Imported Upstream version 4.6.4

author: Yves-Alexis Perez <corsac@corsac.net> 2012-06-28 21:16:07 +0200
committer: Yves-Alexis Perez <corsac@corsac.net> 2012-06-28 21:16:07 +0200
commit: b34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree: 62f33b52820f2e49f0e53c0f8c636312037c8054 /src/libstrongswan/plugins/pgp
parent: 0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
download: vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz
vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip
5 files changed, 105 insertions, 122 deletions
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 6be915f29..946424eee 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
 am__tar = @am__tar@
 am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
 host_os = @host_os@
 host_vendor = @host_vendor@
 htmldir = @htmldir@
+imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
 libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
 soup_CFLAGS = @soup_CFLAGS@
 soup_LIBS = @soup_LIBS@
 srcdir = @srcdir@
+starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index 440e70a18..361157742 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -152,7 +152,7 @@ static private_key_t *parse_private_key(chunk_t blob)
 	}
 	if (!pgp_read_scalar(&packet, 1, &version))
 	{
-		return FALSE;
+		return NULL;
 	}
 	switch (version)
 	{
@@ -166,7 +166,7 @@ static private_key_t *parse_private_key(chunk_t blob)
 			break;
 		default:
 			DBG1(DBG_LIB, "PGP packet version V%d not supported", version);
-			return FALSE;
+			return NULL;
 	}
 	if (!pgp_read_scalar(&packet, 4, &created))
 	{
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index 5b21b46d4..70a236855 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -74,35 +74,26 @@ struct private_pgp_cert_t {
 };
 
 
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_pgp_cert_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+	private_pgp_cert_t *this)
 {
 	return CERT_GPG;
 }
 
-/**
- * Implementation of certificate_t.get_subject
- */
-static identification_t* get_subject(private_pgp_cert_t *this)
+METHOD(certificate_t, get_subject,identification_t*,
+	private_pgp_cert_t *this)
 {
 	return this->user_id;
 }
 
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_pgp_cert_t *this)
+METHOD(certificate_t, get_issuer, identification_t*,
+	private_pgp_cert_t *this)
 {
 	return this->user_id;
 }
 
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_subject(private_pgp_cert_t *this,
-							  identification_t *subject)
+METHOD(certificate_t, has_subject, id_match_t,
+	private_pgp_cert_t *this, identification_t *subject)
 {
 	id_match_t match_user_id;
 
@@ -116,46 +107,36 @@ static id_match_t has_subject(private_pgp_cert_t *this,
 	return match_user_id;
 }
 
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_issuer(private_pgp_cert_t *this, identification_t *issuer)
+METHOD(certificate_t, has_issuer, id_match_t,
+	private_pgp_cert_t *this, identification_t *issuer)
 {
 	return ID_MATCH_NONE;
 }
 
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_pgp_cert_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by,bool,
+	private_pgp_cert_t *this, certificate_t *issuer)
 {
 	/* TODO: check signature blobs for a valid signature */
 	return FALSE;
 }
 
-/**
- * Implementation of certificate_t.get_public_key
- */
-static public_key_t* get_public_key(private_pgp_cert_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+	private_pgp_cert_t *this)
 {
 	this->key->get_ref(this->key);
 	return this->key;
 }
 
-/**
- * Implementation of certificate_t.get_ref
- */
-static private_pgp_cert_t* get_ref(private_pgp_cert_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+	private_pgp_cert_t *this)
 {
 	ref_get(&this->ref);
-	return this;
+	return &this->public.interface.interface;
 }
 
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_pgp_cert_t *this, time_t *when,
-						 time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+	private_pgp_cert_t *this, time_t *when, time_t *not_before,
+	time_t *not_after)
 {
 	time_t t, until;
 
@@ -187,11 +168,8 @@ static bool get_validity(private_pgp_cert_t *this, time_t *when,
 	return (t >= this->valid && t <= until);
 }
 
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type,
-						 chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+	private_pgp_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
 {
 	if (type == CERT_PGP_PKT)
 	{
@@ -202,10 +180,8 @@ static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type,
 						CRED_PART_PGP_CERT, this->encoding, CRED_PART_END);
 }
 
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_pgp_cert_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+	private_pgp_cert_t *this, certificate_t *other)
 {
 	chunk_t encoding;
 	bool equal;
@@ -231,10 +207,8 @@ static bool equals(private_pgp_cert_t *this, certificate_t *other)
 	return equal;
 }
 
-/**
- * Implementation of pgp_cert_t.destroy.
- */
-static void destroy(private_pgp_cert_t *this)
+METHOD(certificate_t, destroy, void,
+	private_pgp_cert_t *this)
 {
 	if (ref_put(&this->ref))
 	{
@@ -246,10 +220,8 @@ static void destroy(private_pgp_cert_t *this)
 	}
 }
 
