Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | private-key: Add optional parameters argument to sign() method | Tobias Brunner | 2017-11-08 | 1 | -3/+4 |
| | |||||
* | public-key: Add optional parameters argument to verify() method | Tobias Brunner | 2017-11-08 | 1 | -3/+5 |
| | |||||
* | Change interface for enumerator_create_filter() callback | Tobias Brunner | 2017-05-26 | 1 | -17/+21 |
| | | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback. | ||||
* | gmp: Support of SHA-3 RSA signatures | Andreas Steffen | 2016-09-22 | 1 | -10/+10 |
| | |||||
* | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -3/+3 |
| | |||||
* | enum: Return boolean result for enum_from_name() lookup | Martin Willi | 2014-05-16 | 1 | -2/+2 |
| | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned. | ||||
* | tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers | Martin Willi | 2014-04-01 | 1 | -0/+3 |
| | |||||
* | tls: Export a function to list supported TLS cipher suites | Martin Willi | 2014-04-01 | 1 | -18/+57 |
| | |||||
* | tls: Fix some TLS cipher suite enum names | Martin Willi | 2014-03-31 | 1 | -3/+3 |
| | | | | | It is important to have them mapped correctly, as we use these official TLS identifiers to configure specific TLS suites. | ||||
* | tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD found | Martin Willi | 2014-03-31 | 1 | -19/+52 |
| | |||||
* | tls: Offer TLS signature schemes in ClientHello in order of preference | Martin Willi | 2014-03-31 | 1 | -90/+59 |
| | | | | | Additionally, we now query plugin features to find out what schemes we exactly support. | ||||
* | tls: Define AES-GCM cipher suites from RFC 5288/5289 | Martin Willi | 2014-03-31 | 1 | -0/+54 |
| | |||||
* | tls: Implement the TLS AEAD abstraction for real AEAD modes | Martin Willi | 2014-03-31 | 1 | -7/+34 |
| | |||||
* | tls: Separate TLS protection to abstracted AEAD modes | Martin Willi | 2014-03-31 | 1 | -122/+105 |
| | | | | | | To better separate the code path for different TLS versions and modes of operation, we introduce a TLS AEAD abstraction. We provide three implementations using traditional transforms, and get prepared for TLS AEAD modes. | ||||
* | libtls: Move settings to <ns>.tls with fallback to libtls | Tobias Brunner | 2014-02-12 | 1 | -4/+8 |
| | |||||
* | Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms) | Tobias Brunner | 2012-11-28 | 1 | -0/+1 |
| | |||||
* | Moved debug.[ch] to utils folder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | |||||
* | Added missing break when building TLS cipher suites | Tobias Brunner | 2012-09-28 | 1 | -0/+1 |
| | |||||
* | Don't allow NULL encryption with PEAP | Martin Willi | 2012-09-12 | 1 | -1/+3 |
| | |||||
* | Add a return value to hasher_t.allocate_hash() | Martin Willi | 2012-07-16 | 1 | -2/+2 |
| | |||||
* | Add a return value to hasher_t.get_hash() | Martin Willi | 2012-07-16 | 1 | -4/+4 |
| | |||||
* | Add a return value to crypter_t.set_key() | Martin Willi | 2012-07-16 | 1 | -4/+10 |
| | |||||
* | Add a return value to tls_prf_t.set_key() | Martin Willi | 2012-07-16 | 1 | -6/+7 |
| | |||||
* | Add a return value to tls_prf_t.get_bytes() | Martin Willi | 2012-07-16 | 1 | -10/+26 |
| | |||||
* | Add a return value to signer_t.set_key() | Martin Willi | 2012-07-16 | 1 | -4/+10 |
| | |||||
* | Add a return value to tls_crypto_t.derive_secrets() | Martin Willi | 2012-07-16 | 1 | -4/+8 |
| | |||||
* | Double check if a cached suite is available, overwrite any old suite state | Martin Willi | 2012-02-07 | 1 | -2/+3 |
| | |||||
* | Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion | Martin Willi | 2012-02-07 | 1 | -0/+1 |
| | |||||
* | Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same | Martin Willi | 2012-02-07 | 1 | -4/+4 |
| | |||||
* | Implemented TLS session resumption both as client and as server | Martin Willi | 2011-12-31 | 1 | -23/+81 |
| | |||||
* | In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash ↵ | Martin Willi | 2011-12-24 | 1 | -20/+20 |
| | | | | function | ||||
* | Fixed common misspellings. | Tobias Brunner | 2011-07-20 | 1 | -1/+1 |
| | | | | Mostly found by 'codespell'. | ||||
* | renamed tls_reader|writer to bio_* and moved to libstrongswan | Andreas Steffen | 2011-05-31 | 1 | -9/+9 |
| | |||||
* | Revert alloc_str changes | Martin Willi | 2011-04-21 | 1 | -8/+4 |
| | | | | | | This reverts commit fdead26ffe1da8501a6ff5e0639a6f44c723e763. This reverts commit 3e2419ebe32de72d824864eb2e0e677a7c197af1. This reverts commit 17ce69b47a1efd6234960cf7d1f50712aee61db5. | ||||
* | Use thread save settings alloc_str function where appropriate | Martin Willi | 2011-04-21 | 1 | -4/+8 |
| | |||||
* | added TLS_PURPOSE_EAP_PEAP | Andreas Steffen | 2011-04-05 | 1 | -0/+1 |
| | |||||
* | cast enumerated algorithm type as int | Andreas Steffen | 2010-12-18 | 1 | -3/+4 |
| | |||||
* | trace back crypto algorithms to the plugins that registered them | Andreas Steffen | 2010-12-18 | 1 | -2/+5 |
| | |||||
* | handle TLS_PURPOSE_EAP_TNC | Andreas Steffen | 2010-09-08 | 1 | -0/+2 |
| | |||||
* | Added TLS specific EC point formats | Martin Willi | 2010-09-06 | 1 | -0/+7 |
| | |||||
* | Renamed ecp_format to ansi_format, as point formats in TLS use different ↵ | Martin Willi | 2010-09-06 | 1 | -1/+1 |
| | | | | identifiers | ||||
* | Added strongswan.conf option to filter for specific TLS suites | Martin Willi | 2010-09-06 | 1 | -0/+32 |
| | |||||
* | Added strongswan.conf options to filter cipher suites by specific algorithms | Martin Willi | 2010-09-06 | 1 | -0/+173 |
| | |||||
* | Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | Martin Willi | 2010-09-06 | 1 | -1/+1 |
| | |||||
* | Prepend point format to ECDH public key | Martin Willi | 2010-09-06 | 1 | -0/+8 |
| | |||||
* | Do not propose (EC)DHE suites if we do not support them | Martin Willi | 2010-09-03 | 1 | -1/+5 |
| | |||||
* | Offer only algorithms/suites we have a registered public key backend for | Martin Willi | 2010-09-03 | 1 | -3/+68 |
| | |||||
* | Fixed key type of ECDHE_RSA groups | Martin Willi | 2010-09-03 | 1 | -4/+4 |
| | |||||
* | Use a dynamic curve enumerator to list/convert TLS named curves | Martin Willi | 2010-09-03 | 1 | -11/+47 |
| | |||||
* | Add ECDHE enabled cipher suites, including ECDSA variants | Martin Willi | 2010-09-03 | 1 | -0/+60 |
| |