strongswan.git
8 years agoImplemented responder retransmission, currently enabled for quick mode only
Martin Willi [Wed, 21 Dec 2011 16:08:08 +0000 (17:08 +0100)]
Implemented responder retransmission, currently enabled for quick mode only

8 years agoQueue IKEv1 INFORMATIONALS with higher priority to process notifies first
Martin Willi [Wed, 21 Dec 2011 14:02:02 +0000 (15:02 +0100)]
Queue IKEv1 INFORMATIONALS with higher priority to process notifies first

8 years agoAccept IKEv1 INVALID_KE_INFORMATION notifies without data
Martin Willi [Wed, 21 Dec 2011 14:01:29 +0000 (15:01 +0100)]
Accept IKEv1 INVALID_KE_INFORMATION notifies without data

8 years agoDon't process notifies in quick mode task when we get an INFORMATIONAL
Martin Willi [Wed, 21 Dec 2011 13:39:05 +0000 (14:39 +0100)]
Don't process notifies in quick mode task when we get an INFORMATIONAL

8 years agoAlways queue a new passive task when receiving an IKEv1 INFORMATIONAL
Martin Willi [Wed, 21 Dec 2011 13:38:36 +0000 (14:38 +0100)]
Always queue a new passive task when receiving an IKEv1 INFORMATIONAL

8 years agoIKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added.
Tobias Brunner [Wed, 21 Dec 2011 12:46:47 +0000 (13:46 +0100)]
IKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added.

8 years agoFixed leak of a hash when checking out by hash
Martin Willi [Wed, 21 Dec 2011 12:55:30 +0000 (13:55 +0100)]
Fixed leak of a hash when checking out by hash

8 years agoGive a hint that decryption failed if payload length invalid
Martin Willi [Wed, 21 Dec 2011 12:54:40 +0000 (13:54 +0100)]
Give a hint that decryption failed if payload length invalid

8 years agoCast keymat safely, not based on external input
Martin Willi [Wed, 21 Dec 2011 11:39:21 +0000 (12:39 +0100)]
Cast keymat safely, not based on external input

8 years agoAdded a keymat_t version to cast it safely
Martin Willi [Wed, 21 Dec 2011 11:13:43 +0000 (12:13 +0100)]
Added a keymat_t version to cast it safely

8 years agoHandle initiation of not supported IKE versions properly
Martin Willi [Wed, 21 Dec 2011 11:05:34 +0000 (12:05 +0100)]
Handle initiation of not supported IKE versions properly

8 years agoSend a delete for every CHILD_SA before deleting IKE_SA
Martin Willi [Wed, 21 Dec 2011 09:53:05 +0000 (10:53 +0100)]
Send a delete for every CHILD_SA before deleting IKE_SA

8 years agoSet used auth_class in PSKv1 authenticator to comply to constraints
Martin Willi [Tue, 20 Dec 2011 18:20:51 +0000 (19:20 +0100)]
Set used auth_class in PSKv1 authenticator to comply to constraints

8 years agoFixed scheduling of IKEv2 init tasks in a second keyingtry
Martin Willi [Tue, 20 Dec 2011 18:08:29 +0000 (19:08 +0100)]
Fixed scheduling of IKEv2 init tasks in a second keyingtry

8 years agoDon't requeue IKEv1 init tasks if they already exist in a second keyingtry
Martin Willi [Tue, 20 Dec 2011 18:03:12 +0000 (19:03 +0100)]
Don't requeue IKEv1 init tasks if they already exist in a second keyingtry

8 years agoUse IPSEC DOI also for ISAKMP SA deletes.
Tobias Brunner [Tue, 20 Dec 2011 17:49:49 +0000 (18:49 +0100)]
Use IPSEC DOI also for ISAKMP SA deletes.

