Tobias Brunner
b5010707a0
ikev2: Use IV generator to encrypt encrypted payload
2013-10-11 15:55:40 +02:00
Martin Willi
a1379e3210
ikev1: Support parsing of AH+IPComp proposals
2013-10-11 10:15:21 +02:00
Martin Willi
3771b85806
ikev1: Support en-/decoding of SA payloads with AH algorithms
2013-10-11 10:15:21 +02:00
Tobias Brunner
0adf165c7e
Fix crash if the initiator has no suitable proposal available
...
Could be triggered with a typo in the ike or esp options when ! is used.
2013-06-21 11:09:03 +02:00
Martin Willi
a0f6f39343
proposals: try next if IKEv2 algorithm could not be mapped to IKEv1
2013-05-06 15:54:32 +02:00
Andreas Steffen
b038c62e4a
added ERX_SUPPORTED IKEv2 Notify
2013-03-02 17:18:37 +01:00
Martin Willi
b443fa6123
Don't reject OPAQUE ports while verifying traffic selector substructure
2013-02-21 11:52:33 +01:00
Tobias Brunner
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
Martin Willi
54a1a75b2f
Don't use bio_writer_t.skip() to write length field when appending more data
...
If the writer reallocates its buffer, the length pointer might not be valid
anymore, or even worse, point to an arbitrary allocation.
2013-01-11 14:57:08 +01:00
Volker Rümelin
6d3e7a64a0
IKEv1 support for PKCS#7 wrapped certificates
2013-01-11 10:21:56 +01:00
Volker Rümelin
10eee5fcba
Fixed some typos in comments
2013-01-11 10:21:51 +01:00
Tobias Brunner
07df944c9c
Add support to create IKE fragments
...
All fragments currently use the same fragment ID (1) as that's what
other implementations are doing.
2012-12-24 12:29:30 +01:00
Tobias Brunner
8f0ab6dd36
Payload added to handle IKE fragments
2012-12-24 10:24:48 +01:00
Tobias Brunner
ef33a4ab82
Fixed some typos, courtesy of codespell
2012-12-20 09:35:26 +01:00
Volker Rümelin
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
f3d98a6b78
Correctly initialize payload length of encrypted payload
2012-09-28 16:30:26 +02:00
Tobias Brunner
576490ab09
Added method to enumerate EAP types contained in an EAP-Nak
2012-08-31 11:40:28 +02:00
Tobias Brunner
cc4eec56f7
Encode EAP-Naks in expanded format if we got an expanded type request
...
Since methods defined by the IETF (vendor ID 0) could also be encoded in
expanded type format the previous check was insufficient.
2012-08-31 11:40:27 +02:00
Tobias Brunner
78e8dca94f
Allow clients to request a configured EAP method via EAP-Nak
2012-08-31 11:40:27 +02:00
Tobias Brunner
af04233e14
Send EAP-Nak with supported types if requested type is unsupported
2012-08-31 11:40:27 +02:00
Tobias Brunner
d511a71daa
Include stdint.h for UINTxx_MAX defines
...
Fixes #205 .
2012-07-27 13:47:59 +02:00
Martin Willi
511f0b18b9
Cleaned up memory management and return values for encryption payload
2012-07-16 14:55:07 +02:00
Tobias Brunner
ca9b68eb9e
Check rng return value when encrypting encryption payload
2012-07-16 14:53:35 +02:00
Martin Willi
e2ed7bfd22
Add a return value to aead_t.encrypt()
2012-07-16 14:53:32 +02:00
Martin Willi
a9aa75b90e
Map XAuth responder authentication methods between IKEv1 and IKEv2
2012-06-27 11:42:56 +02:00
Tobias Brunner
daab61e51f
Added encapsulation mode transform attribute to IPComp proposal.
2012-05-25 09:26:42 +02:00
Tobias Brunner
6695b48582
Add an additional proposal without IPComp to SA payload.
2012-05-24 15:32:28 +02:00
Tobias Brunner
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
Tobias Brunner
7a75cae856
Added support for IKEv1 IPComp proposals in proposal substructure.
2012-05-24 15:32:27 +02:00
Tobias Brunner
624bb24d12
Properly filter IKEv1 proposals consisting of multiple proposal payloads.
...
Since a proposal_t object is created for each transform contained in the
proposal payload, it does not work to simply remove the last proposal_t
object added to the list (there may be several other extracted from the
previous proposal payload).
