Martin Willi
|
00c7e9af17
|
Migrated blowfish plugin to INIT/METHOD macros
|
2010-08-13 17:11:53 +02:00 |
Martin Willi
|
1fff2afe57
|
Migrated the aes plugin to INIT/METHOD macros
|
2010-08-13 17:11:53 +02:00 |
Martin Willi
|
619f9a4ef1
|
Migrated padlock plugin to INIT/METHOD macros
|
2010-08-13 17:11:53 +02:00 |
Martin Willi
|
bfe4d08c20
|
Report the symbol name of a failed test vector
|
2010-08-13 17:11:53 +02:00 |
Martin Willi
|
84135e7772
|
Added Camellia-CTR test vectors
|
2010-08-13 17:11:53 +02:00 |
Martin Willi
|
bc4978c786
|
Added AES-CTR test vectors
|
2010-08-13 17:11:53 +02:00 |
Andreas Steffen
|
71efe40077
|
Migrated eap_identity plugin to INIT/METHOD macros
|
2010-08-13 16:57:01 +02:00 |
Andreas Steffen
|
a568897011
|
Migrated eap_md5 plugin to INIT/METHOD macros
|
2010-08-13 16:33:26 +02:00 |
Andreas Steffen
|
45c4021bd0
|
Migrated eap_authenticator to INIT/METHOD macros
|
2010-08-13 15:58:53 +02:00 |
Andreas Steffen
|
fe6ae23d1f
|
Migrated eap_manager to INIT/METHOD macros
|
2010-08-13 15:32:37 +02:00 |
Andreas Steffen
|
87799b0c00
|
moved eap_from_string() fomr libcharon to libstrongswan to make it available in starter
|
2010-08-13 15:07:53 +02:00 |
Andreas Steffen
|
e643da585b
|
fixed typo
|
2010-08-13 12:24:54 +02:00 |
Andreas Steffen
|
3a15a02a58
|
set TLS record type before state change to STATE_FINISHED_SENT
|
2010-08-13 00:31:45 +02:00 |
Andreas Steffen
|
b62e9a30ce
|
fixed sequence numbering and iv of TLS protection layer
|
2010-08-12 23:58:54 +02:00 |
Andreas Steffen
|
4412ee86c5
|
recognize eap-ttls method
|
2010-08-12 23:58:54 +02:00 |
Andreas Steffen
|
1327839da8
|
added generic TLS application data handler and specific EAP-TTLS instantiation
|
2010-08-12 23:58:54 +02:00 |
Martin Willi
|
123a84d3db
|
Use an explicit plugin list instead of the unrealible "find" to build checksums
|
2010-08-12 16:07:24 +02:00 |
Martin Willi
|
8f01815143
|
Build dedicated plugin lists for each strongSwan component
|
2010-08-12 14:46:57 +02:00 |
Martin Willi
|
8bec0f5153
|
Implemented Smartcard support in NetworkManager frontend
|
2010-08-11 16:32:04 +02:00 |
Martin Willi
|
01e4f5f32f
|
Implemented public key encryption/private key decryption in PKCS#11
|
2010-08-11 12:12:37 +02:00 |
Martin Willi
|
aea735ef63
|
Discard a packet that exceeds the receive buffer
|
2010-08-11 10:52:59 +02:00 |
Martin Willi
|
10a2e09b55
|
Added a strongswan.conf option to change socket receive buffer size
|
2010-08-11 10:48:17 +02:00 |
Martin Willi
|
4ec53e95f5
|
Double check that the OpenSSL RNG has been seeded, do so otherwise
|
2010-08-11 10:12:50 +02:00 |
Martin Willi
|
d775af9d18
|
Implemented RSA en-/decryption in openssl plugin
|
2010-08-11 09:53:45 +02:00 |
Andreas Steffen
|
133accfcfd
|
differentiate between TLS messages and EAP-[T]TLS packets in the debug output
|
2010-08-10 19:02:05 +02:00 |
Martin Willi
|
07d2b39123
|
Parse important extendedKeyUsage flags in openssl plugin
|
2010-08-10 18:46:31 +02:00 |
Martin Willi
|
a0a8aaaf4f
|
Parse UPN subjectAltName in openssl plugin
|
2010-08-10 18:46:31 +02:00 |
Martin Willi
|
772cba39e4
|
Parse UPN subjectAltNames in x509 plugin
|
2010-08-10 18:46:31 +02:00 |
Martin Willi
|
82f62a7447
|
Added Microsoft OID for user principal name (UPN) subjectAltNames
|
2010-08-10 18:46:31 +02:00 |
Martin Willi
|
3d711a68fb
|
Added a stroke command to export cached x509 certificates to the console
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
a944d2092b
|
Use bits instead of bytes for a private/public key
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
33ddaaabec
|
Added support for different encryption schemes to private/public keys
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
3547a9b87d
|
Migrated agent plugin to INIT/METHOD macros
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
57202484e4
|
Migrated remaining classes in openssl plugin to INIT/METHOD macros
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
646babd354
|
Migraded gcrypt plugin to INIT/METHOD macros
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
876b61e132
|
Migrated gmp plugin to INIT/METHOD macros
|
2010-08-10 18:46:30 +02:00 |
Tobias Brunner
|
6432669fa2
|
Added support for early and late calls to Vstr wrappers.
