ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
5,631 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

3962 Commits

Author SHA1 Message Date
Martin Willi 00c7e9af17 Migrated blowfish plugin to INIT/METHOD macros 2010-08-13 17:11:53 +02:00
Martin Willi 1fff2afe57 Migrated the aes plugin to INIT/METHOD macros 2010-08-13 17:11:53 +02:00
Martin Willi 619f9a4ef1 Migrated padlock plugin to INIT/METHOD macros 2010-08-13 17:11:53 +02:00
Martin Willi bfe4d08c20 Report the symbol name of a failed test vector 2010-08-13 17:11:53 +02:00
Martin Willi 84135e7772 Added Camellia-CTR test vectors 2010-08-13 17:11:53 +02:00
Martin Willi bc4978c786 Added AES-CTR test vectors 2010-08-13 17:11:53 +02:00
Andreas Steffen 71efe40077 Migrated eap_identity plugin to INIT/METHOD macros 2010-08-13 16:57:01 +02:00
Andreas Steffen a568897011 Migrated eap_md5 plugin to INIT/METHOD macros 2010-08-13 16:33:26 +02:00
Andreas Steffen 45c4021bd0 Migrated eap_authenticator to INIT/METHOD macros 2010-08-13 15:58:53 +02:00
Andreas Steffen fe6ae23d1f Migrated eap_manager to INIT/METHOD macros 2010-08-13 15:32:37 +02:00
Andreas Steffen 87799b0c00 moved eap_from_string() fomr libcharon to libstrongswan to make it available in starter 2010-08-13 15:07:53 +02:00
Andreas Steffen e643da585b fixed typo 2010-08-13 12:24:54 +02:00
Andreas Steffen 3a15a02a58 set TLS record type before state change to STATE_FINISHED_SENT 2010-08-13 00:31:45 +02:00
Andreas Steffen b62e9a30ce fixed sequence numbering and iv of TLS protection layer 2010-08-12 23:58:54 +02:00
Andreas Steffen 4412ee86c5 recognize eap-ttls method 2010-08-12 23:58:54 +02:00
Andreas Steffen 1327839da8 added generic TLS application data handler and specific EAP-TTLS instantiation 2010-08-12 23:58:54 +02:00
Martin Willi 123a84d3db Use an explicit plugin list instead of the unrealible "find" to build checksums 2010-08-12 16:07:24 +02:00
Martin Willi 8f01815143 Build dedicated plugin lists for each strongSwan component 2010-08-12 14:46:57 +02:00
Martin Willi 8bec0f5153 Implemented Smartcard support in NetworkManager frontend 2010-08-11 16:32:04 +02:00
Martin Willi 01e4f5f32f Implemented public key encryption/private key decryption in PKCS#11 2010-08-11 12:12:37 +02:00
Martin Willi aea735ef63 Discard a packet that exceeds the receive buffer 2010-08-11 10:52:59 +02:00
Martin Willi 10a2e09b55 Added a strongswan.conf option to change socket receive buffer size 2010-08-11 10:48:17 +02:00
Martin Willi 4ec53e95f5 Double check that the OpenSSL RNG has been seeded, do so otherwise 2010-08-11 10:12:50 +02:00
Martin Willi d775af9d18 Implemented RSA en-/decryption in openssl plugin 2010-08-11 09:53:45 +02:00
Andreas Steffen 133accfcfd differentiate between TLS messages and EAP-[T]TLS packets in the debug output 2010-08-10 19:02:05 +02:00
Martin Willi 07d2b39123 Parse important extendedKeyUsage flags in openssl plugin 2010-08-10 18:46:31 +02:00
Martin Willi a0a8aaaf4f Parse UPN subjectAltName in openssl plugin 2010-08-10 18:46:31 +02:00
Martin Willi 772cba39e4 Parse UPN subjectAltNames in x509 plugin 2010-08-10 18:46:31 +02:00
Martin Willi 82f62a7447 Added Microsoft OID for user principal name (UPN) subjectAltNames 2010-08-10 18:46:31 +02:00
Martin Willi 3d711a68fb Added a stroke command to export cached x509 certificates to the console 2010-08-10 18:46:30 +02:00
Martin Willi a944d2092b Use bits instead of bytes for a private/public key 2010-08-10 18:46:30 +02:00
Martin Willi 33ddaaabec Added support for different encryption schemes to private/public keys 2010-08-10 18:46:30 +02:00
Martin Willi 3547a9b87d Migrated agent plugin to INIT/METHOD macros 2010-08-10 18:46:30 +02:00
Martin Willi 57202484e4 Migrated remaining classes in openssl plugin to INIT/METHOD macros 2010-08-10 18:46:30 +02:00
Martin Willi 646babd354 Migraded gcrypt plugin to INIT/METHOD macros 2010-08-10 18:46:30 +02:00
Martin Willi 876b61e132 Migrated gmp plugin to INIT/METHOD macros 2010-08-10 18:46:30 +02:00
Tobias Brunner 6432669fa2 Added support for early and late calls to Vstr wrappers. 
