b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
636b2e9b2a
ikev1: Assume a default key length of 128-bit for AES-CBC
...
Some implementations don't send a Key Length attribute for AES-128.
This was allowed for IKE in early drafts of RFC 3602, however, some
implementations also seem to do it for ESP, where it never was allowed.
And the final version of RFC 3602 demands a Key Length attribute for both
phases so they shouldn't do it anymore anyway.
Fixes #1064 .
2015-08-17 17:13:50 +02:00
728f529c42
ikev1: Use same map for AH and ESP authentication algorithms
...
The transform identifier used in AH transforms is not the same as the
authentication algorithm identifier used in the transform attributes in
AH (and ESP) transforms.
2014-12-09 11:08:14 +01:00
4141f01671
ikev1: Accept IPComp proposals with 4 octet long CPI values
...
While they SHOULD be sent as 16-bit values according to RFC 3173
a responder MUST be able to accept CPI values encoded in four bytes.
2014-12-05 15:48:52 +01:00
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
a30e0001e4
ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal
...
Fixes #533 .
2014-03-31 14:32:44 +02:00
3771b85806
ikev1: Support en-/decoding of SA payloads with AH algorithms
2013-10-11 10:15:21 +02:00
a0f6f39343
proposals: try next if IKEv2 algorithm could not be mapped to IKEv1
2013-05-06 15:54:32 +02:00
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
a9aa75b90e
Map XAuth responder authentication methods between IKEv1 and IKEv2
2012-06-27 11:42:56 +02:00
daab61e51f
Added encapsulation mode transform attribute to IPComp proposal.
2012-05-25 09:26:42 +02:00
7a75cae856
Added support for IKEv1 IPComp proposals in proposal substructure.
2012-05-24 15:32:27 +02:00
4b797f464e
fixed mapping of IKEv1 algorithms
2012-05-05 23:25:34 +02:00
3a9d5cbc14
Fixed transform numbering in IKEv1 proposal.
2012-03-20 17:31:40 +01:00
5ed4b727d0
Fix mapping of IKEv1 encapsulation mode
2012-03-20 17:31:39 +01:00
6261c0c3b7
Support encoding of IKEv1 ECDSA proposals
2012-03-20 17:31:38 +01:00
927c1dd9d2
Support IKEv1 proposal encodings having both lifebytes and a lifetime
2012-03-20 17:31:33 +01:00
26b02f50f4
Always use a transform number of 1 when encoding a single transform
2012-03-20 17:31:25 +01:00
3ba15819ed
Remove executable flag from source code files
2012-03-20 17:31:22 +01:00
51da01a722
Support encoding of Hybrid initiator authentication method
2012-03-20 17:31:21 +01:00
9bb4de1d83
En- and decode DH group attribute in quick mode SA payloads
2012-03-20 17:31:14 +01:00
e102f86e88
Setting transform number in esp proposal.
...
iPhone (racoon) fails quick mode when transform number is 0
2012-03-20 17:31:11 +01:00
fd24c700fb
Use proper enum types in proposal_substructure.
2012-03-20 17:31:07 +01:00
b4e815354c
Map auth_class to auth method and IKEv1 proposal attribute
2012-03-20 17:30:53 +01:00
914ec2dbf2
Implemented IKEv1 attribute encoding in SA payload
2012-03-20 17:30:53 +01:00
fbebc2a068
Implemented encoding of additional IKEv1 proposal attributes
2012-03-20 17:30:53 +01:00
8b30286fcf
IKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK.
2012-03-20 17:30:52 +01:00
7a7f486df6
Include hardcoded tunnel mode attribute in porposal, remove ESN attribute
2012-03-20 17:30:50 +01:00
d50152a70b
Parse proposal substructure with multiple IKEv1 transforms to multiple proposals
2012-03-20 17:30:49 +01:00
62a27ba347
Encode multiple IKEv1 proposals in a single transform substructure
2012-03-20 17:30:48 +01:00
cd89f1a074
Only add the first algorithm of a kind to IKEv1 transforms
2012-03-20 17:30:48 +01:00
f5c0096086
Hardcode some SA lifetimes until we can configure them dynamically
2012-03-20 17:30:48 +01:00
cc9629d87c
Partially implemented IKEv1 ESP proposal en-/decoding
2012-03-20 17:30:47 +01:00
72b3146092
Re-enable static inclusion of PSK auth method into IKEv1 proposal
2012-03-20 17:30:43 +01:00
04ee2b7fed
Added IKEv1 support to notify payload
2012-03-20 17:30:43 +01:00
f62a7c7c71
Use a generic list encoding rule we can use to specify the wrapped payload type
2012-03-20 17:30:42 +01:00
38fb67fbf1
Add a payload.get_header_length() method, remove header length definitions
2012-03-20 17:30:42 +01:00
e9b55b8325
Simplify signature of get_encoding_rules(), make all rules static
2012-03-20 17:30:42 +01:00
717333da98
Add fixed PSK authentication method to IKEv1 proposal for now
2012-03-20 17:30:41 +01:00
3a470f3035
Added limiting encoding of IKEv1 SA payloads
2012-03-20 17:30:41 +01:00
1bf2971ff2
Implemented limited payload parsing for IKEv1 SA payloads
2012-03-20 17:30:40 +01:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
54f2bdd656
Added substructure enumerators to sa_payload, proposal_substructure
2011-01-05 16:45:52 +01:00
c93c7a7560
Added member fields for reserved bits and bytes in all payloads
2011-01-05 16:45:51 +01:00
1f5b2bec4b
Use enumerator instead of deprecated iterator
2011-01-05 16:45:51 +01:00
6844c156fc
Removed obsolete clone mehtod from proposal_substructure
2011-01-05 16:45:51 +01:00
2ecbd6186e
Do not update payload length during generation, allows hooks override payload length
2011-01-05 16:45:47 +01:00
bb16217581
Store proposal number in proposal_t to reuse it in the selected proposal
...
According to RFC 5996 3.3.1, we MUST reuse the proposal number of
the selected proposal in the SA payload reply.
2010-10-28 15:08:14 +02:00
806b69a467
Migrated proposal_substructure to INIT/METHOD macros, removed unused methods
2010-10-28 13:06:20 +00:00
Andreas Steffen