8 years agoImplemented resetting of IKEv1 task manager, enabling additional keyingtries
Martin Willi [Tue, 20 Dec 2011 17:02:01 +0000 (18:02 +0100)]
Implemented resetting of IKEv1 task manager, enabling additional keyingtries

8 years agoFixed migration of NATD task
Martin Willi [Tue, 20 Dec 2011 17:01:25 +0000 (18:01 +0100)]
Fixed migration of NATD task

8 years agoImplemented migration of quick mode task
Martin Willi [Tue, 20 Dec 2011 17:01:12 +0000 (18:01 +0100)]
Implemented migration of quick mode task

8 years agoImplemented migration of XAuth task
Martin Willi [Tue, 20 Dec 2011 17:00:57 +0000 (18:00 +0100)]
Implemented migration of XAuth task

8 years agoImplemented migration of certificate handling tasks
Martin Willi [Tue, 20 Dec 2011 17:00:03 +0000 (18:00 +0100)]
Implemented migration of certificate handling tasks

8 years agoImplemented migration of Main Mode task
Martin Willi [Tue, 20 Dec 2011 16:59:45 +0000 (17:59 +0100)]
Implemented migration of Main Mode task

8 years agoCheck message version before processing it on an IKE_SA
Martin Willi [Tue, 20 Dec 2011 15:23:12 +0000 (16:23 +0100)]
Check message version before processing it on an IKE_SA

8 years agoFix ike_version_t enum names
Martin Willi [Tue, 20 Dec 2011 15:22:56 +0000 (16:22 +0100)]
Fix ike_version_t enum names

8 years agoAccept NULL as keymat when generating a message
Martin Willi [Tue, 20 Dec 2011 15:07:00 +0000 (16:07 +0100)]
Accept NULL as keymat when generating a message

8 years agoSend correct INVALID_MAJOR_VERSION when receiving packet with unsupported protocol
Martin Willi [Tue, 20 Dec 2011 12:19:52 +0000 (13:19 +0100)]
Send correct INVALID_MAJOR_VERSION when receiving packet with unsupported protocol

8 years agoDrop IKEv1 main/aggressive modes if peer to aggressive
Martin Willi [Tue, 20 Dec 2011 12:24:43 +0000 (13:24 +0100)]
Drop IKEv1 main/aggressive modes if peer to aggressive

8 years agoAdded description for the xauth-eap plugin
Martin Willi [Tue, 20 Dec 2011 10:25:25 +0000 (11:25 +0100)]
Added description for the xauth-eap plugin

8 years agoCheck if a config has been selected before narrowing selectors in quick mode
Martin Willi [Tue, 20 Dec 2011 10:15:15 +0000 (11:15 +0100)]
Check if a config has been selected before narrowing selectors in quick mode

8 years agoAdded an XAuth plugin that forwards authentication to EAP methods
Martin Willi [Mon, 19 Dec 2011 19:21:02 +0000 (20:21 +0100)]
Added an XAuth plugin that forwards authentication to EAP methods

8 years agoAdded a flag to register local credential sets exclusively, disabling all others
Martin Willi [Mon, 19 Dec 2011 19:22:18 +0000 (20:22 +0100)]
Added a flag to register local credential sets exclusively, disabling all others

8 years agoAdded missing XAuth plugin feature enum names
Martin Willi [Mon, 19 Dec 2011 17:55:41 +0000 (18:55 +0100)]
Added missing XAuth plugin feature enum names

8 years agoAdded a TODO for creating IKE_SAs with unsupported protocol version
Martin Willi [Mon, 19 Dec 2011 14:50:31 +0000 (15:50 +0100)]
Added a TODO for creating IKE_SAs with unsupported protocol version

8 years agoDon't accept IKEv2 packets if IKEv2 disabled
Martin Willi [Mon, 19 Dec 2011 14:45:03 +0000 (15:45 +0100)]
Don't accept IKEv2 packets if IKEv2 disabled

8 years agoDon't include ikev1/ikev2 subfolders in build when using --disable-ikev1/ikev2
Martin Willi [Mon, 19 Dec 2011 14:28:55 +0000 (15:28 +0100)]
Don't include ikev1/ikev2 subfolders in build when using --disable-ikev1/ikev2

8 years agoMoved eap/xauth classes out of protocol specific subdirectories
Martin Willi [Mon, 19 Dec 2011 14:22:50 +0000 (15:22 +0100)]
Moved eap/xauth classes out of protocol specific subdirectories

8 years agoRemoved obsolete task header inclusion in IKE_SA
Martin Willi [Mon, 19 Dec 2011 14:20:36 +0000 (15:20 +0100)]
Removed obsolete task header inclusion in IKE_SA

8 years agoMoved MOBIKE task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 14:04:28 +0000 (15:04 +0100)]
Moved MOBIKE task creation to protocol specific task manager

8 years agoCheck in task manager if we have to requeue IKE tasks in a non-first keyingtry
Martin Willi [Mon, 19 Dec 2011 13:46:56 +0000 (14:46 +0100)]
Check in task manager if we have to requeue IKE tasks in a non-first keyingtry

