aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
| | * Cleaned up certreq payload for IKEv2/IKEv1 useMartin Willi2012-03-202-53/+52
| | |
| | * Reverted ike_cert tasks to IKEv2 only, we use dedicated IKEv1 tasksMartin Willi2012-03-202-497/+41
| | |
| | * Install SAs with UDP encapsulation during Quick Mode.Tobias Brunner2012-03-201-16/+9
| | |
| | * Fix support for plain RSA authentication in IKEv1, both as initiator and ↵Martin Willi2012-03-202-30/+39
| | | | | | | | | | | | responder
| | * Fix referencing of multiple CERTREQ payload with IKEv1, other cleanupsMartin Willi2012-03-201-60/+53
| | |
| | * Encode a single IP traffic selector as ID_IPV?_ADDRESS identityMartin Willi2012-03-201-3/+16
| | |
| | * Added missing break;s when converting ID_IP_ADDRESS types to ts, extracted ↵Martin Willi2012-03-201-10/+14
| | | | | | | | | | | | function
| | * Don't use unportable htobe64 macro directlyMartin Willi2012-03-201-1/+1
| | |
| | * XAUTH additions for certificates.Clavister OpenSource2012-03-201-6/+17
| | |
| | * signature payload handling.Clavister OpenSource2012-03-201-10/+188
| | |
| | * certificate tasks added to passive list for responderClavister OpenSource2012-03-201-0/+6
| | |
| | * certificate handling for XAuth responder.Clavister OpenSource2012-03-206-54/+572
| | |
| | * keymat: derive_ike_keys updated with XAUTH RSA:sClavister OpenSource2012-03-201-1/+7
| | |
| | * Setting transform number in esp proposal.Clavister OpenSource2012-03-201-1/+1
| | | | | | | | | | | | iPhone (racoon) fails quick mode when transform number is 0
| | * ID_IPV4_ADDR and ID_IPV6_ADDR cases added to get_tsClavister OpenSource2012-03-201-0/+18
| | |
| | * IKEv1: Added basic support for INFORMATIONAL exchange types, and for ↵Clavister OpenSource2012-03-204-12/+83
| | | | | | | | | | | | NOTIFY_V1 messages in the 3rd message in quick_mode.
| | * IKEv1 XAuth: Added changes to Makefile.am to compile the xauth_null plugin.Clavister OpenSource2012-03-201-0/+6
| | |
| | * Don't stop processing tasks if one returns SUCCESS.Tobias Brunner2012-03-201-3/+8
| | | | | | | | | | | | Only send a response if at least one of the tasks requires it.
| | * IKEv1 XAuth: Added a "NULL" XAuth plugin which sends a hardcoded user/pass, ↵Clavister OpenSource2012-03-207-17/+349
| | | | | | | | | | | | and blindly accepts whatever user/pass is sent it. Changed the xauth_request task to use this new plugin. Add --enable-xauth-null to your configure line to build with the new plugin.
| | * IKEv1 XAuth: Added plugin support for XAuth, which allows us to have plugins ↵Clavister OpenSource2012-03-209-0/+658
| | | | | | | | | | | | to talk to servers with different quirks for XAuth authentication.
| | * Add NAT-OA payloads during Quick Mode if transport mode is used.Tobias Brunner2012-03-201-2/+44
| | | | | | | | | | | | | | | We don't parse them currently, as the Linux kernel does not need them to fix the IP header checksum.
| | * Negotiate UDP encapsulation during Quick Mode if NAT is detected.Tobias Brunner2012-03-201-2/+14
| | |
| | * Task added for IKEv1 NAT detection.Tobias Brunner2012-03-207-4/+506
| | | | | | | | | | | | There is already support for both Main and Aggressive Mode.
| | * Create negotiated hasher earlier during Main Mode so it is available for ↵Tobias Brunner2012-03-201-0/+8
| | | | | | | | | | | | building NAT-D payloads.
| | * Added a function to keymat_v1 to create the hasher earlier than during key ↵Tobias Brunner2012-03-202-15/+48
| | | | | | | | | | | | | | | | | | derivation. The negotiated hasher is also used to generate NAT-D payloads.
| | * Message rules for IKEv1 NAT-T payloads added.Tobias Brunner2012-03-201-0/+17
| | |
| | * IKEv1 XAuth: Moving the state change to IKE_CONNECTED until after XAuth ↵Clavister OpenSource2012-03-203-23/+48
| | | | | | | | | | | | exchanges are complete.
| | * IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, ↵Clavister OpenSource2012-03-203-5/+8
| | | | | | | | | | | | signalling whether or not to call the task_manager->initiate method after queueing the task.
| | * Handle IKEv1 NAT-T vendor ID payload (only RFC 3947 for now).Tobias Brunner2012-03-202-1/+19
| | |
| | * Added payloads for IKEv1 NAT-Traversal negotiation.Tobias Brunner2012-03-208-17/+52
| | |
| | * IKEv1 XAuth: Clean up debug prints in xauth_request task.Clavister OpenSource2012-03-201-13/+0
| | |
| | * IKEv1 XAuth: Remove XAuth task from the passive task list for ID_PROT.Clavister OpenSource2012-03-201-2/+0
| | |
| | * Revert "IKEv1 XAuth: Added new MIGRATE status type to status_t."Clavister OpenSource2012-03-201-48/+0
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit b57df8310a867a0a65abf17279bf1b6e6bb2f5d3. Conflicts: src/libcharon/sa/task_manager_v1.c
| | * IKEv1 XAuth + CfgMode: Added ability to process CfgMode messages in the ↵Clavister OpenSource2012-03-201-76/+543
| | | | | | | | | | | | xauth task. Migrated away from using the MIGRATE method to switch queues.
| | * IKEv1 XAuth: Change the main_mode task to use the new initiate_xauth job ↵Clavister OpenSource2012-03-201-4/+27
| | | | | | | | | | | | instead of the old MIGRATE method.
| | * IKEv1 XAuth: Added XAuthResp authentication modes.Clavister OpenSource2012-03-201-0/+10
| | |
| | * IKEv1 XAuth: Added a job to call the initiate_xauth method of ike_sa after ↵Clavister OpenSource2012-03-203-0/+135
| | | | | | | | | | | | the completion of the current set of tasks is complete.
| | * IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the ↵Clavister OpenSource2012-03-202-0/+14
| | | | | | | | | | | | queue for initiation.
| | * Use quiet generator when creating IKEv1 message hashes.Tobias Brunner2012-03-201-1/+1
| | | | | | | | | | | | | | | | | | This avoids cluttering the log with duplicate log messages when generating and especially confusing log messages when parsing authenticated messages.
| | * Added an option to create a generator that does not log debug messages.Tobias Brunner2012-03-202-24/+96
| | |
| | * Respond with NO_PROPOSAL_CHOSEN, if we don't find an ike_cfg.Tobias Brunner2012-03-201-1/+4
| | |
| | * Don't respond to malformed INFORMATIONAL_V1 messages with another ↵Tobias Brunner2012-03-201-0/+6
| | | | | | | | | | | | INFORMATIONAL_V1 exchange.
| | * Handle invalid IKEv1 hashes more specifically.Tobias Brunner2012-03-203-2/+4
| | |
| | * Handle unsupported IKEv1 exchange types more specifically.Tobias Brunner2012-03-202-1/+6
| | |
| | * Send an INFORMATIONAL message on IKEv1 parse errors.Tobias Brunner2012-03-201-2/+90
| | |
| | * Handle INFORMATIONAL_V1 messages when no keys have been derived yet.Tobias Brunner2012-03-202-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | This allows to gracefully process the INFORMATIONAL_V1 message rules which require the payloads to be encrypted and thus the exchange to be authenticated with a HASH payload. If such an exchange is now initiated before the ISAKMP_SA is established, the message is simply sent unencrypted and without HASH payload.
| | * Error reporting for invalid IKEv2 responses fixed.Tobias Brunner2012-03-201-42/+39
| | |
| | * Set request flag to proper value for IKEv1 messages before parsing them.Tobias Brunner2012-03-201-0/+2
| | |
| | * Avoid parsing retransmits we already responded to.Tobias Brunner2012-03-201-33/+38
| | | | | | | | | | | | | | | | | | Decryption will fail as we already moved the IV when we sent the response. Without this change, encrypted retransmits would have been discarded during parsing already.
| | * Moved main part of message processing to task managers.Tobias Brunner2012-03-203-172/+225
| | | | | | | | | | | | | | | This will allow individual error handling for each IKE version and should allow better handling of IKEv1 retransmits.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-13 12:57:22 +0000