38 Commits

Author	SHA1	Message	Date
Andreas Steffen	f10e72341c	cast enumerated algorithm type as int	2010-12-18 20:24:53 +01:00
Andreas Steffen	5932f41fcc	trace back crypto algorithms to the plugins that registered them	2010-12-18 16:31:12 +01:00
Andreas Steffen	99b0f633c2	handle TLS_PURPOSE_EAP_TNC	2010-09-08 12:58:45 +02:00
Martin Willi	02281c87a4	Added TLS specific EC point formats	2010-09-06 18:42:43 +02:00
Martin Willi	ec7d4e70d3	Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers	2010-09-06 18:37:24 +02:00
Martin Willi	adb913adeb	Added strongswan.conf option to filter for specific TLS suites	2010-09-06 16:51:11 +02:00
Martin Willi	24a5b935e7	Added strongswan.conf options to filter cipher suites by specific algorithms	2010-09-06 16:51:04 +02:00
Martin Willi	a03eebdf93	Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	2010-09-06 16:50:54 +02:00
Martin Willi	e6cce7ff0d	Prepend point format to ECDH public key	2010-09-06 15:37:51 +02:00
Martin Willi	4e68c1cfdc	Do not propose (EC)DHE suites if we do not support them	2010-09-03 18:24:03 +02:00
Martin Willi	4254257f9d	Offer only algorithms/suites we have a registered public key backend for	2010-09-03 18:11:03 +02:00
Martin Willi	f9c0cf862c	Fixed key type of ECDHE_RSA groups	2010-09-03 17:24:39 +02:00
Martin Willi	3f7bb88ba3	Use a dynamic curve enumerator to list/convert TLS named curves	2010-09-03 17:24:23 +02:00
Martin Willi	2066918da2	Add ECDHE enabled cipher suites, including ECDSA variants	2010-09-03 14:54:43 +02:00
Martin Willi	4cdade5aae	Select private key based on received cipher suites	2010-09-03 14:54:43 +02:00
Martin Willi	37a59a8fbf	Support for EC curve Hello extension, EC curve fallback	2010-09-03 14:54:43 +02:00
Martin Willi	691ca54db5	Added TLS EC curve type and name identifiers	2010-09-03 14:54:43 +02:00
Martin Willi	ef0a8e5892	Add DHE enabled RSA variants to the supported TLS suites	2010-09-02 19:33:08 +02:00
Martin Willi	35d9c15d5e	Store a MODP group we use for each TLS suite	2010-09-02 19:33:08 +02:00
Martin Willi	d29a82a9d4	Added generic TLS data sign/verify, hash/sig algorithm construction	2010-09-02 19:33:08 +02:00
Martin Willi	dbb7c0306c	Support different hash/sig algorithms in handshake signing, including ECDSA	2010-09-02 13:07:25 +02:00
Martin Willi	99dcaea9bd	Added TLS ClientCertificateType identifiers	2010-09-02 13:07:24 +02:00
Martin Willi	9dd2ca924e	Added TLS specific Hash and Signature Algorithm identifiers	2010-09-02 13:07:24 +02:00
Martin Willi	2bf0e74c38	Prefer AES/Camellia suites over 3DES/NULL encryption	2010-08-25 18:30:09 +02:00
Martin Willi	69e8bb2e8d	Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option	2010-08-24 11:34:43 +02:00
Martin Willi	bda7d9d940	Added generic TLS purposes	2010-08-24 08:45:49 +02:00
Martin Willi	c310881a11	Added a TLS purpose for EAP-TTLS with client authentication	2010-08-23 15:13:48 +02:00
Martin Willi	3c19b3461f	Introducing a dedicated debug message group for libtls	2010-08-23 09:47:03 +02:00
Andreas Steffen	56a1167b07	fixed build_cipher_suite_list()	2010-08-21 12:52:55 +02:00
Martin Willi	96b2fbcc2c	Introducing simple purposes for the TLS stack, switches various options	2010-08-20 15:09:08 +02:00
Martin Willi	6e413d9ce9	Added more TLS cipher suites we already support	2010-08-20 12:11:21 +02:00
Martin Willi	a2bfc45bfd	Build TLS cipher suite list in a generic fashion	2010-08-20 12:11:21 +02:00
Martin Willi	3102d8669d	Use IV length of a crypter instead of block size for IV calculations	2010-08-13 17:11:53 +02:00
Andreas Steffen	a6444fcdd4	EAP-TLS and EAP-TTLS use different constant MSK PRF label	2010-08-07 11:26:04 +02:00
Martin Willi	37d2d7e158	Whitespace cleanups	2010-08-05 13:58:49 +02:00
Andreas Steffen	7030e3950a	fixed type in cipher suite list build	2010-08-05 01:26:10 +02:00
Andreas Steffen	4657b3a42a	log selected TLS version and cipher suite	2010-08-05 01:21:59 +02:00
Martin Willi	0f82a47063	Moved TLS stack to its own library	2010-08-03 15:39:26 +02:00