Andreas Steffen
d93e2e5409
created an eap-tnc method hull
2010-08-30 15:36:34 +02:00
Andreas Steffen
577893612f
for the time being assume a single request/response exchange for a given EAP method
2010-08-30 15:36:34 +02:00
Tobias Brunner
2402dee177
Port floating patch partially reversed.
...
If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH request, that is, before we know whether the other peer
actually supports MOBIKE or not.
2010-08-30 14:54:31 +02:00
Tobias Brunner
277f02ce9e
Slightly refactored port floating.
...
In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
2010-08-30 13:42:58 +02:00
Andreas Steffen
be63a48c36
defined EAP-TNC
2010-08-30 13:13:39 +02:00
Martin Willi
2291754ddf
Unwrap crlNumber INTEGER in openssl CRL parsing
2010-08-30 11:23:46 +02:00
Martin Willi
21f80e9dbc
Added crl support to pki --print
2010-08-30 11:23:45 +02:00
Tobias Brunner
0433b4172b
Typo in doxygen comment fixed.
2010-08-30 10:49:32 +02:00
Tobias Brunner
fde2d34d0f
Fixed ME after introduction of AEAD wrapper.
2010-08-30 10:48:09 +02:00
Martin Willi
45684ee65c
Fixed pluto smartcard support after introducing encryption schemes
2010-08-30 10:14:45 +02:00
Andreas Steffen
1bc8690f54
replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
2010-08-29 21:52:08 +02:00
Andreas Steffen
6297dc390f
added ctr ccm and gcm plugins to ikev2/rw-cert scenario
2010-08-29 21:11:00 +02:00
Andreas Steffen
8eb74facfe
added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
2010-08-29 21:09:25 +02:00
Andreas Steffen
6aa82ec280
added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
2010-08-29 20:50:37 +02:00
Andreas Steffen
4f2a0bd839
replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
2010-08-29 20:39:51 +02:00
Andreas Steffen
8318d88450
replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
2010-08-29 20:24:12 +02:00
Andreas Steffen
897c7a72cf
Win7 might send up to 7k of certificate requests
2010-08-27 16:30:05 +02:00
Tobias Brunner
cb7a0cef48
Fixed documentation of XAUTH in ipsec.secrets.
2010-08-26 10:25:08 +02:00
Martin Willi
2bf0e74c38
Prefer AES/Camellia suites over 3DES/NULL encryption
2010-08-25 18:30:09 +02:00
Martin Willi
a596006e3f
Send TLS alerts for errors in TLS handshake building
2010-08-25 18:24:27 +02:00
Martin Willi
ee88ddd6aa
Refactored fragment building, use correct TLS content type for non-first fragments
2010-08-25 18:04:59 +02:00
Martin Willi
dfde6570c7
Update delete_payload length when adding SPIs
2010-08-25 17:04:25 +02:00
Martin Willi
5299719569
Migrated delete_payload to INIT/METHOD macros, replaced iterator
2010-08-25 17:03:00 +02:00
Martin Willi
e5c6ebb697
Use different return values in payload decryption to distinguish between integrity and syntax errors
2010-08-25 15:29:53 +02:00
Martin Willi
f1a74a3cab
Implemented a TLS utility to test on any TLS secured TCP connection
2010-08-25 12:57:13 +02:00
Martin Willi
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00
Martin Willi
bd23b9086e
Initialize output chunk before appending data to it
2010-08-25 12:43:21 +02:00
Martin Willi
3dd06bd4ed
Added private key support to in-memory credential set
2010-08-25 10:28:23 +02:00
Martin Willi
72c6335de9
Added certificate support to in-memory credential set
2010-08-25 10:28:22 +02:00
Thomas Egerer
e54e86cb49
Check if colliding rekey actually created an IKE_INIT
...
In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.
2010-08-25 10:16:42 +02:00
Martin Willi
8427c78611
Added a ike_name logger option to prefix the IKE_SA name on each line
2010-08-25 09:55:37 +02:00
Andreas Steffen
d9b85e28b9
removed tls_record_t definition
2010-08-24 19:19:13 +02:00
Martin Willi
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
Martin Willi
a2c1235969
Skip the close notify if application layer completes successfully
2010-08-24 10:30:24 +02:00
Andreas Steffen
421a529f88
added ikev2/rw-eap-tls-fragments scenario
2010-08-24 10:12:15 +02:00
Andreas Steffen
234aa8ee03
use correct network diagram
2010-08-24 10:09:58 +02:00
Andreas Steffen
79a5e391f8
support fragmentation in AVPs
2010-08-24 09:02:51 +02:00
Andreas Steffen
c1a929daa7
removed some redundant debug output
2010-08-24 09:02:51 +02:00
Martin Willi
bda7d9d940
Added generic TLS purposes
2010-08-24 08:45:49 +02:00
Martin Willi
f55f9c4e1e
Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
2010-08-24 08:45:49 +02:00
Martin Willi
c5142f110e
Check if the application layer has completed successfully
2010-08-24 08:45:49 +02:00
Martin Willi
1475800080
Moved TLS record parsing/generation to tls.c
2010-08-24 08:45:49 +02:00
Andreas Steffen
4776500055
added debug-tls comand line option
2010-08-23 17:51:40 +02:00
Martin Willi
c310881a11
Added a TLS purpose for EAP-TTLS with client authentication
2010-08-23 15:13:48 +02:00
Martin Willi
5ff8c62707
EAP-TLS clients send an empty packet on failure to properly shut down a TLS session
2010-08-23 15:13:41 +02:00
Martin Willi
e6f3ef1330
Implemented TLS Alert handling
2010-08-23 15:13:37 +02:00
Martin Willi
908e752201
Rebuild library.lo after changing ./configure options
2010-08-23 12:01:48 +02:00
Martin Willi
e0fcf43cf8
Build a trustchain even if no trust anchor is given
2010-08-23 12:01:43 +02:00
Martin Willi
c49475dae1
Accept encryption payloads with no wrapped payloads
2010-08-23 11:30:36 +02:00
Martin Willi
4f60466a01
Fall back to shifting with 32-bit words if 64-bit byte order conversion function missing
2010-08-23 10:10:36 +02:00