That is, prevent a SIGSEGV if Vstr wrappers are called before printf_hook_t
is initialized and after it is destroyed.
 2010-08-10 13:00:20 +02:00
Martin Willi 478eb66030 Fixed settings lookup if the section/key contains dots, second try 2010-08-09 14:30:16 +02:00
Andreas Steffen 3810afa9f9 log final TLS acknowledgement packet 2010-08-08 19:14:53 +02:00
Andreas Steffen ded59df4fc added level 2 debug info on sent TLS packets 2010-08-07 11:26:04 +02:00
Andreas Steffen ab47a7924b log EAP-TTLS version 2010-08-07 11:26:04 +02:00
Andreas Steffen a622c6d019 fixed typo 2010-08-07 11:26:04 +02:00
Andreas Steffen a6444fcdd4 EAP-TLS and EAP-TTLS use different constant MSK PRF label 2010-08-07 11:26:04 +02:00
Andreas Steffen b4d30a425e support server authentication only for EAP-TTLS 2010-08-07 11:26:04 +02:00
Andreas Steffen 26eb9b2d17 added eap_ttls plugin configuration 2010-08-07 11:26:04 +02:00
Tobias Brunner fa9f101345 Properly initialize libstrongswan in _copyright. 
This is required if libvstr is used.
 2010-08-06 19:56:42 +02:00
Tobias Brunner 7c3dd613d7 Added missing Vstr wrappers for asprintf. 2010-08-06 19:56:42 +02:00
Martin Willi 7c03d707a5 Create a PKCS#11 session public key if we don't find one 2010-08-06 17:32:32 +02:00
Martin Willi fed9407bb1 Implemented PKCS#11 RSA public key for keys found on a token 2010-08-06 17:02:41 +02:00
Martin Willi babed73257 Export scheme_to_mechanism conversion function 2010-08-06 17:02:01 +02:00
Martin Willi a02784da5d Load certificate after enumeration 2010-08-06 17:00:23 +02:00
Jiri Bohac 30d8e8d04d fix error-type range in parsing of NOTIFY payloads 2010-08-06 11:47:35 +02:00
Andreas Steffen fd8ad4198d added TTLS to EAP short names, too 2010-08-06 06:06:40 +02:00
Andreas Steffen f32e56bbce added EAP_TTLS method 2010-08-05 21:01:39 +02:00
Martin Willi 37d2d7e158 Whitespace cleanups 2010-08-05 13:58:49 +02:00
Martin Willi e85bca7f22 Use certificate subject to get a public key of the TLS server 2010-08-05 13:13:45 +02:00
Tobias Brunner edb82ab8ae Some Doxygen fixes. 2010-08-05 11:53:53 +02:00
Andreas Steffen 7ea87db00d added some more TLS debug output 2010-08-05 09:51:05 +02:00
Andreas Steffen 7030e3950a fixed type in cipher suite list build 2010-08-05 01:26:10 +02:00
Andreas Steffen 4657b3a42a log selected TLS version and cipher suite 2010-08-05 01:21:59 +02:00
Andreas Steffen 289c9ac3d7 log TLS handshake messages in debug level 2 2010-08-04 16:55:55 +02:00
Tobias Brunner 744b83c7c9 Fixed loading of secrets with IDs. 