That is, prevent a SIGSEGV if Vstr wrappers are called before printf_hook_t
is initialized and after it is destroyed.
|
2010-08-10 13:00:20 +02:00 |
Martin Willi
|
478eb66030
|
Fixed settings lookup if the section/key contains dots, second try
|
2010-08-09 14:30:16 +02:00 |
Andreas Steffen
|
3810afa9f9
|
log final TLS acknowledgement packet
|
2010-08-08 19:14:53 +02:00 |
Andreas Steffen
|
ded59df4fc
|
added level 2 debug info on sent TLS packets
|
2010-08-07 11:26:04 +02:00 |
Andreas Steffen
|
ab47a7924b
|
log EAP-TTLS version
|
2010-08-07 11:26:04 +02:00 |
Andreas Steffen
|
a622c6d019
|
fixed typo
|
2010-08-07 11:26:04 +02:00 |
Andreas Steffen
|
a6444fcdd4
|
EAP-TLS and EAP-TTLS use different constant MSK PRF label
|
2010-08-07 11:26:04 +02:00 |
Andreas Steffen
|
b4d30a425e
|
support server authentication only for EAP-TTLS
|
2010-08-07 11:26:04 +02:00 |
Andreas Steffen
|
26eb9b2d17
|
added eap_ttls plugin configuration
|
2010-08-07 11:26:04 +02:00 |
Tobias Brunner
|
fa9f101345
|
Properly initialize libstrongswan in _copyright.
This is required if libvstr is used.
|
2010-08-06 19:56:42 +02:00 |
Tobias Brunner
|
7c3dd613d7
|
Added missing Vstr wrappers for asprintf.
|
2010-08-06 19:56:42 +02:00 |
Martin Willi
|
7c03d707a5
|
Create a PKCS#11 session public key if we don't find one
|
2010-08-06 17:32:32 +02:00 |
Martin Willi
|
fed9407bb1
|
Implemented PKCS#11 RSA public key for keys found on a token
|
2010-08-06 17:02:41 +02:00 |
Martin Willi
|
babed73257
|
Export scheme_to_mechanism conversion function
|
2010-08-06 17:02:01 +02:00 |
Martin Willi
|
a02784da5d
|
Load certificate after enumeration
|
2010-08-06 17:00:23 +02:00 |
Jiri Bohac
|
30d8e8d04d
|
fix error-type range in parsing of NOTIFY payloads
|
2010-08-06 11:47:35 +02:00 |
Andreas Steffen
|
fd8ad4198d
|
added TTLS to EAP short names, too
|
2010-08-06 06:06:40 +02:00 |
Andreas Steffen
|
f32e56bbce
|
added EAP_TTLS method
|
2010-08-05 21:01:39 +02:00 |
Martin Willi
|
37d2d7e158
|
Whitespace cleanups
|
2010-08-05 13:58:49 +02:00 |
Martin Willi
|
e85bca7f22
|
Use certificate subject to get a public key of the TLS server
|
2010-08-05 13:13:45 +02:00 |
Tobias Brunner
|
edb82ab8ae
|
Some Doxygen fixes.
