tteras/strongswan - tteras' strongSwan tree

	Commit message (Collapse)	Author	Age	Files	Lines
...
\| \| *	IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the ↵	Clavister OpenSource	2012-03-20	2	-0/+14
\| \| \| \| \| \| \| \| \| \| \| \|	queue for initiation.
\| \| *	Use quiet generator when creating IKEv1 message hashes.	Tobias Brunner	2012-03-20	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This avoids cluttering the log with duplicate log messages when generating and especially confusing log messages when parsing authenticated messages.
\| \| *	Added an option to create a generator that does not log debug messages.	Tobias Brunner	2012-03-20	2	-24/+96
\| \| \|
\| \| *	Respond with NO_PROPOSAL_CHOSEN, if we don't find an ike_cfg.	Tobias Brunner	2012-03-20	1	-1/+4
\| \| \|
\| \| *	Don't respond to malformed INFORMATIONAL_V1 messages with another ↵	Tobias Brunner	2012-03-20	1	-0/+6
\| \| \| \| \| \| \| \| \| \| \| \|	INFORMATIONAL_V1 exchange.
\| \| *	Handle invalid IKEv1 hashes more specifically.	Tobias Brunner	2012-03-20	3	-2/+4
\| \| \|
\| \| *	Handle unsupported IKEv1 exchange types more specifically.	Tobias Brunner	2012-03-20	2	-1/+6
\| \| \|
\| \| *	Send an INFORMATIONAL message on IKEv1 parse errors.	Tobias Brunner	2012-03-20	1	-2/+90
\| \| \|
\| \| *	Handle INFORMATIONAL_V1 messages when no keys have been derived yet.	Tobias Brunner	2012-03-20	2	-2/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This allows to gracefully process the INFORMATIONAL_V1 message rules which require the payloads to be encrypted and thus the exchange to be authenticated with a HASH payload. If such an exchange is now initiated before the ISAKMP_SA is established, the message is simply sent unencrypted and without HASH payload.
\| \| *	Error reporting for invalid IKEv2 responses fixed.	Tobias Brunner	2012-03-20	1	-42/+39
\| \| \|
\| \| *	Set request flag to proper value for IKEv1 messages before parsing them.	Tobias Brunner	2012-03-20	1	-0/+2
\| \| \|
\| \| *	Avoid parsing retransmits we already responded to.	Tobias Brunner	2012-03-20	1	-33/+38
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Decryption will fail as we already moved the IV when we sent the response. Without this change, encrypted retransmits would have been discarded during parsing already.
\| \| *	Moved main part of message processing to task managers.	Tobias Brunner	2012-03-20	3	-172/+225
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This will allow individual error handling for each IKE version and should allow better handling of IKEv1 retransmits.
\| \| *	Addded ike_sa_t.set_statistic to set timestamps from task manager.	Tobias Brunner	2012-03-20	2	-0/+18
\| \| \|
\| \| *	Use proper enum types in proposal_substructure.	Tobias Brunner	2012-03-20	1	-2/+2
\| \| \|
\| \| *	IKEv1 XAuth: Fix XAuth task so that it reinitiates.	Clavister OpenSource	2012-03-20	1	-0/+4
\| \| \|
\| \| *	Revert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task ↵	Clavister OpenSource	2012-03-20	4	-49/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	manager. When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place." This reverts commit c6c28f4ac522dd8afb457847bca79eee77f78706. Revert "IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange." This reverts commit 5529dc50477e25df9dd5f3c442bb1521c0baf225.
\| \| *	IKEv1 XAuth: Fix main mode to work with XAuth PSK.	Clavister OpenSource	2012-03-20	1	-2/+2
\| \| \|
\| \| *	Use a dedicated IKEv1 vendor ID task to fix using IKEv2 payloads in IKEv1	Martin Willi	2012-03-20	8	-31/+225
\| \| \|
\| \| *	Pass concrete auth_method to key derivation, as we have that as a responder	Martin Willi	2012-03-20	3	-9/+8
\| \| \|
\| \| *	Map auth_class to auth method and IKEv1 proposal attribute	Martin Willi	2012-03-20	4	-2/+29
\| \| \|
\| \| *	Removed obsolete transform attribute setters	Martin Willi	2012-03-20	2	-92/+13
\| \| \|
\| \| *	Implemented IKEv1 attribute encoding in SA payload	Martin Willi	2012-03-20	5	-8/+247
\| \| \|
\| \| *	Implemented encoding of additional IKEv1 proposal attributes	Martin Willi	2012-03-20	5	-123/+173
\| \| \|
\| \| *	Exchange IKEv1 ESP SA proposal information	Martin Willi	2012-03-20	1	-2/+66
\| \| \|
\| \| *	Exchange IKEv1 SA specific proposal data with SA payload	Martin Willi	2012-03-20	1	-13/+69
\| \| \|
\| \| *	Added not-yet used sa_payload parameters used in IKEv1	Martin Willi	2012-03-20	7	-26/+188
\| \| \|
\| \| *	Added a get_rekey/reauth_time() jitter parameter to get time without ↵	Martin Willi	2012-03-20	3	-10/+12
\| \| \| \| \| \| \| \| \| \| \| \|	randomization
\| \| *	IKEv1 XAuth: Changed the xauth_request task to use the new MIGRATE status.	Clavister OpenSource	2012-03-20	2	-1/+4
\| \| \|
\| \| *	IKEv1 XAuth: Added new MIGRATE status type to status_t.	Clavister OpenSource	2012-03-20	1	-0/+48
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When a task returns this status from a build or process method, it is a signal to the task manager that it should treat it as if the task returned SUCCESS. Additionally it will migrate all remaining tasks from the current queue to a different one, calling swap_initiator for each applicable task. Finally, the task manager will call "initiate", if applicable, to kick off tasks in the "queued_tasks" queue. Task queue relocation mapping: passive_tasks moves to queued_tasks (which is then fed to active by the initiate call). active_tasks moves to passive_tasks
\| \| *	IKEv1 XAuth: Added new "swap_initiator" method to the standard task_t ↵	Clavister OpenSource	2012-03-20	2	-0/+23
\| \| \| \| \| \| \| \| \| \| \| \|	interface. This is needed for when we move a task from the passive queue to the active one. I'm not a huge fan of this method of doing things. Perhaps we should change task_t to have build_i, build_r, process_i, and process_r methods, and call the appropriate one from the task manager, since we have these methods for most tasks anyways.
