aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ike: Make check for known payloads depend on IKE versionTobias Brunner2014-12-054-26/+41
|
* pkcs5: Add support for PBES2 encryption schemes other than 3DESTobias Brunner2014-12-051-8/+24
| | | | | | | | This allows using e.g. AES for PKCS#8 and PKCS#12 files. Some legacy schemes defined in RFC 2898 are not supported (like RC2). Fixes #740.
* asn1: Add OID for Blowfish CBCTobias Brunner2014-12-052-0/+11
| | | | | | | | The OID (1.3.6.1.4.1.3029.1.2) is technically not correct, the correct one is (1.3.6.1.4.1.3029.1.1.2). Every other library or tool (like OpenSSL) uses the incorrect one so we do the same. References #740.
* diffie-hellman: Handle dh_exponent_ansi_x9_42 as a boolean settingMartin Willi2014-12-051-2/+2
| | | | | | | | | | | | | While it was always documented as boolean setting, the option is currently handled as integer value, for which yes/no values do not work. Instead the default of TRUE is used for a no value. The option has been moved a lot during the last years, and in some locations was handled as bool, in some as integer. In the latest codebase it congruently used integer, which is actually not what is documented and used in testing. Fixes #781.
* unity: Only do narrowing of responder's TS if we received 0.0.0.0/0Tobias Brunner2014-12-051-2/+84
| | | | | | | | | | | | | | | | | | | | | | | iOS and Mac OS X clients establish individual IPsec SAs for the traffic selectors received in Split-Include attributes (might have been different in earlier releases). If we return 0.0.0.0/0 as TSr that either results in a bunch of Quick Mode exchanges (for each TS), or with the latest client releases an error notify (ATTRIBUTES_NOT_SUPPORTED). We also can't install the IPsec SA with all configured subnets as that would cause conflicts if the client later negotiates SAs for other subnets, which iOS 8 does based on traffic to such subnets. For Shrew and the Cisco client, which propose 0.0.0.0/0, we still need to override the narrowed TS with 0.0.0.0/0, as they otherwise won't accept the Quick Mode response. Likewise, we also have to narrow the TS before installing the IPsec SAs and policies. So we basically have to follow the client's proposal and only modify TSr if we received 0.0.0.0/0. Since we don't get the original TS in the narrow hook we handle the inbound QM messages and make note of IKE_SAs on which we received a TSr of 0.0.0.0/0. Fixes #737.
* id-payload: Enable multiple calls to get_ts() for subnet traffic selectorsTobias Brunner2014-12-051-2/+5
| | | | The second call resulted in a /32 subnet previously.
* ikev2: Fix handling of more than one hash-and-URL certificate payloadsTobias Brunner2014-12-041-2/+2
|
* Merge branch 'wfp-drop-firewall'Martin Willi2014-12-043-41/+244
|\ | | | | | | | | Introduces ALE layer WFP rules to accept tunnel mode packets in Windows stateful packet filtering if default-drop policies are used.
| * kernel-wfp: Install outbound ALE connect rules for IPsecMartin Willi2014-12-041-16/+43
| | | | | | | | | | | | Similar to the inbound rules, the ALE filter processes IP-in-IP packets for outbound tunnel mode traffic. When using an outbound default-drop policy, Windows does not allow connection initiation without these explicit rules.
| * kernel-wfp: Install inbound ALE IP-in-IP filtersMartin Willi2014-12-041-41/+159
| | | | | | | | | | | | | | | | | | | | | | When processing inbound tunnel mode packets, Windows decrypts packets and filters them as IP-in-IP packets. We therefore require an ALE filter that calls the FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT callout to allow them when using a default-drop policy. Without these rules, any outbound packet created an ALE state that allows inbound packets as well. Processing inbound packets without any outbound traffic fails without these rules.
| * kernel-wfp: Add missing IPsec sublayer GUIDsMartin Willi2014-12-041-0/+6
| |
| * kernel-wfp: Define IPsec related ALE layers and callout GUIDsMartin Willi2014-12-042-0/+40
| |
| * kernel-wfp: Fix logging of MM/QM/EM NetEvent failuresMartin Willi2014-12-041-0/+12
|/
* vici: Make sure to send/recv all requested bytes over socketMartin Willi2014-12-041-3/+22
| | | | | | As the underlying C functions, send/recv on ruby sockets are not guaranteed to send/recv all requested bytes. Use wrapper functions to make sure we get all bytes needed.
* updown: Inverse comment of VPN_LOGGING variable, as it is enabled by defaultMartin Willi2014-12-021-1/+1
| | | | Fixes #780.