|
2010-08-05 11:53:53 +02:00 |
Andreas Steffen
|
7ea87db00d
|
added some more TLS debug output
|
2010-08-05 09:51:05 +02:00 |
Andreas Steffen
|
7030e3950a
|
fixed type in cipher suite list build
|
2010-08-05 01:26:10 +02:00 |
Andreas Steffen
|
4657b3a42a
|
log selected TLS version and cipher suite
|
2010-08-05 01:21:59 +02:00 |
Andreas Steffen
|
289c9ac3d7
|
log TLS handshake messages in debug level 2
|
2010-08-04 16:55:55 +02:00 |
Tobias Brunner
|
744b83c7c9
|
Fixed loading of secrets with IDs.
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
|
2010-08-04 16:03:46 +02:00 |
Tobias Brunner
|
dca2d89209
|
Fixed loading of private keys without password.
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
|
2010-08-04 14:22:48 +02:00 |
Tobias Brunner
|
83628fd600
|
Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated an ID.
|
2010-08-04 12:58:53 +02:00 |
Tobias Brunner
|
12549bedea
|
IKEv2 notification types updated.
|
2010-08-04 10:06:00 +02:00 |
Martin Willi
|
e82186fb5a
|
Reimplemented mem pool to support multiple leases for a single identity
|
2010-08-04 09:49:59 +02:00 |
Martin Willi
|
6e4f4d2fdf
|
Save/Load state of PKCS#11 hasher
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
a3aeb89227
|
Do initial slot enumeration manually
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
0f0fc891d8
|
Implemented hasher_t using PKCS#11
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
66267ea515
|
Defer certificate loading until all PKCS#11 modules are loaded
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
65858b83f8
|
Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
5a27bf8ad8
|
Provide a public PKCS#11 mechanism enumerator
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
efab731338
|
Added PKCS#11 private key support to the pki tool
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
089d554a01
|
The pki tool uses a callback credential set to read in passphrase/PIN
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0d08ebe7ac
|
Pass type of requested key in the callback credential set
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
af007ed68a
|
Support PKCS#11 keys requiring reauthentication for each operation
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
199b17122d
|
Do not try to log in if we already have a user session
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
15177f5785
|
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
3429be9514
|
Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0556667dca
|
Use credential sets to load smartcard keys
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
70789d28a1
|
Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
62be923683
|
Implemented a callback based credential set, currently for shared keys only
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0749e91bec
|
Implemented a generic in-memory credential set, currently for shared keys only
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
9587ece534
|
mmap() ipsec.secrets instead malloc(), proper error checking
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
947298b302
|
Splitted up the load_secrets() function
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
1e4e29076c
|
Updated ipsec.secrets.5 regarding IKEv2 smartcard support
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
57522106c4
|
%prompt support for smartcard PIN via "ipsec secrets"
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
a0bdd5d63e
|
Implemented callback PIN invocation for PKCS#11 login
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
7afc00d03c
|
Implemented keyid discovery on all modules/slots
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
0b8b664056
|
Pass the PKCS11 keyid as chunk, not as string
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
353d10d590
|
Reuse generic passphrase build part, not a dedicated PIN part
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
5f1e4438cb
|
Implemented private key on top of a PKCS#11 token
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
d007ce3206
|
Extended the PKCS#11 object enumerator by attribute retrieval
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
ddbac66028
|
Use the PKCS#11 object enumerator
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
9baa41c52d
|
Implemented a generic PKCS#11 object enumerator
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
cd251d9a21
|
Unload plugins in reverse order
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
3479c27931
|
Support module names in %smartcard specifier, streamlined smartcard building
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
36c852a08b
|
Added enumerator for PKCS#11 tokens
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
fe876b24d9
|
Handle NOT_SUPPORT return value from WaitForSlot
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
66033012c9
|
Reenabled dlclose
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
a6d2ec331b
|
Implemented a credential set on top of a PKCS#11 token
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
50a9e84540
|
Added NSPR PR_CallOnce to leak detective whitelist
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
044e0dd1b1
|
Added buffer checking variants of syslog functions to leak detective
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
fdd7e21225
|
Added a token add/remove callback function to the manager
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
6522d6c50b
|
Enumerate tokens and their mechanisms, wait for slot events
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
0c21dc000d
|
Depend on libcharon until we have a thread pool to use
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
75451ac8ba
|
Add enum names for CK_MECHANISM_TYPE constants
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
b3b0e57cb1
|
Make the PKCS#11 padding string trimming public, add null terminator
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
71151d3c1b
|
Added a getter for the library alias
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
2e209becbc
|
Moved PKCS#11 library loading to dedicated manager
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
50e1a710ea
|
Use locking, prefer our mutex abstraction layer
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
a6456dd640
|
Added enum names for PKCS#11 return values
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
e328ef4f4c
|
Load PKCS#11 modules defined in strongswan.conf
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
34454dc39e
|
Implemented an abstraction layer for PKCS#11 module loading
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
fb85d61980
|
Imported the free pkcs11.h header form the Scute project
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
6e862e2152
|
Added PKCS#11 token plugin stub
|
2010-08-04 09:26:18 +02:00 |
Tobias Brunner
|
f8029ca3f9
|
test_cert adapted to extended signature of get_encoding().
