ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
14,823 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

50 Commits

Author SHA1 Message Date
Martin Willi 161a015782 utils: Use chunk_equals_const() for all cryptographic purposes 2015-04-14 12:02:51 +02:00
Martin Willi a777155ffe diffie-hellman: Add a bool return value to set_other_public_value() 2015-03-23 17:54:03 +01:00
Martin Willi 42431690e0 diffie-hellman: Add a bool return value to get_my_public_value() 2015-03-23 17:54:03 +01:00
Martin Willi bace1d6479 diffie-hellman: Use bool instead of status_t as get_shared_secret() return value 
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
 2015-03-23 17:54:02 +01:00
Martin Willi 666c552381 libtls: Add getters for TLS handshake authentication details 2015-03-03 14:08:00 +01:00
Martin Willi aba5b76ce1 libtls: Merge trustchain auth verification details done during TLS handhsake 2015-03-03 14:08:00 +01:00
Martin Willi 1db6bf2f3f If TLS peer authentication not required, the client does nonetheless, allow it to fail 2013-03-06 15:53:12 +01:00
Martin Willi 807f2facd0 Request a TLS client certificate even if no peer identity is given 
This allows a peer to perform client authentication if it wants, but skip
it if not.
 2013-02-28 16:46:08 +01:00
Martin Willi 2de481e32b Delegate tls_t.get_{peer,server}_id to handshake layer 
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
 2013-02-28 16:46:08 +01:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Martin Willi bb5eb15ccc Check rng return value when generating TLS session identifiers 2012-07-16 14:53:37 +02:00
Tobias Brunner 126eb2af59 Check rng return value when generating secrets and IVs in libtls 2012-07-16 14:53:37 +02:00
Martin Willi 9020f7d0b9 Add a return value to tls_crypto_t.derive_secrets() 2012-07-16 14:53:33 +02:00
Martin Willi 6a5c86b7ad Implemented TLS session resumption both as client and as server 2011-12-31 13:14:49 +01:00
Martin Willi 4caa380625 Separated cipherspec checking and switching, allowing us to defer the second 2011-12-31 13:14:49 +01:00
Martin Willi 84da59f609 Be less verbose about TLS extensions 2011-12-24 14:14:25 +01:00
Andreas Steffen 7e432eff6b renamed tls_reader|writer to bio_* and moved to libstrongswan 2011-05-31 15:46:51 +02:00
Martin Willi 7b3c01845f Read the compression type byte for EC groups, only 2010-09-08 10:35:29 +02:00
Martin Willi ec7d4e70d3 Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers 2010-09-06 18:37:24 +02:00
Martin Willi e6cce7ff0d Prepend point format to ECDH public key 2010-09-06 15:37:51 +02:00
Martin Willi e4fd2bb428 Log the selected (EC)DH group 2010-09-06 15:37:51 +02:00
Martin Willi 0f89143b84 Parse unsupported TLS Hello extensions properly 2010-09-06 15:37:51 +02:00
Martin Willi 3f7bb88ba3 Use a dynamic curve enumerator to list/convert TLS named curves 2010-09-03 17:24:23 +02:00
Martin Willi f4c98ae664 Use ECDH group check where appropriate 2010-09-03 16:53:36 +02:00
Martin Willi 4cdade5aae Select private key based on received cipher suites 2010-09-03 14:54:43 +02:00
Martin Willi 37a59a8fbf Support for EC curve Hello extension, EC curve fallback 2010-09-03 14:54:43 +02:00
Martin Willi 141d7f7abd Added server support for ECDHE key exchange 2010-09-03 14:54:43 +02:00
Andreas Steffen 1972102e1e fixed typo 2010-09-03 13:30:40 +02:00
Martin Willi f14358a9b5 Added TLS server side support for DHE suites 2010-09-02 19:33:08 +02:00
Martin Willi 06109c4717 Implemented "signature algorithm" hello extension 2010-09-02 19:33:08 +02:00
Martin Willi d29a82a9d4 Added generic TLS data sign/verify, hash/sig algorithm construction 2010-09-02 19:33:08 +02:00
Martin Willi 60c4b3b545 Continue with a randomized premaster if decryption failed / version mismatches 2010-09-02 19:33:08 +02:00
Martin Willi dbb7c0306c Support different hash/sig algorithms in handshake signing, including ECDSA 2010-09-02 13:07:25 +02:00
Martin Willi a596006e3f Send TLS alerts for errors in TLS handshake building 2010-08-25 18:24:27 +02:00
Martin Willi 69e8bb2e8d Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option 2010-08-24 11:34:43 +02:00
Andreas Steffen c1a929daa7 removed some redundant debug output 2010-08-24 09:02:51 +02:00
Martin Willi bda7d9d940 Added generic TLS purposes 2010-08-24 08:45:49 +02:00
Martin Willi c310881a11 Added a TLS purpose for EAP-TTLS with client authentication 2010-08-23 15:13:48 +02:00
Martin Willi e6f3ef1330 Implemented TLS Alert handling 2010-08-23 15:13:37 +02:00
Martin Willi f154e30431 Verify negotiated TLS version 2010-08-23 09:47:03 +02:00
Martin Willi 3c19b3461f Introducing a dedicated debug message group for libtls 2010-08-23 09:47:03 +02:00
Martin Willi 0bcef5fe7a Streamlined TLS debugging output 2010-08-23 09:45:33 +02:00
Martin Willi 96b2fbcc2c Introducing simple purposes for the TLS stack, switches various options 2010-08-20 15:09:08 +02:00
Martin Willi ba31fe1fd6 Use a seperate section for each nested struct member in INIT macro 2010-08-18 12:15:03 +02:00
Martin Willi 714d0bfd37 Only include certificates with CA flag in TLS cert request 2010-08-16 09:20:19 +02:00
Andreas Steffen b51ac45c48 optional certificate-based peer authentication on TLS server side 2010-08-15 13:02:57 +02:00
Andreas Steffen 1327839da8 added generic TLS application data handler and specific EAP-TTLS instantiation 2010-08-12 23:58:54 +02:00
Martin Willi 33ddaaabec Added support for different encryption schemes to private/public keys 2010-08-10 18:46:30 +02:00
Andreas Steffen 7ea87db00d added some more TLS debug output 2010-08-05 09:51:05 +02:00
Martin Willi 0f82a47063 Moved TLS stack to its own library 2010-08-03 15:39:26 +02:00