aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* vici: Add a destroy method to builder, allowing cancellation without errorMartin Willi2014-12-122-4/+18
| | | | | When cancelling a builder, finalize throws an error which we might prefer to avoid.
* eap-radius: Use the single-server legacy server options as fallbackMartin Willi2014-12-121-3/+10
|
* Pack private key arraysAndreas Steffen2014-12-101-17/+75
|
* dumm: Fix -Wformat warning in ruby extensionMartin Willi2014-12-101-2/+2
| | | | | | | In recent ruby versions, extensions get built with -Wformat. As we use custom printf specifiers, that does not work for us. As there does not seem to be a reliable way to override -Wformat, we use a variable for the format string, which prevents gcc from doing the -Wformat check in that particular situation.
* Automatic generation of optimized Huffman codesAndreas Steffen2014-12-097-0/+559
|
* unit-tests: added bliss_sampler testAndreas Steffen2014-12-093-0/+99
|
* Expanded bliss_bitpacker to 32 bitsAndreas Steffen2014-12-095-41/+39
|
* NEWS: Add note about AH algorithm mappingTobias Brunner2014-12-091-1/+4
|
* ikev1: Use same map for AH and ESP authentication algorithmsTobias Brunner2014-12-091-152/+120
| | | | | | The transform identifier used in AH transforms is not the same as the authentication algorithm identifier used in the transform attributes in AH (and ESP) transforms.
* ikev1: Accept IPComp proposals with 4 octet long CPI valuesTobias Brunner2014-12-051-2/+2
| | | | | While they SHOULD be sent as 16-bit values according to RFC 3173 a responder MUST be able to accept CPI values encoded in four bytes.
* ike: Only parse payloads valid for the current IKE versionTobias Brunner2014-12-054-3/+33
|
* ike: Make check for known payloads depend on IKE versionTobias Brunner2014-12-054-26/+41
|
* pkcs5: Add support for PBES2 encryption schemes other than 3DESTobias Brunner2014-12-051-8/+24
| | | | | | | | This allows using e.g. AES for PKCS#8 and PKCS#12 files. Some legacy schemes defined in RFC 2898 are not supported (like RC2). Fixes #740.
* asn1: Add OID for Blowfish CBCTobias Brunner2014-12-052-0/+11
| | | | | | | | The OID (1.3.6.1.4.1.3029.1.2) is technically not correct, the correct one is (1.3.6.1.4.1.3029.1.1.2). Every other library or tool (like OpenSSL) uses the incorrect one so we do the same. References #740.
* diffie-hellman: Handle dh_exponent_ansi_x9_42 as a boolean settingMartin Willi2014-12-051-2/+2
| | | | | | | | | | | | | While it was always documented as boolean setting, the option is currently handled as integer value, for which yes/no values do not work. Instead the default of TRUE is used for a no value. The option has been moved a lot during the last years, and in some locations was handled as bool, in some as integer. In the latest codebase it congruently used integer, which is actually not what is documented and used in testing. Fixes #781.
* unity: Only do narrowing of responder's TS if we received 0.0.0.0/0Tobias Brunner2014-12-051-2/+84
| | | | | | | | | | | | | | | | | | | | | | | iOS and Mac OS X clients establish individual IPsec SAs for the traffic selectors received in Split-Include attributes (might have been different in earlier releases). If we return 0.0.0.0/0 as TSr that either results in a bunch of Quick Mode exchanges (for each TS), or with the latest client releases an error notify (ATTRIBUTES_NOT_SUPPORTED). We also can't install the IPsec SA with all configured subnets as that would cause conflicts if the client later negotiates SAs for other subnets, which iOS 8 does based on traffic to such subnets. For Shrew and the Cisco client, which propose 0.0.0.0/0, we still need to override the narrowed TS with 0.0.0.0/0, as they otherwise won't accept the Quick Mode response. Likewise, we also have to narrow the TS before installing the IPsec SAs and policies. So we basically have to follow the client's proposal and only modify TSr if we received 0.0.0.0/0. Since we don't get the original TS in the narrow hook we handle the inbound QM messages and make note of IKE_SAs on which we received a TSr of 0.0.0.0/0. Fixes #737.
* id-payload: Enable multiple calls to get_ts() for subnet traffic selectorsTobias Brunner2014-12-051-2/+5
| | | | The second call resulted in a /32 subnet previously.
* ikev2: Fix handling of more than one hash-and-URL certificate payloadsTobias Brunner2014-12-041-2/+2
|
* Merge branch 'wfp-drop-firewall'Martin Willi2014-12-043-41/+244
|\ | | | | | | | | Introduces ALE layer WFP rules to accept tunnel mode packets in Windows stateful packet filtering if default-drop policies are used.
| * kernel-wfp: Install outbound ALE connect rules for IPsecMartin Willi2014-12-041-16/+43
| | | | | | | | | | | | Similar to the inbound rules, the ALE filter processes IP-in-IP packets for outbound tunnel mode traffic. When using an outbound default-drop policy, Windows does not allow connection initiation without these explicit rules.
| * kernel-wfp: Install inbound ALE IP-in-IP filtersMartin Willi2014-12-041-41/+159
| | | | | | | | | | | | | | | | | | | | | | When processing inbound tunnel mode packets, Windows decrypts packets and filters them as IP-in-IP packets. We therefore require an ALE filter that calls the FWPM_CALLOUT_IPSEC_INBOUND_TUNNEL_ALE_ACCEPT callout to allow them when using a default-drop policy. Without these rules, any outbound packet created an ALE state that allows inbound packets as well. Processing inbound packets without any outbound traffic fails without these rules.
| * kernel-wfp: Add missing IPsec sublayer GUIDsMartin Willi2014-12-041-0/+6
| |
| * kernel-wfp: Define IPsec related ALE layers and callout GUIDsMartin Willi2014-12-042-0/+40
| |
| * kernel-wfp: Fix logging of MM/QM/EM NetEvent failuresMartin Willi2014-12-041-0/+12
|/
* vici: Make sure to send/recv all requested bytes over socketMartin Willi2014-12-041-3/+22
| | | | | | As the underlying C functions, send/recv on ruby sockets are not guaranteed to send/recv all requested bytes. Use wrapper functions to make sure we get all bytes needed.
* updown: Inverse comment of VPN_LOGGING variable, as it is enabled by defaultMartin Willi2014-12-021-1/+1
| | | | Fixes #780.
* Version bump to 5.2.2dr15.2.2dr1Andreas Steffen2014-11-292-1/+5
|
* Increased check size du to INITIAL_CONTACT notifyAndreas Steffen2014-11-291-1/+1
|
* Renewed expired certificatesAndreas Steffen2014-11-2919-171/+223
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-2917-18/+97
| | | | pki tool
* Created ikev2/rw-ntru-bliss scenarioAndreas Steffen2014-11-2927-2/+193
|
* Applied bit packing to BLISS public keyAndreas Steffen2014-11-295-55/+68
|
* Wipe BLISS private key memoryAndreas Steffen2014-11-291-2/+8
|
* Created bliss_bitpacker class to encode BLISS signaturesAndreas Steffen2014-11-298-46/+464
|
* Skip the unused bits field of the ASN.1 BIT STRING encodingAndreas Steffen2014-11-291-1/+1
|
* Store NTT A of BLISS public key aAndreas Steffen2014-11-292-28/+24
|
* unit-tests: created bliss_sign test suiteAndreas Steffen2014-11-295-1/+91
|
* Finished BLISS signature generationAndreas Steffen2014-11-2912-157/+1170
|
* Implemented Gaussian rejection samplerAndreas Steffen2014-11-296-16/+496
| | | | | The bliss_sampler class uses the mgf1_bitspender as a pseudo-random source.
* Implemented get_byte() method for mgf1_bitspender classAndreas Steffen2014-11-294-26/+78
| | | | | | The new get_byte() method returns a pseudo-random byte at a time. Changed the get_bits() interface to the same interface as get_byte(). Updated the mgf1 unit-tests accordingly.
* Added support for BLISS-IIIAndreas Steffen2014-11-291-2/+17
|
* Started implementing BLISS signature generationAndreas Steffen2014-11-298-24/+34
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-299-32/+441
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* unit-tests: Created separate mgf1 test suiteAndreas Steffen2014-11-295-147/+270
|
* Use mgf1_bitspender in ntru_poly_create_from_seedAndreas Steffen2014-11-292-52/+16
|
* Use mgf1_bitspender to generate random secret keyAndreas Steffen2014-11-291-280/+226
|
* Implemented bitspender based on the MGF1 mask generator functionAndreas Steffen2014-11-294-3/+223
|
* unit-tests: Added bliss_fft test suiteAndreas Steffen2014-11-295-0/+193
|
* Moved mgf1 class to libstrongswan/crypto/mgf1Andreas Steffen2014-11-297-62/+51
|
* Defined BLISS I and IV parameter setsAndreas Steffen2014-11-294-19/+365
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-13 11:30:06 +0000