2012-05-24 15:32:27 +02:00
Andreas Steffen
4b797f464e
fixed mapping of IKEv1 algorithms
2012-05-05 23:25:34 +02:00
Andreas Steffen
f66a14818e
inserted space
2012-05-05 15:51:24 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Martin Willi
4ef867f578
Accept zero-length certificate request payloads
2012-04-11 17:22:23 +02:00
Andreas Steffen
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
Andreas Steffen
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
eff331f799
Parse IKEv1 Cisco Load Balancing notify (can't act on it yet).
2012-03-20 17:31:40 +01:00
Tobias Brunner
3a9d5cbc14
Fixed transform numbering in IKEv1 proposal.
2012-03-20 17:31:40 +01:00
Martin Willi
5ed4b727d0
Fix mapping of IKEv1 encapsulation mode
2012-03-20 17:31:39 +01:00
Martin Willi
6261c0c3b7
Support encoding of IKEv1 ECDSA proposals
2012-03-20 17:31:38 +01:00
Martin Willi
c390569a76
Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules
2012-03-20 17:31:38 +01:00
Martin Willi
05cb240215
Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length
2012-03-20 17:31:38 +01:00
Martin Willi
5ac4c2e1a9
Added missing short enum names for DPD notify types
2012-03-20 17:31:35 +01:00
Clavister OpenSource
36c8169629
DPD_R_U_THERE defines added
2012-03-20 17:31:35 +01:00
Martin Willi
927c1dd9d2
Support IKEv1 proposal encodings having both lifebytes and a lifetime
2012-03-20 17:31:33 +01:00
Clavister OpenSource
e32820f593
Add functions to set mode cfg identifier
2012-03-20 17:31:32 +01:00
Martin Willi
96f98a8c11
Accept IKEv1 INVALID_KE_INFORMATION notifies without data
2012-03-20 17:31:30 +01:00
Tobias Brunner
db1dc81329
IKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added.
2012-03-20 17:31:30 +01:00
Martin Willi
dd5c3787dc
Give a hint that decryption failed if payload length invalid
2012-03-20 17:31:30 +01:00
Tobias Brunner
fd5d6bb08e
Use IPSEC DOI also for ISAKMP SA deletes.
2012-03-20 17:31:29 +01:00
Martin Willi
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
Martin Willi
8833068877
Doxygen fixes
2012-03-20 17:31:25 +01:00
Martin Willi
26b02f50f4
Always use a transform number of 1 when encoding a single transform
2012-03-20 17:31:25 +01:00
Martin Willi
2f58f6cba1
Fixed notify enum names
2012-03-20 17:31:25 +01:00
Martin Willi
ca26065745
Add some additional IKEv1 notify types
2012-03-20 17:31:23 +01:00
Martin Willi
3ba15819ed
Remove executable flag from source code files
2012-03-20 17:31:22 +01:00
Martin Willi
51da01a722
Support encoding of Hybrid initiator authentication method
2012-03-20 17:31:21 +01:00
Tobias Brunner
33493a5253
Added method to get encoded version if ID_V1 payload.
2012-03-20 17:31:21 +01:00
Martin Willi
226b0f36c7
Fixed SPI size calculation in DELETE payload
2012-03-20 17:31:19 +01:00
Martin Willi
0acb520758
Support IKEv1 SPIs in IKEv1 delete payload
2012-03-20 17:31:19 +01:00
Martin Willi
9626164e9a
Don't complain when receiving XAuth or Unity configuration attributes
2012-03-20 17:31:16 +01:00
Martin Willi
c9e5998d7f
Interpret attribute format correctly in IKEv1 configuration format
2012-03-20 17:31:16 +01:00
Clavister OpenSource
9ce5d0c0e8
added functions for getting/setting ISAKMP SPI to notify payload
2012-03-20 17:31:14 +01:00
Martin Willi
9bb4de1d83
En- and decode DH group attribute in quick mode SA payloads
2012-03-20 17:31:14 +01:00
Andreas Steffen
6f6380e670
use untoh64 instead of non-portable be64toh
2012-03-20 17:31:13 +01:00
Martin Willi
9ad5b8fa95
Cleanup CERT payload constructors
2012-03-20 17:31:13 +01:00
Martin Willi
df06ef2098
Cleaned up certreq payload for IKEv2/IKEv1 use
2012-03-20 17:31:13 +01:00
Martin Willi
695aff41f5
Encode a single IP traffic selector as ID_IPV?_ADDRESS identity
2012-03-20 17:31:12 +01:00
Martin Willi
caa6f772c8
Added missing break;s when converting ID_IP_ADDRESS types to ts, extracted function
2012-03-20 17:31:12 +01:00
Martin Willi
bd8700f055
Don't use unportable htobe64 macro directly
2012-03-20 17:31:12 +01:00
Clavister OpenSource
7d9269bfce
certificate handling for XAuth responder.