8 years agoMoved IKE_SA reauth task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:39:05 +0000 (14:39 +0100)]
Moved IKE_SA reauth task creation to protocol specific task manager

8 years agoMoved IKE_SA rekey task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:35:14 +0000 (14:35 +0100)]
Moved IKE_SA rekey task creation to protocol specific task manager

8 years agoMoved IKE_SA delete task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:29:57 +0000 (14:29 +0100)]
Moved IKE_SA delete task creation to protocol specific task manager

8 years agoMoved CHILD_SA delete task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:25:14 +0000 (14:25 +0100)]
Moved CHILD_SA delete task creation to protocol specific task manager

8 years agoMoved CHILD_SA rekey task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:20:33 +0000 (14:20 +0100)]
Moved CHILD_SA rekey task creation to protocol specific task manager

8 years agoMoved CHILD_SA initiate task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:15:21 +0000 (14:15 +0100)]
Moved CHILD_SA initiate task creation to protocol specific task manager

8 years agoMoved IKE_SA initiate task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 13:15:02 +0000 (14:15 +0100)]
Moved IKE_SA initiate task creation to protocol specific task manager

8 years agoMoved liveness checking task creation to protocol specific task manager
Martin Willi [Mon, 19 Dec 2011 12:49:09 +0000 (13:49 +0100)]
Moved liveness checking task creation to protocol specific task manager

8 years agoFactories honor charon IKEv1/IKEv2 protocol support flags
Martin Willi [Mon, 19 Dec 2011 12:32:41 +0000 (13:32 +0100)]
Factories honor charon IKEv1/IKEv2 protocol support flags

8 years agoAdded a --disable-ikev2 option to disable IKEv2 support in charon
Martin Willi [Mon, 19 Dec 2011 12:13:45 +0000 (13:13 +0100)]
Added a --disable-ikev2 option to disable IKEv2 support in charon

8 years agoSeparated libcharon/sa directory with ikev1 and ikev2 subfolders
Martin Willi [Mon, 19 Dec 2011 12:10:29 +0000 (13:10 +0100)]
Separated libcharon/sa directory with ikev1 and ikev2 subfolders

8 years agoRenamed ike_vendor_v1 to isakmp_vendor
Martin Willi [Mon, 19 Dec 2011 10:28:54 +0000 (11:28 +0100)]
Renamed ike_vendor_v1 to isakmp_vendor

8 years agoRenamed ike_natd_v1 to isakmp_natd
Martin Willi [Mon, 19 Dec 2011 10:24:03 +0000 (11:24 +0100)]
Renamed ike_natd_v1 to isakmp_natd

8 years agoRenamed ike_cert_pre_v1 to isakmp_cert_pre
Martin Willi [Mon, 19 Dec 2011 10:17:31 +0000 (11:17 +0100)]
Renamed ike_cert_pre_v1 to isakmp_cert_pre

8 years agoRenamed ike_cert_post_v1 to isakmp_cert_post
Martin Willi [Mon, 19 Dec 2011 10:12:27 +0000 (11:12 +0100)]
Renamed ike_cert_post_v1 to isakmp_cert_post

8 years agoFixed fix for XAuth plugin feature matching
Martin Willi [Mon, 19 Dec 2011 10:33:06 +0000 (11:33 +0100)]
Fixed fix for XAuth plugin feature matching

8 years agoDoxygen fixes
Martin Willi [Mon, 19 Dec 2011 09:27:40 +0000 (10:27 +0100)]
Doxygen fixes

8 years agoRemoved obsolete XAuth job
Martin Willi [Mon, 19 Dec 2011 09:22:47 +0000 (10:22 +0100)]
Removed obsolete XAuth job

8 years agoAlways use a transform number of 1 when encoding a single transform
Martin Willi [Mon, 19 Dec 2011 09:12:52 +0000 (10:12 +0100)]
Always use a transform number of 1 when encoding a single transform

8 years agoAnother set of cleanups in message.c
Martin Willi [Mon, 19 Dec 2011 09:12:33 +0000 (10:12 +0100)]
Another set of cleanups in message.c

8 years agoFix XAuth plugin feature matching
Martin Willi [Mon, 19 Dec 2011 09:10:57 +0000 (10:10 +0100)]
Fix XAuth plugin feature matching