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
 2010-08-04 16:03:46 +02:00
Tobias Brunner dca2d89209 Fixed loading of private keys without password. 
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
 2010-08-04 14:22:48 +02:00
Tobias Brunner 83628fd600 Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated an ID. 2010-08-04 12:58:53 +02:00
Tobias Brunner 12549bedea IKEv2 notification types updated. 2010-08-04 10:06:00 +02:00
Martin Willi e82186fb5a Reimplemented mem pool to support multiple leases for a single identity 2010-08-04 09:49:59 +02:00
Martin Willi 6e4f4d2fdf Save/Load state of PKCS#11 hasher 2010-08-04 09:26:22 +02:00
Martin Willi a3aeb89227 Do initial slot enumeration manually 2010-08-04 09:26:22 +02:00
Martin Willi 0f0fc891d8 Implemented hasher_t using PKCS#11 2010-08-04 09:26:22 +02:00
Martin Willi 66267ea515 Defer certificate loading until all PKCS#11 modules are loaded 2010-08-04 09:26:21 +02:00
Martin Willi 65858b83f8 Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy 2010-08-04 09:26:21 +02:00
Martin Willi 5a27bf8ad8 Provide a public PKCS#11 mechanism enumerator 2010-08-04 09:26:21 +02:00
Martin Willi efab731338 Added PKCS#11 private key support to the pki tool 2010-08-04 09:26:21 +02:00
Martin Willi 089d554a01 The pki tool uses a callback credential set to read in passphrase/PIN 2010-08-04 09:26:21 +02:00
Martin Willi 0d08ebe7ac Pass type of requested key in the callback credential set 2010-08-04 09:26:21 +02:00
Martin Willi af007ed68a Support PKCS#11 keys requiring reauthentication for each operation 2010-08-04 09:26:21 +02:00
Martin Willi 199b17122d Do not try to log in if we already have a user session 2010-08-04 09:26:21 +02:00
Martin Willi 15177f5785 Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets 2010-08-04 09:26:21 +02:00
Martin Willi 3429be9514 Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete 2010-08-04 09:26:21 +02:00
Martin Willi 0556667dca Use credential sets to load smartcard keys 2010-08-04 09:26:21 +02:00
Martin Willi 70789d28a1 Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials 2010-08-04 09:26:21 +02:00
Martin Willi 62be923683 Implemented a callback based credential set, currently for shared keys only 2010-08-04 09:26:21 +02:00
Martin Willi 0749e91bec Implemented a generic in-memory credential set, currently for shared keys only 2010-08-04 09:26:21 +02:00
Martin Willi 9587ece534 mmap() ipsec.secrets instead malloc(), proper error checking 2010-08-04 09:26:21 +02:00
Martin Willi 947298b302 Splitted up the load_secrets() function 2010-08-04 09:26:21 +02:00
Martin Willi 1e4e29076c Updated ipsec.secrets.5 regarding IKEv2 smartcard support 2010-08-04 09:26:21 +02:00
Martin Willi 57522106c4 %prompt support for smartcard PIN via "ipsec secrets" 2010-08-04 09:26:20 +02:00
Martin Willi a0bdd5d63e Implemented callback PIN invocation for PKCS#11 login 2010-08-04 09:26:20 +02:00
Martin Willi 7afc00d03c Implemented keyid discovery on all modules/slots 2010-08-04 09:26:20 +02:00
Martin Willi 0b8b664056 Pass the PKCS11 keyid as chunk, not as string 2010-08-04 09:26:20 +02:00
