ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,543 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 2db6d5b8b3 Fixed some typos, courtesy of codespell 2018-02-13 12:19:54 +01:00
Tobias Brunner 73cbce6013 libradius: Pad received MSK to at least 64 bytes 
According to RFC 3748 MSKs must be at least 64 bytes, however, that's
not the case for the MSK derived via EAP-MSCHAPv2.  The two key parts
received are only 16 bytes each (derived according to RFC 3079,
section 3.3), so we end up with an MSK of only 32 bytes. The eap-mschapv2
plugin, on the other hand, pads these two parts with 32 zeros.

Interestingly, this is not a problem in many cases as the SHA1/2 based
PRFs used later use a block size that's >= 64 bytes, so the shorter MSK
is just padded with zeros then.  However, with AES-XCBC-PRF-128, for
instance, which uses a block size of 16 bytes, the different MSKs are an
issue as XCBC is applied to both to shorten them, with different results.
This eventually causes the authentication to fail if the client uses a
zero-padded MSK produced by the eap-mschapv2 plugin and the server the 32
byte MSK received via RADIUS.
 2018-02-09 10:44:52 +01:00
Tobias Brunner 95a63bf281 Migrate all enumerators to venumerate() interface change 2017-05-26 13:56:44 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Thom Troy ac36ede93c eap-radius: Add ability to configure RADIUS retransmission behavior 
Closes strongswan/strongswan#19.
 2015-11-17 14:25:08 +01:00
Tobias Brunner ec490e68ae eap-radius: Add support for some basic IPv6-specific RADIUS attributes 
These are defined in RFC 6911.

Fixes #1001.
 2015-08-17 11:23:33 +02:00
Tobias Brunner d079f6a4f7 libradius: Verify message ID of RADIUS responses 
If we sent retransmits for a message and didn't receive a response it might
still arrive later.  Such a message will be queued on the socket.  The next
read will then return not the expected response but the one for the earlier
request.  For this message the verification will fail and the message gets
discarded.  But with the earlier code the actual response was never received.
Instead, a subsequent request resulted in the same failure and so on.

Fixes #838.
 2015-05-21 14:30:11 +02:00
Martin Willi 71afe0a556 utils: Use memeq_const() for all cryptographic purposes 2015-04-14 11:53:31 +02:00
Martin Willi 1abaff6a3c libradius: Use poll(2) to wait for RADIUS responses 2014-11-21 11:16:48 +01:00
Tobias Brunner 9af44ef5d9 Build all shared libraries with -no-undefined and link them properly 
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.

For plugins this is currently not done, so only the monolithic build is
supported.  The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
 2013-09-12 01:44:49 +02:00
Martin Willi 6bc0ce020d libradius: support encryption of User-Password attributes 2013-07-29 09:00:48 +02:00
Martin Willi 15483a6223 libradius: refactor generic RADIUS en-/decryption function to a message method 2013-07-29 09:00:48 +02:00
Martin Willi 19cb07b890 automake: replace INCLUDES by AM_CPPFLAGS 
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
 2013-07-18 14:59:19 +02:00
Martin Willi 003452d18f Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request 2013-03-13 15:20:11 +01:00
Martin Willi 54b3cbdc78 Add a radius message method to enumerate vendor specific attributes 2013-03-12 20:37:35 +01:00
Tobias Brunner 11adf114c1 Fixed Doxygen comments after scanning complete src directory 2013-03-02 18:31:53 +01:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner 12642a6831 Moved data structures to new collections subfolder 2012-10-24 16:00:49 +02:00
Tobias Brunner 2e7cc07ecd Moved host_t and host_resolver_t to a new networking subfolder 2012-10-24 15:06:18 +02:00
Martin Willi 8bd6a30af1 Add a return value to hasher_t.get_hash() 2012-07-16 14:55:06 +02:00
Martin Willi 3629740c7f Check rng return value when generating radius message authenticator 2012-07-16 14:53:37 +02:00
Martin Willi 2d56575d52 Add a return value to signer_t.set_key() 2012-07-16 14:53:33 +02:00
Martin Willi 2e96de60a8 Add a return value to signer_t.get_signature() 2012-07-16 14:53:33 +02:00
Martin Willi 5fb719e0de Add a return value to radius_message_t.sign() 2012-07-16 14:53:33 +02:00
Andreas Steffen 367e1e22b8 checksum need a libradius_init() symbol 2012-04-05 16:52:37 +02:00
Andreas Steffen 3cff2b598b straightene radius_mppe header file 2012-03-14 06:52:26 +01:00
Andreas Steffen 6fd612913e implemented MS_MPPE encryption 2012-03-13 23:26:15 +01:00
Andreas Steffen 5fdb849293 use predefined Microsoft PEN 2012-03-13 19:23:35 +01:00
Andreas Steffen 4adc3c147e use MAX_RADIUS_ATTRIBUTE_SIZE constant 2012-03-13 18:06:56 +01:00
Andreas Steffen d90ade8f79 implemented RADIUS Filter-ID attribute 2012-03-13 16:27:18 +01:00
Andreas Steffen 4853efe891 define MAX_RADIUS_ATTRIBUTE_SIZE 2012-03-13 16:27:17 +01:00
Andreas Steffen b3ec652192 added msg_auth flag in radius_message_t sign() method 2012-03-13 16:27:17 +01:00
Andreas Steffen 4fc6c7d442 allow debug of raw RADIUS data 2012-03-13 16:27:17 +01:00
Andreas Steffen d4db9f44c2 simple RADIUS server example works 2012-03-13 16:27:17 +01:00
Andreas Steffen 21b0f216b9 created libradius shared by eap-radius and tnc-pdp plugins 2012-03-13 16:27:17 +01:00
Martin Willi d1fbb0a4b3 Renamed radius_server to radius_config, as some real RADIUS server functionality is coming 2012-03-05 18:31:30 +01:00
Martin Willi f0f94e2ce6 Moved generic RADIUS protocol support to a dedicated libradius 2012-03-05 18:08:04 +01:00