Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
636b2e9b2a
ikev1: Assume a default key length of 128-bit for AES-CBC
...
Some implementations don't send a Key Length attribute for AES-128.
This was allowed for IKE in early drafts of RFC 3602, however, some
implementations also seem to do it for ESP, where it never was allowed.
And the final version of RFC 3602 demands a Key Length attribute for both
phases so they shouldn't do it anymore anyway.
Fixes #1064 .
2015-08-17 17:13:50 +02:00
Tobias Brunner
728f529c42
ikev1: Use same map for AH and ESP authentication algorithms
...
The transform identifier used in AH transforms is not the same as the
authentication algorithm identifier used in the transform attributes in
AH (and ESP) transforms.
2014-12-09 11:08:14 +01:00
Tobias Brunner
4141f01671
ikev1: Accept IPComp proposals with 4 octet long CPI values
...
While they SHOULD be sent as 16-bit values according to RFC 3173
a responder MUST be able to accept CPI values encoded in four bytes.
2014-12-05 15:48:52 +01:00
Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Tobias Brunner
a30e0001e4
ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal
...
Fixes #533 .
2014-03-31 14:32:44 +02:00
Martin Willi
3771b85806
ikev1: Support en-/decoding of SA payloads with AH algorithms
2013-10-11 10:15:21 +02:00
Martin Willi
a0f6f39343
proposals: try next if IKEv2 algorithm could not be mapped to IKEv1
2013-05-06 15:54:32 +02:00
Volker Rümelin
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
a9aa75b90e
Map XAuth responder authentication methods between IKEv1 and IKEv2
2012-06-27 11:42:56 +02:00
Tobias Brunner
daab61e51f
Added encapsulation mode transform attribute to IPComp proposal.
2012-05-25 09:26:42 +02:00
Tobias Brunner
7a75cae856
Added support for IKEv1 IPComp proposals in proposal substructure.
2012-05-24 15:32:27 +02:00
Andreas Steffen
4b797f464e
fixed mapping of IKEv1 algorithms
2012-05-05 23:25:34 +02:00
Tobias Brunner
3a9d5cbc14
Fixed transform numbering in IKEv1 proposal.
2012-03-20 17:31:40 +01:00
Martin Willi
5ed4b727d0
Fix mapping of IKEv1 encapsulation mode
2012-03-20 17:31:39 +01:00
Martin Willi
6261c0c3b7
Support encoding of IKEv1 ECDSA proposals
2012-03-20 17:31:38 +01:00
Martin Willi
927c1dd9d2
Support IKEv1 proposal encodings having both lifebytes and a lifetime
2012-03-20 17:31:33 +01:00
Martin Willi
26b02f50f4
Always use a transform number of 1 when encoding a single transform
2012-03-20 17:31:25 +01:00
Martin Willi
3ba15819ed
Remove executable flag from source code files
2012-03-20 17:31:22 +01:00
Martin Willi
51da01a722
Support encoding of Hybrid initiator authentication method
2012-03-20 17:31:21 +01:00
Martin Willi
9bb4de1d83
En- and decode DH group attribute in quick mode SA payloads
2012-03-20 17:31:14 +01:00
Clavister OpenSource
e102f86e88
Setting transform number in esp proposal.
...
iPhone (racoon) fails quick mode when transform number is 0
2012-03-20 17:31:11 +01:00
Tobias Brunner
fd24c700fb
Use proper enum types in proposal_substructure.
2012-03-20 17:31:07 +01:00
Martin Willi
b4e815354c
Map auth_class to auth method and IKEv1 proposal attribute
2012-03-20 17:30:53 +01:00
Martin Willi
914ec2dbf2
Implemented IKEv1 attribute encoding in SA payload
2012-03-20 17:30:53 +01:00
Martin Willi
fbebc2a068
Implemented encoding of additional IKEv1 proposal attributes
2012-03-20 17:30:53 +01:00
Clavister OpenSource
8b30286fcf
IKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK.
2012-03-20 17:30:52 +01:00
Martin Willi
7a7f486df6
Include hardcoded tunnel mode attribute in porposal, remove ESN attribute
2012-03-20 17:30:50 +01:00
Martin Willi
d50152a70b
Parse proposal substructure with multiple IKEv1 transforms to multiple proposals
2012-03-20 17:30:49 +01:00
Martin Willi
62a27ba347
Encode multiple IKEv1 proposals in a single transform substructure
2012-03-20 17:30:48 +01:00
Martin Willi
cd89f1a074
Only add the first algorithm of a kind to IKEv1 transforms
2012-03-20 17:30:48 +01:00
Martin Willi
f5c0096086
Hardcode some SA lifetimes until we can configure them dynamically
2012-03-20 17:30:48 +01:00
Martin Willi
cc9629d87c
Partially implemented IKEv1 ESP proposal en-/decoding
2012-03-20 17:30:47 +01:00
Martin Willi
72b3146092
Re-enable static inclusion of PSK auth method into IKEv1 proposal
2012-03-20 17:30:43 +01:00
Martin Willi
04ee2b7fed
Added IKEv1 support to notify payload
2012-03-20 17:30:43 +01:00
Martin Willi
f62a7c7c71
Use a generic list encoding rule we can use to specify the wrapped payload type
2012-03-20 17:30:42 +01:00
Martin Willi
38fb67fbf1
Add a payload.get_header_length() method, remove header length definitions
2012-03-20 17:30:42 +01:00
Martin Willi
e9b55b8325
Simplify signature of get_encoding_rules(), make all rules static
2012-03-20 17:30:42 +01:00
Martin Willi
717333da98
Add fixed PSK authentication method to IKEv1 proposal for now
2012-03-20 17:30:41 +01:00
Martin Willi
3a470f3035
Added limiting encoding of IKEv1 SA payloads
2012-03-20 17:30:41 +01:00
Martin Willi
1bf2971ff2
Implemented limited payload parsing for IKEv1 SA payloads
2012-03-20 17:30:40 +01:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Martin Willi
54f2bdd656
Added substructure enumerators to sa_payload, proposal_substructure
2011-01-05 16:45:52 +01:00
Martin Willi
c93c7a7560
Added member fields for reserved bits and bytes in all payloads
2011-01-05 16:45:51 +01:00
Martin Willi
1f5b2bec4b
Use enumerator instead of deprecated iterator
2011-01-05 16:45:51 +01:00
Martin Willi
6844c156fc
Removed obsolete clone mehtod from proposal_substructure
2011-01-05 16:45:51 +01:00
Martin Willi
2ecbd6186e
Do not update payload length during generation, allows hooks override payload length
2011-01-05 16:45:47 +01:00
Martin Willi
bb16217581
Store proposal number in proposal_t to reuse it in the selected proposal
...
According to RFC 5996 3.3.1, we MUST reuse the proposal number of
the selected proposal in the SA payload reply.
2010-10-28 15:08:14 +02:00
Martin Willi
806b69a467
Migrated proposal_substructure to INIT/METHOD macros, removed unused methods
2010-10-28 13:06:20 +00:00