[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)

7 files changed, 337 insertions, 13 deletions

diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 14e460eab..f8d62b3bc 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -1,13 +1,20 @@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS =-DIPSEC_PLUGINDIR=\"${plugindir}\"
+AM_CFLAGS = \
+-DIPSEC_PLUGINDIR=\"${plugindir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
 
-noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql thread_analysis
+noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql \
+	thread_analysis dh_speed pubkey_speed
 bin2array_SOURCES = bin2array.c
 bin2sql_SOURCES = bin2sql.c
 id2sql_SOURCES = id2sql.c
 key2keyid_SOURCES = key2keyid.c
 keyid2sql_SOURCES = keyid2sql.c
 thread_analysis_SOURCES = thread_analysis.c
+dh_speed_SOURCES = dh_speed.c
+pubkey_speed_SOURCES = pubkey_speed.c
 id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+dh_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
+pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 8a237e48c..9cd2baa88 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -33,7 +33,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 noinst_PROGRAMS = bin2array$(EXEEXT) bin2sql$(EXEEXT) id2sql$(EXEEXT) \
-	key2keyid$(EXEEXT) keyid2sql$(EXEEXT) thread_analysis$(EXEEXT)
+	key2keyid$(EXEEXT) keyid2sql$(EXEEXT) thread_analysis$(EXEEXT) \
+	dh_speed$(EXEEXT) pubkey_speed$(EXEEXT)
 subdir = scripts
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -49,6 +50,10 @@ bin2array_LDADD = $(LDADD)
 am_bin2sql_OBJECTS = bin2sql.$(OBJEXT)
 bin2sql_OBJECTS = $(am_bin2sql_OBJECTS)
 bin2sql_LDADD = $(LDADD)
+am_dh_speed_OBJECTS = dh_speed.$(OBJEXT)
+dh_speed_OBJECTS = $(am_dh_speed_OBJECTS)
+dh_speed_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la
 am_id2sql_OBJECTS = id2sql.$(OBJEXT)
 id2sql_OBJECTS = $(am_id2sql_OBJECTS)
 id2sql_DEPENDENCIES =  \
@@ -61,6 +66,10 @@ am_keyid2sql_OBJECTS = keyid2sql.$(OBJEXT)
 keyid2sql_OBJECTS = $(am_keyid2sql_OBJECTS)
 keyid2sql_DEPENDENCIES =  \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la
+am_pubkey_speed_OBJECTS = pubkey_speed.$(OBJEXT)
+pubkey_speed_OBJECTS = $(am_pubkey_speed_OBJECTS)
+pubkey_speed_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la
 am_thread_analysis_OBJECTS = thread_analysis.$(OBJEXT)
 thread_analysis_OBJECTS = $(am_thread_analysis_OBJECTS)
 thread_analysis_LDADD = $(LDADD)
@@ -76,11 +85,12 @@ CCLD = $(CC)
 LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
 	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
 	$(LDFLAGS) -o $@
-SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) $(id2sql_SOURCES) \
-	$(key2keyid_SOURCES) $(keyid2sql_SOURCES) \
-	$(thread_analysis_SOURCES)
-DIST_SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) \
+SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) $(dh_speed_SOURCES) \
 	$(id2sql_SOURCES) $(key2keyid_SOURCES) $(keyid2sql_SOURCES) \
+	$(pubkey_speed_SOURCES) $(thread_analysis_SOURCES)
+DIST_SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) \
+	$(dh_speed_SOURCES) $(id2sql_SOURCES) $(key2keyid_SOURCES) \
+	$(keyid2sql_SOURCES) $(pubkey_speed_SOURCES) \
 	$(thread_analysis_SOURCES)
 ETAGS = etags
 CTAGS = ctags
@@ -100,6 +110,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -122,6 +133,9 @@ LDFLAGS = @LDFLAGS@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -133,6 +147,7 @@ MAKEINFO = @MAKEINFO@
 MKDIR_P = @MKDIR_P@
 NM = @NM@
 NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
@@ -146,6 +161,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
@@ -206,6 +223,7 @@ oldincludedir = @oldincludedir@
 pdfdir = @pdfdir@
 piddir = @piddir@
 plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
@@ -217,21 +235,29 @@ srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS = -DIPSEC_PLUGINDIR=\"${plugindir}\"
+AM_CFLAGS = \
+-DIPSEC_PLUGINDIR=\"${plugindir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+
 bin2array_SOURCES = bin2array.c
 bin2sql_SOURCES = bin2sql.c
 id2sql_SOURCES = id2sql.c
 key2keyid_SOURCES = key2keyid.c
 keyid2sql_SOURCES = keyid2sql.c
 thread_analysis_SOURCES = thread_analysis.c
+dh_speed_SOURCES = dh_speed.c
+pubkey_speed_SOURCES = pubkey_speed.c
 id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+dh_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
+pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
 all: all-am
 
