| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | ikev1: Determine transform ID before mapping integrity algorithm ID | Tobias Brunner | 2017-07-05 | 1 | -1/+1 |
| | | | | | | | | | | Due to the lookup based on the mapped algorithm ID the resulting AH proposals were invalid. Fixes #2347. Fixes: 8456d6f5a8e9 ("ikev1: Don't require AH mapping for integrity algorithm when generating proposal") | ||||
| * | ikev1: Don't require AH mapping for integrity algorithm when generating proposal | Thomas Egerer | 2016-08-25 | 1 | -6/+9 |
| | | | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
| * | ikev1: Add support for extended sequence numbers | Thomas Egerer | 2016-06-29 | 1 | -3/+17 |
| | | | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
| * | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -50/+50 |
| | | |||||
| * | ikev1: Assume a default key length of 128-bit for AES-CBC | Tobias Brunner | 2015-08-17 | 1 | -0/+11 |
| | | | | | | | | | | | Some implementations don't send a Key Length attribute for AES-128. This was allowed for IKE in early drafts of RFC 3602, however, some implementations also seem to do it for ESP, where it never was allowed. And the final version of RFC 3602 demands a Key Length attribute for both phases so they shouldn't do it anymore anyway. Fixes #1064. | ||||
| * | ikev1: Use same map for AH and ESP authentication algorithms | Tobias Brunner | 2014-12-09 | 1 | -152/+120 |
| | | | | | | | The transform identifier used in AH transforms is not the same as the authentication algorithm identifier used in the transform attributes in AH (and ESP) transforms. | ||||
| * | ikev1: Accept IPComp proposals with 4 octet long CPI values | Tobias Brunner | 2014-12-05 | 1 | -2/+2 |
| | | | | | | While they SHOULD be sent as 16-bit values according to RFC 3173 a responder MUST be able to accept CPI values encoded in four bytes. | ||||
| * | payload: Use common prefixes for all payload type identifiers | Martin Willi | 2014-06-04 | 1 | -41/+41 |
| | | | | | | The old identifiers did not use a proper namespace and often clashed with other defines. | ||||
| * | ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal | Tobias Brunner | 2014-03-31 | 1 | -4/+12 |
| | | | | | Fixes #533. | ||||
| * | ikev1: Support en-/decoding of SA payloads with AH algorithms | Martin Willi | 2013-10-11 | 1 | -31/+99 |
| | | |||||
| * | proposals: try next if IKEv2 algorithm could not be mapped to IKEv1 | Martin Willi | 2013-05-06 | 1 | -2/+4 |
| | | |||||
| * | Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier | Volker Rümelin | 2012-12-19 | 1 | -7/+27 |
| | | | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947. | ||||
| * | Moved data structures to new collections subfolder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Map XAuth responder authentication methods between IKEv1 and IKEv2 | Martin Willi | 2012-06-27 | 1 | -1/+13 |
| | | |||||
| * | Added encapsulation mode transform attribute to IPComp proposal. | Tobias Brunner | 2012-05-25 | 1 | -1/+4 |
| | | |||||
| * | Added support for IKEv1 IPComp proposals in proposal substructure. | Tobias Brunner | 2012-05-24 | 1 | -1/+97 |
| | | |||||
| * | fixed mapping of IKEv1 algorithms | Andreas Steffen | 2012-05-05 | 1 | -29/+184 |
| | | |||||
| * | Fixed transform numbering in IKEv1 proposal. | Tobias Brunner | 2012-03-20 | 1 | -0/+1 |
| | | |||||
| * | Fix mapping of IKEv1 encapsulation mode | Martin Willi | 2012-03-20 | 1 | -1/+1 |
| | | |||||
| * | Support encoding of IKEv1 ECDSA proposals | Martin Willi | 2012-03-20 | 1 | -6/+16 |
| | | |||||
| * | Support IKEv1 proposal encodings having both lifebytes and a lifetime | Martin Willi | 2012-03-20 | 1 | -67/+58 |
| | | |||||
