aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
| | * Create negotiated hasher earlier during Main Mode so it is available for ↵Tobias Brunner2012-03-201-0/+8
| | | | | | | | | | | | building NAT-D payloads.
| | * Added a function to keymat_v1 to create the hasher earlier than during key ↵Tobias Brunner2012-03-202-15/+48
| | | | | | | | | | | | | | | | | | derivation. The negotiated hasher is also used to generate NAT-D payloads.
| | * IKEv1 XAuth: Moving the state change to IKE_CONNECTED until after XAuth ↵Clavister OpenSource2012-03-203-23/+48
| | | | | | | | | | | | exchanges are complete.
| | * IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, ↵Clavister OpenSource2012-03-202-3/+7
| | | | | | | | | | | | signalling whether or not to call the task_manager->initiate method after queueing the task.
| | * Handle IKEv1 NAT-T vendor ID payload (only RFC 3947 for now).Tobias Brunner2012-03-202-1/+19
| | |
| | * Added payloads for IKEv1 NAT-Traversal negotiation.Tobias Brunner2012-03-201-1/+1
| | |
| | * IKEv1 XAuth: Clean up debug prints in xauth_request task.Clavister OpenSource2012-03-201-13/+0
| | |
| | * IKEv1 XAuth: Remove XAuth task from the passive task list for ID_PROT.Clavister OpenSource2012-03-201-2/+0
| | |
| | * Revert "IKEv1 XAuth: Added new MIGRATE status type to status_t."Clavister OpenSource2012-03-201-48/+0
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit b57df8310a867a0a65abf17279bf1b6e6bb2f5d3. Conflicts: src/libcharon/sa/task_manager_v1.c
| | * IKEv1 XAuth + CfgMode: Added ability to process CfgMode messages in the ↵Clavister OpenSource2012-03-201-76/+543
| | | | | | | | | | | | xauth task. Migrated away from using the MIGRATE method to switch queues.
| | * IKEv1 XAuth: Change the main_mode task to use the new initiate_xauth job ↵Clavister OpenSource2012-03-201-4/+27
| | | | | | | | | | | | instead of the old MIGRATE method.
| | * IKEv1 XAuth: Added XAuthResp authentication modes.Clavister OpenSource2012-03-201-0/+10
| | |
| | * IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the ↵Clavister OpenSource2012-03-202-0/+14
| | | | | | | | | | | | queue for initiation.
| | * Use quiet generator when creating IKEv1 message hashes.Tobias Brunner2012-03-201-1/+1
| | | | | | | | | | | | | | | | | | This avoids cluttering the log with duplicate log messages when generating and especially confusing log messages when parsing authenticated messages.
| | * Respond with NO_PROPOSAL_CHOSEN, if we don't find an ike_cfg.Tobias Brunner2012-03-201-1/+4
| | |
| | * Don't respond to malformed INFORMATIONAL_V1 messages with another ↵Tobias Brunner2012-03-201-0/+6
| | | | | | | | | | | | INFORMATIONAL_V1 exchange.
| | * Handle invalid IKEv1 hashes more specifically.Tobias Brunner2012-03-201-1/+1
| | |
| | * Handle unsupported IKEv1 exchange types more specifically.Tobias Brunner2012-03-201-0/+5
| | |
| | * Send an INFORMATIONAL message on IKEv1 parse errors.Tobias Brunner2012-03-201-2/+90
| | |
| | * Handle INFORMATIONAL_V1 messages when no keys have been derived yet.Tobias Brunner2012-03-201-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | This allows to gracefully process the INFORMATIONAL_V1 message rules which require the payloads to be encrypted and thus the exchange to be authenticated with a HASH payload. If such an exchange is now initiated before the ISAKMP_SA is established, the message is simply sent unencrypted and without HASH payload.
| | * Error reporting for invalid IKEv2 responses fixed.Tobias Brunner2012-03-201-42/+39
| | |
| | * Set request flag to proper value for IKEv1 messages before parsing them.Tobias Brunner2012-03-201-0/+2
| | |
| | * Avoid parsing retransmits we already responded to.Tobias Brunner2012-03-201-33/+38
| | | | | | | | | | | | | | | | | | Decryption will fail as we already moved the IV when we sent the response. Without this change, encrypted retransmits would have been discarded during parsing already.
| | * Moved main part of message processing to task managers.Tobias Brunner2012-03-203-172/+225
| | | | | | | | | | | | | | | This will allow individual error handling for each IKE version and should allow better handling of IKEv1 retransmits.
