[svn-upgrade] new version strongswan (4.5.0)

7 files changed, 146 insertions, 148 deletions

diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index b03ff44a6..42a7d3747 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/lt~obsolete.m4 \
 	$(top_srcdir)/m4/macros/with.m4 \
 	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/m4/macros/add-plugin.m4 \
 	$(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 PTHREADLIB = @PTHREADLIB@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
+c_plugins = @c_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
 default_pkcs11 = @default_pkcs11@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
 ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
 lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
 mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
 mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
 oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
 pdfdir = @pdfdir@
 piddir = @piddir@
+pki_plugins = @pki_plugins@
 plugindir = @plugindir@
 pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
 routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
 sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index c1ab48899..c7b2739df 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -30,7 +30,7 @@ struct private_hmac_t {
 	/**
 	 * Public hmac_t interface.
 	 */
-	hmac_t hmac;
+	hmac_t public;
 
 	/**
 	 * Block size, as in RFC.
@@ -53,10 +53,8 @@ struct private_hmac_t {
 	chunk_t ipaded_key;
 };
 
-/**
- * Implementation of hmac_t.get_mac.
- */
-static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
+METHOD(hmac_t, get_mac, void,
+	private_hmac_t *this, chunk_t data, u_int8_t *out)
 {
 	/* H(K XOR opad, H(K XOR ipad, text))
 	 *
@@ -91,37 +89,31 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
 	}
 }
 
-/**
- * Implementation of hmac_t.allocate_mac.
- */
-static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out)
+METHOD(hmac_t, allocate_mac, void,
+	private_hmac_t *this, chunk_t data, chunk_t *out)
 {
 	/* allocate space and use get_mac */
 	if (out == NULL)
 	{
 		/* append mode */
-		this->hmac.get_mac(&(this->hmac), data, NULL);
+		get_mac(this, data, NULL);
 	}
 	else
 	{
 		out->len = this->h->get_hash_size(this->h);
 		out->ptr = malloc(out->len);
-		this->hmac.get_mac(&(this->hmac), data, out->ptr);
+		get_mac(this, data, out->ptr);
 	}
 }
 
-/**
- * Implementation of hmac_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_t *this)
+METHOD(hmac_t, get_block_size, size_t,
+	private_hmac_t *this)
 {
 	return this->h->get_hash_size(this->h);
 }
 
-/**
- * Implementation of hmac_t.set_key.
- */
-static void set_key(private_hmac_t *this, chunk_t key)
+METHOD(hmac_t, set_key, void,
+	private_hmac_t *this, chunk_t key)
 {
 	int i;
 	u_int8_t buffer[this->b];
@@ -151,10 +143,8 @@ static void set_key(private_hmac_t *this, chunk_t key)
 	this->h->get_hash(this->h, this->ipaded_key, NULL);
 }
 
-/**
- * Implementation of hmac_t.destroy.
- */
-static void destroy(private_hmac_t *this)
+METHOD(hmac_t, destroy, void,
+	private_hmac_t *this)
 {
 	this->h->destroy(this->h);
 	free(this->opaded_key.ptr);
@@ -167,14 +157,17 @@ static void destroy(private_hmac_t *this)
  */
 hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
 {
-	private_hmac_t *this = malloc_thing(private_hmac_t);
-
-	/* set hmac_t methods */
-	this->hmac.get_mac = (void (*)(hmac_t *,chunk_t,u_int8_t*))get_mac;
-	this->hmac.allocate_mac = (void (*)(hmac_t *,chunk_t,chunk_t*))allocate_mac;
-	this->hmac.get_block_size = (size_t (*)(hmac_t *))get_block_size;
-	this->hmac.set_key = (void (*)(hmac_t *,chunk_t))set_key;
-	this->hmac.destroy = (void (*)(hmac_t *))destroy;
+	private_hmac_t *this;
+
+	INIT(this,
+		.public = {
+			.get_mac = _get_mac,
+			.allocate_mac = _allocate_mac,
+			.get_block_size = _get_block_size,
+			.set_key = _set_key,
+			.destroy = _destroy,
+		},
+	);
 
 	/* set b, according to hasher */
 	switch (hash_algorithm)
@@ -193,7 +186,6 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
 			return NULL;
 	}
 
-	/* build the hasher */
 	this->h = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
 	if (this->h == NULL)
 	{
@@ -208,5 +200,5 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
 	this->ipaded_key.ptr = malloc(this->b);
 	this->ipaded_key.len = this->b;
 
-	return &(this->hmac);
+	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index e6b9f7a74..73df4dc6c 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -32,10 +32,8 @@ struct private_hmac_plugin_t {
 	hmac_plugin_t public;
 };
 
-/**
- * Implementation of hmac_plugin_t.hmactroy
- */
-static void destroy(private_hmac_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+	private_hmac_plugin_t *this)
 {
 	lib->crypto->remove_prf(lib->crypto,
 							(prf_constructor_t)hmac_prf_create);
@@ -49,9 +47,15 @@ static void destroy(private_hmac_plugin_t *this)
  */
 plugin_t *hmac_plugin_create()
 {
-	private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t);
+	private_hmac_plugin_t *this;
 
