aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding/payloads
Commit message (Collapse)AuthorAgeFilesLines
* Fixed some typos, courtesy of codespellTobias Brunner2017-11-154-4/+4
|
* Fixed some typos, courtesy of codespellTobias Brunner2017-08-071-1/+1
|
* ikev1: Determine transform ID before mapping integrity algorithm IDTobias Brunner2017-07-051-1/+1
| | | | | | | | | Due to the lookup based on the mapped algorithm ID the resulting AH proposals were invalid. Fixes #2347. Fixes: 8456d6f5a8e9 ("ikev1: Don't require AH mapping for integrity algorithm when generating proposal")
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-263-6/+21
|
* ikev1: Don't require AH mapping for integrity algorithm when generating proposalThomas Egerer2016-08-251-6/+9
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ikev1: Add support for extended sequence numbersThomas Egerer2016-06-291-3/+17
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Use standard unsigned integer typesAndreas Steffen2016-03-2442-320/+320
|
* payloads: Verify P-CSCF configuration attributes like others carrying IP ↵Tobias Brunner2016-03-101-0/+2
| | | | addresses
* ikev1: Send and verify IPv6 addresses correctlyTobias Brunner2016-03-031-0/+7
| | | | | | | | According to the mode-config draft there is no prefix sent for IPv6 addresses in IKEv1. We still accept 17 bytes long addresses for backwards compatibility with older strongSwan releases. Fixes #1304.
* ikev1: Assume a default key length of 128-bit for AES-CBCTobias Brunner2015-08-171-0/+11
| | | | | | | | | | Some implementations don't send a Key Length attribute for AES-128. This was allowed for IKE in early drafts of RFC 3602, however, some implementations also seem to do it for ESP, where it never was allowed. And the final version of RFC 3602 demands a Key Length attribute for both phases so they shouldn't do it anymore anyway. Fixes #1064.
* Fixed some typosTobias Brunner2015-08-131-1/+1
|
* unknown-payload: Use a new private payload type and make original type availableTobias Brunner2015-06-014-1/+24
| | | | | | | | | This fixes a DoS and potential remote code execution vulnerability that was caused because the original payload type that was returned previously was used to cast such payload objects to payloads of the indicated type (e.g. when logging notify payloads with a payload type for the wrong IKE version). Fixes CVE-2015-3991.
* ikev2: Include fragment number into message ID passed to IV genMartin Willi2015-06-011-0/+5
| | | | | | When using a cipher with sequential IVs, we never must pass an identical IV to the IV generator. To avoid it when using IKEv2 fragmentation, use the lower bits of the 64-bit message ID as the fragment number.
* encoding: Remove DH public value verification from KE payloadMartin Willi2015-03-231-73/+0
| | | | | | | | This commit reverts 84738b1a and 2ed5f569. As we have no DH group available in the KE payload for IKEv1, the verification can't work in that stage. Instead, we now verify DH groups in the DH backends, which works for any IKE version or any other purpose.
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-2/+8
|
* encoding: Allow ke_payload_create_from_diffie_hellman() to failMartin Willi2015-03-231-1/+1
|
* encoding: Add getter for IKE SPIs in IKEv1 DELETE payloadsTobias Brunner2015-03-232-0/+25
|
* encoding: Don't verify length of IKEv1 KE payloadsTobias Brunner2015-03-201-0/+6
| | | | | | The verification introduced with 84738b1aed95 ("encoding: Verify the length of KE payload data for known groups") can't be done for IKEv1 as the KE payload does not contain the DH group.
* encoding: Verify the length of KE payload data for known groupsMartin Willi2015-03-181-0/+67
| | | | | | | IKE is very strict in the length of KE payloads, and it should be safe to strictly verify their length. Not doing so is no direct threat, but allows DDoS amplification by sending short KE payloads for large groups using the target as the source address.
* ikev2: Add SIGNATURE_HASH_ALGORITHMS notify payloadTobias Brunner2015-03-042-6/+18
|
* ike: Allow creation of internally used payloadsTobias Brunner2014-12-121-1/+1
| | | | | | | Since 42e0a317c64b ("ike: Only parse payloads valid for the current IKE version") payload types are checked before creating objects. This check failed for internally used payload types (e.g. proposal substructures), which have a type >= 256, i.e. outside the IKE payload type range.
* ikev1: Use same map for AH and ESP authentication algorithmsTobias Brunner2014-12-091-152/+120
| | | | | | The transform identifier used in AH transforms is not the same as the authentication algorithm identifier used in the transform attributes in AH (and ESP) transforms.
* ikev1: Accept IPComp proposals with 4 octet long CPI valuesTobias Brunner2014-12-051-2/+2
| | | | | While they SHOULD be sent as 16-bit values according to RFC 3173 a responder MUST be able to accept CPI values encoded in four bytes.
* ike: Only parse payloads valid for the current IKE versionTobias Brunner2014-12-051-0/+1
|
* ike: Make check for known payloads depend on IKE versionTobias Brunner2014-12-052-24/+39
|
* id-payload: Enable multiple calls to get_ts() for subnet traffic selectorsTobias Brunner2014-12-051-2/+5
| | | | The second call resulted in a /32 subnet previously.
* ikev2: Add encrypted fragment payloadTobias Brunner2014-10-104-12/+454
|
* encrypted_payload: Encrypted payload can be constructed from plaintextTobias Brunner2014-10-102-0/+38
|
* encrypted_payload: Expose generate() to generate the plaintextTobias Brunner2014-10-102-1/+17
|
* encrypted_payload: Extract some utility functionsTobias Brunner2014-10-101-74/+110
|
* ikev2: Add notify for IKEv2 fragmentationTobias Brunner2014-10-102-7/+15
|
* ike: Rename encryption_payload to encrypted_payloadTobias Brunner2014-10-104-84/+80
|
* encoding: Accept all exchange types for non IKEv1/IKEv2 major versionsMartin Willi2014-09-221-5/+11
|
* ikev1: Log IV when encrypting messagesTobias Brunner2014-09-121-0/+1
|
* ikev1: Skip unusable IPComp proposalsTobias Brunner2014-09-121-1/+1
| | | | Fixes #661.
* ikev1: Properly handle different proposal numbering schemesTobias Brunner2014-09-121-5/+10
| | | | | | | | | | | | | | | | | | While the examples in RFC 2408 show proposal numbers starting at 1 and increasing by one for each subsequent proposal this is not mandatory. Actually, IKEv1 proposals may start at any number, the only requirement is that the proposal numbers increase monotonically they don't have to do so consecutively. Most implementations follow the examples and start numbering at 1 (charon, racoon, Shrew, Cisco, Windows XP, FRITZ!Box) but pluto was one of the implementations that started with 0 and there might be others out there. The previous assumption that implementations always start numbering proposals at 0 caused problems with clients that start numbering with 1 and whose first proposal consists of multiple protocols (e.g. ESP+IPComp). Fixes #661.
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-0440-296/+296
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* ikev1: Accept SPI size of any length <= 16 in ISAKMP proposalTobias Brunner2014-03-311-4/+12
| | | | Fixes #533.
* ike: Support encoding of attribute certificates in CERT payloadsMartin Willi2014-03-311-1/+6
|
* Added IFOM_CAPABILITY notify message typeAndreas Steffen2013-11-012-6/+10
|
* iv_gen: Provide external sequence number (IKE, ESP)Tobias Brunner2013-10-112-4/+6
| | | | This prevents duplicate sequential IVs in case of a HA failover.
* ikev2: Use IV generator to encrypt encrypted payloadTobias Brunner2013-10-111-1/+9
|
* ikev1: Support parsing of AH+IPComp proposalsMartin Willi2013-10-111-9/+11
|
* ikev1: Support en-/decoding of SA payloads with AH algorithmsMartin Willi2013-10-111-31/+99
|
* Fix crash if the initiator has no suitable proposal availableTobias Brunner2013-06-211-0/+5
| | | | Could be triggered with a typo in the ike or esp options when ! is used.
* proposals: try next if IKEv2 algorithm could not be mapped to IKEv1Martin Willi2013-05-061-2/+4
|
* added ERX_SUPPORTED IKEv2 NotifyAndreas Steffen2013-03-022-7/+11
|
* Don't reject OPAQUE ports while verifying traffic selector substructureMartin Willi2013-02-211-1/+5
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-124-11/+342
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 07:14:50 +0000