| * | Always use a transform number of 1 when encoding a single transform | Martin Willi | 2012-03-20 | 1 | -3/+3 |
| | | |||||
| * | Remove executable flag from source code files | Martin Willi | 2012-03-20 | 1 | -0/+0 |
| | | |||||
| * | Support encoding of Hybrid initiator authentication method | Martin Willi | 2012-03-20 | 1 | -0/+9 |
| | | |||||
| * | En- and decode DH group attribute in quick mode SA payloads | Martin Willi | 2012-03-20 | 1 | -0/+13 |
| | | |||||
| * | Setting transform number in esp proposal. | Clavister OpenSource | 2012-03-20 | 1 | -1/+1 |
| | | | | | iPhone (racoon) fails quick mode when transform number is 0 | ||||
| * | Use proper enum types in proposal_substructure. | Tobias Brunner | 2012-03-20 | 1 | -2/+2 |
| | | |||||
| * | Map auth_class to auth method and IKEv1 proposal attribute | Martin Willi | 2012-03-20 | 1 | -2/+10 |
| | | |||||
| * | Implemented IKEv1 attribute encoding in SA payload | Martin Willi | 2012-03-20 | 1 | -0/+155 |
| | | |||||
| * | Implemented encoding of additional IKEv1 proposal attributes | Martin Willi | 2012-03-20 | 1 | -50/+113 |
| | | |||||
| * | IKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability ↵ | Clavister OpenSource | 2012-03-20 | 1 | -0/+17 |
| | | | | | to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK. | ||||
| * | Include hardcoded tunnel mode attribute in porposal, remove ESN attribute | Martin Willi | 2012-03-20 | 1 | -2/+2 |
| | | |||||
| * | Parse proposal substructure with multiple IKEv1 transforms to multiple proposals | Martin Willi | 2012-03-20 | 1 | -23/+24 |
| | | |||||
| * | Encode multiple IKEv1 proposals in a single transform substructure | Martin Willi | 2012-03-20 | 1 | -6/+46 |
| | | |||||
| * | Only add the first algorithm of a kind to IKEv1 transforms | Martin Willi | 2012-03-20 | 1 | -4/+4 |
| | | |||||
| * | Hardcode some SA lifetimes until we can configure them dynamically | Martin Willi | 2012-03-20 | 1 | -0/+12 |
| | | |||||
| * | Partially implemented IKEv1 ESP proposal en-/decoding | Martin Willi | 2012-03-20 | 1 | -2/+73 |
| | | |||||
| * | Re-enable static inclusion of PSK auth method into IKEv1 proposal | Martin Willi | 2012-03-20 | 1 | -2/+2 |
| | | |||||
| * | Added IKEv1 support to notify payload | Martin Willi | 2012-03-20 | 1 | -2/+2 |
| | | |||||
| * | Use a generic list encoding rule we can use to specify the wrapped payload type | Martin Willi | 2012-03-20 | 1 | -6/+6 |
| | | |||||
| * | Add a payload.get_header_length() method, remove header length definitions | Martin Willi | 2012-03-20 | 1 | -2/+9 |
| | | |||||
| * | Simplify signature of get_encoding_rules(), make all rules static | Martin Willi | 2012-03-20 | 1 | -9/+5 |
| | | |||||
| * | Add fixed PSK authentication method to IKEv1 proposal for now | Martin Willi | 2012-03-20 | 1 | -1/+15 |
| | | |||||
| * | Added limiting encoding of IKEv1 SA payloads | Martin Willi | 2012-03-20 | 1 | -65/+209 |
| | | |||||
| * | Implemented limited payload parsing for IKEv1 SA payloads | Martin Willi | 2012-03-20 | 1 | -39/+315 |
| | | |||||
| * | Fixed common misspellings. | Tobias Brunner | 2011-07-20 | 1 | -1/+1 |
| | | | | | Mostly found by 'codespell'. | ||||
| * | Added substructure enumerators to sa_payload, proposal_substructure | Martin Willi | 2011-01-05 | 1 | -0/+7 |
| | | |||||
| * | Added member fields for reserved bits and bytes in all payloads | Martin Willi | 2011-01-05 | 1 | -2/+7 |
| | | |||||
| * | Use enumerator instead of deprecated iterator | Martin Willi | 2011-01-05 | 1 | -13/+9 |
| | | |||||
| * | Removed obsolete clone mehtod from proposal_substructure | Martin Willi | 2011-01-05 | 1 | -30/+0 |
| | | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |