7b1e15ac4e
Fixed IKEv1 prf+ keymat expansion beyond 320 bits
2012-03-20 17:31:22 +01:00
38d189eee9
Compiler warning fixed in prf_plus_t.
2012-03-20 17:31:07 +01:00
d4f6686c69
Extended PRF+ by a non-counting variant as used by IKEv1
2012-03-20 17:30:48 +01:00
686cfd4e34
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
...
This requires a Linux kernel >= 2.6.33.
2012-02-27 14:31:19 +01:00
7171d8765e
Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available.
2012-01-30 11:04:55 +01:00
5ed3e3a7e6
Various style, typo and whitespace corrections
2012-01-13 16:27:35 +01:00
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00
5ddeaf2884
Fixed compiler warnings for DH groups that define no subgroup.
2011-11-25 10:18:03 +01:00
10b82be61f
pkcs11: Merged the ECDH into the DH implementation.
2011-10-31 18:45:37 +01:00
6a9642e466
Migrated crypto/prf_plus to INIT/METHOD macros
2011-10-02 11:27:38 +02:00
1c55141001
Migrated crypto/pkcs9 to INIT/METHOD macros
2011-10-02 11:21:23 +02:00
ae84beff76
Migrated crypto/pkcs7 to INIT/METHOD macros
2011-10-02 11:11:46 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
4f9c691adb
Replaced pkcs7_t.create_certificate_iterator with enumerator.
...
The method is currently not used.
2011-07-06 09:43:45 +02:00
e26304348c
Replaced simple iterator usages.
2011-07-06 09:43:45 +02:00
28623fc538
"this" removed from comments.
2011-07-06 09:43:45 +02:00
e35727c14d
Fix algorithm type for signers, fixes warning with gcc 4.5
2011-05-03 11:33:40 +02:00
f8b26c452a
Added proposal keywords for ESN support
2011-04-20 12:26:58 +02:00
6dc36a73e2
Fixed debug statement if algorithm benchmarking enabled
2011-04-08 14:55:10 +02:00
27a66f9393
implemented wrap around of registered IKEv1 algorithm names
2010-12-26 17:11:02 +01:00
690d5aed59
disable AEAD crypto algorithm if no key size is supported
2010-12-25 16:14:55 +01:00
d733a3babb
disable crypto algorithm if no key size is supported
2010-12-25 16:11:50 +01:00
c6a043fad0
log if an AEAD algorithm does not support a given key size
2010-12-25 15:53:15 +01:00
90288c76f8
log if a crypto algorithm does not support a given key size
2010-12-25 15:49:29 +01:00
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
7d7711aba4
Added a generic function to check if a DH group is an EC group
2010-09-03 16:22:10 +02:00
033fe95f0b
Added support for a non-truncated SHA384 HMAC variant, as used by TLS
2010-09-03 14:54:43 +02:00
0abd558a65
Added a MODP_CUSTOM DH group which takes g and p as constructor arguments
2010-09-02 19:33:08 +02:00
9d3e174a1e
Give a benchmark point for each operation to compare different transforms
2010-08-19 19:05:14 +02:00
3f6a2d3343
Added proposal strings for Camellia CCM algorithm identifiers
2010-08-19 19:02:34 +02:00
77b55e8a96
Added support for AEAD algorithms to crypto factory
2010-08-19 19:02:34 +02:00
e09a87d652
Added AEAD support to crypto tester
2010-08-19 19:02:33 +02:00
7fc4b0814f
Make function to test if an encryption algorithm is an AEAD alg public
2010-08-19 19:02:16 +02:00
df8d0d8703
Implemented an AEAD wrapper for traditional crypter/signer transforms
2010-08-19 12:35:54 +02:00
6c620d5ee0
Test append mode for signers verify_signature
2010-08-19 12:35:53 +02:00
a369a5ece9
Do not free registered algorithms, plugins are responsible for unregistering
2010-08-16 17:06:28 +02:00
1b0eff58e0
Implemented algorithm benchmarking during registration
2010-08-16 17:06:28 +02:00
e8bf9d6e16
Migrated crypto_factory to INIT/METHOD macros
2010-08-16 17:06:27 +02:00
aed2bf0bd9
Migrated crypto_tester to INIT/METHOD macros
2010-08-16 17:06:27 +02:00
c7776e0aa8
