b5010707a0
ikev2: Use IV generator to encrypt encrypted payload
2013-10-11 15:55:40 +02:00
a1379e3210
ikev1: Support parsing of AH+IPComp proposals
2013-10-11 10:15:21 +02:00
3771b85806
ikev1: Support en-/decoding of SA payloads with AH algorithms
2013-10-11 10:15:21 +02:00
0adf165c7e
Fix crash if the initiator has no suitable proposal available
...
Could be triggered with a typo in the ike or esp options when ! is used.
2013-06-21 11:09:03 +02:00
a0f6f39343
proposals: try next if IKEv2 algorithm could not be mapped to IKEv1
2013-05-06 15:54:32 +02:00
b038c62e4a
added ERX_SUPPORTED IKEv2 Notify
2013-03-02 17:18:37 +01:00
b443fa6123
Don't reject OPAQUE ports while verifying traffic selector substructure
2013-02-21 11:52:33 +01:00
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
54a1a75b2f
Don't use bio_writer_t.skip() to write length field when appending more data
...
If the writer reallocates its buffer, the length pointer might not be valid
anymore, or even worse, point to an arbitrary allocation.
2013-01-11 14:57:08 +01:00
6d3e7a64a0
IKEv1 support for PKCS#7 wrapped certificates
2013-01-11 10:21:56 +01:00
10eee5fcba
Fixed some typos in comments
2013-01-11 10:21:51 +01:00
07df944c9c
Add support to create IKE fragments
...
All fragments currently use the same fragment ID (1) as that's what
other implementations are doing.
2012-12-24 12:29:30 +01:00
8f0ab6dd36
Payload added to handle IKE fragments
2012-12-24 10:24:48 +01:00
ef33a4ab82
Fixed some typos, courtesy of codespell
2012-12-20 09:35:26 +01:00
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
f3d98a6b78
Correctly initialize payload length of encrypted payload
2012-09-28 16:30:26 +02:00
576490ab09
Added method to enumerate EAP types contained in an EAP-Nak
2012-08-31 11:40:28 +02:00
cc4eec56f7
Encode EAP-Naks in expanded format if we got an expanded type request
...
Since methods defined by the IETF (vendor ID 0) could also be encoded in
expanded type format the previous check was insufficient.
2012-08-31 11:40:27 +02:00
78e8dca94f
Allow clients to request a configured EAP method via EAP-Nak
2012-08-31 11:40:27 +02:00
af04233e14
Send EAP-Nak with supported types if requested type is unsupported
2012-08-31 11:40:27 +02:00
d511a71daa
Include stdint.h for UINTxx_MAX defines
...
Fixes #205 .
2012-07-27 13:47:59 +02:00
511f0b18b9
Cleaned up memory management and return values for encryption payload
2012-07-16 14:55:07 +02:00
ca9b68eb9e
Check rng return value when encrypting encryption payload
2012-07-16 14:53:35 +02:00
e2ed7bfd22
Add a return value to aead_t.encrypt()
2012-07-16 14:53:32 +02:00
a9aa75b90e
Map XAuth responder authentication methods between IKEv1 and IKEv2
2012-06-27 11:42:56 +02:00
daab61e51f
Added encapsulation mode transform attribute to IPComp proposal.
2012-05-25 09:26:42 +02:00
6695b48582
Add an additional proposal without IPComp to SA payload.
2012-05-24 15:32:28 +02:00
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
7a75cae856
Added support for IKEv1 IPComp proposals in proposal substructure.
2012-05-24 15:32:27 +02:00
624bb24d12
Properly filter IKEv1 proposals consisting of multiple proposal payloads.
...
Since a proposal_t object is created for each transform contained in the
proposal payload, it does not work to simply remove the last proposal_t
object added to the list (there may be several other extracted from the
previous proposal payload).
2012-05-24 15:32:27 +02:00
4b797f464e
fixed mapping of IKEv1 algorithms
2012-05-05 23:25:34 +02:00
f66a14818e
inserted space
2012-05-05 15:51:24 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
4ef867f578
Accept zero-length certificate request payloads
2012-04-11 17:22:23 +02:00
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
eff331f799
Parse IKEv1 Cisco Load Balancing notify (can't act on it yet).
2012-03-20 17:31:40 +01:00
3a9d5cbc14
Fixed transform numbering in IKEv1 proposal.
2012-03-20 17:31:40 +01:00
5ed4b727d0
Fix mapping of IKEv1 encapsulation mode
2012-03-20 17:31:39 +01:00
6261c0c3b7
Support encoding of IKEv1 ECDSA proposals
2012-03-20 17:31:38 +01:00
c390569a76
Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules
2012-03-20 17:31:38 +01:00
05cb240215
Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length
2012-03-20 17:31:38 +01:00
5ac4c2e1a9
Added missing short enum names for DPD notify types
2012-03-20 17:31:35 +01:00
36c8169629
DPD_R_U_THERE defines added
2012-03-20 17:31:35 +01:00
927c1dd9d2
Support IKEv1 proposal encodings having both lifebytes and a lifetime
2012-03-20 17:31:33 +01:00
e32820f593
Add functions to set mode cfg identifier
2012-03-20 17:31:32 +01:00
96f98a8c11
Accept IKEv1 INVALID_KE_INFORMATION notifies without data
2012-03-20 17:31:30 +01:00
db1dc81329
IKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added.
2012-03-20 17:31:30 +01:00
dd5c3787dc
Give a hint that decryption failed if payload length invalid
2012-03-20 17:31:30 +01:00
fd5d6bb08e
Use IPSEC DOI also for ISAKMP SA deletes.
