Tobias Brunner
bca34c3717
Moved utils.[ch] to utils folder
2012-10-24 16:07:53 +02:00
Tobias Brunner
f9625952ad
Moved settings_t to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
05e448c5cc
Moved printf hooks to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
08944b68ac
Moved integrity_checker_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
292d8f41c3
Resolve hosts by DNS name in separate threads so we can cancel them
...
getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.
getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.
2012-10-18 10:57:55 +02:00
Martin Willi
9564f9eb6e
Include all dev headers, even if they are configuration specific
2012-10-02 11:39:55 +02:00
Tobias Brunner
60dc44648f
Added a condvar implementation that works with rwlock_t
2012-09-21 18:16:27 +02:00
Francois ten Krooden
8c2ec47149
Moved proposal_keywords to proposal_keywords_static
...
Added new proposal keywords with function to reference the static keywords.
2012-09-13 15:42:38 +02:00
Andreas Steffen
17f806d8d0
fixed Makefile for libstrongswan dev headers
2012-08-14 10:21:28 +02:00
Tobias Brunner
34400edc37
Added utility class to create TUN devices
...
Currently works only on Linux.
2012-08-08 15:41:03 +02:00
Tobias Brunner
156f7e9b85
Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswan
...
This avoids a dependency of libipsec to libhydra.
2012-08-08 15:41:02 +02:00
Tobias Brunner
2dde79aca6
Added a simple blocking queue around linked_list_t
2012-08-08 15:41:02 +02:00
Tobias Brunner
5764a9b355
Moved packet_t to libstrongswan
2012-08-08 15:41:02 +02:00
Martin Willi
4c6c934635
With --enable-bfd-backtraces, use binutils libbfd to resolve backtraces
...
The invocation of addr2line to resolve backtrace source locations
is slow and cumbersome. When using libbfd directly, we can eliminate
the overhead of the process invocation. Even better, we can cache
library symbol names, bringing wicked fast lookups. As a neat bonus,
we can resolve static function names.
2012-07-13 13:23:29 +02:00
Andreas Steffen
d4cf9cdf28
fixed libstrongswan/Makefile.am
2012-07-11 23:13:55 +02:00
Martin Willi
b188f23199
Install dev headers only if --with-dev-headers= option is set
2012-07-11 11:16:31 +02:00
Martin Willi
7115448529
Install libstrongswan development headers
2012-07-11 09:57:07 +02:00
Martin Willi
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
Tobias Brunner
12fa85c664
Added wrapper for POSIX spin locks
2012-07-04 10:13:49 +02:00
Tobias Brunner
c4a3c9672a
Make the hmac_t interface a generic interface for message authentication codes
2012-06-25 16:35:06 +02:00
Tobias Brunner
57ff4be874
Simple wrappers for HMAC based prf_t and signer_t implementations added
2012-06-25 16:35:06 +02:00
Tobias Brunner
07f0abd7ac
Updated PKCS#7 parser/generator in libstrongswan.
...
Added some functionality from pluto's version, updated usage of asn1
and crypto primitives. It does compile but is not really tested yet.
2012-06-11 17:09:19 +02:00
Adrian-Ken Rueegsegger
04024b5de8
Add nonce plugin implementation
...
This nonce generator uses an RNG to generate nonces. The RNG quality is
currently set to RNG_WEAK which is the same value used in IKE init.
The plugin is enabled and thus built by default.
2012-05-18 08:15:40 +02:00
Adrian-Ken Rueegsegger
e2fc09c186
Add nonce generator interface
...
Nonce generators (nonce_gen_t) can be used to get or allocate nonces.
Users can request nonce generators from the crypto factory while nonce
plugins register/remove themselves to/from the crypto factory.
2012-05-18 08:15:40 +02:00
Tobias Brunner
8f6c13271c
Added a wrapper class around POSIX semaphores.
2012-05-02 14:45:37 +02:00
Tobias Brunner
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
Tobias Brunner
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
Martin Willi
62b9e2f938
Added support for plugin features
2011-10-14 10:05:44 +02:00
Martin Willi
e3edd7e75e
Add enum names for database drivers
2011-10-14 10:04:45 +02:00
Tobias Brunner
629fd2f4f6
Finally removed deprecated iterator_t.
2011-07-06 09:43:46 +02:00
Tobias Brunner
60d62b9e5c
Don't install the libraries directly in lib/.
...
Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the
plugins from libexec to a subdirectory of that dir.
2011-07-05 14:42:14 +02:00
Andreas Steffen
7c4d4d209d
make IMC/IMV pairs independent of libcharon
2011-06-01 16:33:44 +02:00
Andreas Steffen
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
Martin Willi
2959ea6f84
Added job priority enum names
2011-05-16 15:24:13 +02:00
Martin Willi
13eda8e903
Added a new FETCH_CALLBACK option to fetch data without allocation
2011-04-04 08:48:27 +02:00
Martin Willi
2ca52c8048
Implemented an alternative HTTP fetcher based on libsoup
2011-01-17 18:20:06 +01:00
Martin Willi
01d3038137
Added plugin stub for advanced X509 constraint checking
2011-01-05 16:46:00 +01:00
Martin Willi
e49bd37b5d
Remove x509_flag_names, flags do not work with ENUM()
2011-01-05 16:45:56 +01:00
Martin Willi
71c87e3483
Added plugin stub for AF_ALG
2010-12-20 09:52:02 +01:00
Tobias Brunner
e18556e9e9
Moved scheduler and thread pool to libstrongswan.
2010-09-02 19:04:18 +02:00
Martin Willi
f13a03add0
Moved EAP type/code definitions to a seprate header file in libstrongswan
2010-08-31 15:35:29 +02:00
Martin Willi
908e752201
Rebuild library.lo after changing ./configure options
2010-08-23 12:01:48 +02:00
Martin Willi
1a64981048
Implemented a gcm plugin providing GCM mode based on CBC crypters
2010-08-19 19:05:15 +02:00
Martin Willi
80a93a1335
Implemented a ccm plugin providing CCM mode based on CBC crypters
2010-08-19 19:05:14 +02:00
Martin Willi
df8d0d8703
Implemented an AEAD wrapper for traditional crypter/signer transforms
2010-08-19 12:35:54 +02:00
Martin Willi
272f0e1ae4
Added a counter mode wrapper plugin operating on existing CBC crypters
2010-08-13 19:39:59 +02:00
Martin Willi
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
Martin Willi
0749e91bec
Implemented a generic in-memory credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
Martin Willi
6e862e2152
Added PKCS#11 token plugin stub
2010-08-04 09:26:18 +02:00
Martin Willi
24d327ab4d
Moved keys/key_encoding.[ch] to cred_encoding.[ch]
2010-07-13 11:02:35 +02:00
Martin Willi
1c8c924610
Moved addrblock plugin to libcharon
2010-07-13 10:26:07 +02:00
Martin Willi
c2e5cee413
Moved CRL/OCSP checking to a dedicated plugin called revocation
2010-07-13 10:26:07 +02:00
Martin Willi
5f9e62c54f
Moved X509 addrBlock validation to a separate addrblock plugin
2010-07-13 10:26:07 +02:00
Martin Willi
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
Tobias Brunner
567d3f1463
Attributes moved from libstrongswan to libhydra.
...
The attribute_manager_t instance is now located on the new hydra object
instead of the lib object.
2010-03-24 18:53:10 +01:00
Tobias Brunner
75dc019252
Moving attr-sql plugin from libstrongswan to libhydra.
2010-03-24 18:53:09 +01:00
Martin Willi
40f130dab3
Implemented the PRF_KEYED_SHA1 algorithm in the openssl plugin
2010-03-08 13:16:12 +01:00
Tobias Brunner
0ace35282c
Build libstrongswan before building any plugins during the non-monolithic build (as it was before).