 .SUFFIXES:
@@ -240,8 +266,8 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
 	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
 	      exit 1;; \
 	  esac; \
 	done; \
@@ -278,6 +304,9 @@ bin2array$(EXEEXT): $(bin2array_OBJECTS) $(bin2array_DEPENDENCIES)
 bin2sql$(EXEEXT): $(bin2sql_OBJECTS) $(bin2sql_DEPENDENCIES) 
 	@rm -f bin2sql$(EXEEXT)
 	$(LINK) $(bin2sql_OBJECTS) $(bin2sql_LDADD) $(LIBS)
+dh_speed$(EXEEXT): $(dh_speed_OBJECTS) $(dh_speed_DEPENDENCIES) 
+	@rm -f dh_speed$(EXEEXT)
+	$(LINK) $(dh_speed_OBJECTS) $(dh_speed_LDADD) $(LIBS)
 id2sql$(EXEEXT): $(id2sql_OBJECTS) $(id2sql_DEPENDENCIES) 
 	@rm -f id2sql$(EXEEXT)
 	$(LINK) $(id2sql_OBJECTS) $(id2sql_LDADD) $(LIBS)
@@ -287,6 +316,9 @@ key2keyid$(EXEEXT): $(key2keyid_OBJECTS) $(key2keyid_DEPENDENCIES)
 keyid2sql$(EXEEXT): $(keyid2sql_OBJECTS) $(keyid2sql_DEPENDENCIES) 
 	@rm -f keyid2sql$(EXEEXT)
 	$(LINK) $(keyid2sql_OBJECTS) $(keyid2sql_LDADD) $(LIBS)
+pubkey_speed$(EXEEXT): $(pubkey_speed_OBJECTS) $(pubkey_speed_DEPENDENCIES) 
+	@rm -f pubkey_speed$(EXEEXT)
+	$(LINK) $(pubkey_speed_OBJECTS) $(pubkey_speed_LDADD) $(LIBS)
 thread_analysis$(EXEEXT): $(thread_analysis_OBJECTS) $(thread_analysis_DEPENDENCIES) 
 	@rm -f thread_analysis$(EXEEXT)
 	$(LINK) $(thread_analysis_OBJECTS) $(thread_analysis_LDADD) $(LIBS)
@@ -299,9 +331,11 @@ distclean-compile:
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bin2array.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bin2sql.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh_speed.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id2sql.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key2keyid.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyid2sql.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_speed.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/thread_analysis.Po@am__quote@
 