2012-03-20 17:31:29 +01:00
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
8833068877
Doxygen fixes
2012-03-20 17:31:25 +01:00
26b02f50f4
Always use a transform number of 1 when encoding a single transform
2012-03-20 17:31:25 +01:00
2f58f6cba1
Fixed notify enum names
2012-03-20 17:31:25 +01:00
ca26065745
Add some additional IKEv1 notify types
2012-03-20 17:31:23 +01:00
3ba15819ed
Remove executable flag from source code files
2012-03-20 17:31:22 +01:00
51da01a722
Support encoding of Hybrid initiator authentication method
2012-03-20 17:31:21 +01:00
33493a5253
Added method to get encoded version if ID_V1 payload.
2012-03-20 17:31:21 +01:00
226b0f36c7
Fixed SPI size calculation in DELETE payload
2012-03-20 17:31:19 +01:00
0acb520758
Support IKEv1 SPIs in IKEv1 delete payload
2012-03-20 17:31:19 +01:00
9626164e9a
Don't complain when receiving XAuth or Unity configuration attributes
2012-03-20 17:31:16 +01:00
c9e5998d7f
Interpret attribute format correctly in IKEv1 configuration format
2012-03-20 17:31:16 +01:00
9ce5d0c0e8
added functions for getting/setting ISAKMP SPI to notify payload
2012-03-20 17:31:14 +01:00
9bb4de1d83
En- and decode DH group attribute in quick mode SA payloads
2012-03-20 17:31:14 +01:00
6f6380e670
use untoh64 instead of non-portable be64toh
2012-03-20 17:31:13 +01:00
9ad5b8fa95
Cleanup CERT payload constructors
2012-03-20 17:31:13 +01:00
df06ef2098
Cleaned up certreq payload for IKEv2/IKEv1 use
2012-03-20 17:31:13 +01:00
695aff41f5
Encode a single IP traffic selector as ID_IPV?_ADDRESS identity
2012-03-20 17:31:12 +01:00
caa6f772c8
Added missing break;s when converting ID_IP_ADDRESS types to ts, extracted function
2012-03-20 17:31:12 +01:00
bd8700f055
Don't use unportable htobe64 macro directly
2012-03-20 17:31:12 +01:00
7d9269bfce
certificate handling for XAuth responder.
2012-03-20 17:31:11 +01:00
e102f86e88
Setting transform number in esp proposal.
...
iPhone (racoon) fails quick mode when transform number is 0
2012-03-20 17:31:11 +01:00
8a9ab2035f
ID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_ts
2012-03-20 17:31:11 +01:00
07abb470c6
IKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messages in the 3rd message in quick_mode.
2012-03-20 17:31:11 +01:00
1e97783c99
Added payloads for IKEv1 NAT-Traversal negotiation.
2012-03-20 17:31:09 +01:00
37639e94fb
Handle invalid IKEv1 hashes more specifically.
2012-03-20 17:31:08 +01:00
fd24c700fb
Use proper enum types in proposal_substructure.
2012-03-20 17:31:07 +01:00
b4e815354c
Map auth_class to auth method and IKEv1 proposal attribute
2012-03-20 17:30:53 +01:00
eeca2af81c
Removed obsolete transform attribute setters
2012-03-20 17:30:53 +01:00
914ec2dbf2
Implemented IKEv1 attribute encoding in SA payload
2012-03-20 17:30:53 +01:00
fbebc2a068
Implemented encoding of additional IKEv1 proposal attributes
2012-03-20 17:30:53 +01:00
e174e0d445
Added not-yet used sa_payload parameters used in IKEv1
2012-03-20 17:30:52 +01:00
8b30286fcf
IKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK.
2012-03-20 17:30:52 +01:00
ece4ed3fcd
IKEv1 ConfigMode: Fix configuration_attribute encoding rules for IKEv1 to use the attribute type instead of the internal only payload type.
2012-03-20 17:30:52 +01:00
0b6811b4a7
IKEv1 ConfigMode: Fixed cp_payload to use CONFIGURATION_ATTRIBUTE_V1 in all appropriate places, so the parsing is done correctly.
2012-03-20 17:30:51 +01:00
7a7f486df6
Include hardcoded tunnel mode attribute in porposal, remove ESN attribute
2012-03-20 17:30:50 +01:00
1e5dd62bb2
Fixed verification of DELETE_V1 payloads.
2012-03-20 17:30:50 +01:00
f3cc8589b1
Fixed header length calculation of DELETE payload.
2012-03-20 17:30:50 +01:00
d6cec44b24
Fixed conftests after extending CERT payload.
2012-03-20 17:30:50 +01:00
017d98bf39
Merged IKEv1 attribute payload/data into configuration payload/attribute
2012-03-20 17:30:49 +01:00
c71760570e
IKEv1 ConfigMode: Added the payload handlers for attribute_payload and data_attribute payload types.
2012-03-20 17:30:49 +01:00
54a8a94fa9
IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types. Did not combine with IKEv2 because it wasn't trivial to do so. This might be a task worth investigating in the future, because there is a decent amount of shared code here.
2012-03-20 17:30:49 +01:00
9769b76cab
Updated the CERT payload to work for both IKEv1 and IKEv2.
2012-03-20 17:30:49 +01:00
d50152a70b
Parse proposal substructure with multiple IKEv1 transforms to multiple proposals
2012-03-20 17:30:49 +01:00
62a27ba347
Encode multiple IKEv1 proposals in a single transform substructure
2012-03-20 17:30:48 +01:00
f9450fc9f7
Remove public sa_payload.add_proposal() method
2012-03-20 17:30:48 +01:00
cd89f1a074
Only add the first algorithm of a kind to IKEv1 transforms
2012-03-20 17:30:48 +01:00
Tobias Brunner