8 years agoInitiate IKE_ANY configurations with IKEv2
Martin Willi [Sat, 17 Dec 2011 13:26:04 +0000 (14:26 +0100)]
Initiate IKE_ANY configurations with IKEv2

8 years agoPass IKE version to peer config enumerator, filter configs
Martin Willi [Sat, 17 Dec 2011 12:31:27 +0000 (13:31 +0100)]
Pass IKE version to peer config enumerator, filter configs

8 years agoSupport an "any" IKE version for both IKEv1 or IKEv2
Martin Willi [Sat, 17 Dec 2011 11:48:14 +0000 (12:48 +0100)]
Support an "any" IKE version for both IKEv1 or IKEv2

8 years agoSome coding style cleanups
Martin Willi [Sat, 17 Dec 2011 11:47:44 +0000 (12:47 +0100)]
Some coding style cleanups

8 years agoFixed notify enum names
Martin Willi [Sat, 17 Dec 2011 11:19:30 +0000 (12:19 +0100)]
Fixed notify enum names

8 years agoAdded support for iKEIntermediate flag to ipsec pki.
Tobias Brunner [Thu, 15 Dec 2011 15:56:07 +0000 (16:56 +0100)]
Added support for iKEIntermediate flag to ipsec pki.

8 years agoAdded support for iKEIntermediate X.509 extended key usage flag.
Tobias Brunner [Thu, 15 Dec 2011 15:54:49 +0000 (16:54 +0100)]
Added support for iKEIntermediate X.509 extended key usage flag.

Mac OS X requires server certificates to have this flag set.

8 years agoSome whitespace fixes.
Tobias Brunner [Thu, 15 Dec 2011 15:51:19 +0000 (16:51 +0100)]
Some whitespace fixes.

8 years agoLog parsed unsigned ints with proper format strings.
Tobias Brunner [Thu, 15 Dec 2011 10:22:31 +0000 (11:22 +0100)]
Log parsed unsigned ints with proper format strings.

8 years agoSend different notifies if quick mode fails
Martin Willi [Thu, 15 Dec 2011 17:35:55 +0000 (18:35 +0100)]
Send different notifies if quick mode fails

8 years agoSupport flushing of task queue after building message in task fails
Martin Willi [Thu, 15 Dec 2011 17:23:28 +0000 (18:23 +0100)]
Support flushing of task queue after building message in task fails

8 years agoConsider notify errors fatal only during main mode
Martin Willi [Thu, 15 Dec 2011 17:11:00 +0000 (18:11 +0100)]
Consider notify errors fatal only during main mode

8 years agoDelete CHILD_SA if installing SA in third message fails
Martin Willi [Thu, 15 Dec 2011 17:04:39 +0000 (18:04 +0100)]
Delete CHILD_SA if installing SA in third message fails

8 years agoAdded a quick_delete task flag to enforce delete, even if CHILD_SA not found
Martin Willi [Thu, 15 Dec 2011 17:03:14 +0000 (18:03 +0100)]
Added a quick_delete task flag to enforce delete, even if CHILD_SA not found

8 years agoSend delete if Main Mode authentication fails as initiator
Martin Willi [Thu, 15 Dec 2011 16:28:58 +0000 (17:28 +0100)]
Send delete if Main Mode authentication fails as initiator

8 years agoSend notifies in all error cases of Main Mode
Martin Willi [Thu, 15 Dec 2011 16:04:45 +0000 (17:04 +0100)]
Send notifies in all error cases of Main Mode

8 years agoAdd some additional IKEv1 notify types
Martin Willi [Thu, 15 Dec 2011 16:04:29 +0000 (17:04 +0100)]
Add some additional IKEv1 notify types

8 years agoDo not trust unprotected INFORMATIONALS, just print that we got one
Martin Willi [Thu, 15 Dec 2011 15:23:47 +0000 (16:23 +0100)]
Do not trust unprotected INFORMATIONALS, just print that we got one

8 years agoUse (as client) and verify (as server) configured XAuth identities
Martin Willi [Thu, 15 Dec 2011 12:15:34 +0000 (13:15 +0100)]
Use (as client) and verify (as server) configured XAuth identities

8 years agoAdded an identity getter to XAuth methods to query the actually used identity
Martin Willi [Thu, 15 Dec 2011 12:14:33 +0000 (13:14 +0100)]
Added an identity getter to XAuth methods to query the actually used identity

