tobias Brunner [Tue, 15 Nov 2011 17:21:28 +0000 (18:21 +0100)]
Message rules for IKEv1 AGGRESSIVE exchange added.

These are basically the same as for ID_PROT but no payloads are expected
to be encrypted (at least if using PSK or signatures for authentication).

8 years agoMessage rules for IKEv1 ID_PROT exchange added.
Tobias Brunner [Tue, 15 Nov 2011 15:13:50 +0000 (16:13 +0100)]
Message rules for IKEv1 ID_PROT exchange added.

These rules are quite broad and cover main mode with at least PSK and
signature based authentication.

8 years agoTypo fixed.
Tobias Brunner [Tue, 15 Nov 2011 13:27:19 +0000 (14:27 +0100)]
Typo fixed.

8 years agoUse vendor id payload for IKEv1 payloads, too
Martin Willi [Tue, 15 Nov 2011 14:58:47 +0000 (14:58 +0000)]
Use vendor id payload for IKEv1 payloads, too

8 years agoAdded IKEv1 payload identifiers to "known" payload list
Martin Willi [Tue, 15 Nov 2011 14:58:23 +0000 (14:58 +0000)]
Added IKEv1 payload identifiers to "known" payload list

8 years agoHandle IKEv1 messages in managers checkout_by_message
Martin Willi [Tue, 15 Nov 2011 14:30:39 +0000 (15:30 +0100)]
Handle IKEv1 messages in managers checkout_by_message

8 years agoAdded IKEv1 payload identifiers
Martin Willi [Tue, 15 Nov 2011 13:47:20 +0000 (14:47 +0100)]
Added IKEv1 payload identifiers

8 years agoAccept and process IKEv1 messages in receiver
Martin Willi [Tue, 15 Nov 2011 13:03:24 +0000 (14:03 +0100)]
Accept and process IKEv1 messages in receiver

8 years agoExtended IKE header for IKEv1 support
Martin Willi [Tue, 15 Nov 2011 12:53:56 +0000 (13:53 +0100)]
Extended IKE header for IKEv1 support

8 years agoAdded configure option for the IKEv1 implementation in charon.
Tobias Brunner [Wed, 9 Nov 2011 11:08:40 +0000 (12:08 +0100)]
Added configure option for the IKEv1 implementation in charon.

8 years agogcrypt does not support MD2
Andreas Steffen [Wed, 9 Nov 2011 05:48:55 +0000 (06:48 +0100)]
gcrypt does not support MD2

8 years agoadded dummy libsimaka_init() function needed for integrity testing
Andreas Steffen [Tue, 8 Nov 2011 20:18:40 +0000 (21:18 +0100)]
added dummy libsimaka_init() function needed for integrity testing

8 years agoversion bump to 4.6.1
Andreas Steffen [Tue, 8 Nov 2011 20:00:09 +0000 (21:00 +0100)]
version bump to 4.6.1

8 years agoadded dummy libtls_init() function needed for integrity testing
Andreas Steffen [Tue, 8 Nov 2011 19:27:17 +0000 (20:27 +0100)]
added dummy libtls_init() function needed for integrity testing

8 years agoFixed monolithic build of libcharon with libtnccs enabled.
Tobias Brunner [Tue, 8 Nov 2011 17:28:00 +0000 (18:28 +0100)]
Fixed monolithic build of libcharon with libtnccs enabled.

8 years agoCorrectly refer to tnc-tnccs plugin when building monolithically.
Tobias Brunner [Tue, 8 Nov 2011 17:27:44 +0000 (18:27 +0100)]
Correctly refer to tnc-tnccs plugin when building monolithically.

8 years agoCalculate checksums for libsimaka and libtls.
Tobias Brunner [Tue, 8 Nov 2011 17:15:55 +0000 (18:15 +0100)]
Calculate checksums for libsimaka and libtls.

These are currently not checked though. And because they don't define a
<libname>_init function an warning is reported when the checksum is
calculated.

8 years agoDefer calculation of checksums until installation.
Tobias Brunner [Tue, 8 Nov 2011 16:58:32 +0000 (17:58 +0100)]
Defer calculation of checksums until installation.

The checksum is now calculated from the installed libraries and plugins.
This allows to calculate checksums for plugins linking to libraries like
libtls as these are relinked during installation.

8 years agoFixed formatting for longer plugin names in checksum_builder output.
Tobias Brunner [Tue, 8 Nov 2011 16:55:39 +0000 (17:55 +0100)]
Fixed formatting for longer plugin names in checksum_builder output.

8 years agoDon't link libtnccs to checksum_builder.
Tobias Brunner [Tue, 8 Nov 2011 16:53:37 +0000 (17:53 +0100)]
Don't link libtnccs to checksum_builder.

Linking is only required for libraries defining global symbols used by
plugins to which the plugins do not link themselves.

8 years agoRevert "fixed integrity tests of plugins using libtls or libtnccs"
Tobias Brunner [Tue, 8 Nov 2011 11:08:00 +0000 (12:08 +0100)]
Revert "fixed integrity tests of plugins using libtls or libtnccs"

This reverts commit b597ac4a4cbcd9197b886d743c75d58293264580 (not
completely).

8 years agoRevert "fixed integrity tests of plugins using libsimaka"
Tobias Brunner [Tue, 8 Nov 2011 11:04:50 +0000 (12:04 +0100)]
Revert "fixed integrity tests of plugins using libsimaka"

This reverts commit 8c42f16deeeffa1ae305b18306b0796f49c9922c.

Conflicts:

src/charon/Makefile.am

8 years agomaemo: New upstream release.
Tobias Brunner [Mon, 7 Nov 2011 13:50:35 +0000 (14:50 +0100)]
maemo: New upstream release.

8 years agoassign get_features method
Andreas Steffen [Mon, 7 Nov 2011 18:15:41 +0000 (19:15 +0100)]
assign get_features method

8 years agomoved random plugin in front of openssl in order to prefer gmp
Andreas Steffen [Sat, 5 Nov 2011 06:24:17 +0000 (07:24 +0100)]
moved random plugin in front of openssl in order to prefer gmp