\| \| *	IKEv1 XAuth: XAuthInitPreShared working for XAuth initiator (Main Mode ↵	Clavister OpenSource	2012-03-20	1	-15/+123
\| \| \| \| \| \| \| \| \| \| \| \|	responder). Creates USER/PASS request, retrieves the result and sends status.
\| \| *	IKEv1 XAuth: Added ability to initiate the XAuth transactions under a flag, ↵	Clavister OpenSource	2012-03-20	1	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \|	default not to initiate XAuth.
\| \| *	IKEv1 XAuth: Add XAUTH authentication types to the enum. Added the ability ↵	Clavister OpenSource	2012-03-20	1	-0/+17
\| \| \| \| \| \| \| \| \| \| \| \|	to switch between hardcoded PSK and XAUTH_INIT_PSK authentications using a flag, default to PSK.
\| \| *	IKEv1 ConfigMode: Fix configuration_attribute encoding rules for IKEv1 to ↵	Clavister OpenSource	2012-03-20	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	use the attribute type instead of the internal only payload type.
\| \| *	IKEv1 ConfigMode: Fixed cp_payload to use CONFIGURATION_ATTRIBUTE_V1 in all ↵	Clavister OpenSource	2012-03-20	3	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \|	appropriate places, so the parsing is done correctly.
\| \| *	IKEv1 XAuth: Added ike_vendor task to the ID_PROT exchange type processing. ↵	Clavister OpenSource	2012-03-20	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \|	We need to process vendor payloads to check to see if our peer understands XAuth before using any of these payload types.
\| \| *	IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. ↵	Clavister OpenSource	2012-03-20	2	-0/+18
\| \| \| \| \| \| \| \| \| \| \| \|	This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange.
\| \| *	IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task manager. ↵	Clavister OpenSource	2012-03-20	2	-1/+31
\| \| \| \| \| \| \| \| \| \| \| \|	When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place.
\| \| *	Use quick mode task initiator flag instead of passing it as parameter	Martin Willi	2012-03-20	1	-12/+10
\| \| \|
\| \| *	Add quick mode ID payloads only if establishing a non-host2host tunnel	Martin Willi	2012-03-20	1	-7/+30
\| \| \|
\| \| *	Refactored traffic selector handling in quick mode	Martin Willi	2012-03-20	1	-122/+143
\| \| \|
\| \| *	Refactored NONCE payload handling in quick mode	Martin Willi	2012-03-20	1	-47/+48
\| \| \|
\| \| *	No need to build a HASH payload in XAUTH task.	Tobias Brunner	2012-03-20	1	-30/+0
\| \| \| \| \| \| \| \| \| \| \| \|	It gets added automatically when the message is generated.
\| \| *	Create host-to-host traffic selectors if quick mode identities missing	Martin Willi	2012-03-20	1	-3/+26
\| \| \|
\| \| *	Removed redundant '=>' when logging binary data in parser and generator.	Tobias Brunner	2012-03-20	2	-6/+6
\| \| \|
\| \| *	Fixed encryption of IKEv2 messages.	Tobias Brunner	2012-03-20	1	-2/+2
\| \| \|
\| \| *	Print message payload names after prepending IKEv1 HASH payload	Martin Willi	2012-03-20	1	-2/+2
\| \| \|
\| \| *	Fixed task_manager_v1 compiler warnings	Martin Willi	2012-03-20	1	-3/+4
\| \| \|
\| \| *	Generate a new mid only after we start a new task (and exchange)	Martin Willi	2012-03-20	1	-3/+7
\| \| \|