8 years agoBe a little more verbose about XAuth configs in ipsec statusall
Martin Willi [Thu, 15 Dec 2011 12:13:30 +0000 (13:13 +0100)]
Be a little more verbose about XAuth configs in ipsec statusall

8 years agoPass ipsec.conf xauth_identity option via stroke to charon configurations
Martin Willi [Thu, 15 Dec 2011 12:12:42 +0000 (13:12 +0100)]
Pass ipsec.conf xauth_identity option via stroke to charon configurations

8 years agoStore Main Mode identity even if XAuth-only is used for authentication
Martin Willi [Thu, 15 Dec 2011 11:28:43 +0000 (12:28 +0100)]
Store Main Mode identity even if XAuth-only is used for authentication

8 years agoAdded an XAUTH identity to use or require for XAuth authentication
Martin Willi [Thu, 15 Dec 2011 10:58:26 +0000 (11:58 +0100)]
Added an XAUTH identity to use or require for XAuth authentication

8 years agoCheck authorization constraints after main mode completed
Martin Willi [Thu, 15 Dec 2011 10:31:02 +0000 (11:31 +0100)]
Check authorization constraints after main mode completed

8 years agoStop checking once a key size constraint is not fulfilled
Martin Willi [Thu, 15 Dec 2011 10:30:22 +0000 (11:30 +0100)]
Stop checking once a key size constraint is not fulfilled

8 years agoSave authentication info collected during main mode authentication
Martin Willi [Thu, 15 Dec 2011 10:01:35 +0000 (11:01 +0100)]
Save authentication info collected during main mode authentication

8 years agoFlush auth configs, if enabled, for both IKEv1 and IKEv2
Martin Willi [Thu, 15 Dec 2011 10:01:06 +0000 (11:01 +0100)]
Flush auth configs, if enabled, for both IKEv1 and IKEv2

8 years agoFixed return value if SIG payload missing
Martin Willi [Thu, 15 Dec 2011 09:01:35 +0000 (10:01 +0100)]
Fixed return value if SIG payload missing

8 years agoShow auth method of config we are looking for in main mode
Martin Willi [Wed, 14 Dec 2011 18:45:30 +0000 (19:45 +0100)]
Show auth method of config we are looking for in main mode

8 years agoFixed IKEv1 prf+ keymat expansion beyond 320 bits
Martin Willi [Wed, 14 Dec 2011 16:34:57 +0000 (17:34 +0100)]
Fixed IKEv1 prf+ keymat expansion beyond 320 bits

8 years agoRemove executable flag from source code files
Martin Willi [Wed, 14 Dec 2011 15:46:29 +0000 (16:46 +0100)]
Remove executable flag from source code files

8 years agoRemoved IKEv1 specific code from child_delete task
Martin Willi [Wed, 14 Dec 2011 15:41:32 +0000 (16:41 +0100)]
Removed IKEv1 specific code from child_delete task

8 years agoUse IKEv1 specific tasks to close Quick Mode SAs
Martin Willi [Wed, 14 Dec 2011 15:39:44 +0000 (16:39 +0100)]
Use IKEv1 specific tasks to close Quick Mode SAs

8 years agoAdded a dedicated IKEv1 task to delete CHILD_SAs
Martin Willi [Wed, 14 Dec 2011 15:33:39 +0000 (16:33 +0100)]
Added a dedicated IKEv1 task to delete CHILD_SAs

8 years agoClose IKE_SA directly after sending the delete
Martin Willi [Wed, 14 Dec 2011 14:33:06 +0000 (15:33 +0100)]
Close IKE_SA directly after sending the delete

8 years agoRemoved IKEv1 specific code from ike_delete task
Martin Willi [Wed, 14 Dec 2011 14:28:43 +0000 (15:28 +0100)]
Removed IKEv1 specific code from ike_delete task

8 years agoUse the IKEv1 specific delete in IKEv1 SAs
Martin Willi [Wed, 14 Dec 2011 14:27:12 +0000 (15:27 +0100)]
Use the IKEv1 specific delete in IKEv1 SAs

8 years agoAdded a dedicated delete task for IKEv1 IKE_SAs
Martin Willi [Wed, 14 Dec 2011 14:22:39 +0000 (15:22 +0100)]
Added a dedicated delete task for IKEv1 IKE_SAs

8 years agoUse a single task_type_t enum name for ME and non-ME variant
Martin Willi [Wed, 14 Dec 2011 14:21:35 +0000 (15:21 +0100)]
Use a single task_type_t enum name for ME and non-ME variant