2012-03-20 17:31:11 +01:00
Clavister OpenSource
e102f86e88
Setting transform number in esp proposal.
...
iPhone (racoon) fails quick mode when transform number is 0
2012-03-20 17:31:11 +01:00
Clavister OpenSource
8a9ab2035f
ID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_ts
2012-03-20 17:31:11 +01:00
Clavister OpenSource
07abb470c6
IKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messages in the 3rd message in quick_mode.
2012-03-20 17:31:11 +01:00
Tobias Brunner
1e97783c99
Added payloads for IKEv1 NAT-Traversal negotiation.
2012-03-20 17:31:09 +01:00
Tobias Brunner
37639e94fb
Handle invalid IKEv1 hashes more specifically.
2012-03-20 17:31:08 +01:00
Tobias Brunner
fd24c700fb
Use proper enum types in proposal_substructure.
2012-03-20 17:31:07 +01:00
Martin Willi
b4e815354c
Map auth_class to auth method and IKEv1 proposal attribute
2012-03-20 17:30:53 +01:00
Martin Willi
eeca2af81c
Removed obsolete transform attribute setters
2012-03-20 17:30:53 +01:00
Martin Willi
914ec2dbf2
Implemented IKEv1 attribute encoding in SA payload
2012-03-20 17:30:53 +01:00
Martin Willi
fbebc2a068
Implemented encoding of additional IKEv1 proposal attributes
2012-03-20 17:30:53 +01:00
Martin Willi
e174e0d445
Added not-yet used sa_payload parameters used in IKEv1
2012-03-20 17:30:52 +01:00
Clavister OpenSource
8b30286fcf
IKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK.
2012-03-20 17:30:52 +01:00
Clavister OpenSource
ece4ed3fcd
IKEv1 ConfigMode: Fix configuration_attribute encoding rules for IKEv1 to use the attribute type instead of the internal only payload type.
2012-03-20 17:30:52 +01:00
Clavister OpenSource
0b6811b4a7
IKEv1 ConfigMode: Fixed cp_payload to use CONFIGURATION_ATTRIBUTE_V1 in all appropriate places, so the parsing is done correctly.
2012-03-20 17:30:51 +01:00
Martin Willi
7a7f486df6
Include hardcoded tunnel mode attribute in porposal, remove ESN attribute
2012-03-20 17:30:50 +01:00
Tobias Brunner
1e5dd62bb2
Fixed verification of DELETE_V1 payloads.
2012-03-20 17:30:50 +01:00
Tobias Brunner
f3cc8589b1
Fixed header length calculation of DELETE payload.
2012-03-20 17:30:50 +01:00
Tobias Brunner
d6cec44b24
Fixed conftests after extending CERT payload.
2012-03-20 17:30:50 +01:00
Martin Willi
017d98bf39
Merged IKEv1 attribute payload/data into configuration payload/attribute
2012-03-20 17:30:49 +01:00
Clavister OpenSource
c71760570e
IKEv1 ConfigMode: Added the payload handlers for attribute_payload and data_attribute payload types.
2012-03-20 17:30:49 +01:00
Clavister OpenSource
54a8a94fa9
IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types. Did not combine with IKEv2 because it wasn't trivial to do so. This might be a task worth investigating in the future, because there is a decent amount of shared code here.
2012-03-20 17:30:49 +01:00
Clavister OpenSource
9769b76cab
Updated the CERT payload to work for both IKEv1 and IKEv2.
2012-03-20 17:30:49 +01:00
Martin Willi
d50152a70b
Parse proposal substructure with multiple IKEv1 transforms to multiple proposals
2012-03-20 17:30:49 +01:00
Martin Willi
62a27ba347
Encode multiple IKEv1 proposals in a single transform substructure
2012-03-20 17:30:48 +01:00
Martin Willi
f9450fc9f7
Remove public sa_payload.add_proposal() method
2012-03-20 17:30:48 +01:00
Martin Willi
cd89f1a074
Only add the first algorithm of a kind to IKEv1 transforms
2012-03-20 17:30:48 +01:00