-	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+	INIT(this,
+		.public = {
+			.plugin = {
+				.destroy = _destroy,
+			},
+		},
+	);
 
 	lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256,
 						 (prf_constructor_t)hmac_prf_create);
@@ -72,12 +76,16 @@ plugin_t *hmac_plugin_create()
 							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128,
 							(signer_constructor_t)hmac_signer_create);
+	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256,
+							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
 							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128,
 							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192,
 							(signer_constructor_t)hmac_signer_create);
+	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384,
+							(signer_constructor_t)hmac_signer_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256,
 							(signer_constructor_t)hmac_signer_create);
 
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c
index cca6e9570..ca10612f9 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.c
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.c
@@ -36,51 +36,39 @@ struct private_hmac_prf_t {
 	hmac_t *hmac;
 };
 
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+METHOD(prf_t, get_bytes, void,
+	private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
 {
 	this->hmac->get_mac(this->hmac, seed, buffer);
 }
 
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+	private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
 	this->hmac->allocate_mac(this->hmac, seed, chunk);
 }
 
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+	private_hmac_prf_t *this)
 {
 	return this->hmac->get_block_size(this->hmac);
 }
 
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_hmac_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+	private_hmac_prf_t *this)
 {
 	/* for HMAC prfs, IKEv2 uses block size as key size */
 	return this->hmac->get_block_size(this->hmac);
 }
 
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_hmac_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+	private_hmac_prf_t *this, chunk_t key)
 {
 	this->hmac->set_key(this->hmac, key);
 }
 
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_hmac_prf_t *this)
+METHOD(prf_t, destroy, void,
+	private_hmac_prf_t *this)
 {
 	this->hmac->destroy(this->hmac);
 	free(this);
@@ -92,44 +80,47 @@ static void destroy(private_hmac_prf_t *this)
 hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo)
 {
 	private_hmac_prf_t *this;
-	hash_algorithm_t hash;
+	hmac_t *hmac;
 
 	switch (algo)
 	{
 		case PRF_HMAC_SHA1:
-			hash = HASH_SHA1;
+			hmac = hmac_create(HASH_SHA1);
 			break;
 		case PRF_HMAC_MD5:
-			hash = HASH_MD5;
+			hmac = hmac_create(HASH_MD5);
 			break;
 		case PRF_HMAC_SHA2_256:
-			hash = HASH_SHA256;
+			hmac = hmac_create(HASH_SHA256);
 			break;
 		case PRF_HMAC_SHA2_384:
-			hash = HASH_SHA384;
+			hmac = hmac_create(HASH_SHA384);
 			break;
 		case PRF_HMAC_SHA2_512:
-			hash = HASH_SHA512;
+			hmac = hmac_create(HASH_SHA512);
 			break;
 		default:
 			return NULL;
 	}
-
-	this = malloc_thing(private_hmac_prf_t);
-	this->hmac = hmac_create(hash);
-	if (this->hmac == NULL)
+	if (hmac == NULL)
 	{
-		free(this);
 		return NULL;
 	}
 
-	this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
-	this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
-	this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
-	this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
-	this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
-	this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
-
-	return &(this->public);
+	INIT(this,
+		.public = {
+			.prf = {
+				.get_bytes = _get_bytes,
+				.allocate_bytes = _allocate_bytes,
+				.get_block_size = _get_block_size,
+				.get_key_size = _get_key_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.hmac = hmac,
+	);
+
+	return &this->public;
 }
 
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h
index 975b456f5..29d7269ae 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.h
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.h
@@ -35,9 +35,9 @@ typedef struct hmac_prf_t hmac_prf_t;
 struct hmac_prf_t {
 
 	/**
-	 * Generic prf_t interface for this hmac_prf_t class.
+	 * Implements prf_t interface.
 	 */
-	prf_t prf_interface;
+	prf_t prf;
 };
 
 /**
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c
index f82a8f3a1..511a3e3a5 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.c
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.c
@@ -41,11 +41,8 @@ struct private_hmac_signer_t {
 	size_t block_size;
 };
 
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_hmac_signer_t *this,
-						  chunk_t data, u_int8_t *buffer)
+METHOD(signer_t, get_signature, void,
+	private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
 {
 	if (buffer == NULL)
 	{	/* append mode */
@@ -60,11 +57,8 @@ static void get_signature(private_hmac_signer_t *this,
 	}
 }
 
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_hmac_signer_t *this,
-								chunk_t data, chunk_t *chunk)
+METHOD(signer_t, allocate_signature, void,
+	private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
 {
 	if (chunk == NULL)
 	{	/* append mode */
@@ -83,11 +77,8 @@ static void allocate_signature (private_hmac_signer_t *this,
 	}
 }
 