2010-03-05 11:05:32 +01:00
Tobias Brunner
1be3298807
Adding Android.mk files to build charon and libstrongswan with the Android build system.
2010-03-03 10:18:46 +01:00
Tobias Brunner
6ec60bb92b
Link all enabled libstrongswan plugins into the library, link all enabled charon plugins into libcharon.
2010-03-02 10:38:52 +01:00
Tobias Brunner
4a5a5dd290
Using the thread wrapper in charon, libstrongswan and their plugins.
2009-12-23 17:03:41 +01:00
Tobias Brunner
070ac5b0b7
Check if libpthread is required or not.
2009-12-23 17:02:26 +01:00
Tobias Brunner
5fe538504e
Moved implementation of condvar_t to mutex.c because it requires access to private_mutex_t.
2009-12-23 17:02:25 +01:00
Tobias Brunner
eba64cef41
Separated the public interfaces of the threading primitives.
2009-12-23 17:01:53 +01:00
Tobias Brunner
b1f35d0695
Threading primitives separated.
2009-12-23 17:01:30 +01:00
Tobias Brunner
14f7091280
Moved mutex.c to a separate folder in order to cleanly wrap other threading primitives (and utils/mutex.h is now threading.h).
2009-12-23 17:00:58 +01:00
Andreas Steffen
252f38f6f8
fixed distribution list
2009-12-21 22:28:08 +01:00
Andreas Steffen
1125a0be81
moved traffic_selectors from charon to libstrongswan
2009-12-20 14:57:38 +01:00
Andreas Steffen
247794827e
move SQL-based pool functionality to new attr-sql libstrongswan plugin
2009-10-13 17:02:29 +02:00
Andreas Steffen
930443afff
moved attribute_manager to libstrongswan
2009-10-13 13:46:27 +02:00
Andreas Steffen
fc12e3cd2e
pluto now uses x509 plugin for attribute certificate handling
2009-10-05 07:24:28 +02:00
Martin Willi
4cb0e1bb76
Added basic support for PGP certificates (no trust relationships yet)
2009-09-15 08:23:48 +02:00
Andreas Steffen
f03e0e9147
support of PKCS#10 certificate request parsing
2009-09-13 21:00:15 +02:00
Martin Willi
356b2b2780
pass NULL to library_init() to load settings from default file
2009-09-10 18:52:42 +02:00
Martin Willi
5b03a350fc
use NULL to load plugins from default plugin directory
2009-09-10 18:52:42 +02:00
Martin Willi
3f310c0d1f
implemented a monotonic timestamping function, unaffected from system time changes
2009-08-31 15:03:35 +02:00
Martin Willi
d9b24887a4
added a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins
2009-08-26 11:23:51 +02:00
Martin Willi
b457e08fca
moved PGP code to pluto and gpg plugin
2009-08-26 11:23:51 +02:00
Martin Willi
5ef478aaee
implemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing
2009-08-26 11:23:51 +02:00
Martin Willi
9493dd2ce0
implemented a pgp plugin providing PGP key parsing builders
2009-08-26 11:23:50 +02:00
Martin Willi
1e0f69373a
implemented a pkcs1 plugin providing PKCS#1 key parsing builders
2009-08-26 11:23:50 +02:00
Martin Willi
94463a33b4
removed obsolete PEM code in pluto/libstrongswan
2009-08-26 11:23:49 +02:00
Martin Willi
160f4c225d
moved PEM parsing functionality to its own plugin
2009-08-26 11:23:48 +02:00
Tobias Brunner
26965b4ef3
OpenSolaris needs libsocket and libnsl for socket().
2009-08-14 14:50:53 +02:00
Tobias Brunner
3974b2fb07
FreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates this function (and the other defined in execinfo.h).
2009-08-07 18:46:25 +02:00
Tobias Brunner
599d2bcea8
Revert "gperf under FreeBSD does not know the -m option."
...
This reverts commit 0ead254919
.
2009-07-16 15:15:09 +02:00
Tobias Brunner
0ead254919
gperf under FreeBSD does not know the -m option.
...
We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.
2009-07-14 12:09:22 +02:00
Martin Willi
67a7bb02ef
moved checksum_builder/libchechsum to top srcdir to respect build order
2009-06-22 15:47:18 +02:00
Martin Willi
bef508755b
build integrity_checker.c only if --enable-integrity-test set
2009-06-22 15:47:17 +02:00
Martin Willi
e3b7be91e1
removed obsolete INTEGRITY_TEST and fips signer code
...
--enable-integrity-test now conditionally builds libchecksum
2009-06-22 15:47:17 +02:00
Martin Willi
12c68f1b3a
implemented a checksum_builder tool to build the checksum library
2009-06-22 15:47:17 +02:00
Martin Willi
20d4fc97cf
implemented an integrity checker class to build and check code integrity
2009-06-22 15:47:16 +02:00
Andreas Steffen
0e9ded6838
removed serpent and twofish plugins - use gcrypt instead
2009-06-18 07:27:40 +02:00
Martin Willi
81811a9d8b
added a plugin providing crypto test vectors
2009-06-11 15:55:59 +02:00
Martin Willi
3e8891667b
implemented a crypto_tester class to test crypto algorithms
...
libstrongswan.crypto.test.required to require at least one test vector to use an algorithm
libstrongswan.crypto.test.rng_true to run RNG tests on RNG_TRUE quality
2009-06-11 15:54:44 +02:00
Martin Willi
4977018c23
added skeleton for libgcrypt based crypto plugin
2009-06-09 11:18:56 +02:00
Andreas Steffen
8b799d55ce
pluto and scepclient use private and public key plugins of libstrongswan
2009-06-09 11:03:32 +02:00
Andreas Steffen
433cb51bb9
moved IKEv2 proposals and transforms to libstrongswan
2009-05-15 22:43:48 +02:00
Andreas Steffen
d36ae9e305
started migration to encryption plugins
2009-05-09 00:04:28 +02:00
Tobias Brunner
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
Martin Willi
be0a03be64
set default CFLAGS globally, including -Wno-format
2009-04-27 11:34:07 +00:00
Andreas Steffen
4985ad6e4a
pluto and scepclient use the regular libstrongswan library
2009-04-21 12:26:04 +00:00
Andreas Steffen
08b2d288a1
scepclient and pluto use asn1 from libstrongswan
2009-04-20 20:53:38 +00:00
Andreas Steffen
d41071802d
support of the enum printf_hook
2009-04-20 09:32:59 +00:00
Andreas Steffen
54c4de63c0
scepclient uses the optionsfrom parser from libstrongswan
2009-04-18 17:43:28 +00:00
Andreas Steffen
a6e3ec1389
created pluto and scepclient now use libstrongswan-lite
2009-04-18 14:50:31 +00:00
Tobias Brunner
d25ce3701e
printf hooks refactored to increase portability (i.e. support for platforms without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
2009-03-12 18:07:32 +00:00
Andreas Steffen
1e0d1ae213
support of MD4 hash
2009-02-19 10:06:58 +00:00
Martin Willi
2d887e8e08
removed unused extract_last_token() and the required memrchr implementation
2009-02-18 09:45:54 +00:00
Andreas Steffen
48032aed00
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch
2009-01-09 01:19:45 +00:00
Tobias Brunner
0948edbbff
adding general purpose hash table
2008-12-03 09:32:16 +00:00
Martin Willi
0214012508
threshhold and ./configure option for lock profiler
2008-11-05 14:36:57 +00:00
Martin Willi
f7237cf37a
separated backtrace functionality from leak_detective, used in
...
