summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/ike_auth.c
AgeCommit message (Collapse)Author
2000-08-03Merge with EOM 1.53Niklas Hallqvist
author: provos prevent isakmpd crashing when client gives an unknown ID in aggressive mode. bug report from James Winquist <winquist@mail.cybernet.com>
2000-06-20Merge with EOM 1.52Niklas Hallqvist
author: niklas Indentation, bad greek
2000-06-08Merge with EOM 1.51Niklas Hallqvist
author: angelos Don't add the callback at initialization time, we must set it before each invokation. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-04-07Merge with EOM 1.48Niklas Hallqvist
author: niklas Style and correct error reporting author: provos remove double free(buf), caused skeyid to point to skeyid_d when using USER_FQDN author: niklas More braindamage with USE_ macros
2000-02-28Merge with EOM 1.45Niklas Hallqvist
author: niklas I must have been on drugs. X509 is not preshared key.
2000-02-25regress/crypto/Makefile: Merge with EOM 1.5Niklas Hallqvist
regress/dh/Makefile: Merge with EOM 1.7 regress/group/Makefile: Merge with EOM 1.9 regress/prf/Makefile: Merge with EOM 1.4 regress/rsakeygen/Makefile: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.10 Makefile: Merge with EOM 1.62 attribute.c: Merge with EOM 1.10 sa.c: Merge with EOM 1.99 conf.c: Merge with EOM 1.20 crypto.c: Merge with EOM 1.28 isakmpd.c: Merge with EOM 1.45 connection.c: Merge with EOM 1.19 doi.h: Merge with EOM 1.28 field.c: Merge with EOM 1.11 exchange.c: Merge with EOM 1.116 ike_auth.c: Merge with EOM 1.44 pf_key_v2.c: Merge with EOM 1.37 ike_phase_1.c: Merge with EOM 1.22 ipsec.c: Merge with EOM 1.118 isakmp_doi.c: Merge with EOM 1.40 log.c: Merge with EOM 1.26 log.h: Merge with EOM 1.18 math_group.c: Merge with EOM 1.23 message.c: Merge with EOM 1.144 pf_encap.c: Merge with EOM 1.70 policy.c: Merge with EOM 1.18 timer.c: Merge with EOM 1.13 transport.c: Merge with EOM 1.41 udp.c: Merge with EOM 1.47 ui.c: Merge with EOM 1.37 x509.c: Merge with EOM 1.36 author: niklas Made debug logging a compile time selectable feature
2000-02-19cert.c: Merge with EOM 1.14Niklas Hallqvist
ike_auth.c: Merge with EOM 1.43 ike_phase_1.c: Merge with EOM 1.21 init.c: Merge with EOM 1.24 ipsec.c: Merge with EOM 1.117 isakmpd.c: Merge with EOM 1.44 math_group.c: Merge with EOM 1.22 author: niklas Copyright 2000 author: niklas Allow isakmpd builders to remove optional parts and save bytes.
2000-02-01apps/certpatch/certpatch.8: Merge with EOM 1.4Niklas Hallqvist
apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
1999-10-01Merge with EOM 1.40Niklas Hallqvist
author: angelos Allow for new versions of SSLeay author: angelos Remove evil experimental code, fix off-by-1 buffer allocation.
1999-09-29openssl readiness; various group membersTheo de Raadt
1999-08-26Merge with EOM 1.38Niklas Hallqvist
author: angelos When doing preshared key authentication, if the responder has the initiator's ID (as is the case in aggressive mode) and a shared key cannot be found for the initiator's address (as may be the case for a roaming laptop user), try to find the password under using as a lookup key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN (host.domain), or a User-FQDN (user@host.domain). This allows us to support roaming laptop users with preshared key authentication, using aggressive mode (sick). There is also a lot of experimental, insecure, and ifdef'd out code for fetching credentials and secret passphrases from a remote server if all else fails. Extremely experimental code. Don't use. You'll be blinded and your hair will fall if you even think about using it. You have been warned. author: angelos Complete policy work; tested for the shared-key case. Documentation needed. author: ho Compile without USE_LIBCRYPTO and HAVE_DLOPEN. author: niklas Missing dynamic link fixes author: niklas Add support for dynamic loading of optional facilities, libcrypto first.
1999-07-18samples/VPN-east.conf: Merge with EOM 1.7Niklas Hallqvist
samples/VPN-west.conf: Merge with EOM 1.7 samples/singlehost-west.conf: Merge with EOM 1.4 samples/singlehost-east.conf: Merge with EOM 1.4 README.PKI: Merge with EOM 1.3 ike_auth.c: Merge with EOM 1.33 isakmpd.conf.5: Merge with EOM 1.28 author: niklas Moving the PRIVKEY tag into the X509-certificates section, renaming it to Private-key. Also rename the keynote policy file.
1999-07-17regress/rsakeygen/Makefile: Merge with EOM 1.4Niklas Hallqvist
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
1999-07-07Merge with EOM 1.31Niklas Hallqvist
author: niklas indent
1999-05-02BUGS: Merge with EOM 1.31Niklas Hallqvist
doi.h: Merge with EOM 1.27 ike_auth.c: Merge with EOM 1.30 ike_quick_mode.c: Merge with EOM 1.85 ipsec.c: Merge with EOM 1.107 ipsec.h: Merge with EOM 1.36 isakmp_doi.c: Merge with EOM 1.39 author: niklas Factor out keyed hashing of all payloads with SKEYID_a, and make DOI hooks for informational exchanges to add such hashing. Use it from QM and the IKE authentication module too. Remove some bogus XXX comments. Add error reporting
1999-04-19./ike_auth.c: Merge with EOM 1.29Niklas Hallqvist
Accept multiple CERT payloads. Some style nits. Style. alloc error reporting. Math error propagation. Allocate right sizes. Memory alloc. error reporting 1999 copyrights
1999-03-24Merge with EOM 1.25Niklas Hallqvist
Only get the destination address when needed RSA fixes and optimiations from Ilya Tsindlekht, via Niels Provos
1999-02-26Merge from the Ericsson repositoryNiklas Hallqvist
| revision 1.23 | date: 1999/02/25 11:39:02; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
1998-12-21Last months worth of work on isakmpd, lots doneNiklas Hallqvist
1998-11-20Preshared key per IP-address, and in hex-format tooNiklas Hallqvist
1998-11-17Add RCS Ids from the EOM repositoryNiklas Hallqvist
1998-11-16Reinstate X509 signature code except for RSA codeNiklas Hallqvist
1998-11-15Remove last warnings after cripplingNiklas Hallqvist
1998-11-15Remove more cruftNiklas Hallqvist
1998-11-15cripple until laterNiklas Hallqvist
1998-11-15openBSD RCS IDsNiklas Hallqvist
1998-11-15Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for theNiklas Hallqvist
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.