 .c.o:
@@ -336,7 +370,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	unique=`for i in $$list; do \
 	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
 	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
 	      END { if (nonempty) { for (i in files) print i; }; }'`; \
 	mkid -fID $$unique
 tags: TAGS
diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c
new file mode 100644
index 000000000..76dafe752
--- /dev/null
+++ b/scripts/dh_speed.c
@@ -0,0 +1,129 @@
+
+#include <stdio.h>
+#include <time.h>
+#include <library.h>
+#include <debug.h>
+#include <crypto/diffie_hellman.h>
+
+static void usage()
+{
+	printf("usage: dh_speed plugins rounds group1 [group2 [...]]\n");
+	exit(1);
+}
+
+struct {
+	char *name;
+	diffie_hellman_group_t group;
+} groups[] = {
+	{"modp768",		MODP_768_BIT},
+	{"modp1024",	MODP_1024_BIT},
+	{"modp1536",	MODP_1536_BIT},
+	{"modp2048",	MODP_2048_BIT},
+	{"modp3072",	MODP_3072_BIT},
+	{"modp4096",	MODP_4096_BIT},
+	{"modp6144",	MODP_6144_BIT},
+	{"modp8192",	MODP_8192_BIT},
+	{"ecp256",		ECP_256_BIT},
+	{"ecp384",		ECP_384_BIT},
+	{"ecp521",		ECP_521_BIT},
+	{"ecp192",		ECP_192_BIT},
+	{"ecp224",		ECP_224_BIT},
+};
+
+static void start_timing(struct timespec *start)
+{
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, start);
+}
+
+static double end_timing(struct timespec *start)
+{
+	struct timespec end;
+	
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
+	return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
+			(end.tv_sec - start->tv_sec) * 1.0;
+}
+
+static void run_test(diffie_hellman_group_t group, int rounds)
+{
+	diffie_hellman_t *l[rounds], *r;
+	chunk_t chunk;
+	struct timespec timing;
+	int round;
+	
+	r = lib->crypto->create_dh(lib->crypto, group);
+	if (!r)
+	{
+		printf("skipping %N, not supported\n",
+				diffie_hellman_group_names, group);
+		return;
+	}
+	
+	printf("%N:\t",
+			diffie_hellman_group_names, group);
+	
+	start_timing(&timing);
+	for (round = 0; round < rounds; round++)
+	{
+		l[round] = lib->crypto->create_dh(lib->crypto, group);
+	}
+	printf("A = g^a/s: %8.1f", rounds / end_timing(&timing));
+	
+	for (round = 0; round < rounds; round++)
+	{
+		l[round]->get_my_public_value(l[round], &chunk);
+		r->set_other_public_value(r, chunk);
+		chunk_free(&chunk);
+	}
+	
+	r->get_my_public_value(r, &chunk);
+	start_timing(&timing);
+	for (round = 0; round < rounds; round++)
+	{
+		l[round]->set_other_public_value(l[round], chunk);
+	}
+	printf(" | S = B^a/s: %8.1f\n", rounds / end_timing(&timing));
+	chunk_free(&chunk);
+	
+	for (round = 0; round < rounds; round++)
+	{
+		l[round]->destroy(l[round]);
+	}
+	r->destroy(r);
+}
+
+int main(int argc, char *argv[])
+{
+	int rounds, i, j;
+	
+	if (argc < 4)
+	{
+		usage();
+	}
+	
+	library_init(STRONGSWAN_CONF);
+	lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
+	atexit(library_deinit);
+	
+	rounds = atoi(argv[2]);
+	
+	for (i = 3; i < argc; i++)
+	{
+		bool found = FALSE;
+		
+		for (j = 0; j < countof(groups); j++)
+		{
+			if (streq(groups[j].name, argv[i]))
+			{
+				run_test(groups[j].group, rounds);
+				found = TRUE;
+			}
+		}
+		if (!found)
+		{
+			printf("group %s not found\n", argv[i]);
+		}
+	}
+	return 0;
+}
+
diff --git a/scripts/id2sql.c b/scripts/id2sql.c
index 3990e88da..5b0bd1d7d 100644
--- a/scripts/id2sql.c
+++ b/scripts/id2sql.c
@@ -1,6 +1,6 @@
 
 #include <stdio.h>
-#include <library.h>
+#include <utils/identification.h>
 
 /**
  * convert an identity to type and encoding
diff --git a/scripts/key2keyid.c b/scripts/key2keyid.c
index 80c342919..201670e43 100644
--- a/scripts/key2keyid.c
+++ b/scripts/key2keyid.c
@@ -2,6 +2,8 @@
 #include <stdio.h>
 #include <library.h>
 #include <debug.h>
+#include <credentials/keys/private_key.h>
+#include <credentials/keys/public_key.h>
 
 /**
  * print the keyids of a private or public key
diff --git a/scripts/keyid2sql.c b/scripts/keyid2sql.c
index f7d447a78..588bd7ac0 100644
--- a/scripts/keyid2sql.c
+++ b/scripts/keyid2sql.c
@@ -2,6 +2,10 @@
 #include <stdio.h>
 #include <library.h>
 #include <debug.h>
+#include <utils/identification.h>
+#include <credentials/keys/private_key.h>
+#include <credentials/keys/public_key.h>
+
 