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_hmac_signer_t *this,
-							 chunk_t data, chunk_t signature)
+METHOD(signer_t, verify_signature, bool,
+	private_hmac_signer_t *this, chunk_t data, chunk_t signature)
 {
 	u_int8_t mac[this->hmac->get_block_size(this->hmac)];
 
@@ -100,38 +91,29 @@ static bool verify_signature(private_hmac_signer_t *this,
 	return memeq(signature.ptr, mac, this->block_size);
 }
 
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_hmac_signer_t *this)
+METHOD(signer_t, get_key_size, size_t,
+	private_hmac_signer_t *this)
 {
 	return this->hmac->get_block_size(this->hmac);
 }
 
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_signer_t *this)
+METHOD(signer_t, get_block_size, size_t,
+	private_hmac_signer_t *this)
 {
 	return this->block_size;
 }
 
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_hmac_signer_t *this, chunk_t key)
+METHOD(signer_t, set_key, void,
+	private_hmac_signer_t *this, chunk_t key)
 {
 	this->hmac->set_key(this->hmac, key);
 }
 
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_hmac_signer_t *this)
+METHOD(signer_t, destroy, void,
+	private_hmac_signer_t *this)
 {
 	this->hmac->destroy(this->hmac);
 	free(this);
-	return SUCCESS;
 }
 
 /*
@@ -140,66 +122,76 @@ static status_t destroy(private_hmac_signer_t *this)
 hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
 {
 	private_hmac_signer_t *this;
+	hmac_t *hmac;
 	size_t trunc;
-	hash_algorithm_t hash;
 
 	switch (algo)
 	{
 		case AUTH_HMAC_SHA1_96:
-			hash = HASH_SHA1;
+			hmac = hmac_create(HASH_SHA1);
 			trunc = 12;
 			break;
 		case AUTH_HMAC_SHA1_128:
-			hash = HASH_SHA1;
+			hmac = hmac_create(HASH_SHA1);
 			trunc = 16;
 			break;
 		case AUTH_HMAC_SHA1_160:
-			hash = HASH_SHA1;
+			hmac = hmac_create(HASH_SHA1);
 			trunc = 20;
 			break;
 		case AUTH_HMAC_MD5_96:
-			hash = HASH_MD5;
+			hmac = hmac_create(HASH_MD5);
 			trunc = 12;
 			break;
 		case AUTH_HMAC_MD5_128:
-			hash = HASH_MD5;
+			hmac = hmac_create(HASH_MD5);
 			trunc = 16;
 			break;
 		case AUTH_HMAC_SHA2_256_128:
-			hash = HASH_SHA256;
+			hmac = hmac_create(HASH_SHA256);
 			trunc = 16;
 			break;
 		case AUTH_HMAC_SHA2_384_192:
-			hash = HASH_SHA384;
+			hmac = hmac_create(HASH_SHA384);
 			trunc = 24;
 			break;
 		case AUTH_HMAC_SHA2_512_256:
-			hash = HASH_SHA512;
+			hmac = hmac_create(HASH_SHA512);
 			trunc = 32;
 			break;
+		case AUTH_HMAC_SHA2_256_256:
+			hmac = hmac_create(HASH_SHA256);
+			trunc = 32;
+			break;
+		case AUTH_HMAC_SHA2_384_384:
+			hmac = hmac_create(HASH_SHA384);
+			trunc = 48;
+			break;
 		default:
 			return NULL;
 	}
 
-	this = malloc_thing(private_hmac_signer_t);
-	this->hmac = hmac_create(hash);
-	if (this->hmac == NULL)
+	if (hmac == NULL)
 	{
-		free(this);
 		return NULL;
 	}
-	/* prevent invalid truncation */
-	this->block_size = min(trunc, this->hmac->get_block_size(this->hmac));
-
-	/* interface functions */
-	this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
-	this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
-	this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
-	this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
-	this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
-	this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
-	this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
-
-	return &(this->public);
+
+	INIT(this,
+		.public = {
+			.signer = {
+				.get_signature = _get_signature,
+				.allocate_signature = _allocate_signature,
+				.verify_signature = _verify_signature,
+				.get_key_size = _get_key_size,
+				.get_block_size = _get_block_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.block_size = min(trunc, hmac->get_block_size(hmac)),
+		.hmac = hmac,
+	);
+
+	return &this->public;
 }
 
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h
index 0de93440c..5e798683b 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.h
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.h
@@ -34,9 +34,9 @@ typedef struct hmac_signer_t hmac_signer_t;
 struct hmac_signer_t {
 
 	/**
-	 * generic signer_t interface for this signer
+	 * Implements signer_t interface.
 	 */
-	signer_t signer_interface;
+	signer_t signer;
 };
 
 /**
@@ -44,8 +44,7 @@ struct hmac_signer_t {
  *
  * HMAC signatures are often truncated to shorten them to a more usable, but
  * still secure enough length.
- * Block size must be equal or smaller then the hash algorithms
- * hash.
+ * Block size must be equal or smaller then the hash algorithms hash.
  *
  * @param algo		algorithm to implement
  * @return			hmac_signer_t, NULL if  not supported