Martin Willi 353d10d590 Reuse generic passphrase build part, not a dedicated PIN part 2010-08-04 09:26:20 +02:00
Martin Willi 5f1e4438cb Implemented private key on top of a PKCS#11 token 2010-08-04 09:26:20 +02:00
Martin Willi d007ce3206 Extended the PKCS#11 object enumerator by attribute retrieval 2010-08-04 09:26:20 +02:00
Martin Willi ddbac66028 Use the PKCS#11 object enumerator 2010-08-04 09:26:20 +02:00
Martin Willi 9baa41c52d Implemented a generic PKCS#11 object enumerator 2010-08-04 09:26:20 +02:00
Martin Willi cd251d9a21 Unload plugins in reverse order 2010-08-04 09:26:20 +02:00
Martin Willi 3479c27931 Support module names in %smartcard specifier, streamlined smartcard building 2010-08-04 09:26:20 +02:00
Martin Willi 36c852a08b Added enumerator for PKCS#11 tokens 2010-08-04 09:26:20 +02:00
Martin Willi fe876b24d9 Handle NOT_SUPPORT return value from WaitForSlot 2010-08-04 09:26:20 +02:00
Martin Willi 66033012c9 Reenabled dlclose 2010-08-04 09:26:20 +02:00
Martin Willi a6d2ec331b Implemented a credential set on top of a PKCS#11 token 2010-08-04 09:26:20 +02:00
Martin Willi 50a9e84540 Added NSPR PR_CallOnce to leak detective whitelist 2010-08-04 09:26:20 +02:00
Martin Willi 044e0dd1b1 Added buffer checking variants of syslog functions to leak detective 2010-08-04 09:26:20 +02:00
Martin Willi fdd7e21225 Added a token add/remove callback function to the manager 2010-08-04 09:26:19 +02:00
Martin Willi 6522d6c50b Enumerate tokens and their mechanisms, wait for slot events 2010-08-04 09:26:19 +02:00
Martin Willi 0c21dc000d Depend on libcharon until we have a thread pool to use 2010-08-04 09:26:19 +02:00
Martin Willi 75451ac8ba Add enum names for CK_MECHANISM_TYPE constants 2010-08-04 09:26:19 +02:00
Martin Willi b3b0e57cb1 Make the PKCS#11 padding string trimming public, add null terminator 2010-08-04 09:26:19 +02:00
Martin Willi 71151d3c1b Added a getter for the library alias 2010-08-04 09:26:19 +02:00
Martin Willi 2e209becbc Moved PKCS#11 library loading to dedicated manager 2010-08-04 09:26:19 +02:00
Martin Willi 50e1a710ea Use locking, prefer our mutex abstraction layer 2010-08-04 09:26:19 +02:00
Martin Willi a6456dd640 Added enum names for PKCS#11 return values 2010-08-04 09:26:19 +02:00
Martin Willi e328ef4f4c Load PKCS#11 modules defined in strongswan.conf 2010-08-04 09:26:19 +02:00
Martin Willi 34454dc39e Implemented an abstraction layer for PKCS#11 module loading 2010-08-04 09:26:19 +02:00
Martin Willi fb85d61980 Imported the free pkcs11.h header form the Scute project 2010-08-04 09:26:19 +02:00
Martin Willi 6e862e2152 Added PKCS#11 token plugin stub 2010-08-04 09:26:18 +02:00
Tobias Brunner f8029ca3f9 test_cert adapted to extended signature of get_encoding(). 2010-08-03 19:00:56 +02:00
Tobias Brunner 56bceda7b5 Fixed compiler warnings. 2010-08-03 19:00:46 +02:00
Martin Willi 0f82a47063 Moved TLS stack to its own library 2010-08-03 15:39:26 +02:00
Martin Willi 0b71bc7af0 Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs 2010-08-03 15:39:25 +02:00
Martin Willi 400df4ca7c Implemented EAP-TLS server functionality 2010-08-03 15:39:25 +02:00
