Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Tobias Brunner
a30e0001e4
ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal
...
Fixes #533 .
2014-03-31 14:32:44 +02:00
Martin Willi
f316116c88
ike: Support encoding of attribute certificates in CERT payloads
2014-03-31 11:14:58 +02:00
Andreas Steffen
6db81edac3
Added IFOM_CAPABILITY notify message type
2013-11-01 14:07:11 +01:00
Tobias Brunner
e8229ad558
iv_gen: Provide external sequence number (IKE, ESP)
...
This prevents duplicate sequential IVs in case of a HA failover.
2013-10-11 15:55:40 +02:00
Tobias Brunner
b5010707a0
ikev2: Use IV generator to encrypt encrypted payload
2013-10-11 15:55:40 +02:00
Martin Willi
a1379e3210
ikev1: Support parsing of AH+IPComp proposals
2013-10-11 10:15:21 +02:00
Martin Willi
3771b85806
ikev1: Support en-/decoding of SA payloads with AH algorithms
2013-10-11 10:15:21 +02:00
Tobias Brunner
0adf165c7e
Fix crash if the initiator has no suitable proposal available
...
Could be triggered with a typo in the ike or esp options when ! is used.
2013-06-21 11:09:03 +02:00
Martin Willi
a0f6f39343
proposals: try next if IKEv2 algorithm could not be mapped to IKEv1
2013-05-06 15:54:32 +02:00
Andreas Steffen
b038c62e4a
added ERX_SUPPORTED IKEv2 Notify
2013-03-02 17:18:37 +01:00
Martin Willi
b443fa6123
Don't reject OPAQUE ports while verifying traffic selector substructure
2013-02-21 11:52:33 +01:00
Tobias Brunner
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
Martin Willi
54a1a75b2f
Don't use bio_writer_t.skip() to write length field when appending more data
...
If the writer reallocates its buffer, the length pointer might not be valid
anymore, or even worse, point to an arbitrary allocation.
2013-01-11 14:57:08 +01:00
Volker Rümelin
6d3e7a64a0
IKEv1 support for PKCS#7 wrapped certificates
2013-01-11 10:21:56 +01:00
Volker Rümelin
10eee5fcba
Fixed some typos in comments
2013-01-11 10:21:51 +01:00
Tobias Brunner
07df944c9c
Add support to create IKE fragments
...
All fragments currently use the same fragment ID (1) as that's what
other implementations are doing.
2012-12-24 12:29:30 +01:00
Tobias Brunner
8f0ab6dd36
Payload added to handle IKE fragments
2012-12-24 10:24:48 +01:00
Tobias Brunner
ef33a4ab82
Fixed some typos, courtesy of codespell
2012-12-20 09:35:26 +01:00
Volker Rümelin
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
f3d98a6b78
Correctly initialize payload length of encrypted payload
2012-09-28 16:30:26 +02:00
Tobias Brunner
576490ab09
Added method to enumerate EAP types contained in an EAP-Nak
2012-08-31 11:40:28 +02:00
Tobias Brunner
cc4eec56f7
Encode EAP-Naks in expanded format if we got an expanded type request
...
Since methods defined by the IETF (vendor ID 0) could also be encoded in
expanded type format the previous check was insufficient.
2012-08-31 11:40:27 +02:00
Tobias Brunner
78e8dca94f
Allow clients to request a configured EAP method via EAP-Nak
2012-08-31 11:40:27 +02:00
Tobias Brunner
af04233e14
Send EAP-Nak with supported types if requested type is unsupported
2012-08-31 11:40:27 +02:00
Tobias Brunner
d511a71daa
Include stdint.h for UINTxx_MAX defines
...
Fixes #205 .
2012-07-27 13:47:59 +02:00
Martin Willi
511f0b18b9
Cleaned up memory management and return values for encryption payload
2012-07-16 14:55:07 +02:00
Tobias Brunner
ca9b68eb9e
Check rng return value when encrypting encryption payload
2012-07-16 14:53:35 +02:00
Martin Willi
e2ed7bfd22
Add a return value to aead_t.encrypt()
2012-07-16 14:53:32 +02:00
Martin Willi
a9aa75b90e
Map XAuth responder authentication methods between IKEv1 and IKEv2
2012-06-27 11:42:56 +02:00
Tobias Brunner
daab61e51f
Added encapsulation mode transform attribute to IPComp proposal.
2012-05-25 09:26:42 +02:00
Tobias Brunner
6695b48582
Add an additional proposal without IPComp to SA payload.
2012-05-24 15:32:28 +02:00
Tobias Brunner
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
Tobias Brunner
7a75cae856
Added support for IKEv1 IPComp proposals in proposal substructure.
2012-05-24 15:32:27 +02:00
Tobias Brunner
624bb24d12
Properly filter IKEv1 proposals consisting of multiple proposal payloads.
...
Since a proposal_t object is created for each transform contained in the
proposal payload, it does not work to simply remove the last proposal_t
object added to the list (there may be several other extracted from the
previous proposal payload).
2012-05-24 15:32:27 +02:00
Andreas Steffen
4b797f464e
fixed mapping of IKEv1 algorithms
2012-05-05 23:25:34 +02:00
Andreas Steffen
f66a14818e
inserted space
2012-05-05 15:51:24 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Martin Willi
4ef867f578
Accept zero-length certificate request payloads
2012-04-11 17:22:23 +02:00
Andreas Steffen
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
Andreas Steffen
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
eff331f799
Parse IKEv1 Cisco Load Balancing notify (can't act on it yet).
2012-03-20 17:31:40 +01:00
Tobias Brunner
3a9d5cbc14
Fixed transform numbering in IKEv1 proposal.
2012-03-20 17:31:40 +01:00
Martin Willi
5ed4b727d0
Fix mapping of IKEv1 encapsulation mode
2012-03-20 17:31:39 +01:00
Martin Willi
6261c0c3b7
Support encoding of IKEv1 ECDSA proposals
2012-03-20 17:31:38 +01:00
Martin Willi
c390569a76
Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules
2012-03-20 17:31:38 +01:00
Martin Willi
05cb240215
Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length
2012-03-20 17:31:38 +01:00