aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge branch 'charon-cmd-pkcs12'Tobias Brunner2013-05-0855-556/+3465
|\ | | | | | | | | | | Adds support for PKCS#12 files in charon-cmd and ipsec.secrets. Also fixes the cleanup of the OpenSSL library in the openssl plugin.
| * stroke: Add second password if providedTobias Brunner2013-05-081-0/+13
| |
| * Load pkcs7 plugin in charon (and while we are at it in nm)Tobias Brunner2013-05-081-1/+1
| |
| * stroke: Fail silently if another builder calls PW callback after giving upTobias Brunner2013-05-081-9/+14
| | | | | | | | Also reduced the number of tries to 3.
| * stroke: Cache passwords so the user is not prompted multiple times for the ↵Tobias Brunner2013-05-081-1/+13
| | | | | | | | | | | | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all.
| * stroke: Fix prompt and error messages in passphrase callbackTobias Brunner2013-05-081-11/+13
| |
| * stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-082-19/+109
| |
| * openssl: Cleanup thread specific error bufferTobias Brunner2013-05-081-5/+38
| |
| * openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0Tobias Brunner2013-05-081-17/+29
| |
| * openssl: Add PKCS#12 parsing via OpenSSLTobias Brunner2013-05-084-0/+307
| |
| * openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-082-9/+7
| |
| * charon-cmd: Add support for PKCS#12 filesTobias Brunner2013-05-085-3/+54
| |
| * PEM plugin loads PKCS#12 containers from (DER-encoded) filesTobias Brunner2013-05-083-0/+24
| | | | | | | | | | It is not actually able to handle PEM encoded PKCS#12 files produced by OpenSSL.
| * Remove pluto specific certificate typesTobias Brunner2013-05-083-14/+1
| |
| * charon-cmd: match_me/match_other are optional in callback credentialsTobias Brunner2013-05-081-1/+8
| |
| * charon-cmd: Request password for private keysTobias Brunner2013-05-081-0/+3
| |
| * Add support for untruncated HMAC-SHA-512Tobias Brunner2013-05-085-1/+13
| |
| * Also support 128-bit RC2Tobias Brunner2013-05-081-1/+2
| |
| * Add pkcs12 plugin which adds support for decoding PKCS#12 containersTobias Brunner2013-05-0811-2/+808
| |
| * Function added to convert a hash algorithm to an HMAC integrity algorithmTobias Brunner2013-05-082-0/+77
| |
| * Support the PKCS#5/PKCS#12 encryption scheme used by OpenSSL for private keysTobias Brunner2013-05-081-0/+6
| |
| * Register PKCS#8 builder for KEY_ANYTobias Brunner2013-05-081-0/+1
| |
| * Add support for PKCS#7/CMS encrypted-dataTobias Brunner2013-05-086-5/+267
| |
| * Move PKCS#12 key derivation to a separate fileTobias Brunner2013-05-085-147/+238
| |
| * PKCS#5 wrapper can decrypt PKCS#12-like schemesTobias Brunner2013-05-082-4/+180
| |
| * Add test vectors for RC2Tobias Brunner2013-05-083-0/+118
| |
| * Fix cleanup in crypto_tester if a crypter failsTobias Brunner2013-05-081-1/+4
| |
| * Add implementation of the RC2 block cipher (RFC 2268)Tobias Brunner2013-05-089-4/+559
| |
| * Extract function to convert ASN.1 INTEGER object to u_int64_tTobias Brunner2013-05-083-23/+28
| |
| * Extract PKCS#5 handling from pkcs8 plugin to separate helper classTobias Brunner2013-05-085-458/+710
|/
* Merge branch 'charon-cmd-agent'Tobias Brunner2013-05-0831-117/+593
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support for authentication via ssh-agent to charon-cmd (RSA and ECDSA keys are currently supported). The new sshkey plugin parses SSH public keys in RFC 4253 format. SSH public keys can be configured with the left|rightsigkey ipsec.conf option, which replaces left|rightrsasigkey and takes a public key in one of three formats: SSH (RFC 4253, ssh: prefix), DNSKEY (RFC 3110, dns: prefix, not the full RR, only the actual RSA key), or PKCS#1 (the default, no prefix). As before the keys are either encoded in hex (0x) or base64 (0s). left|rightsigkey also accepts the path to a file containing a PEM or DER encoded public key.
| * charon-cmd: Changed formatting of optional arguments in usage informationTobias Brunner2013-05-081-8/+10
| | | | | | | | Optional arguments have to be specified with = after the option.
| * charon-cmd: --agent optionally takes the path to an ssh-agent socketTobias Brunner2013-05-083-16/+24
| | | | | | | | If not given it is read from the SSH_AUTH_SOCK environment variable.
| * charon-cmd: Stop processing options if an argument is missing or an option ↵Tobias Brunner2013-05-081-0/+3
| | | | | | | | not recognized
| * charon-cmd: Properly initialize options with no additional linesTobias Brunner2013-05-071-10/+10
| |
| * agent: Use sshkey plugin to parse keys, adds support for ECDSATobias Brunner2013-05-074-58/+70
| |
| * sshkey: Add support for ECDSA keysTobias Brunner2013-05-071-0/+70
| |
| * Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-0715-39/+43
| |
| * left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-076-21/+37
| | | | | | | | | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
| * sshkey: Added builder for SSHKEY RSA keysTobias Brunner2013-05-076-1/+142
| |
| * Add sshkey plugin stub that will parse RFC 4253 public keysTobias Brunner2013-05-075-0/+140
| |
| * Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | | | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
| * charon-cmd: Add --agent option to authenticate using ssh-agent(1)Tobias Brunner2013-05-074-0/+72
| | | | | | | | | | | | The socket path is read from the SSH_AUTH_SOCK environment variable. So using this with sudo might require the -E command line (or an appropriate sudoers config) to preserve the environment.
| * charon-cmd: Use loose matching of gateway identityTobias Brunner2013-05-071-0/+1
| |
| * charon-cmd: Load pubkey plugin to load raw keysTobias Brunner2013-05-071-1/+1
|/
* testing: Don't run tests when building tkmTobias Brunner2013-05-071-1/+1
| | | | | | | The problem with XML/Ada described in 9c2aba27 actually occurs when running the tests here. Really fixes #336.
* testing: Don't run tests when building tkm-rpcTobias Brunner2013-05-061-1/+1
| | | | | | | | | There are issues with some versions of the XML/Ada library on i386, blocking the build of the testing environment when these tests are run. TKM tests won't work in such a case but at least make-testing does not block with this patch. Fixes #336.
* Merge branch 'tun-vip'Martin Willi2013-05-0620-385/+1162
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | Beside some OS X love, this merge introduces virtual IP and route installation support on the pfkey/pfroute kernel interfaces. Each virtual IP gets installed on a dedicated TUN device. As Linux-like source routes are not supported, routes for the negotiated traffic selectors get installed using the TUN device. To prevent IKE packets from using those routes, special exclude routes get installed to the IKE gateway. This works for most road-warrior deployments, but certainly does not for some more exotic configurations, such as those using virtual-IP-to-host. Mobility is not yet supported, either.
| * kernel-pfroute: allow only one thread to do a route look up simultaneouslyMartin Willi2013-05-061-1/+8
| | | | | | | | Otherwise we mess up the sequence number another thread is waiting for.
| * kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-0610-16/+50
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 03:33:12 +0000