* Version bump to 5.2.2dr15.2.2dr1Andreas Steffen2014-11-292-1/+5
|
* Increased check size du to INITIAL_CONTACT notifyAndreas Steffen2014-11-291-1/+1
|
* Renewed expired certificatesAndreas Steffen2014-11-2919-171/+223
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-2917-18/+97
| | | | pki tool
* Created ikev2/rw-ntru-bliss scenarioAndreas Steffen2014-11-2927-2/+193
|
* Applied bit packing to BLISS public keyAndreas Steffen2014-11-295-55/+68
|
* Wipe BLISS private key memoryAndreas Steffen2014-11-291-2/+8
|
* Created bliss_bitpacker class to encode BLISS signaturesAndreas Steffen2014-11-298-46/+464
|
* Skip the unused bits field of the ASN.1 BIT STRING encodingAndreas Steffen2014-11-291-1/+1
|
* Store NTT A of BLISS public key aAndreas Steffen2014-11-292-28/+24
|
* unit-tests: created bliss_sign test suiteAndreas Steffen2014-11-295-1/+91
|
* Finished BLISS signature generationAndreas Steffen2014-11-2912-157/+1170
|
* Implemented Gaussian rejection samplerAndreas Steffen2014-11-296-16/+496
| | | | | The bliss_sampler class uses the mgf1_bitspender as a pseudo-random source.
* Implemented get_byte() method for mgf1_bitspender classAndreas Steffen2014-11-294-26/+78
| | | | | | The new get_byte() method returns a pseudo-random byte at a time. Changed the get_bits() interface to the same interface as get_byte(). Updated the mgf1 unit-tests accordingly.
* Added support for BLISS-IIIAndreas Steffen2014-11-291-2/+17
|
* Started implementing BLISS signature generationAndreas Steffen2014-11-298-24/+34
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-299-32/+441
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* unit-tests: Created separate mgf1 test suiteAndreas Steffen2014-11-295-147/+270
|
* Use mgf1_bitspender in ntru_poly_create_from_seedAndreas Steffen2014-11-292-52/+16
|
* Use mgf1_bitspender to generate random secret keyAndreas Steffen2014-11-291-280/+226
|
* Implemented bitspender based on the MGF1 mask generator functionAndreas Steffen2014-11-294-3/+223
|
* unit-tests: Added bliss_fft test suiteAndreas Steffen2014-11-295-0/+193
|
* Moved mgf1 class to libstrongswan/crypto/mgf1Andreas Steffen2014-11-297-62/+51
|
* Defined BLISS I and IV parameter setsAndreas Steffen2014-11-294-19/+365
|
* Added BLISS OIDs in ITA-HSR OID treeAndreas Steffen2014-11-291-0/+10
|
* Implemented Number Theoretic Transform using the FFT algorithmAndreas Steffen2014-11-298-3/+869
| | | | | | By pre-multiplying the input arrays with a linear phase the fast multiplication via FFT and inverse FFT computes a negative wrapped convolution corresponding to a modulus of x^n+1.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-2912-8/+663
|
* libtls: Catch POLLHUP/NVAL in TLS socket splicingMartin Willi2014-11-281-2/+2
| | | | | If one of the sockets gets disconnected, some systems return POLLHUP. Signal the socket as ready to let the read/write call fail properly.
* watcher: Proper handle poll() POLLHUP/NVAL signalingMartin Willi2014-11-281-13/+36
| | | | | | | poll() may return POLLHUP or POLLNVAL for given file descriptors. To handle these properly, we signal them to the EXCEPT watcher state, if registered. If not, we call the read/write callbacks, so they can properly fail when trying to read from or write to the file descriptor.
* windows: Properly set errno for read/write functions using WinsockMartin Willi2014-11-281-4/+4
|
* ikev2: Fix ike_rekey switch statement broken with last commitMartin Willi2014-11-241-1/+1
|
* ikev2: Prevent IKE_SA rekeying if we are currently retrying a CHILD_SA rekeyMartin Willi2014-11-211-0/+1
|
* controller: Keep following initiate() if the first DH guess was wrongMartin Willi2014-11-211-0/+12
|
* child-sa: Introduce a CHILD_RETRYING state to detect DH group retriesMartin Willi2014-11-213-0/+7
|
* Merge branch 'poll'Martin Willi2014-11-2116-281/+581
|\ | | | | | | | | | | | | | | Replace relevant uses of select() by poll(). poll(2) avoids the difficulties we have with more than 1024 open file descriptors, and seems to be fairly portable. Fixes #757.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 20:53:31 +0000