-/**
- * Implementation of pgp_certificate_t.get_fingerprint.
- */
-static chunk_t get_fingerprint(private_pgp_cert_t *this)
+METHOD(pgp_certificate_t, get_fingerprint, chunk_t,
+	private_pgp_cert_t *this)
 {
 	return this->fingerprint;
 }
@@ -259,30 +231,30 @@ static chunk_t get_fingerprint(private_pgp_cert_t *this)
  */
 private_pgp_cert_t *create_empty()
 {
-	private_pgp_cert_t *this = malloc_thing(private_pgp_cert_t);
-
-	this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type;
-	this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject;
-	this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer;
-	this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject;
-	this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer;
-	this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
-	this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
-	this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
-	this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
-	this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
-	this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
-	this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
-	this->public.interface.get_fingerprint = (chunk_t (*)(pgp_certificate_t*))get_fingerprint;
-
-	this->key = NULL;
-	this->version = 0;
-	this->created = 0;
-	this->valid = 0;
-	this->user_id = NULL;
-	this->fingerprint = chunk_empty;
-	this->encoding = chunk_empty;
-	this->ref = 1;
+	private_pgp_cert_t *this;
+
+	INIT(this,
+		.public = {
+			.interface = {
+				.interface = {
+					.get_type = _get_type,
+					.get_subject = _get_subject,
+					.get_issuer = _get_issuer,
+					.has_subject = _has_subject,
+					.has_issuer = _has_issuer,
+					.issued_by = _issued_by,
+					.get_public_key = _get_public_key,
+					.get_validity = _get_validity,
+					.get_encoding = _get_encoding,
+					.equals = _equals,
+					.get_ref = _get_ref,
+					.destroy = _destroy,
+				},
+				.get_fingerprint = _get_fingerprint,
+			},
+		},
+		.ref = 1,
+	);
 
 	return this;
 }
@@ -314,18 +286,18 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
 			}
 			break;
 		default:
-			DBG1(DBG_LIB, "PGP packet version V%d not supported",
+			DBG1(DBG_ASN, "PGP packet version V%d not supported",
 				 this->version);
 			return FALSE;
 	}
 	if (this->valid)
 	{
-		DBG2(DBG_LIB, "L2 - created %T, valid %d days", &this->created, FALSE,
+		DBG2(DBG_ASN, "L2 - created %T, valid %d days", &this->created, FALSE,
 			 this->valid);
 	}
 	else
 	{
-		DBG2(DBG_LIB, "L2 - created %T, never expires", &this->created, FALSE);
+		DBG2(DBG_ASN, "L2 - created %T, never expires", &this->created, FALSE);
 	}
 	DESTROY_IF(this->key);
 	this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
@@ -346,13 +318,13 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
 		hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 		if (hasher == NULL)
 		{
-			DBG1(DBG_LIB, "no SHA-1 hasher available");
+			DBG1(DBG_ASN, "no SHA-1 hasher available");
 			return FALSE;
 		}
 		hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
 		hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
 		hasher->destroy(hasher);
-		DBG2(DBG_LIB, "L2 - v4 fingerprint %#B", &this->fingerprint);
+		DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint);
 	}
 	else
 	{
@@ -363,7 +335,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
 			return FALSE;
 		}
 		this->fingerprint = chunk_clone(this->fingerprint);
-		DBG2(DBG_LIB, "L2 - v3 fingerprint %#B", &this->fingerprint);
+		DBG2(DBG_ASN, "L2 - v3 fingerprint %#B", &this->fingerprint);
 	}
 	return TRUE;
 }
@@ -383,7 +355,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 	/* we parse only v3 or v4 signature packets */
 	if (version != 3 && version != 4)
 	{
-		DBG2(DBG_LIB, "L2 - v%d signature ignored", version);
+		DBG2(DBG_ASN, "L2 - v%d signature ignored", version);
 		return TRUE;
 	}
 	if (version == 4)
@@ -392,7 +364,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 		{
 			return FALSE;
 		}
-		DBG2(DBG_LIB, "L2 - v%d signature of type 0x%02x", version, type);
+		DBG2(DBG_ASN, "L2 - v%d signature of type 0x%02x", version, type);
 	}
 	else
 	{
@@ -405,7 +377,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 		{
 			return FALSE;
 		}
-		DBG2(DBG_LIB, "L2 - v3 signature of type 0x%02x, created %T", type,
+		DBG2(DBG_ASN, "L2 - v3 signature of type 0x%02x, created %T", type,
 			 &created, FALSE);
 	}
 	/* TODO: parse and save signature to a list */
@@ -419,7 +391,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
 {
 	DESTROY_IF(this->user_id);
 	this->user_id = identification_create_from_encoding(ID_KEY_ID, packet);
-	DBG2(DBG_LIB, "L2 - '%Y'", this->user_id);
+	DBG2(DBG_ASN, "L2 - '%Y'", this->user_id);
 	return TRUE;
 }
 
@@ -469,14 +441,14 @@ pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
 				if (!parse_signature(this, packet))
 				{
 					destroy(this);
-					return FALSE;
+					return NULL;
 				}
 				break;
 			case PGP_PKT_USER_ID:
 				if (!parse_user_id(this, packet))
 				{
 					destroy(this);
-					return FALSE;
+					return NULL;
 				}
 				break;
 			default:
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index 52e9d96b1..a2cf403dc 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -39,17 +39,30 @@ METHOD(plugin_t, get_name, char*,
 	return "pgp";
 }
 
