Tobias Brunner
cb7a0cef48
Fixed documentation of XAUTH in ipsec.secrets.
2010-08-26 10:25:08 +02:00
Martin Willi
2bf0e74c38
Prefer AES/Camellia suites over 3DES/NULL encryption
2010-08-25 18:30:09 +02:00
Martin Willi
a596006e3f
Send TLS alerts for errors in TLS handshake building
2010-08-25 18:24:27 +02:00
Martin Willi
ee88ddd6aa
Refactored fragment building, use correct TLS content type for non-first fragments
2010-08-25 18:04:59 +02:00
Martin Willi
dfde6570c7
Update delete_payload length when adding SPIs
2010-08-25 17:04:25 +02:00
Martin Willi
5299719569
Migrated delete_payload to INIT/METHOD macros, replaced iterator
2010-08-25 17:03:00 +02:00
Martin Willi
e5c6ebb697
Use different return values in payload decryption to distinguish between integrity and syntax errors
2010-08-25 15:29:53 +02:00
Martin Willi
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00
Martin Willi
bd23b9086e
Initialize output chunk before appending data to it
2010-08-25 12:43:21 +02:00
Martin Willi
3dd06bd4ed
Added private key support to in-memory credential set
2010-08-25 10:28:23 +02:00
Martin Willi
72c6335de9
Added certificate support to in-memory credential set
2010-08-25 10:28:22 +02:00
Thomas Egerer
e54e86cb49
Check if colliding rekey actually created an IKE_INIT
...
In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.
2010-08-25 10:16:42 +02:00
Martin Willi
8427c78611
Added a ike_name logger option to prefix the IKE_SA name on each line
2010-08-25 09:55:37 +02:00
Andreas Steffen
d9b85e28b9
removed tls_record_t definition
2010-08-24 19:19:13 +02:00
Martin Willi
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
Martin Willi
a2c1235969
Skip the close notify if application layer completes successfully
2010-08-24 10:30:24 +02:00
Andreas Steffen
79a5e391f8
support fragmentation in AVPs
2010-08-24 09:02:51 +02:00
Andreas Steffen
c1a929daa7
removed some redundant debug output
2010-08-24 09:02:51 +02:00
Martin Willi
bda7d9d940
Added generic TLS purposes
2010-08-24 08:45:49 +02:00
Martin Willi
f55f9c4e1e
Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
2010-08-24 08:45:49 +02:00
Martin Willi
c5142f110e
Check if the application layer has completed successfully
2010-08-24 08:45:49 +02:00
Martin Willi
1475800080
Moved TLS record parsing/generation to tls.c
2010-08-24 08:45:49 +02:00
Andreas Steffen
4776500055
added debug-tls comand line option
2010-08-23 17:51:40 +02:00
Martin Willi
c310881a11
Added a TLS purpose for EAP-TTLS with client authentication
2010-08-23 15:13:48 +02:00
Martin Willi
5ff8c62707
EAP-TLS clients send an empty packet on failure to properly shut down a TLS session
2010-08-23 15:13:41 +02:00
Martin Willi
e6f3ef1330
Implemented TLS Alert handling
2010-08-23 15:13:37 +02:00
Martin Willi
908e752201
Rebuild library.lo after changing ./configure options
2010-08-23 12:01:48 +02:00
Martin Willi
e0fcf43cf8
Build a trustchain even if no trust anchor is given
2010-08-23 12:01:43 +02:00
Martin Willi
c49475dae1
Accept encryption payloads with no wrapped payloads
2010-08-23 11:30:36 +02:00
Martin Willi
4f60466a01
Fall back to shifting with 32-bit words if 64-bit byte order conversion function missing
2010-08-23 10:10:36 +02:00
Martin Willi
835ec23aff
Use enum mappings to resolve debug group
2010-08-23 09:47:04 +02:00
Martin Willi
f9efac2ba3
Implemented generic enum name to enum value mapping
2010-08-23 09:47:03 +02:00
Martin Willi
f154e30431
Verify negotiated TLS version
2010-08-23 09:47:03 +02:00
Martin Willi
3c19b3461f
Introducing a dedicated debug message group for libtls
2010-08-23 09:47:03 +02:00
Martin Willi
0bcef5fe7a
Streamlined TLS debugging output
2010-08-23 09:45:33 +02:00
Andreas Steffen
56a1167b07
fixed build_cipher_suite_list()
2010-08-21 12:52:55 +02:00
Martin Willi
96b2fbcc2c
Introducing simple purposes for the TLS stack, switches various options
2010-08-20 15:09:08 +02:00
Martin Willi
6291fbedcb
Fixed compiler warning
2010-08-20 15:09:08 +02:00
Martin Willi
cb3f0c9b31
Register missing SHA256 authenticator with no truncation, as used by TLS
2010-08-20 12:11:21 +02:00
Martin Willi
6e413d9ce9
Added more TLS cipher suites we already support
2010-08-20 12:11:21 +02:00
Martin Willi
a2bfc45bfd
Build TLS cipher suite list in a generic fashion
2010-08-20 12:11:21 +02:00
Martin Willi
2e64455ee1
Fixed crypter keymat derivation bug
2010-08-19 19:28:08 +02:00
Martin Willi
23cf96773a
Improve GCM performance by factor 2-3 by shifting full 32/64 bit words
2010-08-19 19:08:57 +02:00
Martin Willi
1a64981048
Implemented a gcm plugin providing GCM mode based on CBC crypters
2010-08-19 19:05:15 +02:00
Martin Willi
026355af42
Added AES-GCM test vectors
2010-08-19 19:05:15 +02:00
Martin Willi
9d3e174a1e
Give a benchmark point for each operation to compare different transforms
2010-08-19 19:05:14 +02:00
Martin Willi
80a93a1335
Implemented a ccm plugin providing CCM mode based on CBC crypters
2010-08-19 19:05:14 +02:00
Martin Willi
7ba89ccd7f
Added helper macros to define portable bitfields with gcc
2010-08-19 19:05:14 +02:00
Martin Willi
f9277ac426
Added AES-CCM test vectors
2010-08-19 19:05:14 +02:00
Martin Willi
8ca9e255d8
Added support for AEAD test vectors to test-vectors plugin
2010-08-19 19:05:13 +02:00