Support Camellia XCBC algorithms in proposal
2010-08-13 17:11:54 +02:00
5a2dbd5c37
Added private Camellia XCBC identifiers for PRFs and signers
2010-08-13 17:11:53 +02:00
42cbe87fc7
Implemented AES/Camellia counter mode in gcrypt
2010-08-13 17:11:53 +02:00
1ee98dbb4a
Added Camellia CTR mode proposal keywords
2010-08-13 17:11:53 +02:00
3102d8669d
Use IV length of a crypter instead of block size for IV calculations
2010-08-13 17:11:53 +02:00
f7c04c5b37
Add dedicated getter for the IV size to the crypter_t interface
2010-08-13 17:11:53 +02:00
bfe4d08c20
Report the symbol name of a failed test vector
2010-08-13 17:11:53 +02:00
9dc73cd21c
Added support for AUTH_HMAC_SHA2_256_256, used in TLS
2010-08-03 15:39:24 +02:00
4590260b2d
Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten
2010-04-19 14:41:20 +02:00
b34b93dbf7
Store DH generator in a chunk, hide non-public data in a private struct
2010-04-08 15:08:35 +02:00
8b0e09103b
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.
2010-04-06 12:47:40 +02:00
908d571796
Provide the Diffie Hellman parameters from a central location, so that we do not have to replicate them in every plugin that implements the DH interface.
...
The main reason for this change is that Android's libcrypto does not
include the get_rfcX_prime_Y functions by default. Therefore we would
have had to replicate the primes a third time.
2010-03-09 17:15:16 +01:00
71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
eba64cef41
Separated the public interfaces of the threading primitives.
2009-12-23 17:01:53 +01:00
14f7091280
Moved mutex.c to a separate folder in order to cleanly wrap other threading primitives (and utils/mutex.h is now threading.h).
2009-12-23 17:00:58 +01:00
de962d6e7d
add IKEv1 support for the Camellia cipher
2009-12-15 19:13:06 +01:00
6546482a68
Support the Linux specific SHA256 96 bit truncation HMAC via "sha256_96" keyword
2009-11-26 10:39:25 +01:00
4952dc11da
Fixed all doxygen warnings
2009-10-22 14:34:10 +02:00
210d287368
extended hasher_signature_algorithm_to_oid() function
2009-09-13 21:41:51 +02:00
3b878dae7e
Removed chunk_from_buf() in favor of a simpler chunk_from_chars() macro
2009-09-11 15:39:35 +02:00
7b3814f75d
remove spaces before tabs at the beginning of lines (^( )+\t)
2009-09-04 15:02:11 +02:00
b9b8a98f47
remove spaces within tabs (\t( )+\t)
2009-09-04 15:00:19 +02:00
323f9f990f
replaces four spaces by tabs, where appropriate
2009-09-04 14:50:23 +02:00
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
eb73685dac
create algorithmIdentifier dynamically from OID database
2009-08-27 13:59:30 +02:00
280469923d
make use of the pem helper plugin to load credentials
2009-08-26 11:23:49 +02:00
3901937d14
OpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex/condvar/rwlock_type_t.
2009-08-14 13:30:59 +02:00
b6f739c13b
support of SHA224-based certificate signatures
2009-08-05 22:01:44 +02:00
e3f3b004e2
fix test vector error output
2009-07-17 20:36:21 +02:00
521aa00fb1
shortened cypto test output
2009-07-17 16:36:01 +02:00
bfab805898
removed superfluous print argument
2009-06-17 22:54:57 +02:00
53095480af
conversion from CAMELLIA OIDs to encryption_algorithm
2009-06-17 13:12:48 +02:00
b07ffa2490
reformatted crypto_test output
2009-06-16 14:58:49 +02:00
26999f2511
increased verbosity of successful crypto tests
2009-06-16 09:54:28 +02:00
72e174f966
removed one hierarchy level for crypto test options
2009-06-16 09:48:45 +02:00
371a54c7a9
added support for stateful PRFs (such as the FIPS_PRF)
2009-06-12 10:39:47 +02:00
28a0728b67
make use of the crypto_tester in the crypto_factory
...
libstrongswan.crypto.test.on_add to test algorithms during initialization
libstrongswan.crypto.test.on_create to test algorithms on each instantiation
2009-06-11 15:55:48 +02:00
3e8891667b
implemented a crypto_tester class to test crypto algorithms
...
libstrongswan.crypto.test.required to require at least one test vector to use an algorithm
libstrongswan.crypto.test.rng_true to run RNG tests on RNG_TRUE quality
2009-06-11 15:54:44 +02:00
6f299040fb
handling hashers and rngs as transform types (in private range)
2009-06-11 14:17:16 +02:00
c4f59ccec0
fixed ENUM naming of XCBC prf
2009-06-02 14:41:53 +02:00
80cbbfed36
make signer names consistent
2009-05-19 22:56:14 +02:00
4dc4c11efd
added des and default length cbc encryption algorithms
2009-05-19 15:45:01 +02:00
4491d66692
add _CBC to all encryption algorithms in CBC mode
2009-05-19 10:02:24 +02:00
5908478527
moved definition of proposal_token from proposal.c to proposal_keywords.h
2009-05-19 10:02:24 +02:00
5e3b318c69
didn't want to commit that
2009-05-15 22:47:36 +02:00
433cb51bb9
moved IKEv2 proposals and transforms to libstrongswan
2009-05-15 22:43:48 +02:00
dcf47581a8
shortened DH group names
2009-05-15 20:58:04 +02:00
9caceb6ed5
updated prf identifiers
2009-05-15 13:49:05 +02:00
b79ca7858b
updated integrity algorithm identifiers
2009-05-15 13:48:44 +02:00
b5fd65e95c
cleaned up pluto's crypto framework
2009-05-14 22:56:10 +02:00
0a8ad227d4
renamed ENCR_TWOFISH and ENCR_SERPENT to ENCR_TWOFISH_CBC and ENCR_SERPENT_CBC, respectively
2009-05-14 13:55:56 +02:00
d36ae9e305
started migration to encryption plugins
2009-05-09 00:04:28 +02:00
c42d1469e6
defined ENCR_TWOFISH and ENCR_SERPENT
2009-05-08 07:51:24 +02:00
e43b1e4a5b
inserted HASH_MD4 in increasing order
2009-05-07 23:19:19 +02:00
ebe01cae0f
use prfs for IKEv1 hmacs
2009-05-04 23:38:57 +02:00
78e6e0a33c
fixed typo
2009-05-04 23:08:29 +02:00
8c45f0f102
added support for AUTH_HMAC_SHA1_160
2009-05-04 23:01:40 +02:00
2c36ebb58e
moved hasher to the correct doxygen group
2009-05-04 16:10:13 +02:00
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
f67eebccc8
changed RNG_REAL to RNG_TRUE
2009-04-29 09:13:20 +00:00
090ba9453c
fixed compiler warnings on 64bit
2009-04-22 08:26:54 +00:00
247e665a44
support of the ESP CAMELLIA-CBC cipher by charon
2009-04-17 09:15:15 +00:00
15e247922d
moved AUTH_HMAC_MD5_128 to IANA defined number
2009-04-02 13:53:20 +00:00
1490ff4d9b
updated Doxyfile
...
properly close all doxygen groups
fixed remaining doxygen warnings
2009-03-24 17:43:01 +00:00
4a6b84a934
reintegrated eap-radius branch into trunk
2009-03-24 10:24:58 +00:00
5fa7aed491
des ecb enum value changed, ignores set for md4 plugin
2009-02-19 13:46:08 +00:00
b250665f58
adding enum elements for MD4 and DES (ECB)
2009-02-18 19:45:46 +00:00
a20abb81e9
added a MODP_NULL Diffie Hellman group to avoid calculation overhead in load-testing
2008-11-22 16:14:55 +00:00
e76078e877
use read-write locks in crypto factory for parallelization
2008-11-05 16:21:57 +00:00
d4f08fe324
removed superfluous get_other_public_value in diffie_hellman_t interface
2008-11-04 13:12:11 +00:00
19aff61b19
reverted changeset 4529:
...
Camellia is 22 in IKEv1, but not-yet defined in IKEv2
in IKEv2, 22 is reserved for AES-XTS
2008-10-30 13:21:21 +00:00
fdaed5289a
added Camellia CBC to list of encryption algorithms
2008-10-30 03:31:36 +00:00
f65ba4e978
prf handles zero-length allocations graceful
2008-10-29 14:12:54 +00:00
9482208633
crypto_factory algorithm enumeration API
...
implementation of "ipsec listalgs"
2008-08-28 09:24:42 +00:00
0caf2b936e
added missing comma in enumeration
2008-05-29 06:55:03 +00:00
346e9c5712
added the ECP groups from RFC 5114
2008-05-22 11:55:05 +00:00
fc1a31d54b
added ECDH with OpenSSL (see RFC 4753)
2008-05-22 11:39:17 +00:00
3f730ec1cd
Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.
2008-05-16 13:27:21 +00:00
240e727fde
renamed PRF_AES128_CBC to PRF_AES128_XCBC
2008-05-08 12:43:27 +00:00
f5475fa440
crypter_t api supports in-place encryption using NULL as output parameter
2008-04-30 14:02:25 +00:00
460025e253
introduced ASN1_EXIT command in ASN.1 object syntax definition
2008-04-28 16:00:52 +00:00
c3628ebc35
optimized parser->success()
2008-04-26 11:08:36 +00:00
df231f5488
ported ASN.1 changes to pkcs7
2008-04-26 10:20:51 +00:00
d3d7e46b8c
refactoring of the ASN.1 parser
2008-04-26 09:24:14 +00:00
4d18175997
removed status result from crypter interface to be consistent with other crypto interfaces
2008-04-22 07:14:24 +00:00
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
f6e7c0f785
removed stale ocsp header
2008-04-08 06:27:04 +00:00
cfede7f6e2
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
...
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.
2008-03-19 14:02:52 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
9514d26c5c
parse signedData object with empty content
2008-02-02 00:29:03 +00:00
f4a459473e
build_signedData() now computes messageDigest attribute
2008-02-01 22:26:01 +00:00
7734c01677
added set_messageDigest() and get_messageDigest() methods
2008-02-01 22:24:51 +00:00
e8bfe74289
extended and debugged PKCS#7 signedData support
2008-02-01 14:19:26 +00:00
5862981ce9
fixed comment
2008-01-27 20:59:22 +00:00
f19628490c
implemented pkcs1_encrypt()
2008-01-27 20:58:52 +00:00
5bb8fcc074
added RCSID
2008-01-22 10:52:26 +00:00
cd543a69a2
extended asn1_algorithmIdentifier() to SHA-2
2008-01-22 10:32:37 +00:00
2d49eaa131
x509_t.build_encoding() now supports any hash algorithm
2008-01-22 01:32:12 +00:00
a7419b07d1
fully implemented x509_create()
2008-01-22 01:09:19 +00:00
c8b6375c5c
fixed destruction of generalNames linked list
2008-01-21 22:56:58 +00:00
0be06e472a
fixed parsing and building of generalNames
2008-01-21 10:00:13 +00:00
55dbc3fd7b
implemented rsa_private_key_t.get_public_key()
2008-01-21 00:36:38 +00:00
b5d8c9779a
added rsa_public_key_create(mpz_t n, mpz_t e)
2008-01-21 00:34:41 +00:00
d349a3d11a
added notBefore and notAfter to x509_create()
2008-01-21 00:30:26 +00:00
35b2b1e334
fixed error in the ordering of the certinfo_t records in the ocsp cache that caused multiple entries of the same serial number to be created. This was caused by the iterator_t method insert_after() that inserts a record in the first instead of the last position of a linked list if the end of the list is reached. Fix: use linked_list_t method insert_last() instead.
2007-12-12 20:25:50 +00:00
ee61471113
implemented RFC4478 (repeated authentication)
...
changed %V printf handler to take a time delta, %#V now takes two arguments
2007-11-20 12:06:40 +00:00
6d8bec0b97
corrected typos
2007-10-17 02:56:24 +00:00
57423bb7ac
corrected brief
2007-10-17 02:55:53 +00:00
f39e4d3209
added hasher_signature_algorithm_to_oid() function
2007-10-12 23:18:42 +00:00
Martin Willi