Martin Willi 97abf95412 TLS stack keeps a copy of server/peer identities 2010-08-03 15:39:25 +02:00
Martin Willi c8a2fca58c Limit the number of EAP-TLS packets allowed 2010-08-03 15:39:25 +02:00
Martin Willi 8fef06a683 Use stricter state handling while processing TLS messages 2010-08-03 15:39:25 +02:00
Martin Willi dc9f34be4d Cleaned up the public TLS interface 2010-08-03 15:39:25 +02:00
Martin Willi 84d67ead4e Refactored common used operations into TLS crypto helper 2010-08-03 15:39:25 +02:00
Martin Willi 3e7e777941 Properly send empty EAP-TLS messages 2010-08-03 15:39:25 +02:00
Martin Willi 51313a39d1 Derive MSK for EAP-TLS authentication 2010-08-03 15:39:25 +02:00
Martin Willi 110364b042 Verify Server Finished message 2010-08-03 15:39:25 +02:00
Martin Willi f139b5786f Implemented input record decryption and verification 2010-08-03 15:39:25 +02:00
Martin Willi 84543e6efa Implemented key derivation, output record signing and encryption 2010-08-03 15:39:25 +02:00
Martin Willi 18010de23d Derive master secret, create Finished message 2010-08-03 15:39:25 +02:00
Martin Willi 149b7e6d01 Implemented the TLS specific PRF in its TLSv1.0 and TLSv1.2 variants 2010-08-03 15:39:24 +02:00
Martin Willi 3ddd164e5e Implemented sending of Certificate, ClientKeyExchange, CertificateVerify and ChangeCipherSpec as peer 2010-08-03 15:39:24 +02:00
Martin Willi 3a1640dea1 Implemented a tls_writer class to simplify TLS data generation 2010-08-03 15:39:24 +02:00
Martin Willi 4ef946dd64 Implemented a tls_reader class to simplify TLS data parsing 2010-08-03 15:39:24 +02:00
Martin Willi 3e962b0843 Process ServerHello(Done), Certificate(Request) messages 2010-08-03 15:39:24 +02:00
Martin Willi 698674c7f3 Send a ClientHello to start TLS negotiation 2010-08-03 15:39:24 +02:00
Martin Willi 536dbc00b9 Added TLS crypto helper, currently supports cipher suite selection 2010-08-03 15:39:24 +02:00
Martin Willi 9dc73cd21c Added support for AUTH_HMAC_SHA2_256_256, used in TLS 2010-08-03 15:39:24 +02:00
Martin Willi 4c0c2283a5 Added stubs for handshake handling, server and peer variants 2010-08-03 15:39:24 +02:00
Martin Willi 4c0124a0a2 Accept follow-up fragments with a TLS message length 2010-08-03 15:39:24 +02:00
Martin Willi 40e384ea01 Added dummy/identity implementations of the different TLS record layers 2010-08-03 15:39:24 +02:00
Martin Willi dcbbeb2d09 Pass TLS records to newly introduced TLS stack 2010-08-03 15:39:24 +02:00
Martin Willi f7f63c52e1 Added some TLS constants 2010-08-03 15:39:24 +02:00
Martin Willi b173819e5d (De-)fragment EAP-TLS packets, pass TLS records to upper layer 2010-08-03 15:39:24 +02:00
Martin Willi 2107953804 Added EAP-TLS plugin stub 2010-08-03 15:39:24 +02:00
Thomas Egerer 86a73f16ab Do not touch child from collision if peer deleted it 2010-08-03 10:32:38 +02:00
Waldemar Brodkorb 45e962edef substitute obsolete function calls(bzero/index) 2010-08-01 21:20:15 +02:00
Martin Willi 63163cc340 The va_list trick does not seem to be portable, revert dots-in-section fix 
This reverts commit 8f50d06c35.
 2010-07-30 10:57:59 +02:00