Tobias Brunner
fde2d34d0f
Fixed ME after introduction of AEAD wrapper.
2010-08-30 10:48:09 +02:00
Martin Willi
5299719569
Migrated delete_payload to INIT/METHOD macros, replaced iterator
2010-08-25 17:03:00 +02:00
Thomas Egerer
e54e86cb49
Check if colliding rekey actually created an IKE_INIT
...
In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.
2010-08-25 10:16:42 +02:00
Martin Willi
2e64455ee1
Fixed crypter keymat derivation bug
2010-08-19 19:28:08 +02:00
Martin Willi
84eb3aa456
Implemented IKEv2 keymat derivation for AEAD algorithms
2010-08-19 19:02:34 +02:00
Martin Willi
b519071299
Use AEAD wrapper for encryption payload encryption/decryption
2010-08-19 19:02:33 +02:00
Martin Willi
5555b900b2
Migrated keymat to INIT/METHOD macros
2010-08-19 12:35:53 +02:00
Martin Willi
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
Andreas Steffen
53115857ae
some simplifications using the INIT macro
2010-08-17 20:09:32 +02:00
Martin Willi
c03b0d7e6b
Added support for Camellia cipher to xcbc
2010-08-13 17:11:54 +02:00
Andreas Steffen
45c4021bd0
Migrated eap_authenticator to INIT/METHOD macros
2010-08-13 15:58:53 +02:00
Andreas Steffen
fe6ae23d1f
Migrated eap_manager to INIT/METHOD macros
2010-08-13 15:32:37 +02:00
Andreas Steffen
87799b0c00
moved eap_from_string() fomr libcharon to libstrongswan to make it available in starter
2010-08-13 15:07:53 +02:00
Andreas Steffen
4412ee86c5
recognize eap-ttls method
2010-08-12 23:58:54 +02:00
Martin Willi
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
Jiri Bohac
30d8e8d04d
fix error-type range in parsing of NOTIFY payloads
2010-08-06 11:47:35 +02:00
Tobias Brunner
83628fd600
Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated an ID.
2010-08-04 12:58:53 +02:00
Martin Willi
65858b83f8
Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
2010-08-04 09:26:21 +02:00
Martin Willi
2107953804
Added EAP-TLS plugin stub
2010-08-03 15:39:24 +02:00
Thomas Egerer
86a73f16ab
Do not touch child from collision if peer deleted it
2010-08-03 10:32:38 +02:00
Martin Willi
b2e447e24a
Pass the CREATE_CHILD_SA initiator flag to the child_keys parameter
2010-07-26 13:53:53 +02:00
Martin Willi
5b6c220d13
Added log statement if peer requests EAP, but current config does not allow it
2010-07-21 17:09:15 +02:00
Martin Willi
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
Martin Willi
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
Martin Willi
e57a29c731
Moved X509 ipAddrBlock checking to the addrblock plugin
2010-07-13 10:26:07 +02:00
Martin Willi
be715344c2
Added a hook to narrow traffic selectors for CHILD_SAs
2010-07-13 10:26:07 +02:00
Martin Willi
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
Heiko Hund
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
Martin Willi
4cc9afe35f
Print identity to a lease address on the same line for simpler greping
2010-07-08 17:44:19 +02:00
Martin Willi
53913d764e
Use the responder side configured EAP-Identity directly, if given
2010-07-05 09:41:04 +02:00
Martin Willi
ec6caa1367
Copy EAP specific attributes to auth config only
2010-07-05 09:41:04 +02:00
Andreas Steffen
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
Martin Willi
02571374c4
Recreate IKE_SA_INIT related tasks only if they have completed
2010-06-30 13:48:47 +02:00
Thomas Egerer
31d0efd7e9
Use enumerator for queued_tasks migration to avoid infinite loop
2010-06-30 13:24:43 +02:00
Thomas Egerer
6d61e334f7
Correct check of traffic selectors before destruction
2010-06-29 09:22:50 +02:00
Thomas Egerer
7f1eb89517
Migrate queued_tasks tasks, to avoid dangling pointers
2010-06-29 09:20:05 +02:00
Thomas Egerer
03ffa88531
Add extra information in debug output for IKE_SA check{out, in}
...
This output helps tracing checkout and checkin of IKE_SAs when there is
more than one IKE_SAs with the same name. I also added the type of
in-air-exchange to the debug output issued by the task_manager in case
a task initiation is delayed, came in handy for me.
2010-06-07 15:12:13 +02:00
Martin Willi
550d9085fa
Flush auth configs, create new keymat during SA reset
2010-06-07 14:59:39 +02:00
Martin Willi
dbdb69f908
Recreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTH
2010-06-07 14:58:57 +02:00
Martin Willi
8b56ec20f3
Reacquire keymat from new IKE_SA during task migration
2010-06-07 14:56:24 +02:00
Martin Willi
ea340ee840
Wrap task enumerator in ike_sa
2010-06-07 11:37:55 +02:00
Martin Willi
8bced61b76
Migrated ike_sa_t to INIT/METHOD macros
2010-06-07 09:30:27 +00:00
Martin Willi
665c18bd85
Added support for task enumeration in task_manager_t
2010-06-07 10:45:25 +02:00
Martin Willi
9560a3166f
Migrated task_manager_t to INIT/METHOD macros
2010-06-07 10:37:00 +02:00
Martin Willi
2f57e6da0e
Disable close action for a redundant CHILD_SA resulting from a rekey collision
...
If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.
2010-06-02 11:48:52 +02:00
Martin Willi
fe02d99b96
Use wrapped getters for close/dpd action
2010-06-02 11:48:51 +02:00
Martin Willi
4c401ea216
Wrap getters for dpd/close action into CHILD_SA, allows us to override them
2010-06-02 11:48:44 +02:00
Tobias Brunner
d070e0a6d1
Do not install trap policy if remote host is %any.
2010-05-28 15:43:12 +02:00
Martin Willi
ea409980b9
Handle collisions between rekey and the following delete properly
2010-05-18 12:21:38 +02:00
Reto Buerki
71a66a623e
Use reqid from connection config if present.
2010-05-04 14:38:34 +02:00
Martin Willi
1f6a707d10
Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group
2010-04-21 08:41:46 +02:00
Martin Willi
34d240a6e3
manage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE state
2010-04-07 13:55:12 +02:00
Martin Willi
84aa96e5f5
Invoke updown hook if IKE_SA delete is enforced in deleting state
2010-04-06 12:11:28 +02:00
Martin Willi
045833c79d
Release virtual IPs with the same identity as we acquired it
2010-03-25 14:29:10 +01:00
Tobias Brunner
58f86d0f0f
Changed all usages of lib->attributes to hydra->attributes.
2010-03-24 18:54:26 +01:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00