|
2010-08-03 19:00:56 +02:00 |
Tobias Brunner
|
56bceda7b5
|
Fixed compiler warnings.
|
2010-08-03 19:00:46 +02:00 |
Martin Willi
|
0f82a47063
|
Moved TLS stack to its own library
|
2010-08-03 15:39:26 +02:00 |
Martin Willi
|
0b71bc7af0
|
Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
400df4ca7c
|
Implemented EAP-TLS server functionality
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
97abf95412
|
TLS stack keeps a copy of server/peer identities
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
c8a2fca58c
|
Limit the number of EAP-TLS packets allowed
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
8fef06a683
|
Use stricter state handling while processing TLS messages
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
dc9f34be4d
|
Cleaned up the public TLS interface
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
84d67ead4e
|
Refactored common used operations into TLS crypto helper
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
3e7e777941
|
Properly send empty EAP-TLS messages
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
51313a39d1
|
Derive MSK for EAP-TLS authentication
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
110364b042
|
Verify Server Finished message
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
f139b5786f
|
Implemented input record decryption and verification
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
84543e6efa
|
Implemented key derivation, output record signing and encryption
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
18010de23d
|
Derive master secret, create Finished message
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
149b7e6d01
|
Implemented the TLS specific PRF in its TLSv1.0 and TLSv1.2 variants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3ddd164e5e
|
Implemented sending of Certificate, ClientKeyExchange, CertificateVerify and ChangeCipherSpec as peer
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3a1640dea1
|
Implemented a tls_writer class to simplify TLS data generation
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4ef946dd64
|
Implemented a tls_reader class to simplify TLS data parsing
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3e962b0843
|
Process ServerHello(Done), Certificate(Request) messages
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
698674c7f3
|
Send a ClientHello to start TLS negotiation
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
536dbc00b9
|
Added TLS crypto helper, currently supports cipher suite selection
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
9dc73cd21c
|
Added support for AUTH_HMAC_SHA2_256_256, used in TLS
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4c0c2283a5
|
Added stubs for handshake handling, server and peer variants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4c0124a0a2
|
Accept follow-up fragments with a TLS message length
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
40e384ea01
|
Added dummy/identity implementations of the different TLS record layers
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
dcbbeb2d09
|
Pass TLS records to newly introduced TLS stack
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
f7f63c52e1
|
Added some TLS constants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
b173819e5d
|
(De-)fragment EAP-TLS packets, pass TLS records to upper layer
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
2107953804
|
Added EAP-TLS plugin stub
|
2010-08-03 15:39:24 +02:00 |
Thomas Egerer
|
86a73f16ab
|
Do not touch child from collision if peer deleted it
|
2010-08-03 10:32:38 +02:00 |
Waldemar Brodkorb
|
45e962edef
|
substitute obsolete function calls(bzero/index)
|
2010-08-01 21:20:15 +02:00 |
Martin Willi
|
63163cc340
|
The va_list trick does not seem to be portable, revert dots-in-section fix
This reverts commit 8f50d06c35 .
|
2010-07-30 10:57:59 +02:00 |