aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1
Commit message (Collapse)AuthorAgeFilesLines
...
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-031-1/+1
|
* Lookup IKEv1 PSK even if the peer identity is not knownMartin Willi2012-07-311-1/+1
|
* Implement late peer config switching after XAuth authenticationMartin Willi2012-07-261-15/+80
| | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1.
* Check if XAuth round complies to configured authentication roundMartin Willi2012-07-261-7/+18
|
* Merge auth config items added from XAuth backends to IKE_SAMartin Willi2012-07-261-0/+1
|
* Refactored error handling in keymat_v1_tMartin Willi2012-07-161-25/+27
|
* Cleaned up memory management and return values for encryption payloadMartin Willi2012-07-161-1/+4
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-162-8/+31
|
* Add a return value to keymat_v1_t.{get,update,confirm}_ivMartin Willi2012-07-162-13/+31
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-161-3/+6
|
* Add a return value to crypter_t.decrypt()Martin Willi2012-07-161-2/+1
|
* Add a return value to crypter_t.encryptMartin Willi2012-07-161-2/+1
|
* Check rng return value when generating IKEv1 message IDsTobias Brunner2012-07-161-8/+20
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-161-2/+3
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-162-2/+12
|
* Add a return value to prf_t.set_key()Martin Willi2012-07-161-10/+25
|
* Add a return value to prf_t.allocate_bytes()Martin Willi2012-07-161-11/+45
|
* Use a bool return value in keymat_v1_t.get_hash_phase2()Martin Willi2012-07-162-27/+27
|
* Add a return value to keymat_v1_t.get_hash()Martin Willi2012-07-164-17/+35
|
* Add a return value to prf_t.get_bytes()Martin Willi2012-07-161-9/+19
|
* prf_plus_create() can return NULL on failureMartin Willi2012-07-161-0/+10
|
* Add a return value to prf_plus_t.allocate_bytes()Martin Willi2012-07-161-4/+14
|
* Add a return value to aead_t.set_key()Martin Willi2012-07-161-1/+2
|
* Add a return value to aead_t.encrypt()Martin Willi2012-07-161-1/+2
|
* Send cert request based on peers configured authentication classMartin Willi2012-07-101-3/+30
|
* Don't send CERTREQs when initiating aggressive mode PSKMartin Willi2012-07-091-0/+4
|
* As a responder, don't start a TRANSACTION request if we expect one from the ↵Martin Willi2012-06-292-2/+4
| | | | initiator
* Defer quick mode initiation if we expect a mode config requestMartin Willi2012-06-271-1/+20
|
* Queue a mode config task as responder if we need a virtual IPMartin Willi2012-06-272-4/+16
|
* Add basic support for XAuth responder authenticationMartin Willi2012-06-272-8/+10
|
* support Cisco Unity VIDAndreas Steffen2012-06-251-3/+6
|
* Enforce uniqueids=keep based on XAuth identityMartin Willi2012-06-251-0/+6
|
* Don't send XAUTH_OK if a hook prevents SA to establishMartin Willi2012-06-251-4/+14
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-252-28/+28
|
* Add missing XAuth name variable when complaining about missing XAuth backendMartin Willi2012-06-251-1/+1
|
* Fix SIGSEGV if kernel install fails during Quick Mode as responder.Tobias Brunner2012-06-221-4/+8
|
* Adopt children as XAuth initiator (which is IKE responder)Martin Willi2012-06-141-2/+2
|
* Require a scary option to respond to Aggressive Mode PSK requestsMartin Willi2012-06-141-0/+17
| | | | | | | | While Aggressive Mode PSK is widely used, it is known to be subject to dictionary attacks by passive attackers. We don't complain as initiator to be compatible with existing (insecure) setups, but require a scary strongswan.conf option if someone wants to use it as responder.
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-082-0/+29
|
* While checking for redundant quick modes, compare traffic selectorsMartin Willi2012-06-081-0/+22
| | | | | If a configuration is instanced more than once using narrowing, we should keep all unique quick modes up during rekeying.
* Initiate quick mode rekeying with narrowed traffic selectorsMartin Willi2012-06-081-1/+18
|
* Use traffic selectors passed to quick mode constructor as initiatorMartin Willi2012-06-081-2/+10
|
* Instead of rekeying, delete a quick mode if we have a fresher instanceMartin Willi2012-06-081-6/+42
| | | | | | | | If both peers initiate quick mode rekeying simultaneously, we end up with duplicate SAs for a configuration. This can't be avoided, nor do the standards provide an appropriate solution. Instead of closing one SA immediately, we keep both. But once rekeying triggers, we don't refresh the SA with the shorter soft lifetime, but delete it.
* Added log message if peer does not accept/provide IPComp proposal.Tobias Brunner2012-05-241-2/+12
|
* Added support to negotiate IPComp during Quick Mode.Tobias Brunner2012-05-241-11/+91
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-243-6/+6
|
* Fix memleak during Quick Mode in case no SPI can be allocated from kernel.Tobias Brunner2012-05-241-8/+8
|
* Apply IDir before deriving keys as aggressive initiatorMartin Willi2012-05-231-4/+4
|
* Use received identity to look up PSK as aggressive responderMartin Willi2012-05-231-2/+9
|
* Check if we actually have an initiating packet to free while processing ↵Martin Willi2012-05-231-1/+1
| | | | responses
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 04:45:41 +0000