diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-11-28 11:42:20 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-11-28 11:42:20 +0000 |
commit | f73fba54dc8b30c6482e1e8abf15bbf455592fcd (patch) | |
tree | a449515607c5e51a5c703d7a9b1149c9e4a11560 /src/libstrongswan/plugins | |
parent | b8064f4099997a9e2179f3ad4ace605f5ccac3a1 (diff) | |
download | vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.tar.gz vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.zip |
[svn-upgrade] new version strongswan (4.5.0)
Diffstat (limited to 'src/libstrongswan/plugins')
152 files changed, 12003 insertions, 1787 deletions
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 9859b75cf..99a520852 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index 10d48cf67..f13e33492 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -1331,11 +1331,8 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char state_out(out_blk, b0); } -/** - * Implementation of crypter_t.decrypt. - */ -static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *decrypted) +METHOD(crypter_t, decrypt, void, + private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { int pos; const u_int32_t *iv_i; @@ -1376,12 +1373,8 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, } } - -/** - * Implementation of crypter_t.decrypt. - */ -static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *encrypted) +METHOD(crypter_t, encrypt, void, + private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { int pos; const u_int32_t *iv_i; @@ -1417,26 +1410,26 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, } } -/** - * Implementation of crypter_t.get_block_size. - */ -static size_t get_block_size (private_aes_crypter_t *this) +METHOD(crypter_t, get_block_size, size_t, + private_aes_crypter_t *this) { return AES_BLOCK_SIZE; } -/** - * Implementation of crypter_t.get_key_size. - */ -static size_t get_key_size (private_aes_crypter_t *this) +METHOD(crypter_t, get_iv_size, size_t, + private_aes_crypter_t *this) +{ + return AES_BLOCK_SIZE; +} + +METHOD(crypter_t, get_key_size, size_t, + private_aes_crypter_t *this) { return this->key_size; } -/** - * Implementation of crypter_t.set_key. - */ -static void set_key (private_aes_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key, void, + private_aes_crypter_t *this, chunk_t key) { u_int32_t *kf, *kt, rci, f = 0; u_int8_t *in_key = key.ptr; @@ -1498,8 +1491,8 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) } if(!f) - { - u_int32_t i; + { + u_int32_t i; kt = this->aes_d_key + nc * this->aes_Nrnd; kf = this->aes_e_key; @@ -1517,15 +1510,13 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) cpy(kt, kf); #endif kt -= 2 * nc; - } + } cpy(kt, kf); - } + } } -/** - * Implementation of crypter_t.destroy and aes_crypter_t.destroy. - */ -static void destroy (private_aes_crypter_t *this) +METHOD(crypter_t, destroy, void, + private_aes_crypter_t *this) { free(this); } @@ -1541,36 +1532,38 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size) { return NULL; } - - this = malloc_thing(private_aes_crypter_t); + switch (key_size) + { + case 0: + key_size = 16; + break; + case 32: + case 24: + case 16: + break; + default: + return NULL; + } #if !defined(FIXED_TABLES) if(!tab_gen) { gen_tabs(); tab_gen = 1; } #endif - this->key_size = key_size; - switch(key_size) - { - case 32: /* bytes */ - this->aes_Nkey = 8; - break; - case 24: /* bytes */ - this->aes_Nkey = 6; - break; - case 16: /* bytes */ - this->aes_Nkey = 4; - break; - default: - free(this); - return NULL; - } - - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; - this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; - this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; - this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - - return &(this->public); + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .key_size = key_size, + .aes_Nkey = key_size / 4, + ); + + return &this->public; } diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h index 061d72fd6..473772f04 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.h +++ b/src/libstrongswan/plugins/aes/aes_crypter.h @@ -32,9 +32,9 @@ typedef struct aes_crypter_t aes_crypter_t; struct aes_crypter_t { /** - * The crypter_t interface. + * Implements crypter_t interface. */ - crypter_t crypter_interface; + crypter_t crypter; }; /** diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index 1e920f8cc..22b47e334 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -31,10 +31,8 @@ struct private_aes_plugin_t { aes_plugin_t public; }; -/** - * Implementation of aes_plugin_t.destroy - */ -static void destroy(private_aes_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_aes_plugin_t *this) { lib->crypto->remove_crypter(lib->crypto, (crypter_constructor_t)aes_crypter_create); @@ -46,9 +44,15 @@ static void destroy(private_aes_plugin_t *this) */ plugin_t *aes_plugin_create() { - private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_aes_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)aes_crypter_create); diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index c95e7b778..9f65f4ffb 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -197,14 +200,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -244,7 +257,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index d40b437bb..bd3c1ac75 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -31,10 +31,8 @@ struct private_agent_plugin_t { agent_plugin_t public; }; -/** - * Implementation of agent_plugin_t.agenttroy - */ -static void destroy(private_agent_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_agent_plugin_t *this) { lib->creds->remove_builder(lib->creds, (builder_function_t)agent_private_key_open); @@ -46,11 +44,17 @@ static void destroy(private_agent_plugin_t *this) */ plugin_t *agent_plugin_create() { - private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t); + private_agent_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)agent_private_key_open); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 51ddbecc6..0864f4118 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -205,7 +205,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) { break;; } - if (pubkey && !private_key_belongs_to(&this->public.interface, pubkey)) + if (pubkey && !private_key_belongs_to(&this->public.key, pubkey)) { continue; } @@ -221,11 +221,9 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) return FALSE; } -/** - * Implementation of agent_private_key.destroy. - */ -static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +METHOD(private_key_t, sign, bool, + private_agent_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) { u_int32_t len, flags; char buf[2048]; @@ -294,36 +292,28 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, return TRUE; } -/** - * Implementation of agent_private_key.destroy. - */ -static key_type_t get_type(private_agent_private_key_t *this) +METHOD(private_key_t, get_type, key_type_t, + private_agent_private_key_t *this) { return KEY_RSA; } -/** - * Implementation of agent_private_key.destroy. - */ -static bool decrypt(private_agent_private_key_t *this, - chunk_t crypto, chunk_t *plain) +METHOD(private_key_t, decrypt, bool, + private_agent_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "private key decryption not supported by ssh-agent"); return FALSE; } -/** - * Implementation of agent_private_key.destroy. - */ -static size_t get_keysize(private_agent_private_key_t *this) +METHOD(private_key_t, get_keysize, int, + private_agent_private_key_t *this) { - return this->key_size; + return this->key_size * 8; } -/** - * Implementation of agent_private_key.get_public_key. - */ -static public_key_t* get_public_key(private_agent_private_key_t *this) +METHOD(private_key_t, get_public_key, public_key_t*, + private_agent_private_key_t *this) { chunk_t key, n, e; @@ -336,20 +326,15 @@ static public_key_t* get_public_key(private_agent_private_key_t *this) BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); } -/** - * Implementation of private_key_t.get_encoding - */ -static bool get_encoding(private_agent_private_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(private_key_t, get_encoding, bool, + private_agent_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { return FALSE; } -/** - * Implementation of private_key_t.get_fingerprint - */ -static bool get_fingerprint(private_agent_private_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(private_key_t, get_fingerprint, bool, + private_agent_private_key_t *this, cred_encoding_type_t type, chunk_t *fp) { chunk_t n, e, key; @@ -366,19 +351,15 @@ static bool get_fingerprint(private_agent_private_key_t *this, CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END); } -/** - * Implementation of agent_private_key.get_ref. - */ -static private_agent_private_key_t* get_ref(private_agent_private_key_t *this) +METHOD(private_key_t, get_ref, private_key_t*, + private_agent_private_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.key; } -/** - * Implementation of agent_private_key.destroy. - */ -static void destroy(private_agent_private_key_t *this) +METHOD(private_key_t, destroy, void, + private_agent_private_key_t *this) { if (ref_put(&this->ref)) { @@ -420,20 +401,25 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) return FALSE; } - this = malloc_thing(private_agent_private_key_t); - - this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; - this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; - this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.belongs_to = private_key_belongs_to; - this->public.interface.equals = private_key_equals; - this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(private_key_t *this))destroy; + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .belongs_to = private_key_belongs_to, + .equals = private_key_equals, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); this->socket = open_connection(path); if (this->socket < 0) @@ -441,9 +427,6 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) free(this); return NULL; } - this->key = chunk_empty; - this->ref = 1; - if (!read_key(this, pubkey)) { destroy(this); diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h index 3d9500c1a..0623f2bb9 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.h +++ b/src/libstrongswan/plugins/agent/agent_private_key.h @@ -34,7 +34,7 @@ struct agent_private_key_t { /** * Implements private_key_t interface */ - private_key_t interface; + private_key_t key; }; /** diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 6a82ce94a..d310843ac 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -199,14 +202,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -246,7 +259,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index fb856ed37..784c07eaf 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -68,8 +68,6 @@ typedef struct private_blowfish_crypter_t private_blowfish_crypter_t; /** * Class implementing the Blowfish symmetric encryption algorithm. - * - * @ingroup crypters */ struct private_blowfish_crypter_t { @@ -89,11 +87,9 @@ struct private_blowfish_crypter_t { u_int32_t key_size; }; -/** - * Implementation of crypter_t.decrypt. - */ -static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *decrypted) +METHOD(crypter_t, decrypt, void, + private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, + chunk_t *decrypted) { u_int8_t *in, *out; @@ -114,11 +110,9 @@ static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, free(iv.ptr); } -/** - * Implementation of crypter_t.decrypt. - */ -static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *encrypted) +METHOD(crypter_t, encrypt, void, + private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, + chunk_t *encrypted) { u_int8_t *in, *out; @@ -139,34 +133,32 @@ static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, free(iv.ptr); } -/** - * Implementation of crypter_t.get_block_size. - */ -static size_t get_block_size (private_blowfish_crypter_t *this) +METHOD(crypter_t, get_block_size, size_t, + private_blowfish_crypter_t *this) { return BLOWFISH_BLOCK_SIZE; } -/** - * Implementation of crypter_t.get_key_size. - */ -static size_t get_key_size (private_blowfish_crypter_t *this) +METHOD(crypter_t, get_iv_size, size_t, + private_blowfish_crypter_t *this) +{ + return BLOWFISH_BLOCK_SIZE; +} + +METHOD(crypter_t, get_key_size, size_t, + private_blowfish_crypter_t *this) { return this->key_size; } -/** - * Implementation of crypter_t.set_key. - */ -static void set_key (private_blowfish_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key, void, + private_blowfish_crypter_t *this, chunk_t key) { BF_set_key(&this->schedule, key.len , key.ptr); } -/** - * Implementation of crypter_t.destroy and blowfish_crypter_t.destroy. - */ -static void destroy (private_blowfish_crypter_t *this) +METHOD(crypter_t, destroy, void, + private_blowfish_crypter_t *this) { free(this); } @@ -174,7 +166,8 @@ static void destroy (private_blowfish_crypter_t *this) /* * Described in header */ -blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size) +blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, + size_t key_size) { private_blowfish_crypter_t *this; @@ -183,15 +176,20 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t return NULL; } - this = malloc_thing(private_blowfish_crypter_t); - - this->key_size = key_size; - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; - this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; - this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; - this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - - return &(this->public); + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .key_size = key_size ?: 16, + ); + + return &this->public; } diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h index 71cc09cd0..70dcae66e 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h @@ -32,9 +32,9 @@ typedef struct blowfish_crypter_t blowfish_crypter_t; struct blowfish_crypter_t { /** - * The crypter_t interface. + * Implements crypter_t interface. */ - crypter_t crypter_interface; + crypter_t crypter; }; /** diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index f9fb605b3..6ab093d7b 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -32,10 +32,8 @@ struct private_blowfish_plugin_t { blowfish_plugin_t public; }; -/** - * Implementation of blowfish_plugin_t.destroy - */ -static void destroy(private_blowfish_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_blowfish_plugin_t *this) { lib->crypto->remove_crypter(lib->crypto, (crypter_constructor_t)blowfish_crypter_create); @@ -47,9 +45,15 @@ static void destroy(private_blowfish_plugin_t *this) */ plugin_t *blowfish_plugin_create() { - private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + private_blowfish_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, (crypter_constructor_t)blowfish_crypter_create); diff --git a/src/libstrongswan/plugins/ccm/Makefile.am b/src/libstrongswan/plugins/ccm/Makefile.am new file mode 100644 index 000000000..bca1f0735 --- /dev/null +++ b/src/libstrongswan/plugins/ccm/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ccm.la +else +plugin_LTLIBRARIES = libstrongswan-ccm.la +endif + +libstrongswan_ccm_la_SOURCES = \ + ccm_plugin.h ccm_plugin.c \ + ccm_aead.h ccm_aead.c + +libstrongswan_ccm_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in new file mode 100644 index 000000000..017d75c48 --- /dev/null +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -0,0 +1,600 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/ccm +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_ccm_la_LIBADD = +am_libstrongswan_ccm_la_OBJECTS = ccm_plugin.lo ccm_aead.lo +libstrongswan_ccm_la_OBJECTS = $(am_libstrongswan_ccm_la_OBJECTS) +libstrongswan_ccm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_ccm_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ccm_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ccm_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_ccm_la_SOURCES) +DIST_SOURCES = $(libstrongswan_ccm_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ccm.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ccm.la +libstrongswan_ccm_la_SOURCES = \ + ccm_plugin.h ccm_plugin.c \ + ccm_aead.h ccm_aead.c + +libstrongswan_ccm_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-ccm.la: $(libstrongswan_ccm_la_OBJECTS) $(libstrongswan_ccm_la_DEPENDENCIES) + $(libstrongswan_ccm_la_LINK) $(am_libstrongswan_ccm_la_rpath) $(libstrongswan_ccm_la_OBJECTS) $(libstrongswan_ccm_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccm_aead.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccm_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c new file mode 100644 index 000000000..7fee2b3c4 --- /dev/null +++ b/src/libstrongswan/plugins/ccm/ccm_aead.c @@ -0,0 +1,397 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ccm_aead.h" + +#define BLOCK_SIZE 16 +#define SALT_SIZE 3 +#define IV_SIZE 8 +#define NONCE_SIZE (SALT_SIZE + IV_SIZE) /* 11 */ +#define Q_SIZE (BLOCK_SIZE - NONCE_SIZE - 1) /* 4 */ + +typedef struct private_ccm_aead_t private_ccm_aead_t; + +/** + * Private data of an ccm_aead_t object. + */ +struct private_ccm_aead_t { + + /** + * Public ccm_aead_t interface. + */ + ccm_aead_t public; + + /** + * Underlying CBC crypter. + */ + crypter_t *crypter; + + /** + * Length of the integrity check value + */ + size_t icv_size; + + /** + * salt to add to nonce + */ + u_char salt[SALT_SIZE]; +}; + +/** + * First block with control information + */ +typedef struct __attribute__((packed)) { + BITFIELD4(u_int8_t, + /* size of p length field q, as q-1 */ + q_len: 3, + /* size of our ICV t, as (t-2)/2 */ + t_len: 3, + /* do we have associated data */ + assoc: 1, + reserved: 1, + ) flags; + /* nonce value */ + struct __attribute__((packed)) { + u_char salt[SALT_SIZE]; + u_char iv[IV_SIZE]; + } nonce; + /* lenght of plain text, q */ + u_char q[Q_SIZE]; +} b0_t; + +/** + * Counter block + */ +typedef struct __attribute__((packed)) { + BITFIELD3(u_int8_t, + /* size of p length field q, as q-1 */ + q_len: 3, + zero: 3, + reserved: 2, + ) flags; + /* nonce value */ + struct __attribute__((packed)) { + u_char salt[SALT_SIZE]; + u_char iv[IV_SIZE]; + } nonce; + /* counter value */ + u_char i[Q_SIZE]; +} ctr_t; + +/** + * Build the first block B0 + */ +static void build_b0(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, + chunk_t iv, char *out) +{ + b0_t *block = (b0_t*)out; + + block->flags.reserved = 0; + block->flags.assoc = assoc.len ? 