ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,989 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

205 Commits

Author SHA1 Message Date
Martin Willi 3ecfc83c6b payload: Use common prefixes for all payload type identifiers 
The old identifiers did not use a proper namespace and often clashed with
other defines.
 2014-06-04 15:53:03 +02:00
Tobias Brunner a30e0001e4 ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal 
Fixes #533.
 2014-03-31 14:32:44 +02:00
Martin Willi f316116c88 ike: Support encoding of attribute certificates in CERT payloads 2014-03-31 11:14:58 +02:00
Andreas Steffen 6db81edac3 Added IFOM_CAPABILITY notify message type 2013-11-01 14:07:11 +01:00
Tobias Brunner e8229ad558 iv_gen: Provide external sequence number (IKE, ESP) 
This prevents duplicate sequential IVs in case of a HA failover.
 2013-10-11 15:55:40 +02:00
Tobias Brunner b5010707a0 ikev2: Use IV generator to encrypt encrypted payload 2013-10-11 15:55:40 +02:00
Martin Willi a1379e3210 ikev1: Support parsing of AH+IPComp proposals 2013-10-11 10:15:21 +02:00
Martin Willi 3771b85806 ikev1: Support en-/decoding of SA payloads with AH algorithms 2013-10-11 10:15:21 +02:00
Tobias Brunner 0adf165c7e Fix crash if the initiator has no suitable proposal available 
Could be triggered with a typo in the ike or esp options when ! is used.
 2013-06-21 11:09:03 +02:00
Martin Willi a0f6f39343 proposals: try next if IKEv2 algorithm could not be mapped to IKEv1 2013-05-06 15:54:32 +02:00
Andreas Steffen b038c62e4a added ERX_SUPPORTED IKEv2 Notify 2013-03-02 17:18:37 +01:00
Martin Willi b443fa6123 Don't reject OPAQUE ports while verifying traffic selector substructure 2013-02-21 11:52:33 +01:00
Tobias Brunner 21235e1ec2 Merge branch 'ikev1-fragmentation' 
This adds support for the proprietary IKEv1 fragmentation extension.

Conflicts:
	NEWS
 2013-01-12 11:58:26 +01:00
Martin Willi 54a1a75b2f Don't use bio_writer_t.skip() to write length field when appending more data 
If the writer reallocates its buffer, the length pointer might not be valid
anymore, or even worse, point to an arbitrary allocation.
 2013-01-11 14:57:08 +01:00
Volker Rümelin 6d3e7a64a0 IKEv1 support for PKCS#7 wrapped certificates 2013-01-11 10:21:56 +01:00
Volker Rümelin 10eee5fcba Fixed some typos in comments 2013-01-11 10:21:51 +01:00
Tobias Brunner 07df944c9c Add support to create IKE fragments 
All fragments currently use the same fragment ID (1) as that's what
other implementations are doing.
 2012-12-24 12:29:30 +01:00
Tobias Brunner 8f0ab6dd36 Payload added to handle IKE fragments 2012-12-24 10:24:48 +01:00
Tobias Brunner ef33a4ab82 Fixed some typos, courtesy of codespell 2012-12-20 09:35:26 +01:00
Volker Rümelin 0ff8d20a89 Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier 
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
 2012-12-19 11:03:42 +01:00
Tobias Brunner 12642a6831 Moved data structures to new collections subfolder 2012-10-24 16:00:49 +02:00
Tobias Brunner 2e7cc07ecd Moved host_t and host_resolver_t to a new networking subfolder 2012-10-24 15:06:18 +02:00
Tobias Brunner f3d98a6b78 Correctly initialize payload length of encrypted payload 2012-09-28 16:30:26 +02:00
Tobias Brunner 576490ab09 Added method to enumerate EAP types contained in an EAP-Nak 2012-08-31 11:40:28 +02:00
Tobias Brunner cc4eec56f7 Encode EAP-Naks in expanded format if we got an expanded type request 
Since methods defined by the IETF (vendor ID 0) could also be encoded in
expanded type format the previous check was insufficient.
 2012-08-31 11:40:27 +02:00
Tobias Brunner 78e8dca94f Allow clients to request a configured EAP method via EAP-Nak 2012-08-31 11:40:27 +02:00
Tobias Brunner af04233e14 Send EAP-Nak with supported types if requested type is unsupported 2012-08-31 11:40:27 +02:00
Tobias Brunner d511a71daa Include stdint.h for UINTxx_MAX defines 
Fixes #205.
 2012-07-27 13:47:59 +02:00
Martin Willi 511f0b18b9 Cleaned up memory management and return values for encryption payload 2012-07-16 14:55:07 +02:00
Tobias Brunner ca9b68eb9e Check rng return value when encrypting encryption payload 2012-07-16 14:53:35 +02:00
Martin Willi e2ed7bfd22 Add a return value to aead_t.encrypt() 2012-07-16 14:53:32 +02:00
Martin Willi a9aa75b90e Map XAuth responder authentication methods between IKEv1 and IKEv2 2012-06-27 11:42:56 +02:00
Tobias Brunner daab61e51f Added encapsulation mode transform attribute to IPComp proposal. 2012-05-25 09:26:42 +02:00
Tobias Brunner 6695b48582 Add an additional proposal without IPComp to SA payload. 2012-05-24 15:32:28 +02:00
Tobias Brunner 647cd741e8 Added support for IKEv1 IPComp proposals in SA payload. 2012-05-24 15:32:28 +02:00
Tobias Brunner 7a75cae856 Added support for IKEv1 IPComp proposals in proposal substructure. 2012-05-24 15:32:27 +02:00
Tobias Brunner 624bb24d12 Properly filter IKEv1 proposals consisting of multiple proposal payloads. 
Since a proposal_t object is created for each transform contained in the
proposal payload, it does not work to simply remove the last proposal_t
object added to the list (there may be several other extracted from the
previous proposal payload).
 2012-05-24 15:32:27 +02:00
Andreas Steffen 4b797f464e fixed mapping of IKEv1 algorithms 2012-05-05 23:25:34 +02:00
Andreas Steffen f66a14818e inserted space 2012-05-05 15:51:24 +02:00
Martin Willi b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Martin Willi 4ef867f578 Accept zero-length certificate request payloads 2012-04-11 17:22:23 +02:00
Andreas Steffen 5893d1b156 added IKEv2 Generic Secure Password Authentication Method 2012-04-03 12:48:48 +02:00
Andreas Steffen f54c4ed8d6 added GSPM IKEv2 payload 2012-04-03 12:21:39 +02:00
Martin Willi b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Tobias Brunner eff331f799 Parse IKEv1 Cisco Load Balancing notify (can't act on it yet). 2012-03-20 17:31:40 +01:00
Tobias Brunner 3a9d5cbc14 Fixed transform numbering in IKEv1 proposal. 2012-03-20 17:31:40 +01:00
Martin Willi 5ed4b727d0 Fix mapping of IKEv1 encapsulation mode 2012-03-20 17:31:39 +01:00
Martin Willi 6261c0c3b7 Support encoding of IKEv1 ECDSA proposals 2012-03-20 17:31:38 +01:00
Martin Willi c390569a76 Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules 2012-03-20 17:31:38 +01:00
Martin Willi 05cb240215 Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length 2012-03-20 17:31:38 +01:00