| | * Addded ike_sa_t.set_statistic to set timestamps from task manager.Tobias Brunner2012-03-202-0/+18
| | |
| | * IKEv1 XAuth: Fix XAuth task so that it reinitiates.Clavister OpenSource2012-03-201-0/+4
| | |
| | * Revert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task ↵Clavister OpenSource2012-03-204-49/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | manager. When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place." This reverts commit c6c28f4ac522dd8afb457847bca79eee77f78706. Revert "IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange." This reverts commit 5529dc50477e25df9dd5f3c442bb1521c0baf225.
| | * IKEv1 XAuth: Fix main mode to work with XAuth PSK.Clavister OpenSource2012-03-201-2/+2
| | |
| | * Use a dedicated IKEv1 vendor ID task to fix using IKEv2 payloads in IKEv1Martin Willi2012-03-207-31/+224
| | |
| | * Pass concrete auth_method to key derivation, as we have that as a responderMartin Willi2012-03-203-9/+8
| | |
| | * Map auth_class to auth method and IKEv1 proposal attributeMartin Willi2012-03-202-0/+15
| | |
| | * Exchange IKEv1 ESP SA proposal informationMartin Willi2012-03-201-2/+66
| | |
| | * Exchange IKEv1 SA specific proposal data with SA payloadMartin Willi2012-03-201-13/+69
| | |
| | * Added not-yet used sa_payload parameters used in IKEv1Martin Willi2012-03-205-16/+18
| | |
| | * Added a get_rekey/reauth_time() jitter parameter to get time without ↵Martin Willi2012-03-201-2/+2
| | | | | | | | | | | | randomization
| | * IKEv1 XAuth: Changed the xauth_request task to use the new MIGRATE status.Clavister OpenSource2012-03-202-1/+4
| | |
| | * IKEv1 XAuth: Added new MIGRATE status type to status_t.Clavister OpenSource2012-03-201-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | When a task returns this status from a build or process method, it is a signal to the task manager that it should treat it as if the task returned SUCCESS. Additionally it will migrate all remaining tasks from the current queue to a different one, calling swap_initiator for each applicable task. Finally, the task manager will call "initiate", if applicable, to kick off tasks in the "queued_tasks" queue. Task queue relocation mapping: passive_tasks moves to queued_tasks (which is then fed to active by the initiate call). active_tasks moves to passive_tasks
| | * IKEv1 XAuth: Added new "swap_initiator" method to the standard task_t ↵Clavister OpenSource2012-03-202-0/+23
| | | | | | | | | | | | interface. This is needed for when we move a task from the passive queue to the active one. I'm not a huge fan of this method of doing things. Perhaps we should change task_t to have build_i, build_r, process_i, and process_r methods, and call the appropriate one from the task manager, since we have these methods for most tasks anyways.
| | * IKEv1 XAuth: XAuthInitPreShared working for XAuth initiator (Main Mode ↵Clavister OpenSource2012-03-201-15/+123
| | | | | | | | | | | | responder). Creates USER/PASS request, retrieves the result and sends status.
| | * IKEv1 XAuth: Added ability to initiate the XAuth transactions under a flag, ↵Clavister OpenSource2012-03-201-1/+5
| | | | | | | | | | | | default not to initiate XAuth.
| | * IKEv1 XAuth: Added ike_vendor task to the ID_PROT exchange type processing. ↵Clavister OpenSource2012-03-201-0/+3
| | | | | | | | | | | | We need to process vendor payloads to check to see if our peer understands XAuth before using any of these payload types.
| | * IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. ↵Clavister OpenSource2012-03-202-0/+18
| | | | | | | | | | | | This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange.
| | * IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager. ↵Clavister OpenSource2012-03-202-1/+31
| | | | | | | | | | | | When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place.
| | * Use quick mode task initiator flag instead of passing it as parameterMartin Willi2012-03-201-12/+10
| | |
| | * Add quick mode ID payloads only if establishing a non-host2host tunnelMartin Willi2012-03-201-7/+30
| | |
| | * Refactored traffic selector handling in quick modeMartin Willi2012-03-201-122/+143
| | |
| | * Refactored NONCE payload handling in quick modeMartin Willi2012-03-201-47/+48
| | |
| | * No need to build a HASH payload in XAUTH task.Tobias Brunner2012-03-201-30/+0
| | | | | | | | | | | | It gets added automatically when the message is generated.
| | * Create host-to-host traffic selectors if quick mode identities missingMartin Willi2012-03-201-3/+26
| | |
| | * Fixed task_manager_v1 compiler warningsMartin Willi2012-03-201-3/+4
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 16:34:32 +0000