 /**
  * print the keyids of a private or public key in sql format
diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c
new file mode 100644
index 000000000..86a4e105b
--- /dev/null
+++ b/scripts/pubkey_speed.c
@@ -0,0 +1,148 @@
+
+#include <stdio.h>
+#include <time.h>
+#include <library.h>
+#include <debug.h>
+#include <credentials/keys/private_key.h>
+#include <asn1/pem.h>
+
+void start_timing(struct timespec *start)
+{
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, start);
+}
+
+double end_timing(struct timespec *start)
+{
+	struct timespec end;
+	
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
+	return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
+			(end.tv_sec - start->tv_sec) * 1.0;
+}
+
+static void usage()
+{
+	printf("usage: pubkey_speed plugins rsa|ecdsa rounds\n");
+	exit(1);
+}
+
+static char data_buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07};
+
+int main(int argc, char *argv[])
+{
+	private_key_t *private;
+	public_key_t *public;
+	struct timespec timing;
+	int round, rounds, read;
+	char buf[8096], *pos = buf;
+	key_type_t type = KEY_ANY;
+	signature_scheme_t scheme = SIGN_UNKNOWN;
+	chunk_t keydata, *sigs, data = chunk_from_buf(data_buf);
+	
+	if (argc < 4)
+	{
+		usage();
+	}
+	
+	rounds = atoi(argv[3]);
+	
+	if (streq(argv[2], "rsa"))
+	{
+		type = KEY_RSA;
+		scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
+	}
+	else if (streq(argv[2], "ecdsa"))
+	{
+		type = KEY_ECDSA;
+	}
+	else
+	{
+		usage();
+	}
+	
+	library_init(STRONGSWAN_CONF);
+	lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
+	atexit(library_deinit);
+	
+	keydata = chunk_create(buf, 0);
+	while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin)))
+	{
+		pos += read;
+		keydata.len += read;
+	}
+	if (pem_to_bin(&keydata, chunk_empty, NULL) != SUCCESS)
+	{
+		printf("converting PEM private key failed.\n");
+		exit(1);
+	}
+	
+	private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+								 BUILD_BLOB_ASN1_DER, keydata, BUILD_END);
+	if (!private)
+	{
+		printf("parsing private key failed.\n");
+		exit(1);
+	}
+	if (type == KEY_ECDSA)
+	{
+		switch (private->get_keysize(private))
+		{
+			case 32:
+				scheme = SIGN_ECDSA_256; 
+				break;
+			case 48:
+				scheme = SIGN_ECDSA_384;
+				break;
+			case 66:
+				scheme = SIGN_ECDSA_521;
+				break;
+			default:
+				printf("%d bit ECDSA private key size not supported",
+						private->get_keysize(private) * 8);
+				exit(1);
+		}
+	}
+	
+	printf("%4d bit %N: ", private->get_keysize(private)*8,
+		key_type_names, type);
+	
+	sigs = malloc(sizeof(chunk_t) * rounds);
+	
+	start_timing(&timing);
+	for (round = 0; round < rounds; round++)
+	{
+		if (!private->sign(private, scheme, data, &sigs[round]))
+		{
+			printf("creating signature failed\n");
+			exit(1);
+		}
+	};
+	printf("sign()/s: %8.1f   ", rounds / end_timing(&timing));
+	
+	public = private->get_public_key(private);
+	if (!public)
+	{
+		printf("extracting public key failed\n");
+		exit(1);
+	}
+	start_timing(&timing);
+	for (round = 0; round < rounds; round++)
+	{
+		if (!public->verify(public, scheme, data, sigs[round]))
+		{
+			printf("signature verification failed\n");
+			exit(1);
+		}
+	}
+	printf("verify()/s: %8.1f\n", rounds / end_timing(&timing));
+	public->destroy(public);
+	private->destroy(private);
+	
+	for (round = 0; round < rounds; round++)
+	{
+		free(sigs[round].ptr);
+	}
+	free(sigs);
+	return 0;
+}
+