-METHOD(plugin_t, destroy, void,
-	private_pgp_plugin_t *this)
+METHOD(plugin_t, get_features, int,
+	private_pgp_plugin_t *this, plugin_feature_t *features[])
 {
-	lib->creds->remove_builder(lib->creds,
-							(builder_function_t)pgp_public_key_load);
-	lib->creds->remove_builder(lib->creds,
-							(builder_function_t)pgp_private_key_load);
+	static plugin_feature_t f[] = {
+		PLUGIN_REGISTER(PRIVKEY, pgp_private_key_load, FALSE),
+			PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+		PLUGIN_REGISTER(PRIVKEY, pgp_private_key_load, FALSE),
+			PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
 
-	lib->creds->remove_builder(lib->creds,
-							(builder_function_t)pgp_cert_load);
+		PLUGIN_REGISTER(PUBKEY, pgp_public_key_load, FALSE),
+			PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+		PLUGIN_REGISTER(PUBKEY, pgp_public_key_load, FALSE),
+			PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+
+		PLUGIN_REGISTER(CERT_DECODE, pgp_cert_load, FALSE),
+			PLUGIN_PROVIDE(CERT_DECODE, CERT_GPG),
+	};
+	*features = f;
+	return countof(f);
+}
 
+METHOD(plugin_t, destroy, void,
+	private_pgp_plugin_t *this)
+{
 	lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode);
 
 	free(this);
@@ -66,21 +79,12 @@ plugin_t *pgp_plugin_create()
 		.public = {
 			.plugin = {
 				.get_name = _get_name,
-				.reload = (void*)return_false,
+				.get_features = _get_features,
 				.destroy = _destroy,
 			},
 		},
 	);
-	lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
-							(builder_function_t)pgp_public_key_load);
-	lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
-							(builder_function_t)pgp_public_key_load);
-	lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
-							(builder_function_t)pgp_private_key_load);
-	lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
-							(builder_function_t)pgp_private_key_load);
-	lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
-							(builder_function_t)pgp_cert_load);
+
 	lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
 
 	return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c
index 2d85cc0c8..7fd905ce4 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.c
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.c
@@ -79,7 +79,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar)
 
 	if (bytes > blob->len)
 	{
-		DBG1(DBG_LIB, "PGP data too short to read %d byte scalar", bytes);
+		DBG1(DBG_ASN, "PGP data too short to read %d byte scalar", bytes);
 		return FALSE;
 	}
 	while (bytes-- > 0)
@@ -100,13 +100,13 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi)
 
 	if (!pgp_read_scalar(blob, 2, &bits))
 	{
-		DBG1(DBG_LIB, "PGP data too short to read MPI length");
+		DBG1(DBG_ASN, "PGP data too short to read MPI length");
 		return FALSE;
 	}
 	bytes = (bits + 7) / 8;
 	if (bytes > blob->len)
 	{
-		DBG1(DBG_LIB, "PGP data too short to read %d byte MPI", bytes);
+		DBG1(DBG_ASN, "PGP data too short to read %d byte MPI", bytes);
 		return FALSE;
 	}
 	*mpi = chunk_create(blob->ptr, bytes);
@@ -146,7 +146,7 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
 
 	if (!blob->len)
 	{
-		DBG1(DBG_LIB, "missing input");
+		DBG1(DBG_ASN, "missing input");
 		return FALSE;
 	}
 	t = blob->ptr[0];
@@ -154,27 +154,27 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
 	/* bit 7 must be set */
 	if (!(t & 0x80))
 	{
-		DBG1(DBG_LIB, "invalid packet tag");
+		DBG1(DBG_ASN, "invalid packet tag");
 		return FALSE;
 	}
 	/* bit 6 set defines new packet format */
 	if (t & 0x40)
 	{
-		DBG1(DBG_LIB, "new PGP packet format not supported");
+		DBG1(DBG_ASN, "new PGP packet format not supported");
 		return FALSE;
 	}
 
 	t = (t & 0x3C) >> 2;
 	if (!pgp_old_packet_length(blob, &len) || len > blob->len)
 	{
-		DBG1(DBG_LIB, "invalid packet length");
+		DBG1(DBG_ASN, "invalid packet length");
 		return FALSE;
 	}
 	*data = chunk_create(blob->ptr, len);
 	*blob = chunk_skip(*blob, len);
 	*tag = t;
-	DBG2(DBG_LIB, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
-	DBG3(DBG_LIB, "%B", data);
+	DBG2(DBG_ASN, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
+	DBG3(DBG_ASN, "%B", data);
 	return TRUE;
 }
author	Yves-Alexis Perez <corsac@corsac.net>	2012-06-28 21:16:07 +0200
committer	Yves-Alexis Perez <corsac@corsac.net>	2012-06-28 21:16:07 +0200
commit	b34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree	62f33b52820f2e49f0e53c0f8c636312037c8054 /src/libstrongswan/plugins/pgp
parent	0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
download	vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip