[svn-upgrade] new version strongswan (4.5.0)

7 files changed, 154 insertions, 150 deletions

diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 69bba8d6f..e82e5246f 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/lt~obsolete.m4 \
 	$(top_srcdir)/m4/macros/with.m4 \
 	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/m4/macros/add-plugin.m4 \
 	$(top_srcdir)/configure.in
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 PTHREADLIB = @PTHREADLIB@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
 build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
+c_plugins = @c_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
 default_pkcs11 = @default_pkcs11@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
 host = @host@
 host_alias = @host_alias@
 host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
 ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
 lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
 mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
 mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
 oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
 pdfdir = @pdfdir@
 piddir = @piddir@
+pki_plugins = @pki_plugins@
 plugindir = @plugindir@
 pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
 routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
 sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index b9f03eeac..be18d92b8 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -27,10 +27,11 @@ typedef struct private_xcbc_t private_xcbc_t;
  * The variable names are the same as in the RFC.
  */
 struct private_xcbc_t {
+
 	/**
 	 * Public xcbc_t interface.
 	 */
-	xcbc_t xcbc;
+	xcbc_t public;
 
 	/**
 	 * Block size, in bytes
@@ -135,9 +136,9 @@ static void final(private_xcbc_t *this, u_int8_t *out)
 	if (this->remaining_bytes == this->b && !this->zero)
 	{
 		/* a) If the blocksize of M[n] is 128 bits:
-         *    XOR M[n] with E[n-1] and Key K2, then encrypt the result with
-         *    Key K1, yielding E[n].
-         */
+		 *    XOR M[n] with E[n-1] and Key K2, then encrypt the result with
+		 *    Key K1, yielding E[n].
+		 */
 		memxor(this->e, this->remaining, this->b);
 		memxor(this->e, this->k2, this->b);
 		this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
@@ -147,20 +148,20 @@ static void final(private_xcbc_t *this, u_int8_t *out)
 		/* b) If the blocksize of M[n] is less than 128 bits:
 		 *
 		 *  i) Pad M[n] with a single "1" bit, followed by the number of
-         *     "0" bits (possibly none) required to increase M[n]'s
-         *     blocksize to 128 bits.
-         */
-        if (this->remaining_bytes < this->b)
-        {
-		    this->remaining[this->remaining_bytes] = 0x80;
-		    while (++this->remaining_bytes < this->b)
-		    {
-			    this->remaining[this->remaining_bytes] = 0x00;
-		    }
-        }
-        /*  ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result
-         *      with Key K1, yielding E[n].
-         */
+		 *     "0" bits (possibly none) required to increase M[n]'s
+		 *     blocksize to 128 bits.
+		 */
+		if (this->remaining_bytes < this->b)
+		{
+			this->remaining[this->remaining_bytes] = 0x80;
+			while (++this->remaining_bytes < this->b)
+			{
+				this->remaining[this->remaining_bytes] = 0x00;
+			}
+		}
+		/*  ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result
+		 *      with Key K1, yielding E[n].
+		 */
 		memxor(this->e, this->remaining, this->b);
 		memxor(this->e, this->k3, this->b);
 		this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
@@ -174,10 +175,8 @@ static void final(private_xcbc_t *this, u_int8_t *out)
 	this->zero = TRUE;
 }
 
-/**
- * Implementation of xcbc_t.get_mac.
- */
-static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out)
+METHOD(xcbc_t, get_mac, void,
+	private_xcbc_t *this, chunk_t data, u_int8_t *out)
 {
 	/* update E, do not process last block */
 	update(this, data);
@@ -188,18 +187,14 @@ static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out)
 	}
 }
 
-/**
- * Implementation of xcbc_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_t *this)
+METHOD(xcbc_t, get_block_size, size_t,
+	private_xcbc_t *this)
 {
 	return this->b;
 }
 
-/**
- * Implementation of xcbc_t.set_key.
- */
-static void set_key(private_xcbc_t *this, chunk_t key)
+METHOD(xcbc_t, set_key, void,
+	private_xcbc_t *this, chunk_t key)
 {
 	chunk_t iv, k1, lengthened;
 
@@ -228,11 +223,11 @@ static void set_key(private_xcbc_t *this, chunk_t key)
 
 	/*
 	 * (1) Derive 3 128-bit keys (K1, K2 and K3) from the 128-bit secret
-     *     key K, as follows:
-     *     K1 = 0x01010101010101010101010101010101 encrypted with Key K
-     *     K2 = 0x02020202020202020202020202020202 encrypted with Key K
-     *     K3 = 0x03030303030303030303030303030303 encrypted with Key K
-     */
+	 *     key K, as follows:
+	 *     K1 = 0x01010101010101010101010101010101 encrypted with Key K
+	 *     K2 = 0x02020202020202020202020202020202 encrypted with Key K
+	 *     K3 = 0x03030303030303030303030303030303 encrypted with Key K
+	 */
 	this->k1->set_key(this->k1, lengthened);
 	memset(this->k2, 0x02, this->b);
 	this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL);
@@ -243,10 +238,8 @@ static void set_key(private_xcbc_t *this, chunk_t key)
 	this->k1->set_key(this->k1, k1);
 }
 
-/**
- * Implementation of xcbc_t.destroy.
- */
-static void destroy(private_xcbc_t *this)
+METHOD(xcbc_t, destroy, void,
+	private_xcbc_t *this)
 {
 	this->k1->destroy(this->k1);
 	free(this->k2);
@@ -263,35 +256,38 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
 {
 	private_xcbc_t *this;
 	crypter_t *crypter;
+	u_int8_t b;
 
 	crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
 	if (!crypter)
 	{
 		return NULL;
 	}
+	b = crypter->get_block_size(crypter);
 	/* input and output of crypter must be equal for xcbc */
-	if (crypter->get_block_size(crypter) != key_size)
+	if (b != key_size)
 	{
 		crypter->destroy(crypter);
 		return NULL;
 	}
 
-	this = malloc_thing(private_xcbc_t);
-	this->xcbc.get_mac = (void (*)(xcbc_t *,chunk_t,u_int8_t*))get_mac;
-	this->xcbc.get_block_size = (size_t (*)(xcbc_t *))get_block_size;
-	this->xcbc.set_key = (void (*)(xcbc_t *,chunk_t))set_key;
-	this->xcbc.destroy = (void (*)(xcbc_t *))destroy;
-
-	this->b = crypter->get_block_size(crypter);
-	this->k1 = crypter;
-	this->k2 = malloc(this->b);
-	this->k3 = malloc(this->b);
-	this->e = malloc(this->b);
-	memset(this->e, 0, this->b);
-	this->remaining = malloc(this->b);
-	this->remaining_bytes = 0;
-	this->zero = TRUE;
-
-	return &this->xcbc;
+	INIT(this,
+		.public = {
+			.get_mac = _get_mac,
+			.get_block_size = _get_block_size,
+			.set_key = _set_key,
+			.destroy = _destroy,
+		},
+		.b = b,
+		.k1 = crypter,
+		.k2 = malloc(b),
+		.k3 = malloc(b),
+		.e = malloc(b),
+		.remaining = malloc(b),
+		.zero = TRUE,
+	);
+	memset(this->e, 0, b);
+
+	return &this->public;
 }
 
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 9d903bfaa..88156f383 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -32,15 +32,13 @@ struct private_xcbc_plugin_t {
 	xcbc_plugin_t public;
 };
 
-/**
- * Implementation of xcbc_plugin_t.xcbctroy
- */
-static void destroy(private_xcbc_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+	private_xcbc_plugin_t *this)
 {
 	lib->crypto->remove_prf(lib->crypto,
-							(prf_constructor_t)xcbc_prf_create);
+					(prf_constructor_t)xcbc_prf_create);
 	lib->crypto->remove_signer(lib->crypto,
-							   (signer_constructor_t)xcbc_signer_create);
+					(signer_constructor_t)xcbc_signer_create);
 	free(this);
 }
 
@@ -49,14 +47,24 @@ static void destroy(private_xcbc_plugin_t *this)
  */
 plugin_t *xcbc_plugin_create()
 {
-	private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t);
+	private_xcbc_plugin_t *this;
 
-	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+	INIT(this,
+		.public = {
+			.plugin = {
+				.destroy = _destroy,
+			},
+		},
+	);
 
 	lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC,
-						 (prf_constructor_t)xcbc_prf_create);
+					(prf_constructor_t)xcbc_prf_create);
+	lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC,
+					(prf_constructor_t)xcbc_prf_create);
 	lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96,
-							(signer_constructor_t)xcbc_signer_create);
+					(signer_constructor_t)xcbc_signer_create);
+	lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96,
+					(signer_constructor_t)xcbc_signer_create);
 
 	return &this->public.plugin;
 }
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
index 2459dc616..ac9e1fda0 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
@@ -35,18 +35,14 @@ struct private_xcbc_prf_t {
 	xcbc_t *xcbc;
 };
 
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
+METHOD(prf_t, get_bytes, void,
+	private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
 {
 	this->xcbc->get_mac(this->xcbc, seed, buffer);
 }
 
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+	private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
 	if (chunk)
 	{
@@ -59,35 +55,27 @@ static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chun
 	}
 }
 
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+	private_xcbc_prf_t *this)
 {
 	return this->xcbc->get_block_size(this->xcbc);
 }
 
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_xcbc_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+	private_xcbc_prf_t *this)
 {
 	/* in xcbc, block and key size are always equal */
 	return this->xcbc->get_block_size(this->xcbc);
 }
 
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_xcbc_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+	private_xcbc_prf_t *this, chunk_t key)
 {
 	this->xcbc->set_key(this->xcbc, key);
 }
 
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_xcbc_prf_t *this)
+METHOD(prf_t, destroy, void,
+	private_xcbc_prf_t *this)
 {
 	this->xcbc->destroy(this->xcbc);
 	free(this);
@@ -106,6 +94,9 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
 		case PRF_AES128_XCBC:
 			xcbc = xcbc_create(ENCR_AES_CBC, 16);
 			break;
+		case PRF_CAMELLIA128_XCBC:
+			xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+			break;
 		default:
 			return NULL;
 	}
@@ -114,15 +105,19 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
 		return NULL;
 	}
 
-	this = malloc_thing(private_xcbc_prf_t);
-	this->xcbc = xcbc;
-
-	this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
-	this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
-	this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
-	this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
-	this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
-	this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
+	INIT(this,
+		.public = {
+			.prf = {
+				.get_bytes = _get_bytes,
+				.allocate_bytes = _allocate_bytes,
+				.get_block_size = _get_block_size,
+				.get_key_size = _get_key_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.xcbc = xcbc,
+	);
 
 	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
index d2db9af41..294a853b4 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
@@ -34,9 +34,9 @@ typedef struct xcbc_prf_t xcbc_prf_t;
 struct xcbc_prf_t {
 
 	/**
-	 * Generic prf_t interface for this xcbc_prf_t class.
+	 * Implements prf_t interface.
 	 */
-	prf_t prf_interface;
+	prf_t prf;
 };
 
 /**
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
index 1c98d39d7..ece592323 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
@@ -41,11 +41,8 @@ struct private_xcbc_signer_t {
 	size_t block_size;
 };
 
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_xcbc_signer_t *this,
-						  chunk_t data, u_int8_t *buffer)
+METHOD(signer_t, get_signature, void,
+	private_xcbc_signer_t *this, chunk_t data, u_int8_t *buffer)
 {
 	if (buffer == NULL)
 	{	/* append mode */
@@ -60,11 +57,8 @@ static void get_signature(private_xcbc_signer_t *this,
 	}
 }
 
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_xcbc_signer_t *this,
-								chunk_t data, chunk_t *chunk)
+METHOD(signer_t, allocate_signature, void,
+	private_xcbc_signer_t *this, chunk_t data, chunk_t *chunk)
 {
 	if (chunk == NULL)
 	{	/* append mode */
@@ -83,11 +77,8 @@ static void allocate_signature (private_xcbc_signer_t *this,
 	}
 }
 
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_xcbc_signer_t *this,
-							 chunk_t data, chunk_t signature)
+METHOD(signer_t, verify_signature, bool,
+	private_xcbc_signer_t *this, chunk_t data, chunk_t signature)
 {
 	u_int8_t mac[this->xcbc->get_block_size(this->xcbc)];
 
@@ -100,38 +91,29 @@ static bool verify_signature(private_xcbc_signer_t *this,
 	return memeq(signature.ptr, mac, this->block_size);
 }
 
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_xcbc_signer_t *this)
+METHOD(signer_t, get_key_size, size_t,
+	private_xcbc_signer_t *this)
 {
 	return this->xcbc->get_block_size(this->xcbc);
 }
 
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_signer_t *this)
+METHOD(signer_t, get_block_size, size_t,
+	private_xcbc_signer_t *this)
 {
 	return this->block_size;
 }
 
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_xcbc_signer_t *this, chunk_t key)
+METHOD(signer_t, set_key, void,
+	private_xcbc_signer_t *this, chunk_t key)
 {
 	this->xcbc->set_key(this->xcbc, key);
 }
 
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_xcbc_signer_t *this)
+METHOD(signer_t, destroy, void,
+	private_xcbc_signer_t *this)
 {
 	this->xcbc->destroy(this->xcbc);
 	free(this);
-	return SUCCESS;
 }
 
 /*
@@ -149,6 +131,10 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
 			xcbc = xcbc_create(ENCR_AES_CBC, 16);
 			trunc = 12;
 			break;
+		case AUTH_CAMELLIA_XCBC_96:
+			xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+			trunc = 12;
+			break;
 		default:
 			return NULL;
 	}
@@ -157,18 +143,21 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
 		return NULL;
 	}
 
-	this = malloc_thing(private_xcbc_signer_t);
-	this->xcbc = xcbc;
-	this->block_size = min(trunc, xcbc->get_block_size(xcbc));
-
-	/* interface functions */
-	this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
-	this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
-	this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
-	this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
-	this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
-	this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
-	this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
+	INIT(this,
+		.public = {
+			.signer = {
+				.get_signature = _get_signature,
+				.allocate_signature = _allocate_signature,
+				.verify_signature = _verify_signature,
+				.get_key_size = _get_key_size,
+				.get_block_size = _get_block_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.xcbc = xcbc,
+		.block_size = min(trunc, xcbc->get_block_size(xcbc)),
+	);
 
 	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
index 181cfe299..56b55f223 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
@@ -31,9 +31,9 @@ typedef struct xcbc_signer_t xcbc_signer_t;
 struct xcbc_signer_t {
 
 	/**
-	 * generic signer_t interface for this signer
+	 * Implements signer_t interface.
 	 */
-	signer_t signer_interface;
+	signer_t signer;
 };
 
 /**