leak_detective
mutex profiling
signal handler
2008-11-05 13:58:19 +00:00
Martin Willi
104c28d603
fixed perl oid generation
2008-10-16 15:38:48 +00:00
Tobias Brunner
1adaa02bb2
merging kernel_pfkey plugin back from kernel-interface branch
2008-10-14 08:46:31 +00:00
Martin Willi
21c9546321
libstrongswan agent plugin to use ssh-agent for RSA signatures
2008-09-02 11:04:26 +00:00
Andreas Steffen
af165431d2
fixed libstrongswan integrity test
2008-08-19 18:51:30 +00:00
Andreas Steffen
eaa1399812
fixed the strongswan.conf path
2008-05-22 21:59:30 +00:00
Martin Willi
affd7a90ba
moved RAW public key support to a separate plugin (pubkey)
2008-05-08 13:16:42 +00:00
Martin Willi
27d04e055d
implemented XCBC algorithms (signer, prf) for IKE on top of a crypter
...
supporting ike=...-aesxcbc-... in ipsec.conf
added AUTH_AES_XCBC_96 and PRF_AES128_CBC to default IKE proposal
AES XCBC testcase
2008-04-30 14:26:24 +00:00
Tobias Brunner
17353034f3
added a wrapper plugin for OpenSSL crypters (AES, 3DES, Blowfish etc.)
2008-04-28 14:25:19 +00:00
Andreas Steffen
d3d7e46b8c
refactoring of the ASN.1 parser
2008-04-26 09:24:14 +00:00
Martin Willi
9213ad27c2
replaced freeswan ttodata by own chunk_{to|from}_{hex|base64} functions
2008-04-24 13:26:22 +00:00
Martin Willi
36d62fac65
experimental Padlock plugin supportin SHA1 and AES-128 for VIA C7 Esther
2008-04-22 08:44:56 +00:00
Martin Willi
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Martin Willi
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
Andreas Steffen
1aad8bdfad
makeshift fix of --enable-integrity-test option
2008-03-26 20:16:42 +00:00
Martin Willi
7b88a983d8
caching of ocsp responses (experimental), no crl caching yet
2008-03-26 15:21:50 +00:00
Andreas Steffen
26930a8c3e
certificate factory can load certs from file
2008-03-25 22:28:27 +00:00
Andreas Steffen
3e6ee16478
defined *_create_from_file() constructors in libstrongswan/credentials/certificates
2008-03-25 10:12:45 +00:00
Andreas Steffen
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Andreas Steffen
e8bfe74289
extended and debugged PKCS#7 signedData support
2008-02-01 14:19:26 +00:00
Andreas Steffen
5f854d7f95
added strneq(x,y,len) macro
2007-10-07 13:35:42 +00:00
Martin Willi
d62a4526fd
moved enumerator from libappserv to libstrongswan
2007-10-04 08:21:53 +00:00
Andreas Steffen
b4979ff724
removed some empty lines
2007-09-18 11:23:52 +00:00
Andreas Steffen
15a9d460c0
peer_cfg now knows about group memberships
2007-09-13 15:33:17 +00:00
Andreas Steffen
d8b45dcdd2
build fips_signer and fips_signature with USE_INTEGRITY_TEST condition only
2007-08-29 07:02:13 +00:00
Andreas Steffen
55434a1ba5
started implementation of libstrongswan code integrity check
2007-08-29 00:37:10 +00:00
Andreas Steffen
f880eb2dca
started support of X.509 attribute certificates
2007-04-12 17:49:33 +00:00
Andreas Steffen
241d2ff3bc
support of ldap-based crl fetching
2007-04-06 09:44:06 +00:00
Martin Willi
96567fc8a2
fixed compilation warnings and errors when not using curl
2007-03-13 14:52:18 +00:00
Andreas Steffen
1bcb84605f
ocsp signer certificate and ocsp response signature can be verified
2007-03-08 23:29:04 +00:00