aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding/payloads
Commit message (Collapse)AuthorAgeFilesLines
* ikev2: Add encrypted fragment payloadTobias Brunner2014-10-104-12/+454
|
* encrypted_payload: Encrypted payload can be constructed from plaintextTobias Brunner2014-10-102-0/+38
|
* encrypted_payload: Expose generate() to generate the plaintextTobias Brunner2014-10-102-1/+17
|
* encrypted_payload: Extract some utility functionsTobias Brunner2014-10-101-74/+110
|
* ikev2: Add notify for IKEv2 fragmentationTobias Brunner2014-10-102-7/+15
|
* ike: Rename encryption_payload to encrypted_payloadTobias Brunner2014-10-104-84/+80
|
* encoding: Accept all exchange types for non IKEv1/IKEv2 major versionsMartin Willi2014-09-221-5/+11
|
* ikev1: Log IV when encrypting messagesTobias Brunner2014-09-121-0/+1
|
* ikev1: Skip unusable IPComp proposalsTobias Brunner2014-09-121-1/+1
| | | | Fixes #661.
* ikev1: Properly handle different proposal numbering schemesTobias Brunner2014-09-121-5/+10
| | | | | | | | | | | | | | | | | | While the examples in RFC 2408 show proposal numbers starting at 1 and increasing by one for each subsequent proposal this is not mandatory. Actually, IKEv1 proposals may start at any number, the only requirement is that the proposal numbers increase monotonically they don't have to do so consecutively. Most implementations follow the examples and start numbering at 1 (charon, racoon, Shrew, Cisco, Windows XP, FRITZ!Box) but pluto was one of the implementations that started with 0 and there might be others out there. The previous assumption that implementations always start numbering proposals at 0 caused problems with clients that start numbering with 1 and whose first proposal consists of multiple protocols (e.g. ESP+IPComp). Fixes #661.
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-0440-296/+296
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* ikev1: Accept SPI size of any length <= 16 in ISAKMP proposalTobias Brunner2014-03-311-4/+12
| | | | Fixes #533.
* ike: Support encoding of attribute certificates in CERT payloadsMartin Willi2014-03-311-1/+6
|
* Added IFOM_CAPABILITY notify message typeAndreas Steffen2013-11-012-6/+10
|
* iv_gen: Provide external sequence number (IKE, ESP)Tobias Brunner2013-10-112-4/+6
| | | | This prevents duplicate sequential IVs in case of a HA failover.
* ikev2: Use IV generator to encrypt encrypted payloadTobias Brunner2013-10-111-1/+9
|
* ikev1: Support parsing of AH+IPComp proposalsMartin Willi2013-10-111-9/+11
|
* ikev1: Support en-/decoding of SA payloads with AH algorithmsMartin Willi2013-10-111-31/+99
|
* Fix crash if the initiator has no suitable proposal availableTobias Brunner2013-06-211-0/+5
| | | | Could be triggered with a typo in the ike or esp options when ! is used.
* proposals: try next if IKEv2 algorithm could not be mapped to IKEv1Martin Willi2013-05-061-2/+4
|
* added ERX_SUPPORTED IKEv2 NotifyAndreas Steffen2013-03-022-7/+11
|
* Don't reject OPAQUE ports while verifying traffic selector substructureMartin Willi2013-02-211-1/+5
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-124-11/+342
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
| * Payload added to handle IKE fragmentsTobias Brunner2012-12-244-11/+312
| |
* | Don't use bio_writer_t.skip() to write length field when appending more dataMartin Willi2013-01-111-4/+4
| | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation.
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-112-0/+26
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-112-4/+4
|/
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-201-1/+1
|
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-197-54/+88
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Moved data structures to new collections subfolderTobias Brunner2012-10-2414-14/+14
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-241-1/+1
|
* Correctly initialize payload length of encrypted payloadTobias Brunner2012-09-281-1/+1
|
* Added method to enumerate EAP types contained in an EAP-NakTobias Brunner2012-08-312-11/+79
|
* Encode EAP-Naks in expanded format if we got an expanded type requestTobias Brunner2012-08-312-2/+15
| | | | | Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient.
* Allow clients to request a configured EAP method via EAP-NakTobias Brunner2012-08-312-2/+11
|
* Send EAP-Nak with supported types if requested type is unsupportedTobias Brunner2012-08-312-6/+71
|
* Include stdint.h for UINTxx_MAX definesTobias Brunner2012-07-271-2/+3
| | | | Fixes #205.
* Cleaned up memory management and return values for encryption payloadMartin Willi2012-07-162-19/+20
|
* Check rng return value when encrypting encryption payloadTobias Brunner2012-07-161-2/+8
|
* Add a return value to aead_t.encrypt()Martin Willi2012-07-161-2/+10
|
* Map XAuth responder authentication methods between IKEv1 and IKEv2Martin Willi2012-06-271-1/+13
|
* Added encapsulation mode transform attribute to IPComp proposal.Tobias Brunner2012-05-253-5/+10
|
* Add an additional proposal without IPComp to SA payload.Tobias Brunner2012-05-241-17/+15
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-242-8/+92
|
* Added support for IKEv1 IPComp proposals in proposal substructure.Tobias Brunner2012-05-242-9/+126
|
* Properly filter IKEv1 proposals consisting of multiple proposal payloads.Tobias Brunner2012-05-241-9/+15
| | | | | | | Since a proposal_t object is created for each transform contained in the proposal payload, it does not work to simply remove the last proposal_t object added to the list (there may be several other extracted from the previous proposal payload).
* fixed mapping of IKEv1 algorithmsAndreas Steffen2012-05-051-29/+184
|
* inserted spaceAndreas Steffen2012-05-054-0/+0
|
* Merge branch 'ikev1'Martin Willi2012-05-0249-1228/+3854
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 18:02:08 +0000