1 : 0; + block->flags.t_len = (this->icv_size - 2) / 2; + block->flags.q_len = Q_SIZE - 1; + memcpy(block->nonce.salt, this->salt, SALT_SIZE); + memcpy(block->nonce.iv, iv.ptr, IV_SIZE); + htoun32(block->q, plain.len); +} + +/** + * Build a counter block for counter i + */ +static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv, + char *out) +{ + ctr_t *ctr = (ctr_t*)out; + + ctr->flags.reserved = 0; + ctr->flags.zero = 0; + ctr->flags.q_len = Q_SIZE - 1; + memcpy(ctr->nonce.salt, this->salt, SALT_SIZE); + memcpy(ctr->nonce.iv, iv.ptr, IV_SIZE); + htoun32(ctr->i, i); +} + +/** + * En-/Decrypt data + */ +static void crypt_data(private_ccm_aead_t *this, chunk_t iv, + chunk_t in, chunk_t out) +{ + char ctr[BLOCK_SIZE]; + char zero[BLOCK_SIZE]; + char block[BLOCK_SIZE]; + + build_ctr(this, 1, iv, ctr); + memset(zero, 0, BLOCK_SIZE); + + while (in.len > 0) + { + memcpy(block, ctr, BLOCK_SIZE); + this->crypter->encrypt(this->crypter, chunk_from_thing(block), + chunk_from_thing(zero), NULL); + chunk_increment(chunk_from_thing(ctr)); + + if (in.ptr != out.ptr) + { + memcpy(out.ptr, in.ptr, min(in.len, BLOCK_SIZE)); + } + memxor(out.ptr, block, min(in.len, BLOCK_SIZE)); + in = chunk_skip(in, BLOCK_SIZE); + out = chunk_skip(out, BLOCK_SIZE); + } +} + +/** + * En-/Decrypt the ICV + */ +static void crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv) +{ + char ctr[BLOCK_SIZE]; + char zero[BLOCK_SIZE]; + + build_ctr(this, 0, iv, ctr); + memset(zero, 0, BLOCK_SIZE); + + this->crypter->encrypt(this->crypter, chunk_from_thing(ctr), + chunk_from_thing(zero), NULL); + memxor(icv, ctr, this->icv_size); +} + +/** + * Create the ICV + */ +static void create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, + chunk_t iv, char *icv) +{ + char zero[BLOCK_SIZE]; + chunk_t chunk; + char *pos; + int r, len; + + memset(zero, 0, BLOCK_SIZE); + + /* calculate number of blocks, including b0 */ + r = 1; + if (assoc.len) + { /* assoc gets a 2 byte length header, gets padded to BLOCK_SIZE */ + r += (2 + assoc.len + BLOCK_SIZE - 1) / BLOCK_SIZE; + } + /* plain text gets padded to BLOCK_SIZE */ + r += (plain.len + BLOCK_SIZE - 1) / BLOCK_SIZE; + + /* concatenate data to a new chunk */ + chunk = chunk_alloc(r * BLOCK_SIZE); + /* write control block */ + build_b0(this, plain, assoc, iv, chunk.ptr); + pos = chunk.ptr + BLOCK_SIZE; + /* append associated data, with length header */ + if (assoc.len) + { + /* currently we support two byte headers only (up to 2^16-2^8 bytes) */ + htoun16(pos, assoc.len); + memcpy(pos + 2, assoc.ptr, assoc.len); + pos += 2 + assoc.len; + /* padding */ + len = (BLOCK_SIZE - ((2 + assoc.len) % BLOCK_SIZE)) % BLOCK_SIZE; + memset(pos, 0, len); + pos += len; + } + /* write plain data */ + memcpy(pos, plain.ptr, plain.len); + pos += plain.len; + /* padding */ + len = (BLOCK_SIZE - (plain.len % BLOCK_SIZE)) % BLOCK_SIZE; + + memset(pos, 0, len); + + /* encrypt inline with CBC, zero IV */ + this->crypter->encrypt(this->crypter, chunk, chunk_from_thing(zero), NULL); + /* copy last icv_size bytes as ICV to output */ + memcpy(icv, chunk.ptr + chunk.len - BLOCK_SIZE, this->icv_size); + + /* encrypt the ICV value */ + crypt_icv(this, iv, icv); + + free(chunk.ptr); +} + +/** + * Verify the ICV + */ +static bool verify_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, + chunk_t iv, char *icv) +{ + char buf[this->icv_size]; + + create_icv(this, plain, assoc, iv, buf); + + return memeq(buf, icv, this->icv_size); +} + +METHOD(aead_t, encrypt, void, + private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv, + chunk_t *encrypted) +{ + if (encrypted) + { + *encrypted = chunk_alloc(plain.len + this->icv_size); + create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len); + crypt_data(this, iv, plain, *encrypted); + } + else + { + create_icv(this, plain, assoc, iv, plain.ptr + plain.len); + crypt_data(this, iv, plain, plain); + } +} + +METHOD(aead_t, decrypt, bool, + private_ccm_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv, + chunk_t *plain) +{ + if (encrypted.len < this->icv_size) + { + return FALSE; + } + encrypted.len -= this->icv_size; + if (plain) + { + *plain = chunk_alloc(encrypted.len); + crypt_data(this, iv, encrypted, *plain); + return verify_icv(this, *plain, assoc, iv, + encrypted.ptr + encrypted.len); + } + else + { + crypt_data(this, iv, encrypted, encrypted); + return verify_icv(this, encrypted, assoc, iv, + encrypted.ptr + encrypted.len); + } +} + +METHOD(aead_t, get_block_size, size_t, + private_ccm_aead_t *this) +{ + return 1; +} + +METHOD(aead_t, get_icv_size, size_t, + private_ccm_aead_t *this) +{ + return this->icv_size; +} + +METHOD(aead_t, get_iv_size, size_t, + private_ccm_aead_t *this) +{ + return IV_SIZE; +} + +METHOD(aead_t, get_key_size, size_t, + private_ccm_aead_t *this) +{ + return this->crypter->get_key_size(this->crypter) + SALT_SIZE; +} + +METHOD(aead_t, set_key, void, + private_ccm_aead_t *this, chunk_t key) +{ + memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE); + key.len -= SALT_SIZE; + this->crypter->set_key(this->crypter, key); +} + +METHOD(aead_t, destroy, void, + private_ccm_aead_t *this) +{ + this->crypter->destroy(this->crypter); + free(this); +} + +/** + * See header + */ +ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size) +{ + private_ccm_aead_t *this; + size_t icv_size; + + switch (key_size) + { + case 0: + key_size = 16; + break; + case 16: + case 24: + case 32: + break; + default: + return NULL; + } + switch (algo) + { + case ENCR_AES_CCM_ICV8: + algo = ENCR_AES_CBC; + icv_size = 8; + break; + case ENCR_AES_CCM_ICV12: + algo = ENCR_AES_CBC; + icv_size = 12; + break; + case ENCR_AES_CCM_ICV16: + algo = ENCR_AES_CBC; + icv_size = 16; + break; + case ENCR_CAMELLIA_CCM_ICV8: + algo = ENCR_CAMELLIA_CBC; + icv_size = 8; + break; + case ENCR_CAMELLIA_CCM_ICV12: + algo = ENCR_CAMELLIA_CBC; + icv_size = 12; + break; + case ENCR_CAMELLIA_CCM_ICV16: + algo = ENCR_CAMELLIA_CBC; + icv_size = 16; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .aead = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_icv_size = _get_icv_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size), + .icv_size = icv_size, + ); + + if (!this->crypter) + { + free(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.h b/src/libstrongswan/plugins/ccm/ccm_aead.h new file mode 100644 index 000000000..d5e302f94 --- /dev/null +++ b/src/libstrongswan/plugins/ccm/ccm_aead.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ccm_aead ccm_aead + * @{ @ingroup ccm + */ + +#ifndef CCM_AEAD_H_ +#define CCM_AEAD_H_ + +#include <crypto/aead.h> + +typedef struct ccm_aead_t ccm_aead_t; + +/** + * Counter with Cipher Block Chaining-Message Authentication Code (CCM). + * + * Implements CCM as specified in NIST 800-38B, using AEAD semantics from + * RFC 5282, based on RFC4309. + */ +struct ccm_aead_t { + + /** + * Implements aead_t interface. + */ + aead_t aead; +}; + +/** + * Create a ccm_aead instance. + * + * @param key_size key size in bytes + * @param algo algorithm to implement, a CCM mode + * @return aead, NULL if not supported + */ +ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size); + +#endif /** CCM_AEAD_H_ @}*/ diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c new file mode 100644 index 000000000..5fc3b14d7 --- /dev/null +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ccm_plugin.h" + +#include <library.h> + +#include "ccm_aead.h" + +typedef struct private_ccm_plugin_t private_ccm_plugin_t; + +/** + * private data of ccm_plugin + */ +struct private_ccm_plugin_t { + + /** + * public functions + */ + ccm_plugin_t public; +}; + +METHOD(plugin_t, destroy, void, + private_ccm_plugin_t *this) +{ + lib->crypto->remove_aead(lib->crypto, + (aead_constructor_t)ccm_aead_create); + + free(this); +} + +/* + * see header file + */ +plugin_t *ccm_plugin_create() +{ + private_ccm_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + ); + + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, + (aead_constructor_t)ccm_aead_create); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.h b/src/libstrongswan/plugins/ccm/ccm_plugin.h new file mode 100644 index 000000000..9a3252012 --- /dev/null +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ccm ccm + * @ingroup plugins + * + * @defgroup ccm_plugin ccm_plugin + * @{ @ingroup ccm + */ + +#ifndef CCM_PLUGIN_H_ +#define CCM_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct ccm_plugin_t ccm_plugin_t; + +/** + * Plugin providing CCM mode operation. + */ +struct ccm_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** CCM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/ctr/Makefile.am b/src/libstrongswan/plugins/ctr/Makefile.am new file mode 100644 index 000000000..893171aab --- /dev/null +++ b/src/libstrongswan/plugins/ctr/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ctr.la +else +plugin_LTLIBRARIES = libstrongswan-ctr.la +endif + +libstrongswan_ctr_la_SOURCES = \ + ctr_plugin.h ctr_plugin.c \ + ctr_ipsec_crypter.h ctr_ipsec_crypter.c + +libstrongswan_ctr_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in new file mode 100644 index 000000000..b51f57113 --- /dev/null +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -0,0 +1,600 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/ctr +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_ctr_la_LIBADD = +am_libstrongswan_ctr_la_OBJECTS = ctr_plugin.lo ctr_ipsec_crypter.lo +libstrongswan_ctr_la_OBJECTS = $(am_libstrongswan_ctr_la_OBJECTS) +libstrongswan_ctr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_ctr_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ctr_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ctr_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_ctr_la_SOURCES) +DIST_SOURCES = $(libstrongswan_ctr_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ctr.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ctr.la +libstrongswan_ctr_la_SOURCES = \ + ctr_plugin.h ctr_plugin.c \ + ctr_ipsec_crypter.h ctr_ipsec_crypter.c + +libstrongswan_ctr_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-ctr.la: $(libstrongswan_ctr_la_OBJECTS) $(libstrongswan_ctr_la_DEPENDENCIES) + $(libstrongswan_ctr_la_LINK) $(am_libstrongswan_ctr_la_rpath) $(libstrongswan_ctr_la_OBJECTS) $(libstrongswan_ctr_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctr_ipsec_crypter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctr_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c new file mode 100644 index 000000000..ddcae423b --- /dev/null +++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ctr_ipsec_crypter.h" + +typedef struct private_ctr_ipsec_crypter_t private_ctr_ipsec_crypter_t; + +/** + * Private data of an ctr_ipsec_crypter_t object. + */ +struct private_ctr_ipsec_crypter_t { + + /** + * Public ctr_ipsec_crypter_t interface. + */ + ctr_ipsec_crypter_t public; + + /** + * Underlying CBC crypter + */ + crypter_t *crypter; + + /** + * counter state + */ + struct { + char nonce[4]; + char iv[8]; + u_int32_t counter; + } __attribute__((packed)) state; +}; + +/** + * Do the CTR crypto operation + */ +static void crypt_ctr(private_ctr_ipsec_crypter_t *this, + chunk_t in, chunk_t out) +{ + size_t is, bs; + chunk_t state; + + is = this->crypter->get_iv_size(this->crypter); + bs = sizeof(this->state); + + this->state.counter = htonl(1); + state = chunk_create((char*)&this->state, bs); + + while (in.len > 0) + { + char iv[is], block[bs]; + + memset(iv, 0, is); + memcpy(block, state.ptr, bs); + this->crypter->encrypt(this->crypter, + chunk_create(block, bs), chunk_create(iv, is), NULL); + chunk_increment(state); + + if (in.ptr != out.ptr) + { + memcpy(out.ptr, in.ptr, min(in.len, bs)); + } + memxor(out.ptr, block, min(in.len, bs)); + in = chunk_skip(in, bs); + out = chunk_skip(out, bs); + } +} + +METHOD(crypter_t, crypt, void, + private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out) +{ + memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv)); + + if (out) + { + *out = chunk_alloc(in.len); + crypt_ctr(this, in, *out); + } + else + { + crypt_ctr(this, in, in); + } +} + +METHOD(crypter_t, get_block_size, size_t, + private_ctr_ipsec_crypter_t *this) +{ + return 1; +} + +METHOD(crypter_t, get_iv_size, size_t, + private_ctr_ipsec_crypter_t *this) +{ + return sizeof(this->state.iv); +} + +METHOD(crypter_t, get_key_size, size_t, + private_ctr_ipsec_crypter_t *this) +{ + return this->crypter->get_key_size(this->crypter) + + sizeof(this->state.nonce); +} + +METHOD(crypter_t, set_key, void, + private_ctr_ipsec_crypter_t *this, chunk_t key) +{ + memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce), + sizeof(this->state.nonce)); + key.len -= sizeof(this->state.nonce); + this->crypter->set_key(this->crypter, key); +} + +METHOD(crypter_t, destroy, void, + private_ctr_ipsec_crypter_t *this) +{ + this->crypter->destroy(this->crypter); + free(this); +} + +/** + * See header + */ +ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo, + size_t key_size) +{ + private_ctr_ipsec_crypter_t *this; + + switch (algo) + { + case ENCR_AES_CTR: + algo = ENCR_AES_CBC; + break; + case ENCR_CAMELLIA_CTR: + algo = ENCR_CAMELLIA_CBC; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .crypter = { + .encrypt = _crypt, + .decrypt = _crypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size), + ); + + if (!this->crypter) + { + free(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h new file mode 100644 index 000000000..db21aec3b --- /dev/null +++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ctr_ipsec_crypter ctr_ipsec_crypter + * @{ @ingroup ctr + */ + +#ifndef CTR_IPSEC_CRYPTER_H_ +#define CTR_IPSEC_CRYPTER_H_ + +#include <crypto/crypters/crypter.h> + +typedef struct ctr_ipsec_crypter_t ctr_ipsec_crypter_t; + +/** + * Counter Mode wrapper for encryption algorithms, IPsec variant (RFC3686). + */ +struct ctr_ipsec_crypter_t { + + /** + * Implements crypter_t interface. + */ + crypter_t crypter; +}; + +/** + * Create a ctr_ipsec_crypter instance. + */ +ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(); + +/** + * Create a ctr_ipsec_crypter instance. + * + * @param key_size key size in bytes + * @param algo algorithm to implement, a counter mode + * @return crypter, NULL if not supported + */ +ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo, + size_t key_size); + +#endif /** CTR_IPSEC_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c new file mode 100644 index 000000000..5e47f23ec --- /dev/null +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ctr_plugin.h" + +#include <library.h> + +#include "ctr_ipsec_crypter.h" + +typedef struct private_ctr_plugin_t private_ctr_plugin_t; + +/** + * private data of ctr_plugin + */ +struct private_ctr_plugin_t { + + /** + * public functions + */ + ctr_plugin_t public; +}; + +METHOD(plugin_t, destroy, void, + private_ctr_plugin_t *this) +{ + lib->crypto->remove_crypter(lib->crypto, + (crypter_constructor_t)ctr_ipsec_crypter_create); + + free(this); +} + +/* + * see header file + */ +plugin_t *ctr_plugin_create() +{ + private_ctr_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); + + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, + (crypter_constructor_t)ctr_ipsec_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, + (crypter_constructor_t)ctr_ipsec_crypter_create); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.h b/src/libstrongswan/plugins/ctr/ctr_plugin.h new file mode 100644 index 000000000..7b2f901dc --- /dev/null +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ctr ctr + * @ingroup plugins + * + * @defgroup ctr_plugin ctr_plugin + * @{ @ingroup ctr + */ + +#ifndef CTR_PLUGIN_H_ +#define CTR_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct ctr_plugin_t ctr_plugin_t; + +/** + * Plugin providing CTR mode operation of symmetric encryption algorithms. + */ +struct ctr_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** CTR_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index fc3b0ab1a..9cc99063c 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 2341c9052..4835f6461 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -166,10 +166,12 @@ curl_fetcher_t *curl_fetcher_create() private_curl_fetcher_t *this; INIT(this, - .public.interface = { - .fetch = _fetch, - .set_option = _set_option, - .destroy = _destroy, + .public = { + .interface = { + .fetch = _fetch, + .set_option = _set_option, + .destroy = _destroy, + }, }, .curl = curl_easy_init(), ); diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 319baa04c..0e8fa7315 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 142e79613..7d9fbe852 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -1416,11 +1416,8 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len tin[0]=tin[1]=0; } -/** - * Implementation of crypter_t.decrypt for DES. - */ -static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *decrypted) +METHOD(crypter_t, decrypt, void, + private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; u_int8_t *out; @@ -1437,11 +1434,8 @@ static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, } -/** - * Implementation of crypter_t.decrypt for DES. - */ -static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *encrypted) +METHOD(crypter_t, encrypt, void, + private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; u_int8_t *out; @@ -1457,11 +1451,8 @@ static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, data.len, this->ks, &ivb, DES_ENCRYPT); } -/** - * Implementation of crypter_t.decrypt for DES (ECB). - */ -static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *decrypted) +METHOD(crypter_t, decrypt_ecb, void, + private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { u_int8_t *out; @@ -1475,11 +1466,8 @@ static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, data.len, this->ks, DES_DECRYPT); } -/** - * Implementation of crypter_t.decrypt for DES (ECB). - */ -static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *encrypted) +METHOD(crypter_t, encrypt_ecb, void, + private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { u_int8_t *out; @@ -1493,11 +1481,8 @@ static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, data.len, this->ks, DES_ENCRYPT); } -/** - * Implementation of crypter_t.decrypt for 3DES. - */ -static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *decrypted) +METHOD(crypter_t, decrypt3, void, + private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; u_int8_t *out; @@ -1514,11 +1499,8 @@ static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, &ivb, DES_DECRYPT); } -/** - * Implementation of crypter_t.decrypt for 3DES. - */ -static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, - chunk_t *encrypted) +METHOD(crypter_t, encrypt3, void, + private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; u_int8_t *out; @@ -1535,44 +1517,40 @@ static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, &ivb, DES_ENCRYPT); } -/** - * Implementation of crypter_t.get_block_size. - */ -static size_t get_block_size (private_des_crypter_t *this) +METHOD(crypter_t, get_block_size, size_t, + private_des_crypter_t *this) { return sizeof(des_cblock); } -/** - * Implementation of crypter_t.get_key_size. - */ -static size_t get_key_size (private_des_crypter_t *this) +METHOD(crypter_t, get_iv_size, size_t, + private_des_crypter_t *this) +{ + return sizeof(des_cblock); +} + +METHOD(crypter_t, get_key_size, size_t, + private_des_crypter_t *this) { return this->key_size; } -/** - * Implementation of crypter_t.set_key for DES. - */ -static void set_key(private_des_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key, void, + private_des_crypter_t *this, chunk_t key) { des_set_key((des_cblock*)(key.ptr), &this->ks); } -/** - * Implementation of crypter_t.set_key for 3DES. - */ -static void set_key3(private_des_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key3, void, + private_des_crypter_t *this, chunk_t key) { des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]); des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]); des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]); } -/** - * Implementation of crypter_t.destroy and des_crypter_t.destroy. - */ -static void destroy(private_des_crypter_t *this) +METHOD(crypter_t, destroy, void, + private_des_crypter_t *this) { free(this); } @@ -1582,33 +1560,39 @@ static void destroy(private_des_crypter_t *this) */ des_crypter_t *des_crypter_create(encryption_algorithm_t algo) { - private_des_crypter_t *this = malloc_thing(private_des_crypter_t); - - /* functions of crypter_t interface */ - this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; - this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; - this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; + private_des_crypter_t *this; + + INIT(this, + .public = { + .crypter = { + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .destroy = _destroy, + }, + }, + ); /* use functions depending on algorithm */ switch (algo) { case ENCR_DES: this->key_size = sizeof(des_cblock); - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; + this->public.crypter.set_key = _set_key; + this->public.crypter.encrypt = _encrypt; + this->public.crypter.decrypt = _decrypt; break; case ENCR_3DES: this->key_size = 3 * sizeof(des_cblock); - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key3; - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt3; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt3; + this->public.crypter.set_key = _set_key3; + this->public.crypter.encrypt = _encrypt3; + this->public.crypter.decrypt = _decrypt3; break; case ENCR_DES_ECB: this->key_size = sizeof(des_cblock); - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt_ecb; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt_ecb; + this->public.crypter.set_key = _set_key; + this->public.crypter.encrypt = _encrypt_ecb; + this->public.crypter.decrypt = _decrypt_ecb; break; default: free(this); diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h index cffbd4ce3..07215d0c5 100644 --- a/src/libstrongswan/plugins/des/des_crypter.h +++ b/src/libstrongswan/plugins/des/des_crypter.h @@ -32,9 +32,9 @@ typedef struct des_crypter_t des_crypter_t; struct des_crypter_t { /** - * The crypter_t interface. + * Implements crypter_t interface. */ - crypter_t crypter_interface; + crypter_t crypter; }; /** diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index afc82e8d4..43b457ce2 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -31,10 +31,8 @@ struct private_des_plugin_t { des_plugin_t public; }; -/** - * Implementation of des_plugin_t.destroy - */ -static void destroy(private_des_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_des_plugin_t *this) { lib->crypto->remove_crypter(lib->crypto, (crypter_constructor_t)des_crypter_create); @@ -46,9 +44,15 @@ static void destroy(private_des_plugin_t *this) */ plugin_t *des_plugin_create() { - private_des_plugin_t *this = malloc_thing(private_des_plugin_t); + private_des_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_crypter(lib->crypto, ENCR_3DES, (crypter_constructor_t)des_crypter_create); diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 73f81f4db..7f4529211 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -198,14 +201,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -245,7 +258,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index 125047b05..bc0ee30ae 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -50,9 +50,9 @@ plugin_t *dnskey_plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)dnskey_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, (builder_function_t)dnskey_public_key_load); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 4ed8276c4..7e2a1ccdf 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -198,14 +201,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -245,7 +258,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.am b/src/libstrongswan/plugins/gcm/Makefile.am new file mode 100644 index 000000000..ec733fbcc --- /dev/null +++ b/src/libstrongswan/plugins/gcm/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-gcm.la +else +plugin_LTLIBRARIES = libstrongswan-gcm.la +endif + +libstrongswan_gcm_la_SOURCES = \ + gcm_plugin.h gcm_plugin.c \ + gcm_aead.h gcm_aead.c + +libstrongswan_gcm_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in new file mode 100644 index 000000000..a4de9ea77 --- /dev/null +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -0,0 +1,600 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/gcm +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_gcm_la_LIBADD = +am_libstrongswan_gcm_la_OBJECTS = gcm_plugin.lo gcm_aead.lo +libstrongswan_gcm_la_OBJECTS = $(am_libstrongswan_gcm_la_OBJECTS) +libstrongswan_gcm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_gcm_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_gcm_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_gcm_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_gcm_la_SOURCES) +DIST_SOURCES = $(libstrongswan_gcm_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gcm.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gcm.la +libstrongswan_gcm_la_SOURCES = \ + gcm_plugin.h gcm_plugin.c \ + gcm_aead.h gcm_aead.c + +libstrongswan_gcm_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-gcm.la: $(libstrongswan_gcm_la_OBJECTS) $(libstrongswan_gcm_la_DEPENDENCIES) + $(libstrongswan_gcm_la_LINK) $(am_libstrongswan_gcm_la_rpath) $(libstrongswan_gcm_la_OBJECTS) $(libstrongswan_gcm_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm_aead.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c new file mode 100644 index 000000000..0d7d91dbf --- /dev/null +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -0,0 +1,425 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "gcm_aead.h" + +#include <limits.h> + +#define BLOCK_SIZE 16 +#define NONCE_SIZE 12 +#define IV_SIZE 8 +#define SALT_SIZE (NONCE_SIZE - IV_SIZE) + +typedef struct private_gcm_aead_t private_gcm_aead_t; + +/** + * Private data of an gcm_aead_t object. + */ +struct private_gcm_aead_t { + + /** + * Public gcm_aead_t interface. + */ + gcm_aead_t public; + + /** + * Underlying CBC crypter. + */ + crypter_t *crypter; + + /** + * Size of the integrity check value + */ + size_t icv_size; + + /** + * Salt value + */ + char salt[SALT_SIZE]; + + /** + * GHASH subkey H + */ + char h[BLOCK_SIZE]; +}; + +/** + * Find a suiteable word size and network order conversion functions + */ +#if ULONG_MAX == 18446744073709551615UL && defined(htobe64) +# define htobeword htobe64 +# define bewordtoh be64toh +# define SHIFT_WORD_TYPE u_int64_t +#else +# define htobeword htonl +# define bewordtoh ntohl +# define SHIFT_WORD_TYPE u_int32_t +#endif + +/** + * Bitshift a block right by one bit + */ +static void sr_block(char *block) +{ + int i; + SHIFT_WORD_TYPE *word = (SHIFT_WORD_TYPE*)block; + + for (i = 0; i < BLOCK_SIZE / sizeof(*word); i++) + { + word[i] = bewordtoh(word[i]); + } + for (i = BLOCK_SIZE / sizeof(*word) - 1; i >= 0; i--) + { + word[i] >>= 1; + if (i != 0) + { + word[i] |= word[i - 1] << (sizeof(*word) * 8 - 1); + } + } + for (i = 0; i < BLOCK_SIZE / sizeof(*word); i++) + { + word[i] = htobeword(word[i]); + } +} + +/** + * Naive implementation of block multiplication in GF128, no tables + */ +static void mult_block(char *x, char *y, char *res) +{ + char z[BLOCK_SIZE], v[BLOCK_SIZE], r; + int bit, byte; + + r = 0xE1; + memset(z, 0, BLOCK_SIZE); + memcpy(v, y, BLOCK_SIZE); + + for (byte = 0; byte < BLOCK_SIZE; byte++) + { + for (bit = 7; bit >= 0; bit--) + { + if (x[byte] & (1 << bit)) + { + memxor(z, v, BLOCK_SIZE); + } + if (v[BLOCK_SIZE - 1] & 0x01) + { + sr_block(v); + v[0] ^= r; + } + else + { + sr_block(v); + } + } + } + memcpy(res, z, BLOCK_SIZE); +} + +/** + * GHASH function + */ +static void ghash(private_gcm_aead_t *this, chunk_t x, char *res) +{ + char y[BLOCK_SIZE]; + + memset(y, 0, BLOCK_SIZE); + + while (x.len) + { + memxor(y, x.ptr, BLOCK_SIZE); + mult_block(y, this->h, y); + x = chunk_skip(x, BLOCK_SIZE); + } + memcpy(res, y, BLOCK_SIZE); +} + +/** + * GCTR function, en-/decrypts x inline + */ +static void gctr(private_gcm_aead_t *this, char *icb, chunk_t x) +{ + char cb[BLOCK_SIZE], iv[BLOCK_SIZE], tmp[BLOCK_SIZE]; + + memset(iv, 0, BLOCK_SIZE); + memcpy(cb, icb, BLOCK_SIZE); + + while (x.len) + { + memcpy(tmp, cb, BLOCK_SIZE); + this->crypter->encrypt(this->crypter, chunk_from_thing(tmp), + chunk_from_thing(iv), NULL); + memxor(x.ptr, tmp, min(BLOCK_SIZE, x.len)); + chunk_increment(chunk_from_thing(cb)); + x = chunk_skip(x, BLOCK_SIZE); + } +} + +/** + * Generate the block J0 + */ +static void create_j(private_gcm_aead_t *this, char *iv, char *j) +{ + memcpy(j, this->salt, SALT_SIZE); + memcpy(j + SALT_SIZE, iv, IV_SIZE); + htoun32(j + SALT_SIZE + IV_SIZE, 1); +} + +/** + * Create GHASH subkey H + */ +static void create_h(private_gcm_aead_t *this, char *h) +{ + char zero[BLOCK_SIZE]; + + memset(zero, 0, BLOCK_SIZE); + memset(h, 0, BLOCK_SIZE); + + this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE), + chunk_from_thing(zero), NULL); +} + +/** + * Encrypt/decrypt + */ +static void crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out) +{ + char icb[BLOCK_SIZE]; + + memcpy(icb, j, BLOCK_SIZE); + chunk_increment(chunk_from_thing(icb)); + + out.len = in.len; + if (in.ptr != out.ptr) + { + memcpy(out.ptr, in.ptr, in.len); + } + gctr(this, icb, out); +} + +/** + * Create ICV + */ +static void create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt, + char *j, char *icv) +{ + size_t assoc_pad, crypt_pad; + chunk_t chunk; + char s[BLOCK_SIZE], *pos; + + assoc_pad = (BLOCK_SIZE - (assoc.len % BLOCK_SIZE)) % BLOCK_SIZE; + crypt_pad = (BLOCK_SIZE - (crypt.len % BLOCK_SIZE)) % BLOCK_SIZE; + + /* concatenate data to a new chunk */ + chunk = chunk_alloc(assoc.len + assoc_pad + + crypt.len + crypt_pad + BLOCK_SIZE); + pos = chunk.ptr; + /* add associated data */ + memcpy(pos, assoc.ptr, assoc.len); + pos += assoc.len; + memset(pos, 0, assoc_pad); + pos += assoc_pad; + /* add encrypted data */ + memcpy(pos, crypt.ptr, crypt.len); + pos += crypt.len; + memset(pos, 0, crypt_pad); + pos += crypt_pad; + /* write associated len */ + memset(pos, 0, 4); + pos += 4; + htoun32(pos, assoc.len * 8); + pos += 4; + /* write encrypted length */ + memset(pos, 0, 4); + pos += 4; + htoun32(pos, crypt.len * 8); + pos += 4; + + ghash(this, chunk, s); + free(chunk.ptr); + gctr(this, j, chunk_from_thing(s)); + + memcpy(icv, s, this->icv_size); +} + +/** + * Verify the ICV value + */ +static bool verify_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt, + char *j, char *icv) +{ + char tmp[this->icv_size]; + + create_icv(this, assoc, crypt, j, tmp); + + return memeq(tmp, icv, this->icv_size); +} + +METHOD(aead_t, encrypt, void, + private_gcm_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv, + chunk_t *encrypted) +{ + char j[BLOCK_SIZE]; + + create_j(this, iv.ptr, j); + + if (encrypted) + { + *encrypted = chunk_alloc(plain.len + this->icv_size); + crypt(this, j, plain, *encrypted); + create_icv(this, assoc, + chunk_create(encrypted->ptr, encrypted->len - this->icv_size), + j, encrypted->ptr + encrypted->len - this->icv_size); + } + else + { + crypt(this, j, plain, plain); + create_icv(this, assoc, plain, j, plain.ptr + plain.len); + } +} + +METHOD(aead_t, decrypt, bool, + private_gcm_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv, + chunk_t *plain) +{ + char j[BLOCK_SIZE]; + + if (encrypted.len < this->icv_size) + { + return FALSE; + } + + create_j(this, iv.ptr, j); + + encrypted.len -= this->icv_size; + if (!verify_icv(this, assoc, encrypted, j, encrypted.ptr + encrypted.len)) + { + return FALSE; + } + if (plain) + { + *plain = chunk_alloc(encrypted.len); + crypt(this, j, encrypted, *plain); + } + else + { + crypt(this, j, encrypted, encrypted); + } + return TRUE; +} + +METHOD(aead_t, get_block_size, size_t, + private_gcm_aead_t *this) +{ + return 1; +} + +METHOD(aead_t, get_icv_size, size_t, + private_gcm_aead_t *this) +{ + return this->icv_size; +} + +METHOD(aead_t, get_iv_size, size_t, + private_gcm_aead_t *this) +{ + return IV_SIZE; +} + +METHOD(aead_t, get_key_size, size_t, + private_gcm_aead_t *this) +{ + return this->crypter->get_key_size(this->crypter) + SALT_SIZE; +} + +METHOD(aead_t, set_key, void, + private_gcm_aead_t *this, chunk_t key) +{ + memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE); + key.len -= SALT_SIZE; + this->crypter->set_key(this->crypter, key); + create_h(this, this->h); +} + +METHOD(aead_t, destroy, void, + private_gcm_aead_t *this) +{ + this->crypter->destroy(this->crypter); + free(this); +} + +/** + * See header + */ +gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size) +{ + private_gcm_aead_t *this; + size_t icv_size; + + switch (key_size) + { + case 0: + key_size = 16; + break; + case 16: + case 24: + case 32: + break; + default: + return NULL; + } + switch (algo) + { + case ENCR_AES_GCM_ICV8: + algo = ENCR_AES_CBC; + icv_size = 8; + break; + case ENCR_AES_GCM_ICV12: + algo = ENCR_AES_CBC; + icv_size = 12; + break; + case ENCR_AES_GCM_ICV16: + algo = ENCR_AES_CBC; + icv_size = 16; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .aead = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_icv_size = _get_icv_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size), + .icv_size = icv_size, + ); + + if (!this->crypter) + { + free(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.h b/src/libstrongswan/plugins/gcm/gcm_aead.h new file mode 100644 index 000000000..db4be2442 --- /dev/null +++ b/src/libstrongswan/plugins/gcm/gcm_aead.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup gcm_aead gcm_aead + * @{ @ingroup gcm + */ + +#ifndef GCM_AEAD_H_ +#define GCM_AEAD_H_ + +#include <crypto/aead.h> + +typedef struct gcm_aead_t gcm_aead_t; + +/** + * Galois/Counter Mode (GCM). + * + * Implements GCM as specified in NIST 800-38D, using AEAD semantics from + * RFC 5282, based on RFC4106. + */ +struct gcm_aead_t { + + /** + * Implements aead_t interface. + */ + aead_t aead; +}; + +/** + * Create a gcm_aead instance. + * + * @param key_size key size in bytes + * @param algo algorithm to implement, a gcm mode + * @return aead, NULL if not supported + */ +gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size); + +#endif /** GCM_AEAD_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c new file mode 100644 index 000000000..061001b30 --- /dev/null +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "gcm_plugin.h" + +#include <library.h> + +#include "gcm_aead.h" + +typedef struct private_gcm_plugin_t private_gcm_plugin_t; + +/** + * private data of gcm_plugin + */ +struct private_gcm_plugin_t { + + /** + * public functions + */ + gcm_plugin_t public; +}; + +METHOD(plugin_t, destroy, void, + private_gcm_plugin_t *this) +{ + lib->crypto->remove_aead(lib->crypto, + (aead_constructor_t)gcm_aead_create); + + free(this); +} + +/* + * see header file + */ +plugin_t *gcm_plugin_create() +{ + private_gcm_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + ); + + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, + (aead_constructor_t)gcm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, + (aead_constructor_t)gcm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, + (aead_constructor_t)gcm_aead_create); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.h b/src/libstrongswan/plugins/gcm/gcm_plugin.h new file mode 100644 index 000000000..52676708e --- /dev/null +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup gcm gcm + * @ingroup plugins + * + * @defgroup gcm_plugin gcm_plugin + * @{ @ingroup gcm + */ + +#ifndef GCM_PLUGIN_H_ +#define GCM_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct gcm_plugin_t gcm_plugin_t; + +/** + * Plugin providing GCM mode operation. + */ +struct gcm_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** GCM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 09131c4be..00c49c487 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -199,14 +202,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -246,7 +259,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index 5dbdde32c..599481911 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -40,15 +40,43 @@ struct private_gcrypt_crypter_t { * gcrypt algorithm identifier */ int alg; + + /** + * are we using counter mode? + */ + bool ctr_mode; + + /** + * counter state + */ + struct { + char nonce[4]; + char iv[8]; + u_int32_t counter; + } __attribute__((packed)) ctr; }; /** - * Implementation of crypter_t.decrypt. + * Set the IV for en/decryption */ -static void decrypt(private_gcrypt_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst) +static void set_iv(private_gcrypt_crypter_t *this, chunk_t iv) +{ + if (this->ctr_mode) + { + memcpy(this->ctr.iv, iv.ptr, sizeof(this->ctr.iv)); + this->ctr.counter = htonl(1); + gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr)); + } + else + { + gcry_cipher_setiv(this->h, iv.ptr, iv.len); + } +} + +METHOD(crypter_t, decrypt, void, + private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { - gcry_cipher_setiv(this->h, iv.ptr, iv.len); + set_iv(this, iv); if (dst) { @@ -61,13 +89,10 @@ static void decrypt(private_gcrypt_crypter_t *this, chunk_t data, } } -/** - * Implementation of crypter_t.encrypt. - */ -static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst) +METHOD(crypter_t, encrypt, void, + private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { - gcry_cipher_setiv(this->h, iv.ptr, iv.len); + set_iv(this, iv); if (dst) { @@ -80,40 +105,60 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, } } -/** - * Implementation of crypter_t.get_block_size. - */ -static size_t get_block_size(private_gcrypt_crypter_t *this) +METHOD(crypter_t, get_block_size, size_t, + private_gcrypt_crypter_t *this) { size_t len = 0; + if (this->ctr_mode) + { /* counter mode does not need any padding */ + return 1; + } gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len); return len; } -/** - * Implementation of crypter_t.get_key_size. - */ -static size_t get_key_size(private_gcrypt_crypter_t *this) +METHOD(crypter_t, get_iv_size, size_t, + private_gcrypt_crypter_t *this) +{ + size_t len = 0; + + if (this->ctr_mode) + { + return sizeof(this->ctr.iv); + } + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len); + return len; +} + +METHOD(crypter_t, get_key_size, size_t, + private_gcrypt_crypter_t *this) { size_t len = 0; gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len); + if (this->ctr_mode) + { + return len + sizeof(this->ctr.nonce); + } return len; } -/** - * Implementation of crypter_t.set_key. - */ -static void set_key(private_gcrypt_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key, void, + private_gcrypt_crypter_t *this, chunk_t key) { + if (this->ctr_mode) + { + /* last 4 bytes are the nonce */ + memcpy(this->ctr.nonce, key.ptr + key.len - sizeof(this->ctr.nonce), + sizeof(this->ctr.nonce)); + key.len -= sizeof(this->ctr.nonce); + } gcry_cipher_setkey(this->h, key.ptr, key.len); } -/** - * Implementation of crypter_t.destroy. - */ -static void destroy (private_gcrypt_crypter_t *this) +METHOD(crypter_t, destroy, void, + private_gcrypt_crypter_t *this) { gcry_cipher_close(this->h); free(this); @@ -149,18 +194,19 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, gcrypt_alg = GCRY_CIPHER_CAST5; break; case ENCR_BLOWFISH: - if (key_size != 16) + if (key_size != 16 && key_size != 0) { /* gcrypt currently supports 128 bit blowfish only */ return NULL; } gcrypt_alg = GCRY_CIPHER_BLOWFISH; break; - /* case ENCR_AES_CTR: - mode = GCRY_CIPHER_MODE_CTR; */ + case ENCR_AES_CTR: + mode = GCRY_CIPHER_MODE_CTR; /* fall */ case ENCR_AES_CBC: switch (key_size) { + case 0: case 16: gcrypt_alg = GCRY_CIPHER_AES128; break; @@ -174,13 +220,14 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, return NULL; } break; - /* case ENCR_CAMELLIA_CTR: - mode = GCRY_CIPHER_MODE_CTR; */ + case ENCR_CAMELLIA_CTR: + mode = GCRY_CIPHER_MODE_CTR; /* fall */ case ENCR_CAMELLIA_CBC: switch (key_size) { #ifdef HAVE_GCRY_CIPHER_CAMELLIA + case 0: case 16: gcrypt_alg = GCRY_CIPHER_CAMELLIA128; break; @@ -198,6 +245,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, case ENCR_SERPENT_CBC: switch (key_size) { + case 0: case 16: gcrypt_alg = GCRY_CIPHER_SERPENT128; break; @@ -214,6 +262,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, case ENCR_TWOFISH_CBC: switch (key_size) { + case 0: case 16: gcrypt_alg = GCRY_CIPHER_TWOFISH128; break; @@ -228,9 +277,22 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, return NULL; } - this = malloc_thing(private_gcrypt_crypter_t); + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .alg = gcrypt_alg, + .ctr_mode = mode == GCRY_CIPHER_MODE_CTR, + ); - this->alg = gcrypt_alg; err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0); if (err) { @@ -239,14 +301,6 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, free(this); return NULL; } - - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt; - this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size; - this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size; - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key; - this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h index ce0ead4a8..e565e28c7 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h @@ -33,7 +33,7 @@ struct gcrypt_crypter_t { /** * The crypter_t interface. */ - crypter_t crypter_interface; + crypter_t crypter; }; /** diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 08d6239ad..6c4665da2 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -73,10 +73,8 @@ struct private_gcrypt_dh_t { size_t p_len; }; -/** - * Implementation of gcrypt_dh_t.set_other_public_value. - */ -static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) +METHOD(diffie_hellman_t, set_other_public_value, void, + private_gcrypt_dh_t *this, chunk_t value) { gcry_mpi_t p_min_1; gcry_error_t err; @@ -134,18 +132,14 @@ static chunk_t export_mpi(gcry_mpi_t value, size_t len) return chunk; } -/** - * Implementation of gcrypt_dh_t.get_my_public_value. - */ -static void get_my_public_value(private_gcrypt_dh_t *this, chunk_t *value) +METHOD(diffie_hellman_t, get_my_public_value, void, + private_gcrypt_dh_t *this, chunk_t *value) { *value = export_mpi(this->ya, this->p_len); } -/** - * Implementation of gcrypt_dh_t.get_shared_secret. - */ -static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret) +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_gcrypt_dh_t *this, chunk_t *secret) { if (!this->zz) { @@ -155,18 +149,14 @@ static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret) return SUCCESS; } -/** - * Implementation of gcrypt_dh_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_gcrypt_dh_t *this) +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_gcrypt_dh_t *this) { return this->group; } -/** - * Implementation of gcrypt_dh_t.destroy. - */ -static void destroy(private_gcrypt_dh_t *this) +METHOD(diffie_hellman_t, destroy, void, + private_gcrypt_dh_t *this) { gcry_mpi_release(this->p); gcry_mpi_release(this->xa); @@ -178,42 +168,37 @@ static void destroy(private_gcrypt_dh_t *this) } /* - * Described in header. + * Generic internal constructor */ -gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) +gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len, + chunk_t g, chunk_t p) { private_gcrypt_dh_t *this; - diffie_hellman_params_t *params; gcry_error_t err; chunk_t random; rng_t *rng; - params = diffie_hellman_get_params(group); - if (!params) - { - return NULL; - } - - this = malloc_thing(private_gcrypt_dh_t); - - this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; - this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; - this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; - this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; - this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - - this->group = group; - this->p_len = params->prime.len; - err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, - params->prime.ptr, params->prime.len, NULL); + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + .p_len = p.len, + ); + err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, p.ptr, p.len, NULL); if (err) { DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err)); free(this); return NULL; } - err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG, - params->generator.ptr, params->generator.len, NULL); + err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG, g.ptr, g.len, NULL); if (err) { DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err)); @@ -225,7 +210,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { /* prefer external randomizer */ - rng->allocate_bytes(rng, params->exp_len, &random); + rng->allocate_bytes(rng, exp_len, &random); rng->destroy(rng); err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG, random.ptr, random.len, NULL); @@ -241,21 +226,49 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) } else { /* fallback to gcrypt internal randomizer, shouldn't ever happen */ - this->xa = gcry_mpi_new(params->exp_len * 8); - gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM); + this->xa = gcry_mpi_new(exp_len * 8); + gcry_mpi_randomize(this->xa, exp_len * 8, GCRY_STRONG_RANDOM); } - if (params->exp_len == this->p_len) + if (exp_len == this->p_len) { /* achieve bitsof(p)-1 by setting MSB to 0 */ - gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1); + gcry_mpi_clear_bit(this->xa, exp_len * 8 - 1); } this->ya = gcry_mpi_new(this->p_len * 8); - this->yb = NULL; - this->zz = NULL; gcry_mpi_powm(this->ya, this->g, this->xa, this->p); return &this->public; } + +/* + * Described in header. + */ +gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) +{ + + diffie_hellman_params_t *params; + + params = diffie_hellman_get_params(group); + if (!params) + { + return NULL; + } + return create_generic(group, params->exp_len, + params->generator, params->prime); +} + +/* + * Described in header. + */ +gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group, + chunk_t g, chunk_t p) +{ + if (group == MODP_CUSTOM) + { + return create_generic(group, p.len, g, p); + } + return NULL; +} diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h index 95b68dcd0..a70958dc4 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h @@ -44,5 +44,16 @@ struct gcrypt_dh_t { */ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group); +/** + * Creates a new gcrypt_dh_t object for MODP_CUSTOM. + * + * @param group MODP_CUSTOM + * @param g generator + * @param p prime + * @return gcrypt_dh_t object, NULL if not supported + */ +gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group, + chunk_t g, chunk_t p); + #endif /** GCRYPT_DH_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 39609c16c..96c87614f 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -37,27 +37,20 @@ struct private_gcrypt_hasher_t { gcry_md_hd_t hd; }; -/** - * Implementation of hasher_t.get_hash_size. - */ -static size_t get_hash_size(private_gcrypt_hasher_t *this) +METHOD(hasher_t, get_hash_size, size_t, + private_gcrypt_hasher_t *this) { return gcry_md_get_algo_dlen(gcry_md_get_algo(this->hd)); } -/** - * Implementation of hasher_t.reset. - */ -static void reset(private_gcrypt_hasher_t *this) +METHOD(hasher_t, reset, void, + private_gcrypt_hasher_t *this) { gcry_md_reset(this->hd); } -/** - * Implementation of hasher_t.get_hash. - */ -static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk, - u_int8_t *hash) +METHOD(hasher_t, get_hash, void, + private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash) { gcry_md_write(this->hd, chunk.ptr, chunk.len); if (hash) @@ -67,11 +60,8 @@ static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk, } } -/** - * Implementation of hasher_t.allocate_hash. - */ -static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk, - chunk_t *hash) +METHOD(hasher_t, allocate_hash, void, + private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { @@ -84,10 +74,8 @@ static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk, } } -/** - * Implementation of hasher_t.destroy. - */ -static void destroy (private_gcrypt_hasher_t *this) +METHOD(hasher_t, destroy, void, + private_gcrypt_hasher_t *this) { gcry_md_close(this->hd); free(this); @@ -132,7 +120,17 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) return NULL; } - this = malloc_thing(private_gcrypt_hasher_t); + INIT(this, + .public = { + .hasher = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); err = gcry_md_open(&this->hd, gcrypt_alg, 0); if (err) @@ -143,12 +141,6 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) return NULL; } - this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; - this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; - this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; - this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h index 708ccaafb..a7542bcdd 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h @@ -33,7 +33,7 @@ struct gcrypt_hasher_t { /** * The hasher_t interface. */ - hasher_t hasher_interface; + hasher_t hasher; }; /** diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 039036b2c..590add5c8 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -93,10 +93,8 @@ static struct gcry_thread_cbs thread_functions = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; -/** - * Implementation of gcrypt_plugin_t.destroy - */ -static void destroy(private_gcrypt_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_gcrypt_plugin_t *this) { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)gcrypt_hasher_create); @@ -106,6 +104,8 @@ static void destroy(private_gcrypt_plugin_t *this) (rng_constructor_t)gcrypt_rng_create); lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gcrypt_dh_create); + lib->crypto->remove_dh(lib->crypto, + (dh_constructor_t)gcrypt_dh_create_custom); lib->creds->remove_builder(lib->creds, (builder_function_t)gcrypt_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, @@ -139,9 +139,13 @@ plugin_t *gcrypt_plugin_create() } gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); - this = malloc_thing(private_gcrypt_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); /* hashers */ lib->crypto->add_hasher(lib->crypto, HASH_SHA1, @@ -172,8 +176,14 @@ plugin_t *gcrypt_plugin_create() (crypter_constructor_t)gcrypt_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, + (crypter_constructor_t)gcrypt_crypter_create); +#ifdef HAVE_GCRY_CIPHER_CAMELLIA lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, + (crypter_constructor_t)gcrypt_crypter_create); +#endif /* HAVE_GCRY_CIPHER_CAMELLIA */ lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, (crypter_constructor_t)gcrypt_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, @@ -210,13 +220,15 @@ plugin_t *gcrypt_plugin_create() (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, + (dh_constructor_t)gcrypt_dh_create_custom); /* RSA */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)gcrypt_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, (builder_function_t)gcrypt_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, (builder_function_t)gcrypt_rsa_public_key_load); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index d0d252572..d29755de9 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -35,11 +35,8 @@ struct private_gcrypt_rng_t { rng_quality_t quality; }; -/** - * Implementation of gcrypt_rng_t.get_bytes. - */ -static void get_bytes(private_gcrypt_rng_t *this, size_t bytes, - u_int8_t *buffer) +METHOD(rng_t, get_bytes, void, + private_gcrypt_rng_t *this, size_t bytes, u_int8_t *buffer) { switch (this->quality) { @@ -55,20 +52,15 @@ static void get_bytes(private_gcrypt_rng_t *this, size_t bytes, } } -/** - * Implementation of gcrypt_rng_t.allocate_bytes. - */ -static void allocate_bytes(private_gcrypt_rng_t *this, size_t bytes, - chunk_t *chunk) +METHOD(rng_t, allocate_bytes, void, + private_gcrypt_rng_t *this, size_t bytes, chunk_t *chunk) { *chunk = chunk_alloc(bytes); get_bytes(this, chunk->len, chunk->ptr); } -/** - * Implementation of gcrypt_rng_t.destroy. - */ -static void destroy(private_gcrypt_rng_t *this) +METHOD(rng_t, destroy, void, + private_gcrypt_rng_t *this) { free(this); } @@ -90,13 +82,16 @@ gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) return NULL; } - this = malloc_thing(private_gcrypt_rng_t); - - this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; - this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; - this->public.rng.destroy = (void (*) (rng_t *))destroy; - - this->quality = quality; + INIT(this, + .public = { + .rng = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + }, + .quality = quality, + ); return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index b8e86aba0..38ce2cd6c 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -192,19 +192,15 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, return !!signature->len; } -/** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static key_type_t get_type(private_gcrypt_rsa_private_key_t *this) +METHOD(private_key_t, get_type, key_type_t, + private_gcrypt_rsa_private_key_t *this) { return KEY_RSA; } -/** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *sig) +METHOD(private_key_t, sign, bool, + private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *sig) { switch (scheme) { @@ -229,17 +225,21 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche } } -/** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static bool decrypt(private_gcrypt_rsa_private_key_t *this, - chunk_t encrypted, chunk_t *plain) +METHOD(private_key_t, decrypt, bool, + private_gcrypt_rsa_private_key_t *this, encryption_scheme_t scheme, + chunk_t encrypted, chunk_t *plain) { gcry_error_t err; gcry_sexp_t in, out; chunk_t padded; u_char *pos = NULL;; + if (scheme != ENCRYPT_RSA_PKCS1) + { + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; + } err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))", encrypted.len, encrypted.ptr); if (err) @@ -277,18 +277,14 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this, return TRUE; } -/** - * Implementation of gcrypt_rsa_private_key.get_keysize. - */ -static size_t get_keysize(private_gcrypt_rsa_private_key_t *this) +METHOD(private_key_t, get_keysize, int, + private_gcrypt_rsa_private_key_t *this) { - return gcry_pk_get_nbits(this->key) / 8; + return gcry_pk_get_nbits(this->key); } -/** - * Implementation of gcrypt_rsa_private_key.get_public_key. - */ -static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this) +METHOD(private_key_t, get_public_key, public_key_t*, + private_gcrypt_rsa_private_key_t *this) { chunk_t n, e; public_key_t *public; @@ -304,11 +300,9 @@ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this) return public; } -/** - * Implementation of private_key_t.get_encoding - */ -static bool get_encoding(private_gcrypt_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(private_key_t, get_encoding, bool, + private_gcrypt_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty; gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2; @@ -385,11 +379,9 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this, return success; } -/** - * Implementation of private_key_t.get_fingerprint - */ -static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(private_key_t, get_fingerprint, bool, + private_gcrypt_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *fp) { chunk_t n, e; bool success; @@ -409,19 +401,15 @@ static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this, return success; } -/** - * Implementation of gcrypt_rsa_private_key.get_ref. - */ -static private_key_t* get_ref(private_gcrypt_rsa_private_key_t *this) +METHOD(private_key_t, get_ref, private_key_t*, + private_gcrypt_rsa_private_key_t *this) { ref_get(&this->ref); - return &this->public.interface; + return &this->public.key; } -/** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static void destroy(private_gcrypt_rsa_private_key_t *this) +METHOD(private_key_t, destroy, void, + private_gcrypt_rsa_private_key_t *this) { if (ref_put(&this->ref)) { @@ -434,25 +422,29 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) /** * Internal generic constructor */ -static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty() +static private_gcrypt_rsa_private_key_t *create_empty() { - private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t); - - this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; - this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; - this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.equals = private_key_equals; - this->public.interface.belongs_to = private_key_belongs_to; - this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - - this->key = NULL; - this->ref = 1; + private_gcrypt_rsa_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } @@ -493,7 +485,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, DBG1(DBG_LIB, "building S-expression failed: %s", gpg_strerror(err)); return NULL; } - this = gcrypt_rsa_private_key_create_empty(); + this = create_empty(); err = gcry_pk_genkey(&this->key, param); gcry_sexp_release(param); if (err) @@ -552,7 +544,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, break; } - this = gcrypt_rsa_private_key_create_empty(); + this = create_empty(); err = gcry_sexp_build(&this->key, NULL, "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))", n.len, n.ptr, e.len, e.ptr, d.len, d.ptr, diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h index 4c3605f4b..0f3d66b80 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h @@ -34,7 +34,7 @@ struct gcrypt_rsa_private_key_t { /** * Implements private_key_t interface */ - private_key_t interface; + private_key_t key; }; /** diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 80a91b976..f8645da97 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -159,19 +159,15 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, return TRUE; } -/** - * Implementation of public_key_t.get_type. - */ -static key_type_t get_type(private_gcrypt_rsa_public_key_t *this) +METHOD(public_key_t, get_type, key_type_t, + private_gcrypt_rsa_public_key_t *this) { return KEY_RSA; } -/** - * Implementation of public_key_t.verify. - */ -static bool verify(private_gcrypt_rsa_public_key_t *this, - signature_scheme_t scheme, chunk_t data, chunk_t signature) +METHOD(public_key_t, verify, bool, + private_gcrypt_rsa_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) { switch (scheme) { @@ -196,15 +192,19 @@ static bool verify(private_gcrypt_rsa_public_key_t *this, } } -/** - * Implementation of public_key_t.encrypt. - */ -static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, - chunk_t *encrypted) +METHOD(public_key_t, encrypt_, bool, + private_gcrypt_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *encrypted) { gcry_sexp_t in, out; gcry_error_t err; + if (scheme != ENCRYPT_RSA_PKCS1) + { + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; + } /* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption: * 00 | 02 | RANDOM | 00 | DATA */ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))", @@ -228,19 +228,15 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, return !!encrypted->len; } -/** - * Implementation of public_key_t.get_keysize. - */ -static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) +METHOD(public_key_t, get_keysize, int, + private_gcrypt_rsa_public_key_t *this) { - return gcry_pk_get_nbits(this->key) / 8; + return gcry_pk_get_nbits(this->key); } -/** - * Implementation of private_key_t.get_encoding - */ -static bool get_encoding(private_gcrypt_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(public_key_t, get_encoding, bool, + private_gcrypt_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { chunk_t n, e; bool success; @@ -256,11 +252,9 @@ static bool get_encoding(private_gcrypt_rsa_public_key_t *this, return success; } -/** - * Implementation of private_key_t.get_fingerprint - */ -static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(public_key_t, get_fingerprint, bool, + private_gcrypt_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *fp) { chunk_t n, e; bool success; @@ -280,19 +274,15 @@ static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this, return success; } -/** - * Implementation of public_key_t.get_ref. - */ -static public_key_t* get_ref(private_gcrypt_rsa_public_key_t *this) +METHOD(public_key_t, get_ref, public_key_t*, + private_gcrypt_rsa_public_key_t *this) { ref_get(&this->ref); - return &this->public.interface; + return &this->public.key; } -/** - * Implementation of gcrypt_rsa_public_key.destroy. - */ -static void destroy(private_gcrypt_rsa_public_key_t *this) +METHOD(public_key_t, destroy, void, + private_gcrypt_rsa_public_key_t *this) { if (ref_put(&this->ref)) { @@ -331,21 +321,23 @@ gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, break; } - this = malloc_thing(private_gcrypt_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = public_key_equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->key = NULL; - this->ref = 1; + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt_, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", n.len, n.ptr, e.len, e.ptr); diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h index fa18c357b..ca0a284a2 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h @@ -34,7 +34,7 @@ struct gcrypt_rsa_public_key_t { /** * Implements the public_key_t interface */ - public_key_t interface; + public_key_t key; }; /** diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index bd7100b27..b4ec1ed8d 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index 4ee449890..e99502b27 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -85,10 +85,8 @@ struct private_gmp_diffie_hellman_t { bool computed; }; -/** - * Implementation of gmp_diffie_hellman_t.set_other_public_value. - */ -static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t value) +METHOD(diffie_hellman_t, set_other_public_value, void, + private_gmp_diffie_hellman_t *this, chunk_t value) { mpz_t p_min_1; @@ -146,10 +144,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v mpz_clear(p_min_1); } -/** - * Implementation of gmp_diffie_hellman_t.get_my_public_value. - */ -static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *value) +METHOD(diffie_hellman_t, get_my_public_value, void, + private_gmp_diffie_hellman_t *this,chunk_t *value) { value->len = this->p_len; value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); @@ -159,10 +155,8 @@ static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *valu } } -/** - * Implementation of gmp_diffie_hellman_t.get_shared_secret. - */ -static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *secret) +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_gmp_diffie_hellman_t *this, chunk_t *secret) { if (!this->computed) { @@ -177,18 +171,14 @@ static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *s return SUCCESS; } -/** - * Implementation of gmp_diffie_hellman_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this) +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_gmp_diffie_hellman_t *this) { return this->group; } -/** - * Implementation of gmp_diffie_hellman_t.destroy. - */ -static void destroy(private_gmp_diffie_hellman_t *this) +METHOD(diffie_hellman_t, destroy, void, + private_gmp_diffie_hellman_t *this) { mpz_clear(this->p); mpz_clear(this->xa); @@ -199,44 +189,38 @@ static void destroy(private_gmp_diffie_hellman_t *this) free(this); } -/* - * Described in header. +/** + * Generic internal constructor */ -gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) +static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group, + size_t exp_len, chunk_t g, chunk_t p) { private_gmp_diffie_hellman_t *this; - diffie_hellman_params_t *params; - rng_t *rng; chunk_t random; + rng_t *rng; - params = diffie_hellman_get_params(group); - if (!params) - { - return NULL; - } - - this = malloc_thing(private_gmp_diffie_hellman_t); - - /* public functions */ - this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; - this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; - this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; - this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; - this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + .p_len = p.len, + ); - /* private variables */ - this->group = group; mpz_init(this->p); mpz_init(this->yb); mpz_init(this->ya); mpz_init(this->xa); mpz_init(this->zz); mpz_init(this->g); - - this->computed = FALSE; - this->p_len = params->prime.len; - mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr); - mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr); + mpz_import(this->g, g.len, 1, 1, 1, 0, g.ptr); + mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) @@ -247,10 +231,10 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) return NULL; } - rng->allocate_bytes(rng, params->exp_len, &random); + rng->allocate_bytes(rng, exp_len, &random); rng->destroy(rng); - if (params->exp_len == this->p_len) + if (exp_len == this->p_len) { /* achieve bitsof(p)-1 by setting MSB to 0 */ *random.ptr &= 0x7F; @@ -265,3 +249,29 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) return &this->public; } +/* + * Described in header. + */ +gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) +{ + diffie_hellman_params_t *params; + + params = diffie_hellman_get_params(group); + if (!params) + { + return NULL; + } + return create_generic(group, params->exp_len, + params->generator, params->prime); +} + + +gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom( + diffie_hellman_group_t group, chunk_t g, chunk_t p) +{ + if (group == MODP_CUSTOM) + { + return create_generic(MODP_CUSTOM, p.len, g, p); + } + return NULL; +} diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h index 2a54eebb1..6d73c0863 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h @@ -45,5 +45,16 @@ struct gmp_diffie_hellman_t { */ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group); +/** + * Creates a new gmp_diffie_hellman_t object for MODP_CUSTOM. + * + * @param group MODP_CUSTOM + * @param g generator + * @param p prime + * @return gmp_diffie_hellman_t object, NULL if not supported + */ +gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom( + diffie_hellman_group_t group, chunk_t g, chunk_t p); + #endif /** GMP_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index fbce9732f..9b4fad3da 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -33,13 +33,13 @@ struct private_gmp_plugin_t { gmp_plugin_t public; }; -/** - * Implementation of gmp_plugin_t.gmptroy - */ -static void destroy(private_gmp_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_gmp_plugin_t *this) { lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->remove_dh(lib->crypto, + (dh_constructor_t)gmp_diffie_hellman_create_custom); lib->creds->remove_builder(lib->creds, (builder_function_t)gmp_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, @@ -54,9 +54,15 @@ static void destroy(private_gmp_plugin_t *this) */ plugin_t *gmp_plugin_create() { - private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t); + private_gmp_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gmp_diffie_hellman_create); @@ -81,11 +87,14 @@ plugin_t *gmp_plugin_create() lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, + (dh_constructor_t)gmp_diffie_hellman_create_custom); + + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)gmp_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, (builder_function_t)gmp_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, (builder_function_t)gmp_rsa_public_key_load); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index cc9985320..1b6c20817 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -209,7 +209,7 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data) } /** - * Implementation of gmp_rsa_private_key_t.build_emsa_pkcs1_signature. + * Build a signature using the PKCS#1 EMSA scheme */ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, @@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, { free(digestInfo.ptr); DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, - this->k * 8); + mpz_sizeinbase(this->n, 2)); return FALSE; } @@ -280,19 +280,15 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, return TRUE; } -/** - * Implementation of gmp_rsa_private_key.get_type. - */ -static key_type_t get_type(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_type, key_type_t, + private_gmp_rsa_private_key_t *this) { return KEY_RSA; } -/** - * Implementation of gmp_rsa_private_key.sign. - */ -static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +METHOD(private_key_t, sign, bool, + private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) { switch (scheme) { @@ -317,15 +313,19 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, } } -/** - * Implementation of gmp_rsa_private_key.decrypt. - */ -static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto, - chunk_t *plain) +METHOD(private_key_t, decrypt, bool, + private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { chunk_t em, stripped; bool success = FALSE; + if (scheme != ENCRYPT_RSA_PKCS1) + { + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; + } /* rsa decryption using PKCS#1 RSADP */ stripped = em = rsadp(this, crypto); @@ -356,18 +356,14 @@ end: return success; } -/** - * Implementation of gmp_rsa_private_key.get_keysize. - */ -static size_t get_keysize(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_keysize, int, + private_gmp_rsa_private_key_t *this) { - return this->k; + return mpz_sizeinbase(this->n, 2); } -/** - * Implementation of gmp_rsa_private_key.get_public_key. - */ -static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_public_key, public_key_t*, + private_gmp_rsa_private_key_t *this) { chunk_t n, e; public_key_t *public; @@ -383,27 +379,9 @@ static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) return public; } -/** - * Implementation of gmp_rsa_private_key.equals. - */ -static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other) -{ - return private_key_equals(&this->public.interface, other); -} - -/** - * Implementation of gmp_rsa_private_key.belongs_to. - */ -static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public) -{ - return private_key_belongs_to(&this->public.interface, public); -} - -/** - * Implementation of private_key_t.get_encoding - */ -static bool get_encoding(private_gmp_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(private_key_t, get_encoding, bool, + private_gmp_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { chunk_t n, e, d, p, q, exp1, exp2, coeff; bool success; @@ -435,11 +413,8 @@ static bool get_encoding(private_gmp_rsa_private_key_t *this, return success; } -/** - * Implementation of private_key_t.get_fingerprint - */ -static bool get_fingerprint(private_gmp_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(private_key_t, get_fingerprint, bool, + private_gmp_rsa_private_key_t *this, cred_encoding_type_t type, chunk_t *fp) { chunk_t n, e; bool success; @@ -459,19 +434,15 @@ static bool get_fingerprint(private_gmp_rsa_private_key_t *this, return success; } -/** - * Implementation of gmp_rsa_private_key.get_ref. - */ -static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_ref, private_key_t*, + private_gmp_rsa_private_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.key; } -/** - * Implementation of gmp_rsa_private_key.destroy. - */ -static void destroy(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, destroy, void, + private_gmp_rsa_private_key_t *this) { if (ref_put(&this->ref)) { @@ -592,23 +563,27 @@ static status_t check(private_gmp_rsa_private_key_t *this) */ static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void) { - private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t); - - this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; - this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; - this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; - this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; - this->public.interface.destroy = (void (*) (private_key_t*))destroy; - - this->ref = 1; + private_gmp_rsa_private_key_t *this; + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h index db1fcf535..32e1f292c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h @@ -34,7 +34,7 @@ struct gmp_rsa_private_key_t { /** * Implements private_key_t interface */ - private_key_t interface; + private_key_t key; }; /** diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index c114ae80d..a7ba80138 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -273,19 +273,15 @@ end: return success; } -/** - * Implementation of public_key_t.get_type. - */ -static key_type_t get_type(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, get_type, key_type_t, + private_gmp_rsa_public_key_t *this) { return KEY_RSA; } -/** - * Implementation of public_key_t.verify. - */ -static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) +METHOD(public_key_t, verify, bool, + private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) { switch (scheme) { @@ -312,24 +308,21 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme #define MIN_PS_PADDING 8 -/** - * Implementation of public_key_t.encrypt. - */ -static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, - chunk_t *crypto) +METHOD(public_key_t, encrypt_, bool, + private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) { chunk_t em; u_char *pos; int padding, i; rng_t *rng; - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (rng == NULL) + if (scheme != ENCRYPT_RSA_PKCS1) { - DBG1(DBG_LIB, "no random generator available"); + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); return FALSE; } - /* number of pseudo-random padding octets */ padding = this->k - plain.len - 3; if (padding < MIN_PS_PADDING) @@ -338,6 +331,12 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, MIN_PS_PADDING); return FALSE; } + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (rng == NULL) + { + DBG1(DBG_LIB, "no random generator available"); + return FALSE; + } /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */ DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of" @@ -376,27 +375,15 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, return TRUE; } -/** - * Implementation of gmp_rsa_public_key.equals. - */ -static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other) -{ - return public_key_equals(&this->public.interface, other); -} - -/** - * Implementation of public_key_t.get_keysize. - */ -static size_t get_keysize(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, get_keysize, int, + private_gmp_rsa_public_key_t *this) { - return this->k; + return mpz_sizeinbase(this->n, 2); } -/** - * Implementation of public_key_t.get_encoding - */ -static bool get_encoding(private_gmp_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(public_key_t, get_encoding, bool, + private_gmp_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { chunk_t n, e; bool success; @@ -412,11 +399,8 @@ static bool get_encoding(private_gmp_rsa_public_key_t *this, return success; } -/** - * Implementation of public_key_t.get_fingerprint - */ -static bool get_fingerprint(private_gmp_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(public_key_t, get_fingerprint, bool, + private_gmp_rsa_public_key_t *this, cred_encoding_type_t type, chunk_t *fp) { chunk_t n, e; bool success; @@ -436,19 +420,15 @@ static bool get_fingerprint(private_gmp_rsa_public_key_t *this, return success; } -/** - * Implementation of public_key_t.get_ref. - */ -static private_gmp_rsa_public_key_t* get_ref(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, get_ref, public_key_t*, + private_gmp_rsa_public_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.key; } -/** - * Implementation of gmp_rsa_public_key.destroy. - */ -static void destroy(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, destroy, void, + private_gmp_rsa_public_key_t *this) { if (ref_put(&this->ref)) { @@ -490,20 +470,23 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) return NULL; } - this = malloc_thing(private_gmp_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type; - this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify; - this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize; - this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref; - this->public.interface.destroy = (void (*) (public_key_t *this))destroy; - - this->ref = 1; + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt_, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); mpz_init(this->n); mpz_init(this->e); diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h index 807f0bb7c..14dd71e0b 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h @@ -35,7 +35,7 @@ struct gmp_rsa_public_key_t { /** * Implements the public_key_t interface */ - public_key_t interface; + public_key_t key; }; /** diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index b03ff44a6..42a7d3747 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index c1ab48899..c7b2739df 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -30,7 +30,7 @@ struct private_hmac_t { /** * Public hmac_t interface. */ - hmac_t hmac; + hmac_t public; /** * Block size, as in RFC. @@ -53,10 +53,8 @@ struct private_hmac_t { chunk_t ipaded_key; }; -/** - * Implementation of hmac_t.get_mac. - */ -static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) +METHOD(hmac_t, get_mac, void, + private_hmac_t *this, chunk_t data, u_int8_t *out) { /* H(K XOR opad, H(K XOR ipad, text)) * @@ -91,37 +89,31 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) } } -/** - * Implementation of hmac_t.allocate_mac. - */ -static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out) +METHOD(hmac_t, allocate_mac, void, + private_hmac_t *this, chunk_t data, chunk_t *out) { /* allocate space and use get_mac */ if (out == NULL) { /* append mode */ - this->hmac.get_mac(&(this->hmac), data, NULL); + get_mac(this, data, NULL); } else { out->len = this->h->get_hash_size(this->h); out->ptr = malloc(out->len); - this->hmac.get_mac(&(this->hmac), data, out->ptr); + get_mac(this, data, out->ptr); } } -/** - * Implementation of hmac_t.get_block_size. - */ -static size_t get_block_size(private_hmac_t *this) +METHOD(hmac_t, get_block_size, size_t, + private_hmac_t *this) { return this->h->get_hash_size(this->h); } -/** - * Implementation of hmac_t.set_key. - */ -static void set_key(private_hmac_t *this, chunk_t key) +METHOD(hmac_t, set_key, void, + private_hmac_t *this, chunk_t key) { int i; u_int8_t buffer[this->b]; @@ -151,10 +143,8 @@ static void set_key(private_hmac_t *this, chunk_t key) this->h->get_hash(this->h, this->ipaded_key, NULL); } -/** - * Implementation of hmac_t.destroy. - */ -static void destroy(private_hmac_t *this) +METHOD(hmac_t, destroy, void, + private_hmac_t *this) { this->h->destroy(this->h); free(this->opaded_key.ptr); @@ -167,14 +157,17 @@ static void destroy(private_hmac_t *this) */ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) { - private_hmac_t *this = malloc_thing(private_hmac_t); - - /* set hmac_t methods */ - this->hmac.get_mac = (void (*)(hmac_t *,chunk_t,u_int8_t*))get_mac; - this->hmac.allocate_mac = (void (*)(hmac_t *,chunk_t,chunk_t*))allocate_mac; - this->hmac.get_block_size = (size_t (*)(hmac_t *))get_block_size; - this->hmac.set_key = (void (*)(hmac_t *,chunk_t))set_key; - this->hmac.destroy = (void (*)(hmac_t *))destroy; + private_hmac_t *this; + + INIT(this, + .public = { + .get_mac = _get_mac, + .allocate_mac = _allocate_mac, + .get_block_size = _get_block_size, + .set_key = _set_key, + .destroy = _destroy, + }, + ); /* set b, according to hasher */ switch (hash_algorithm) @@ -193,7 +186,6 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) return NULL; } - /* build the hasher */ this->h = lib->crypto->create_hasher(lib->crypto, hash_algorithm); if (this->h == NULL) { @@ -208,5 +200,5 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) this->ipaded_key.ptr = malloc(this->b); this->ipaded_key.len = this->b; - return &(this->hmac); + return &this->public; } diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index e6b9f7a74..73df4dc6c 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -32,10 +32,8 @@ struct private_hmac_plugin_t { hmac_plugin_t public; }; -/** - * Implementation of hmac_plugin_t.hmactroy - */ -static void destroy(private_hmac_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_hmac_plugin_t *this) { lib->crypto->remove_prf(lib->crypto, (prf_constructor_t)hmac_prf_create); @@ -49,9 +47,15 @@ static void destroy(private_hmac_plugin_t *this) */ plugin_t *hmac_plugin_create() { - private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t); + private_hmac_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, (prf_constructor_t)hmac_prf_create); @@ -72,12 +76,16 @@ plugin_t *hmac_plugin_create() (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, + (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, + (signer_constructor_t)hmac_signer_create); lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, (signer_constructor_t)hmac_signer_create); diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c index cca6e9570..ca10612f9 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.c +++ b/src/libstrongswan/plugins/hmac/hmac_prf.c @@ -36,51 +36,39 @@ struct private_hmac_prf_t { hmac_t *hmac; }; -/** - * Implementation of prf_t.get_bytes. - */ -static void get_bytes(private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer) +METHOD(prf_t, get_bytes, void, + private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer) { this->hmac->get_mac(this->hmac, seed, buffer); } -/** - * Implementation of prf_t.allocate_bytes. - */ -static void allocate_bytes(private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk) +METHOD(prf_t, allocate_bytes, void, + private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk) { this->hmac->allocate_mac(this->hmac, seed, chunk); } -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_block_size(private_hmac_prf_t *this) +METHOD(prf_t, get_block_size, size_t, + private_hmac_prf_t *this) { return this->hmac->get_block_size(this->hmac); } -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_key_size(private_hmac_prf_t *this) +METHOD(prf_t, get_key_size, size_t, + private_hmac_prf_t *this) { /* for HMAC prfs, IKEv2 uses block size as key size */ return this->hmac->get_block_size(this->hmac); } -/** - * Implementation of prf_t.set_key. - */ -static void set_key(private_hmac_prf_t *this, chunk_t key) +METHOD(prf_t, set_key, void, + private_hmac_prf_t *this, chunk_t key) { this->hmac->set_key(this->hmac, key); } -/** - * Implementation of prf_t.destroy. - */ -static void destroy(private_hmac_prf_t *this) +METHOD(prf_t, destroy, void, + private_hmac_prf_t *this) { this->hmac->destroy(this->hmac); free(this); @@ -92,44 +80,47 @@ static void destroy(private_hmac_prf_t *this) hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo) { private_hmac_prf_t *this; - hash_algorithm_t hash; + hmac_t *hmac; switch (algo) { case PRF_HMAC_SHA1: - hash = HASH_SHA1; + hmac = hmac_create(HASH_SHA1); break; case PRF_HMAC_MD5: - hash = HASH_MD5; + hmac = hmac_create(HASH_MD5); break; case PRF_HMAC_SHA2_256: - hash = HASH_SHA256; + hmac = hmac_create(HASH_SHA256); break; case PRF_HMAC_SHA2_384: - hash = HASH_SHA384; + hmac = hmac_create(HASH_SHA384); break; case PRF_HMAC_SHA2_512: - hash = HASH_SHA512; + hmac = hmac_create(HASH_SHA512); break; default: return NULL; } - - this = malloc_thing(private_hmac_prf_t); - this->hmac = hmac_create(hash); - if (this->hmac == NULL) + if (hmac == NULL) { - free(this); return NULL; } - this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; - this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; - this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; - this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; - this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; - this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - - return &(this->public); + INIT(this, + .public = { + .prf = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .hmac = hmac, + ); + + return &this->public; } diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h index 975b456f5..29d7269ae 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.h +++ b/src/libstrongswan/plugins/hmac/hmac_prf.h @@ -35,9 +35,9 @@ typedef struct hmac_prf_t hmac_prf_t; struct hmac_prf_t { /** - * Generic prf_t interface for this hmac_prf_t class. + * Implements prf_t interface. */ - prf_t prf_interface; + prf_t prf; }; /** diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c index f82a8f3a1..511a3e3a5 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.c +++ b/src/libstrongswan/plugins/hmac/hmac_signer.c @@ -41,11 +41,8 @@ struct private_hmac_signer_t { size_t block_size; }; -/** - * Implementation of signer_t.get_signature. - */ -static void get_signature(private_hmac_signer_t *this, - chunk_t data, u_int8_t *buffer) +METHOD(signer_t, get_signature, void, + private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer) { if (buffer == NULL) { /* append mode */ @@ -60,11 +57,8 @@ static void get_signature(private_hmac_signer_t *this, } } -/** - * Implementation of signer_t.allocate_signature. - */ -static void allocate_signature (private_hmac_signer_t *this, - chunk_t data, chunk_t *chunk) +METHOD(signer_t, allocate_signature, void, + private_hmac_signer_t *this, chunk_t data, chunk_t *chunk) { if (chunk == NULL) { /* append mode */ @@ -83,11 +77,8 @@ static void allocate_signature (private_hmac_signer_t *this, } } -/** - * Implementation of signer_t.verify_signature. - */ -static bool verify_signature(private_hmac_signer_t *this, - chunk_t data, chunk_t signature) +METHOD(signer_t, verify_signature, bool, + private_hmac_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; @@ -100,38 +91,29 @@ static bool verify_signature(private_hmac_signer_t *this, return memeq(signature.ptr, mac, this->block_size); } -/** - * Implementation of signer_t.get_key_size. - */ -static size_t get_key_size(private_hmac_signer_t *this) +METHOD(signer_t, get_key_size, size_t, + private_hmac_signer_t *this) { return this->hmac->get_block_size(this->hmac); } -/** - * Implementation of signer_t.get_block_size. - */ -static size_t get_block_size(private_hmac_signer_t *this) +METHOD(signer_t, get_block_size, size_t, + private_hmac_signer_t *this) { return this->block_size; } -/** - * Implementation of signer_t.set_key. - */ -static void set_key(private_hmac_signer_t *this, chunk_t key) +METHOD(signer_t, set_key, void, + private_hmac_signer_t *this, chunk_t key) { this->hmac->set_key(this->hmac, key); } -/** - * Implementation of signer_t.destroy. - */ -static status_t destroy(private_hmac_signer_t *this) +METHOD(signer_t, destroy, void, + private_hmac_signer_t *this) { this->hmac->destroy(this->hmac); free(this); - return SUCCESS; } /* @@ -140,66 +122,76 @@ static status_t destroy(private_hmac_signer_t *this) hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) { private_hmac_signer_t *this; + hmac_t *hmac; size_t trunc; - hash_algorithm_t hash; switch (algo) { case AUTH_HMAC_SHA1_96: - hash = HASH_SHA1; + hmac = hmac_create(HASH_SHA1); trunc = 12; break; case AUTH_HMAC_SHA1_128: - hash = HASH_SHA1; + hmac = hmac_create(HASH_SHA1); trunc = 16; break; case AUTH_HMAC_SHA1_160: - hash = HASH_SHA1; + hmac = hmac_create(HASH_SHA1); trunc = 20; break; case AUTH_HMAC_MD5_96: - hash = HASH_MD5; + hmac = hmac_create(HASH_MD5); trunc = 12; break; case AUTH_HMAC_MD5_128: - hash = HASH_MD5; + hmac = hmac_create(HASH_MD5); trunc = 16; break; case AUTH_HMAC_SHA2_256_128: - hash = HASH_SHA256; + hmac = hmac_create(HASH_SHA256); trunc = 16; break; case AUTH_HMAC_SHA2_384_192: - hash = HASH_SHA384; + hmac = hmac_create(HASH_SHA384); trunc = 24; break; case AUTH_HMAC_SHA2_512_256: - hash = HASH_SHA512; + hmac = hmac_create(HASH_SHA512); trunc = 32; break; + case AUTH_HMAC_SHA2_256_256: + hmac = hmac_create(HASH_SHA256); + trunc = 32; + break; + case AUTH_HMAC_SHA2_384_384: + hmac = hmac_create(HASH_SHA384); + trunc = 48; + break; default: return NULL; } - this = malloc_thing(private_hmac_signer_t); - this->hmac = hmac_create(hash); - if (this->hmac == NULL) + if (hmac == NULL) { - free(this); return NULL; } - /* prevent invalid truncation */ - this->block_size = min(trunc, this->hmac->get_block_size(this->hmac)); - - /* interface functions */ - this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; - this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; - this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature; - this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size; - this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; - this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; - this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; - - return &(this->public); + + INIT(this, + .public = { + .signer = { + .get_signature = _get_signature, + .allocate_signature = _allocate_signature, + .verify_signature = _verify_signature, + .get_key_size = _get_key_size, + .get_block_size = _get_block_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .block_size = min(trunc, hmac->get_block_size(hmac)), + .hmac = hmac, + ); + + return &this->public; } diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h index 0de93440c..5e798683b 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.h +++ b/src/libstrongswan/plugins/hmac/hmac_signer.h @@ -34,9 +34,9 @@ typedef struct hmac_signer_t hmac_signer_t; struct hmac_signer_t { /** - * generic signer_t interface for this signer + * Implements signer_t interface. */ - signer_t signer_interface; + signer_t signer; }; /** @@ -44,8 +44,7 @@ struct hmac_signer_t { * * HMAC signatures are often truncated to shorten them to a more usable, but * still secure enough length. - * Block size must be equal or smaller then the hash algorithms - * hash. + * Block size must be equal or smaller then the hash algorithms hash. * * @param algo algorithm to implement * @return hmac_signer_t, NULL if not supported diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index b96fd5abf..65a135e76 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 874ee07a2..a78dad97c 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index cc32bca88..6de400e8e 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 83c1188b6..7d4d42c14 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -197,14 +200,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -244,7 +257,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index de9df7271..a32418b16 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -171,6 +172,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -202,14 +205,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -224,24 +230,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -249,7 +262,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 5645d72d7..b9d97a901 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -416,10 +416,19 @@ static bool parse_authKeyIdentifier_ext(private_openssl_crl_t *this, static bool parse_crlNumber_ext(private_openssl_crl_t *this, X509_EXTENSION *ext) { - free(this->serial.ptr); - this->serial = chunk_clone( - openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext))); - return this->serial.len != 0; + chunk_t chunk; + + chunk = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext)); + /* quick and dirty INTEGER unwrap */ + if (chunk.len > 1 && chunk.ptr[0] == V_ASN1_INTEGER && + chunk.ptr[1] == chunk.len - 2) + { + chunk = chunk_skip(chunk, 2); + free(this->serial.ptr); + this->serial = chunk_clone(chunk); + return TRUE; + } + return FALSE; } /** diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index a8923ab56..2ed07ff0c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -41,85 +41,57 @@ struct private_openssl_crypter_t { }; /** - * Mapping from the algorithms defined in IKEv2 to - * OpenSSL algorithm names and their key length - */ -typedef struct { - /** - * Identifier specified in IKEv2 - */ - int ikev2_id; - - /** - * Name of the algorithm, as used in OpenSSL - */ - char *name; - - /** - * Minimum valid key length in bytes - */ - size_t key_size_min; - - /** - * Maximum valid key length in bytes - */ - size_t key_size_max; -} openssl_algorithm_t; - -#define END_OF_LIST -1 - -/** - * Algorithms for encryption - */ -static openssl_algorithm_t encryption_algs[] = { -/* {ENCR_DES_IV64, "***", 0, 0}, */ - {ENCR_DES, "des", 8, 8}, /* 64 bits */ - {ENCR_3DES, "des3", 24, 24}, /* 192 bits */ - {ENCR_RC5, "rc5", 5, 255}, /* 40 to 2040 bits, RFC 2451 */ - {ENCR_IDEA, "idea", 16, 16}, /* 128 bits, RFC 2451 */ - {ENCR_CAST, "cast", 5, 16}, /* 40 to 128 bits, RFC 2451 */ - {ENCR_BLOWFISH, "blowfish", 5, 56}, /* 40 to 448 bits, RFC 2451 */ -/* {ENCR_3IDEA, "***", 0, 0}, */ -/* {ENCR_DES_IV32, "***", 0, 0}, */ -/* {ENCR_NULL, "***", 0, 0}, */ /* handled separately */ -/* {ENCR_AES_CBC, "***", 0, 0}, */ /* handled separately */ -/* {ENCR_CAMELLIA_CBC, "***", 0, 0}, */ /* handled separately */ -/* {ENCR_AES_CTR, "***", 0, 0}, */ /* disabled in evp.h */ - {END_OF_LIST, NULL, 0, 0}, -}; - -/** * Look up an OpenSSL algorithm name and validate its key size */ -static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, - u_int16_t ikev2_algo, size_t *key_size) +static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) { - while (openssl_algo->ikev2_id != END_OF_LIST) + struct { + /* identifier specified in IKEv2 */ + int ikev2_id; + /* name of the algorithm, as used in OpenSSL */ + char *name; + /* default key size in bytes */ + size_t key_def; + /* minimum key size */ + size_t key_min; + /* maximum key size */ + size_t key_max; + } mappings[] = { + {ENCR_DES, "des", 8, 8, 8}, + {ENCR_3DES, "des3", 24, 24, 24}, + {ENCR_RC5, "rc5", 16, 5, 255}, + {ENCR_IDEA, "idea", 16, 16, 16}, + {ENCR_CAST, "cast", 16, 5, 16}, + {ENCR_BLOWFISH, "blowfish", 16, 5, 56}, + }; + int i; + + for (i = 0; i < countof(mappings); i++) { - if (ikev2_algo == openssl_algo->ikev2_id) + if (ikev2_algo == mappings[i].ikev2_id) { /* set the key size if it is not set */ - if (*key_size == 0 && - (openssl_algo->key_size_min == openssl_algo->key_size_max)) + if (*key_size == 0) { - *key_size = openssl_algo->key_size_min; + *key_size = mappings[i].key_def; } - /* validate key size */ - if (*key_size < openssl_algo->key_size_min || - *key_size > openssl_algo->key_size_max) + if (*key_size < mappings[i].key_min || + *key_size > mappings[i].key_max) { return NULL; } - return openssl_algo->name; + return mappings[i].name; } - openssl_algo++; } return NULL; } -static void crypt(private_openssl_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst, int enc) +/** + * Do the actual en/decryption in an EVP context + */ +static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, + chunk_t *dst, int enc) { int len; u_char *out; @@ -141,53 +113,44 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, EVP_CIPHER_CTX_cleanup(&ctx); } -/** - * Implementation of crypter_t.decrypt. - */ -static void decrypt(private_openssl_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst) +METHOD(crypter_t, decrypt, void, + private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, data, iv, dst, 0); } - -/** - * Implementation of crypter_t.encrypt. - */ -static void encrypt (private_openssl_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst) +METHOD(crypter_t, encrypt, void, + private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, data, iv, dst, 1); } -/** - * Implementation of crypter_t.get_block_size. - */ -static size_t get_block_size(private_openssl_crypter_t *this) +METHOD(crypter_t, get_block_size, size_t, + private_openssl_crypter_t *this) { return this->cipher->block_size; } -/** - * Implementation of crypter_t.get_key_size. - */ -static size_t get_key_size(private_openssl_crypter_t *this) +METHOD(crypter_t, get_iv_size, size_t, + private_openssl_crypter_t *this) +{ + return this->cipher->block_size; +} + +METHOD(crypter_t, get_key_size, size_t, + private_openssl_crypter_t *this) { return this->key.len; } -/** - * Implementation of crypter_t.set_key. - */ -static void set_key(private_openssl_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key, void, + private_openssl_crypter_t *this, chunk_t key) { memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len)); } -/** - * Implementation of crypter_t.destroy. - */ -static void destroy (private_openssl_crypter_t *this) +METHOD(crypter_t, destroy, void, + private_openssl_crypter_t *this) { free(this->key.ptr); free(this); @@ -201,16 +164,32 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, { private_openssl_crypter_t *this; - this = malloc_thing(private_openssl_crypter_t); + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + ); switch (algo) { case ENCR_NULL: this->cipher = EVP_enc_null(); + key_size = 0; break; case ENCR_AES_CBC: switch (key_size) { + case 0: + key_size = 16; + /* FALL */ case 16: /* AES 128 */ this->cipher = EVP_get_cipherbyname("aes128"); break; @@ -228,6 +207,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, case ENCR_CAMELLIA_CBC: switch (key_size) { + case 0: + key_size = 16; + /* FALL */ case 16: /* CAMELLIA 128 */ this->cipher = EVP_get_cipherbyname("camellia128"); break; @@ -243,11 +225,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, } break; case ENCR_DES_ECB: + key_size = 8; this->cipher = EVP_des_ecb(); break; default: { - char* name = lookup_algorithm(encryption_algs, algo, &key_size); + char* name; + + name = lookup_algorithm(algo, &key_size); if (!name) { /* algo unavailable or key_size invalid */ @@ -268,12 +253,5 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, this->key = chunk_alloc(key_size); - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; - this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; - this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; - this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h index 7e30ae03c..b12e7a6ab 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.h +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h @@ -31,9 +31,9 @@ typedef struct openssl_crypter_t openssl_crypter_t; struct openssl_crypter_t { /** - * The crypter_t interface. + * Implements crypter_t interface. */ - crypter_t crypter_interface; + crypter_t crypter; }; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index 9a032c54f..b27aa3391 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -57,11 +57,8 @@ struct private_openssl_diffie_hellman_t { bool computed; }; -/** - * Implementation of openssl_diffie_hellman_t.get_my_public_value. - */ -static void get_my_public_value(private_openssl_diffie_hellman_t *this, - chunk_t *value) +METHOD(diffie_hellman_t, get_my_public_value, void, + private_openssl_diffie_hellman_t *this, chunk_t *value) { *value = chunk_alloc(DH_size(this->dh)); memset(value->ptr, 0, value->len); @@ -69,11 +66,8 @@ static void get_my_public_value(private_openssl_diffie_hellman_t *this, value->ptr + value->len - BN_num_bytes(this->dh->pub_key)); } -/** - * Implementation of openssl_diffie_hellman_t.get_shared_secret. - */ -static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, - chunk_t *secret) +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_openssl_diffie_hellman_t *this, chunk_t *secret) { if (!this->computed) { @@ -88,11 +82,8 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, } -/** - * Implementation of openssl_diffie_hellman_t.set_other_public_value. - */ -static void set_other_public_value(private_openssl_diffie_hellman_t *this, - chunk_t value) +METHOD(diffie_hellman_t, set_other_public_value, void, + private_openssl_diffie_hellman_t *this, chunk_t value) { int len; @@ -110,10 +101,8 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this, this->computed = TRUE; } -/** - * Implementation of openssl_diffie_hellman_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *this) +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_openssl_diffie_hellman_t *this) { return this->group; } @@ -137,10 +126,8 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this) return SUCCESS; } -/** - * Implementation of openssl_diffie_hellman_t.destroy. - */ -static void destroy(private_openssl_diffie_hellman_t *this) +METHOD(diffie_hellman_t, destroy, void, + private_openssl_diffie_hellman_t *this) { BN_clear_free(this->pub_key); DH_free(this->dh); @@ -151,15 +138,22 @@ static void destroy(private_openssl_diffie_hellman_t *this) /* * Described in header. */ -openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group) +openssl_diffie_hellman_t *openssl_diffie_hellman_create( + diffie_hellman_group_t group, chunk_t g, chunk_t p) { - private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t); - - this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; - this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; - this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; - this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; - this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; + private_openssl_diffie_hellman_t *this; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + ); this->dh = DH_new(); if (!this->dh) @@ -173,11 +167,19 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g this->pub_key = BN_new(); this->shared_secret = chunk_empty; - /* find a modulus according to group */ - if (set_modulus(this) != SUCCESS) + if (group == MODP_CUSTOM) { - destroy(this); - return NULL; + this->dh->p = BN_bin2bn(p.ptr, p.len, NULL); + this->dh->g = BN_bin2bn(g.ptr, g.len, NULL); + } + else + { + /* find a modulus according to group */ + if (set_modulus(this) != SUCCESS) + { + destroy(this); + return NULL; + } } /* generate my public and private values */ diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h index 6c4b4fe81..53dc59c78 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h @@ -40,9 +40,12 @@ struct openssl_diffie_hellman_t { * Creates a new openssl_diffie_hellman_t object. * * @param group Diffie Hellman group number to use + * @param g custom generator, if MODP_CUSTOM + * @param p custom prime, if MODP_CUSTOM * @return openssl_diffie_hellman_t object, NULL if not supported */ -openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group); +openssl_diffie_hellman_t *openssl_diffie_hellman_create( + diffie_hellman_group_t group, chunk_t g, chunk_t p); #endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index a53e8aea0..32fc2bccd 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -165,7 +165,8 @@ error: * of the Diffie-Hellman shared secret value is the same as that of the * Diffie-Hellman public value." */ -static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_t *shared_secret) +static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, + chunk_t *shared_secret) { const BIGNUM *priv_key; EC_POINT *secret = NULL; @@ -209,10 +210,8 @@ error: return ret; } -/** - * Implementation of openssl_ec_diffie_hellman_t.set_other_public_value. - */ -static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, chunk_t value) +METHOD(diffie_hellman_t, set_other_public_value, void, + private_openssl_ec_diffie_hellman_t *this, chunk_t value) { if (!chunk2ecp(this->ec_group, value, this->pub_key)) { @@ -230,18 +229,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch this->computed = TRUE; } -/** - * Implementation of openssl_ec_diffie_hellman_t.get_my_public_value. - */ -static void get_my_public_value(private_openssl_ec_diffie_hellman_t *this,chunk_t *value) +METHOD(diffie_hellman_t, get_my_public_value, void, + private_openssl_ec_diffie_hellman_t *this,chunk_t *value) { ecp2chunk(this->ec_group, EC_KEY_get0_public_key(this->key), value, FALSE); } -/** - * Implementation of openssl_ec_diffie_hellman_t.get_shared_secret. - */ -static status_t get_shared_secret(private_openssl_ec_diffie_hellman_t *this, chunk_t *secret) +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_openssl_ec_diffie_hellman_t *this, chunk_t *secret) { if (!this->computed) { @@ -251,18 +246,14 @@ static status_t get_shared_secret(private_openssl_ec_diffie_hellman_t *this, chu return SUCCESS; } -/** - * Implementation of openssl_ec_diffie_hellman_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_openssl_ec_diffie_hellman_t *this) +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_openssl_ec_diffie_hellman_t *this) { return this->group; } -/** - * Implementation of openssl_ec_diffie_hellman_t.destroy. - */ -static void destroy(private_openssl_ec_diffie_hellman_t *this) +METHOD(diffie_hellman_t, destroy, void, + private_openssl_ec_diffie_hellman_t *this) { EC_POINT_clear_free(this->pub_key); EC_KEY_free(this->key); @@ -275,13 +266,20 @@ static void destroy(private_openssl_ec_diffie_hellman_t *this) */ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group) { - private_openssl_ec_diffie_hellman_t *this = malloc_thing(private_openssl_ec_diffie_hellman_t); - - this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; - this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; - this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; - this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; - this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; + private_openssl_ec_diffie_hellman_t *this; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + ); switch (group) { @@ -328,11 +326,6 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro return NULL; } - this->group = group; - this->computed = FALSE; - - this->shared_secret = chunk_empty; - return &this->public; } #endif /* OPENSSL_NO_EC */ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 281155913..f4c4759bf 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -138,11 +138,9 @@ static bool build_der_signature(private_openssl_ec_private_key_t *this, return built; } -/** - * Implementation of private_key_t.sign. - */ -static bool sign(private_openssl_ec_private_key_t *this, - signature_scheme_t scheme, chunk_t data, chunk_t *signature) +METHOD(private_key_t, sign, bool, + private_openssl_ec_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) { switch (scheme) { @@ -172,36 +170,38 @@ static bool sign(private_openssl_ec_private_key_t *this, } } -/** - * Implementation of private_key_t.destroy. - */ -static bool decrypt(private_openssl_ec_private_key_t *this, - chunk_t crypto, chunk_t *plain) +METHOD(private_key_t, decrypt, bool, + private_openssl_ec_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC private key decryption not implemented"); return FALSE; } -/** - * Implementation of private_key_t.get_keysize. - */ -static size_t get_keysize(private_openssl_ec_private_key_t *this) +METHOD(private_key_t, get_keysize, int, + private_openssl_ec_private_key_t *this) { - return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)); + switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec))) + { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; + case NID_secp521r1: + return 521; + default: + return 0; + } } -/** - * Implementation of private_key_t.get_type. - */ -static key_type_t get_type(private_openssl_ec_private_key_t *this) +METHOD(private_key_t, get_type, key_type_t, + private_openssl_ec_private_key_t *this) { return KEY_ECDSA; } -/** - * Implementation of private_key_t.get_public_key. - */ -static public_key_t* get_public_key(private_openssl_ec_private_key_t *this) +METHOD(private_key_t, get_public_key, public_key_t*, + private_openssl_ec_private_key_t *this) { public_key_t *public; chunk_t key; @@ -217,20 +217,16 @@ static public_key_t* get_public_key(private_openssl_ec_private_key_t *this) return public; } -/** - * Implementation of private_key_t.get_fingerprint. - */ -static bool get_fingerprint(private_openssl_ec_private_key_t *this, - cred_encoding_type_t type, chunk_t *fingerprint) +METHOD(private_key_t, get_fingerprint, bool, + private_openssl_ec_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) { return openssl_ec_fingerprint(this->ec, type, fingerprint); } -/** - * Implementation of private_key_t.get_encoding. - */ -static bool get_encoding(private_openssl_ec_private_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(private_key_t, get_encoding, bool, + private_openssl_ec_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { u_char *p; @@ -261,19 +257,15 @@ static bool get_encoding(private_openssl_ec_private_key_t *this, } } -/** - * Implementation of private_key_t.get_ref. - */ -static private_key_t* get_ref(private_openssl_ec_private_key_t *this) +METHOD(private_key_t, get_ref, private_key_t*, + private_openssl_ec_private_key_t *this) { ref_get(&this->ref); - return &this->public.interface; + return &this->public.key; } -/** - * Implementation of private_key_t.destroy. - */ -static void destroy(private_openssl_ec_private_key_t *this) +METHOD(private_key_t, destroy, void, + private_openssl_ec_private_key_t *this) { if (ref_put(&this->ref)) { @@ -291,23 +283,27 @@ static void destroy(private_openssl_ec_private_key_t *this) */ static private_openssl_ec_private_key_t *create_empty(void) { - private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t); - - this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; - this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; - this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.equals = private_key_equals; - this->public.interface.belongs_to = private_key_belongs_to; - this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - - this->ec = NULL; - this->ref = 1; + private_openssl_ec_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h index 720c63f90..f56c95aa1 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -34,7 +34,7 @@ struct openssl_ec_private_key_t { /** * Implements private_key_t interface */ - private_key_t interface; + private_key_t key; }; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index def36c92f..7461695ad 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -130,19 +130,15 @@ static bool verify_der_signature(private_openssl_ec_public_key_t *this, return valid; } -/** - * Implementation of public_key_t.get_type. - */ -static key_type_t get_type(private_openssl_ec_public_key_t *this) +METHOD(public_key_t, get_type, key_type_t, + private_openssl_ec_public_key_t *this) { return KEY_ECDSA; } -/** - * Implementation of public_key_t.verify. - */ -static bool verify(private_openssl_ec_public_key_t *this, - signature_scheme_t scheme, chunk_t data, chunk_t signature) +METHOD(public_key_t, verify, bool, + private_openssl_ec_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) { switch (scheme) { @@ -172,22 +168,28 @@ static bool verify(private_openssl_ec_public_key_t *this, } } -/** - * Implementation of public_key_t.get_keysize. - */ -static bool encrypt_(private_openssl_ec_public_key_t *this, - chunk_t crypto, chunk_t *plain) +METHOD(public_key_t, encrypt, bool, + private_openssl_ec_public_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "EC public key encryption not implemented"); return FALSE; } -/** - * Implementation of public_key_t.get_keysize. - */ -static size_t get_keysize(private_openssl_ec_public_key_t *this) +METHOD(public_key_t, get_keysize, int, + private_openssl_ec_public_key_t *this) { - return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)); + switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec))) + { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; + case NID_secp521r1: + return 521; + default: + return 0; + } } /** @@ -232,20 +234,16 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp) return TRUE; } -/** - * Implementation of private_key_t.get_fingerprint. - */ -static bool get_fingerprint(private_openssl_ec_public_key_t *this, - cred_encoding_type_t type, chunk_t *fingerprint) +METHOD(public_key_t, get_fingerprint, bool, + private_openssl_ec_public_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) { return openssl_ec_fingerprint(this->ec, type, fingerprint); } -/** - * Implementation of private_key_t.get_encoding. - */ -static bool get_encoding(private_openssl_ec_public_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(public_key_t, get_encoding, bool, + private_openssl_ec_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { u_char *p; @@ -276,19 +274,15 @@ static bool get_encoding(private_openssl_ec_public_key_t *this, } } -/** - * Implementation of public_key_t.get_ref. - */ -static public_key_t* get_ref(private_openssl_ec_public_key_t *this) +METHOD(public_key_t, get_ref, public_key_t*, + private_openssl_ec_public_key_t *this) { ref_get(&this->ref); - return &this->public.interface; + return &this->public.key; } -/** - * Implementation of openssl_ec_public_key.destroy. - */ -static void destroy(private_openssl_ec_public_key_t *this) +METHOD(public_key_t, destroy, void, + private_openssl_ec_public_key_t *this) { if (ref_put(&this->ref)) { @@ -306,21 +300,25 @@ static void destroy(private_openssl_ec_public_key_t *this) */ static private_openssl_ec_public_key_t *create_empty() { - private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.equals = public_key_equals; - this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->ec = NULL; - this->ref = 1; + private_openssl_ec_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .get_keysize = _get_keysize, + .equals = public_key_equals, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h index 29d607d38..8094083a7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h @@ -34,7 +34,7 @@ struct openssl_ec_public_key_t { /** * Implements the public_key_t interface */ - public_key_t interface; + public_key_t key; }; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 7556bc594..d81f4b21e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -90,27 +90,20 @@ static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, return NULL; } -/** - * Implementation of hasher_t.get_hash_size. - */ -static size_t get_hash_size(private_openssl_hasher_t *this) +METHOD(hasher_t, get_hash_size, size_t, + private_openssl_hasher_t *this) { return this->hasher->md_size; } -/** - * Implementation of hasher_t.reset. - */ -static void reset(private_openssl_hasher_t *this) +METHOD(hasher_t, reset, void, + private_openssl_hasher_t *this) { EVP_DigestInit_ex(this->ctx, this->hasher, NULL); } -/** - * Implementation of hasher_t.get_hash. - */ -static void get_hash(private_openssl_hasher_t *this, chunk_t chunk, - u_int8_t *hash) +METHOD(hasher_t, get_hash, void, + private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash) { EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len); if (hash) @@ -120,11 +113,8 @@ static void get_hash(private_openssl_hasher_t *this, chunk_t chunk, } } -/** - * Implementation of hasher_t.allocate_hash. - */ -static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk, - chunk_t *hash) +METHOD(hasher_t, allocate_hash, void, + private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { @@ -137,10 +127,8 @@ static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk, } } -/** - * Implementation of hasher_t.destroy. - */ -static void destroy (private_openssl_hasher_t *this) +METHOD(hasher_t, destroy, void, + private_openssl_hasher_t *this) { EVP_MD_CTX_destroy(this->ctx); free(this); @@ -160,7 +148,17 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) return NULL; } - this = malloc_thing(private_openssl_hasher_t); + INIT(this, + .public = { + .hasher = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); this->hasher = EVP_get_digestbyname(name); if (!this->hasher) @@ -170,12 +168,6 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) return NULL; } - this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; - this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; - this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; - this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - this->ctx = EVP_MD_CTX_create(); /* initialization */ diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h index fd7a043d1..b03f6891b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.h +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h @@ -31,9 +31,9 @@ typedef struct openssl_hasher_t openssl_hasher_t; struct openssl_hasher_t { /** - * The hasher_t interface. + * Implements hasher_t interface. */ - hasher_t hasher_interface; + hasher_t hasher; }; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 31697dcb8..0ab4eda9c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -16,6 +16,7 @@ #include <openssl/evp.h> #include <openssl/conf.h> +#include <openssl/rand.h> #include <openssl/crypto.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> @@ -24,6 +25,7 @@ #include "openssl_plugin.h" #include <library.h> +#include <debug.h> #include <threading/thread.h> #include <threading/mutex.h> #include "openssl_util.h" @@ -151,6 +153,31 @@ static void threading_init() } /** + * Seed the OpenSSL RNG, if required + */ +static bool seed_rng() +{ + rng_t *rng = NULL; + char buf[32]; + + while (RAND_status() != 1) + { + if (!rng) + { + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng) + { + return FALSE; + } + } + rng->get_bytes(rng, sizeof(buf), buf); + RAND_seed(buf, sizeof(buf)); + } + DESTROY_IF(rng); + return TRUE; +} + +/** * cleanup OpenSSL threading locks */ static void threading_cleanup() @@ -166,10 +193,8 @@ static void threading_cleanup() mutex = NULL; } -/** - * Implementation of openssl_plugin_t.destroy - */ -static void destroy(private_openssl_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_openssl_plugin_t *this) { lib->crypto->remove_crypter(lib->crypto, (crypter_constructor_t)openssl_crypter_create); @@ -218,9 +243,15 @@ static void destroy(private_openssl_plugin_t *this) */ plugin_t *openssl_plugin_create() { - private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t); + private_openssl_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); threading_init(); @@ -233,6 +264,13 @@ plugin_t *openssl_plugin_create() ENGINE_register_all_complete(); #endif /* OPENSSL_NO_ENGINE */ + if (!seed_rng()) + { + DBG1(DBG_CFG, "no RNG found to seed OpenSSL"); + destroy(this); + return NULL; + } + /* crypter */ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)openssl_crypter_create); @@ -312,33 +350,35 @@ plugin_t *openssl_plugin_create() (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, + (dh_constructor_t)openssl_diffie_hellman_create); /* rsa */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, (builder_function_t)openssl_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)openssl_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, (builder_function_t)openssl_rsa_private_key_connect); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, (builder_function_t)openssl_rsa_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)openssl_rsa_public_key_load); #ifndef OPENSSL_NO_EC /* ecdsa */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, TRUE, (builder_function_t)openssl_ec_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE, (builder_function_t)openssl_ec_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, TRUE, (builder_function_t)openssl_ec_public_key_load); #endif /* OPENSSL_NO_EC */ /* X509 certificates */ - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE, (builder_function_t)openssl_x509_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE, (builder_function_t)openssl_crl_load); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 5817ade9e..0b607c386 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -131,19 +131,16 @@ error: return success; } -/** - * Implementation of openssl_rsa_private_key.get_type. - */ -static key_type_t get_type(private_openssl_rsa_private_key_t *this) + +METHOD(private_key_t, get_type, key_type_t, + private_openssl_rsa_private_key_t *this) { return KEY_RSA; } -/** - * Implementation of openssl_rsa_private_key.sign. - */ -static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +METHOD(private_key_t, sign, bool, + private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) { switch (scheme) { @@ -168,28 +165,47 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch } } -/** - * Implementation of openssl_rsa_private_key.decrypt. - */ -static bool decrypt(private_openssl_rsa_private_key_t *this, - chunk_t crypto, chunk_t *plain) +METHOD(private_key_t, decrypt, bool, + private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { - DBG1(DBG_LIB, "RSA private key decryption not implemented"); - return FALSE; + int padding, len; + char *decrypted; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = RSA_PKCS1_PADDING; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = RSA_PKCS1_OAEP_PADDING; + break; + default: + DBG1(DBG_LIB, "encryption scheme %N not supported via openssl", + encryption_scheme_names, scheme); + return FALSE; + } + decrypted = malloc(RSA_size(this->rsa)); + len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted, + this->rsa, padding); + if (len < 0) + { + DBG1(DBG_LIB, "RSA decryption failed"); + free(decrypted); + return FALSE; + } + *plain = chunk_create(decrypted, len); + return TRUE; } -/** - * Implementation of openssl_rsa_private_key.get_keysize. - */ -static size_t get_keysize(private_openssl_rsa_private_key_t *this) +METHOD(private_key_t, get_keysize, int, + private_openssl_rsa_private_key_t *this) { - return RSA_size(this->rsa); + return RSA_size(this->rsa) * 8; } -/** - * Implementation of openssl_rsa_private_key.get_public_key. - */ -static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) +METHOD(private_key_t, get_public_key, public_key_t*, + private_openssl_rsa_private_key_t *this) { chunk_t enc; public_key_t *key; @@ -204,20 +220,16 @@ static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) return key; } -/** - * Implementation of public_key_t.get_fingerprint. - */ -static bool get_fingerprint(private_openssl_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *fingerprint) +METHOD(private_key_t, get_fingerprint, bool, + private_openssl_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) { return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } -/* - * Implementation of public_key_t.get_encoding. - */ -static bool get_encoding(private_openssl_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(private_key_t, get_encoding, bool, + private_openssl_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { u_char *p; @@ -252,19 +264,15 @@ static bool get_encoding(private_openssl_rsa_private_key_t *this, } } -/** - * Implementation of openssl_rsa_private_key.get_ref. - */ -static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this) +METHOD(private_key_t, get_ref, private_key_t*, + private_openssl_rsa_private_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.key; } -/** - * Implementation of openssl_rsa_private_key.destroy. - */ -static void destroy(private_openssl_rsa_private_key_t *this) +METHOD(private_key_t, destroy, void, + private_openssl_rsa_private_key_t *this) { if (ref_put(&this->ref)) { @@ -280,25 +288,29 @@ static void destroy(private_openssl_rsa_private_key_t *this) /** * Internal generic constructor */ -static private_openssl_rsa_private_key_t *create_empty(void) +static private_openssl_rsa_private_key_t *create_empty() { - private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t); - - this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; - this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; - this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; - this->public.interface.equals = private_key_equals; - this->public.interface.belongs_to = private_key_belongs_to; - this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; - this->public.interface.destroy = (void (*) (private_key_t*))destroy; - - this->engine = FALSE; - this->ref = 1; + private_openssl_rsa_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } @@ -444,6 +456,48 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, } /** + * Login to engine with a PIN specified for a keyid + */ +static bool login(ENGINE *engine, chunk_t keyid) +{ + enumerator_t *enumerator; + shared_key_t *shared; + identification_t *id; + chunk_t key; + char pin[64]; + bool found = FALSE, success = FALSE; + + id = identification_create_from_encoding(ID_KEY_ID, keyid); + enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, + SHARED_PIN, id, NULL); + while (enumerator->enumerate(enumerator, &shared, NULL, NULL)) + { + found = TRUE; + key = shared->get_key(shared); + if (snprintf(pin, sizeof(pin), "%.*s", key.len, key.ptr) >= sizeof(pin)) + { + continue; + } + if (ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0)) + { + success = TRUE; + break; + } + else + { + DBG1(DBG_CFG, "setting PIN on engine failed"); + } + } + enumerator->destroy(enumerator); + id->destroy(id); + if (!found) + { + DBG1(DBG_CFG, "no PIN found for %#B", &keyid); + } + return success; +} + +/** * See header. */ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, @@ -451,20 +505,25 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, { #ifndef OPENSSL_NO_ENGINE private_openssl_rsa_private_key_t *this; - char *keyid = NULL, *pin = NULL; + char *engine_id = NULL; + char keyname[64]; + chunk_t keyid = chunk_empty;; EVP_PKEY *key; - char *engine_id; ENGINE *engine; + int slot = -1; while (TRUE) { switch (va_arg(args, builder_part_t)) { - case BUILD_SMARTCARD_KEYID: - keyid = va_arg(args, char*); + case BUILD_PKCS11_KEYID: + keyid = va_arg(args, chunk_t); continue; - case BUILD_SMARTCARD_PIN: - pin = va_arg(args, char*); + case BUILD_PKCS11_SLOT: + slot = va_arg(args, int); + continue; + case BUILD_PKCS11_MODULE: + engine_id = va_arg(args, char*); continue; case BUILD_END: break; @@ -473,17 +532,31 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, } break; } - if (!keyid || !pin) + if (!keyid.len || keyid.len > 40) { return NULL; } - engine_id = lib->settings->get_str(lib->settings, + memset(keyname, 0, sizeof(keyname)); + if (slot != -1) + { + snprintf(keyname, sizeof(keyname), "%d:", slot); + } + if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1) + { + return NULL; + } + chunk_to_hex(keyid, keyname + strlen(keyname), FALSE); + + if (!engine_id) + { + engine_id = lib->settings->get_str(lib->settings, "libstrongswan.plugins.openssl.engine_id", "pkcs11"); + } engine = ENGINE_by_id(engine_id); if (!engine) { - DBG1(DBG_LIB, "engine '%s' is not available", engine_id); + DBG2(DBG_LIB, "engine '%s' is not available", engine_id); return NULL; } if (!ENGINE_init(engine)) @@ -492,18 +565,17 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, ENGINE_free(engine); return NULL; } - if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0)) + if (!login(engine, keyid)) { - DBG1(DBG_LIB, "failed to set PIN on engine '%s'", engine_id); + DBG1(DBG_LIB, "login to engine '%s' failed", engine_id); ENGINE_free(engine); return NULL; } - - key = ENGINE_load_private_key(engine, keyid, NULL, NULL); + key = ENGINE_load_private_key(engine, keyname, NULL, NULL); if (!key) { DBG1(DBG_LIB, "failed to load private key with ID '%s' from " - "engine '%s'", keyid, engine_id); + "engine '%s'", keyname, engine_id); ENGINE_free(engine); return NULL; } @@ -512,6 +584,11 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, this = create_empty(); this->rsa = EVP_PKEY_get1_RSA(key); this->engine = TRUE; + if (!this->rsa) + { + destroy(this); + return NULL; + } return &this->public; #else /* OPENSSL_NO_ENGINE */ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h index 079dfa46a..60889d651 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h @@ -34,7 +34,7 @@ struct openssl_rsa_private_key_t { /** * Implements private_key_t interface */ - private_key_t interface; + private_key_t key; }; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 6ac61a65c..422e31521 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -114,19 +114,15 @@ error: return valid; } -/** - * Implementation of public_key_t.get_type. - */ -static key_type_t get_type(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, get_type, key_type_t, + private_openssl_rsa_public_key_t *this) { return KEY_RSA; } -/** - * Implementation of public_key_t.verify. - */ -static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) +METHOD(public_key_t, verify, bool, + private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) { switch (scheme) { @@ -151,22 +147,43 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc } } -/** - * Implementation of public_key_t.get_keysize. - */ -static bool encrypt_(private_openssl_rsa_public_key_t *this, - chunk_t crypto, chunk_t *plain) +METHOD(public_key_t, encrypt, bool, + private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) { - DBG1(DBG_LIB, "RSA public key encryption not implemented"); - return FALSE; + int padding, len; + char *encrypted; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = RSA_PKCS1_PADDING; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = RSA_PKCS1_OAEP_PADDING; + break; + default: + DBG1(DBG_LIB, "decryption scheme %N not supported via openssl", + encryption_scheme_names, scheme); + return FALSE; + } + encrypted = malloc(RSA_size(this->rsa)); + len = RSA_public_encrypt(plain.len, plain.ptr, encrypted, + this->rsa, padding); + if (len < 0) + { + DBG1(DBG_LIB, "RSA decryption failed"); + free(encrypted); + return FALSE; + } + *crypto = chunk_create(encrypted, len); + return TRUE; } -/** - * Implementation of public_key_t.get_keysize. - */ -static size_t get_keysize(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, get_keysize, int, + private_openssl_rsa_public_key_t *this) { - return RSA_size(this->rsa); + return RSA_size(this->rsa) * 8; } /** @@ -211,20 +228,16 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp) return TRUE; } -/** - * Implementation of public_key_t.get_fingerprint. - */ -static bool get_fingerprint(private_openssl_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *fingerprint) +METHOD(public_key_t, get_fingerprint, bool, + private_openssl_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) { return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } -/* - * Implementation of public_key_t.get_encoding. - */ -static bool get_encoding(private_openssl_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(public_key_t, get_encoding, bool, + private_openssl_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { u_char *p; @@ -262,19 +275,15 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this, } } -/** - * Implementation of public_key_t.get_ref. - */ -static public_key_t* get_ref(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, get_ref, public_key_t*, + private_openssl_rsa_public_key_t *this) { ref_get(&this->ref); - return &this->public.interface; + return &this->public.key; } -/** - * Implementation of openssl_rsa_public_key.destroy. - */ -static void destroy(private_openssl_rsa_public_key_t *this) +METHOD(public_key_t, destroy, void, + private_openssl_rsa_public_key_t *this) { if (ref_put(&this->ref)) { @@ -292,21 +301,25 @@ static void destroy(private_openssl_rsa_public_key_t *this) */ static private_openssl_rsa_public_key_t *create_empty() { - private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = public_key_equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->rsa = NULL; - this->ref = 1; + private_openssl_rsa_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h index 620aa51ce..021257d3c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h @@ -33,7 +33,7 @@ struct openssl_rsa_public_key_t { /** * Implements the public_key_t interface */ - public_key_t interface; + public_key_t key; }; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index b65388010..20f2fa984 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -124,13 +124,15 @@ openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo) } INIT(this, - .public.prf = { - .get_block_size = _get_block_size, - .get_bytes = _get_bytes, - .allocate_bytes = _allocate_bytes, - .get_key_size = _get_key_size, - .set_key = _set_key, - .destroy = _destroy, + .public = { + .prf = { + .get_block_size = _get_block_size, + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, }, ); diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 1c9bb699e..aa39bc93d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -187,6 +187,15 @@ static identification_t *general_name2id(GENERAL_NAME *name) } case GEN_DIRNAME : return openssl_x509_name2id(name->d.directoryName); + case GEN_OTHERNAME: + if (OBJ_obj2nid(name->d.otherName->type_id) == NID_ms_upn && + name->d.otherName->value->type == V_ASN1_UTF8STRING) + { + return identification_create_from_encoding(ID_RFC822_ADDR, + openssl_asn1_str2chunk( + name->d.otherName->value->value.utf8string)); + } + return NULL; default: return NULL; } @@ -286,10 +295,23 @@ METHOD(certificate_t, has_subject, id_match_t, identification_t *current; enumerator_t *enumerator; id_match_t match, best; + chunk_t encoding; if (subject->get_type(subject) == ID_KEY_ID) { - if (chunk_equals(this->hash, subject->get_encoding(subject))) + encoding = subject->get_encoding(subject); + + if (chunk_equals(this->hash, encoding)) + { + return ID_MATCH_PERFECT; + } + if (this->subjectKeyIdentifier.len && + chunk_equals(this->subjectKeyIdentifier, encoding)) + { + return ID_MATCH_PERFECT; + } + if (this->pubkey && + this->pubkey->has_fingerprint(this->pubkey, encoding)) { return ID_MATCH_PERFECT; } @@ -756,6 +778,38 @@ static bool parse_extensions(private_openssl_x509_t *this) } /** + * Parse ExtendedKeyUsage + */ +static void parse_extKeyUsage(private_openssl_x509_t *this) +{ + EXTENDED_KEY_USAGE *usage; + int i; + + usage = X509_get_ext_d2i(this->x509, NID_ext_key_usage, NULL, NULL); + if (usage) + { + for (i = 0; i < sk_ASN1_OBJECT_num(usage); i++) + { + switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(usage, i))) + { + case NID_server_auth: + this->flags |= X509_SERVER_AUTH; + break; + case NID_client_auth: + this->flags |= X509_CLIENT_AUTH; + break; + case NID_OCSP_sign: + this->flags |= X509_OCSP_SIGNER; + break; + default: + break; + } + } + sk_ASN1_OBJECT_pop_free(usage, ASN1_OBJECT_free); + } +} + +/** * Parse a DER encoded x509 certificate */ static bool parse_certificate(private_openssl_x509_t *this) @@ -814,6 +868,7 @@ static bool parse_certificate(private_openssl_x509_t *this) { return TRUE; } + parse_extKeyUsage(this); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index adb8f08d1..46953f681 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -198,14 +201,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -245,7 +258,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index 9edea4bd3..06c20292f 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -78,8 +78,8 @@ static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, : "eax", "ecx", "edx", "esi", "edi"); } -/* - * Implementation of crypter_t.crypt +/** + * Do encryption/decryption operation using Padlock control word */ static void crypt(private_padlock_aes_crypter_t *this, char *iv, chunk_t src, chunk_t *dst, bool enc) @@ -107,53 +107,44 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv, src.len / AES_BLOCK_SIZE, iv_aligned); } -/** - * Implementation of crypter_t.decrypt. - */ -static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst) +METHOD(crypter_t, decrypt, void, + private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, iv.ptr, data, dst, TRUE); } - -/** - * Implementation of crypter_t.encrypt. - */ -static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data, - chunk_t iv, chunk_t *dst) +METHOD(crypter_t, encrypt, void, + private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, iv.ptr, data, dst, FALSE); } -/** - * Implementation of crypter_t.get_block_size. - */ -static size_t get_block_size(private_padlock_aes_crypter_t *this) +METHOD(crypter_t, get_block_size, size_t, + private_padlock_aes_crypter_t *this) { return AES_BLOCK_SIZE; } -/** - * Implementation of crypter_t.get_key_size. - */ -static size_t get_key_size(private_padlock_aes_crypter_t *this) +METHOD(crypter_t, get_iv_size, size_t, + private_padlock_aes_crypter_t *this) +{ + return AES_BLOCK_SIZE; +} + +METHOD(crypter_t, get_key_size, size_t, + private_padlock_aes_crypter_t *this) { return this->key.len; } -/** - * Implementation of crypter_t.set_key. - */ -static void set_key(private_padlock_aes_crypter_t *this, chunk_t key) +METHOD(crypter_t, set_key, void, + private_padlock_aes_crypter_t *this, chunk_t key) { memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len)); } -/** - * Implementation of crypter_t.destroy and aes_crypter_t.destroy. - */ -static void destroy (private_padlock_aes_crypter_t *this) +METHOD(crypter_t, destroy, void, + private_padlock_aes_crypter_t *this) { free(this->key.ptr); free(this); @@ -171,29 +162,33 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, { return NULL; } - - this = malloc_thing(private_padlock_aes_crypter_t); - switch (key_size) { + case 0: + key_size = 16; + /* FALL */ case 16: /* AES 128 */ break; case 24: /* AES-192 */ case 32: /* AES-256 */ /* These need an expanded key, currently not supported, FALL */ default: - free(this); return NULL; } - this->key = chunk_alloc(key_size); - - this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; - this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; - this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; - this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; - this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; - this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .key = chunk_alloc(key_size), + ); return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h index d4c7a7577..1c804860c 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h @@ -32,9 +32,9 @@ typedef struct padlock_aes_crypter_t padlock_aes_crypter_t; struct padlock_aes_crypter_t { /** - * The crypter_t interface. + * Implements crypter_t interface. */ - crypter_t crypter_interface; + crypter_t crypter; }; /** diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index c9606ae15..027c53c7b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -101,10 +101,8 @@ static padlock_feature_t get_padlock_features() return 0; } -/** - * Implementation of aes_plugin_t.destroy - */ -static void destroy(private_padlock_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_padlock_plugin_t *this) { if (this->features & PADLOCK_RNG_ENABLED) { @@ -133,11 +131,17 @@ static void destroy(private_padlock_plugin_t *this) */ plugin_t *padlock_plugin_create() { - private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t); + private_padlock_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + .features = get_padlock_features(), + ); - this->features = get_padlock_features(); if (!this->features) { free(this); diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c index 8ff46081b..3d805df9d 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.c +++ b/src/libstrongswan/plugins/padlock/padlock_rng.c @@ -53,15 +53,15 @@ struct private_padlock_rng_t { */ static void rng(char *buf, int len, int quality) { - while (len > 0)
+ while (len > 0) { int status; /* run XSTORE until we have all bytes needed. We do not use REP, as * this should not be performance critical and it's easier this way. */ asm volatile ( - ".byte 0x0F,0xA7,0xC0 \n\t"
- : "=D"(buf), "=a"(status)
+ ".byte 0x0F,0xA7,0xC0 \n\t" + : "=D"(buf), "=a"(status) : "d"(quality), "D"(buf)); /* bits[0..4] of status word contains the number of bytes read */ @@ -69,11 +69,8 @@ static void rng(char *buf, int len, int quality) } } -/** - * Implementation of padlock_rng_t.allocate_bytes. - */ -static void allocate_bytes(private_padlock_rng_t *this, size_t bytes, - chunk_t *chunk) +METHOD(rng_t, allocate_bytes, void, + private_padlock_rng_t *this, size_t bytes, chunk_t *chunk) { chunk->len = bytes; /* padlock requires some additional bytes */ @@ -82,11 +79,8 @@ static void allocate_bytes(private_padlock_rng_t *this, size_t bytes, rng(chunk->ptr, chunk->len, this->quality); } -/** - * Implementation of padlock_rng_t.get_bytes. - */ -static void get_bytes(private_padlock_rng_t *this, size_t bytes, - u_int8_t *buffer) +METHOD(rng_t, get_bytes, void, + private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer) { chunk_t chunk; @@ -96,10 +90,8 @@ static void get_bytes(private_padlock_rng_t *this, size_t bytes, chunk_clear(&chunk); } -/** - * Implementation of padlock_rng_t.destroy. - */ -static void destroy(private_padlock_rng_t *this) +METHOD(rng_t, destroy, void, + private_padlock_rng_t *this) { free(this); } @@ -109,11 +101,17 @@ static void destroy(private_padlock_rng_t *this) */ padlock_rng_t *padlock_rng_create(rng_quality_t quality) { - private_padlock_rng_t *this = malloc_thing(private_padlock_rng_t); - - this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; - this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; - this->public.rng.destroy = (void (*) (rng_t *))destroy; + private_padlock_rng_t *this; + + INIT(this, + .public = { + .rng = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + }, + ); /* map RNG quality to Padlock quality factor */ switch (quality) @@ -127,8 +125,10 @@ padlock_rng_t *padlock_rng_create(rng_quality_t quality) case RNG_TRUE: this->quality = PADLOCK_QF3; break; + default: + free(this); + return NULL; } - return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index 60b516675..66a077353 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -83,19 +83,14 @@ static void append_data(private_padlock_sha1_hasher_t *this, chunk_t data) this->data.len += data.len; } -/** - * Implementation of hasher_t.reset. - */ -static void reset(private_padlock_sha1_hasher_t *this) +METHOD(hasher_t, reset, void, + private_padlock_sha1_hasher_t *this) { chunk_free(&this->data); } -/** - * Implementation of hasher_t.get_hash. - */ -static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, - u_int8_t *hash) +METHOD(hasher_t, get_hash, void, + private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash) { if (hash) { @@ -116,11 +111,8 @@ static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, } } -/** - * Implementation of hasher_t.allocate_hash. - */ -static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, - chunk_t *hash) +METHOD(hasher_t, allocate_hash, void, + private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { @@ -133,18 +125,14 @@ static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, } } -/** - * Implementation of hasher_t.get_hash_size. - */ -static size_t get_hash_size(private_padlock_sha1_hasher_t *this) +METHOD(hasher_t, get_hash_size, size_t, + private_padlock_sha1_hasher_t *this) { return HASH_SIZE_SHA1; } -/** - * Implementation of hasher_t.destroy. - */ -static void destroy(private_padlock_sha1_hasher_t *this) +METHOD(hasher_t, destroy, void, + private_padlock_sha1_hasher_t *this) { free(this->data.ptr); free(this); @@ -161,15 +149,16 @@ padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo) { return NULL; } - - this = malloc_thing(private_padlock_sha1_hasher_t); - this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; - this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; - this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; - this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - - this->data = chunk_empty; - - return &(this->public); + INIT(this, + .public = { + .hasher = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); + return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h index 740bdfe98..2d2b2b45d 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h @@ -34,7 +34,7 @@ struct padlock_sha1_hasher_t { /** * Implements hasher_t interface. */ - hasher_t hasher_interface; + hasher_t hasher; }; /** diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index e19a66fa5..cf5acdd1c 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index a15c3f258..b760adda9 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -127,8 +127,8 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, } crypter->set_key(crypter, key); - if (iv.len != crypter->get_block_size(crypter) || - blob->len % iv.len) + if (iv.len != crypter->get_iv_size(crypter) || + blob->len % crypter->get_block_size(crypter)) { crypter->destroy(crypter); DBG1(DBG_LIB, " data size is not multiple of block size"); @@ -167,8 +167,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, /** * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934) */ -static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data, - bool *pgp) +static status_t pem_to_bin(chunk_t *blob, bool *pgp) { typedef enum { PEM_PRE = 0, @@ -187,9 +186,10 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data chunk_t dst = *blob; chunk_t line = chunk_empty; chunk_t iv = chunk_empty; - chunk_t passphrase; - int try = 0; u_char iv_buf[HASH_SIZE_MD5]; + status_t status = NOT_FOUND; + enumerator_t *enumerator; + shared_key_t *shared; dst.len = 0; iv.ptr = iv_buf; @@ -326,36 +326,35 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data { return SUCCESS; } - if (!cb) - { - DBG1(DBG_LIB, " missing passphrase"); - return INVALID_ARG; - } - while (TRUE) + + enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, + SHARED_PRIVATE_KEY_PASS, NULL, NULL); + while (enumerator->enumerate(enumerator, &shared, NULL, NULL)) { - passphrase = cb(cb_data, ++try); - if (!passphrase.len || !passphrase.ptr) + chunk_t passphrase, chunk; + + passphrase = shared->get_key(shared); + chunk = chunk_clone(*blob); + status = pem_decrypt(&chunk, alg, key_size, iv, passphrase); + if (status == SUCCESS) { - return INVALID_ARG; + memcpy(blob->ptr, chunk.ptr, chunk.len); + blob->len = chunk.len; } - switch (pem_decrypt(blob, alg, key_size, iv, passphrase)) - { - case INVALID_ARG: - /* bad passphrase, retry */ - continue; - case SUCCESS: - return SUCCESS; - default: - return FAILED; + free(chunk.ptr); + if (status != INVALID_ARG) + { /* try again only if passphrase invalid */ + break; } } + enumerator->destroy(enumerator); + return status; } /** * load the credential from a blob */ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, - chunk_t(*cb)(void*,int), void *cb_data, x509_flag_t flags) { void *cred = NULL; @@ -364,7 +363,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, blob = chunk_clone(blob); if (!is_asn1(blob)) { - if (pem_to_bin(&blob, cb, cb_data, &pgp) != SUCCESS) + if (pem_to_bin(&blob, &pgp) != SUCCESS) { chunk_clear(&blob); return NULL; @@ -394,7 +393,6 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, * load the credential from a file */ static void *load_from_file(char *file, credential_type_t type, int subtype, - chunk_t(*cb)(void*,int), void *cb_data, x509_flag_t flags) { void *cred = NULL; @@ -425,8 +423,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, return NULL; } - cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, - cb, cb_data, flags); + cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, flags); munmap(addr, sb.st_size); close(fd); @@ -437,7 +434,6 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, * load the credential from a file descriptor */ static void *load_from_fd(int fd, credential_type_t type, int subtype, - chunk_t(*cb)(void*,int), void *cb_data, x509_flag_t flags) { char buf[8096]; @@ -464,20 +460,7 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype, return NULL; } } - return load_from_blob(chunk_create(buf, total), type, subtype, - cb, cb_data, flags); -} - -/** - * passphrase callback to use if passphrase given - */ -static chunk_t given_passphrase_cb(chunk_t *passphrase, int try) -{ - if (try > 1) - { /* try only once for given passphrases */ - return chunk_empty; - } - return *passphrase; + return load_from_blob(chunk_create(buf, total), type, subtype, flags); } /** @@ -487,9 +470,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) { char *file = NULL; int fd = -1; - chunk_t pem = chunk_empty, passphrase = chunk_empty; - chunk_t (*cb)(void *data, int try) = NULL; - void *cb_data = NULL; + chunk_t pem = chunk_empty; int flags = 0; while (TRUE) @@ -505,18 +486,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) case BUILD_BLOB_PEM: pem = va_arg(args, chunk_t); continue; - case BUILD_PASSPHRASE: - passphrase = va_arg(args, chunk_t); - if (passphrase.len && passphrase.ptr) - { - cb = (void*)given_passphrase_cb; - cb_data = &passphrase; - } - continue; - case BUILD_PASSPHRASE_CALLBACK: - cb = va_arg(args, chunk_t(*)(void*,int)); - cb_data = va_arg(args, void*); - continue; case BUILD_X509_FLAG: flags = va_arg(args, int); continue; @@ -530,15 +499,15 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) if (pem.len) { - return load_from_blob(pem, type, subtype, cb, cb_data, flags); + return load_from_blob(pem, type, subtype, flags); } if (file) { - return load_from_file(file, type, subtype, cb, cb_data, flags); + return load_from_file(file, type, subtype, flags); } if (fd != -1) { - return load_from_fd(fd, type, subtype, cb, cb_data, flags); + return load_from_fd(fd, type, subtype, flags); } return NULL; } diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index 810901b7a..83efb155b 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -57,49 +57,49 @@ plugin_t *pem_plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; /* register private key PEM decoding builders */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, (builder_function_t)pem_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pem_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE, (builder_function_t)pem_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, FALSE, (builder_function_t)pem_private_key_load); /* register public key PEM decoding builders */ - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pem_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, (builder_function_t)pem_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, FALSE, (builder_function_t)pem_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, FALSE, (builder_function_t)pem_public_key_load); /* register certificate PEM decoding builders */ - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, (builder_function_t)pem_certificate_load); /* register pluto specific certificate formats */ - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, FALSE, (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, FALSE, (builder_function_t)pem_certificate_load); /* register PEM encoder */ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index a5bc5eb39..0098147a9 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index 84c9bfddd..440e70a18 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -129,7 +129,7 @@ static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme, /** * Implementation of private_key_t.decrypt for signature-only keys */ -static bool decrypt_not_allowed(private_key_t *this, +static bool decrypt_not_allowed(private_key_t *this, encryption_scheme_t scheme, chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "decryption failed - signature only key"); diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index 3ed1faf01..41e0a5df6 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -60,16 +60,16 @@ plugin_t *pgp_plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pgp_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, (builder_function_t)pgp_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, (builder_function_t)pgp_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pgp_private_key_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, (builder_function_t)pgp_cert_load); lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 947f52d82..8b41499a7 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -197,14 +200,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -244,7 +257,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index 35ec2d2bf..d3afb5c67 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -56,11 +56,11 @@ plugin_t *pkcs1_plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pkcs1_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, (builder_function_t)pkcs1_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pkcs1_private_key_load); lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode); diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am new file mode 100644 index 000000000..199039d95 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/Makefile.am @@ -0,0 +1,21 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-pkcs11.la +else +plugin_LTLIBRARIES = libstrongswan-pkcs11.la +endif + +libstrongswan_pkcs11_la_SOURCES = \ + pkcs11_plugin.h pkcs11_plugin.c pkcs11.h \ + pkcs11_library.h pkcs11_library.c \ + pkcs11_creds.h pkcs11_creds.c \ + pkcs11_private_key.h pkcs11_private_key.c \ + pkcs11_public_key.h pkcs11_public_key.c \ + pkcs11_hasher.h pkcs11_hasher.c \ + pkcs11_manager.h pkcs11_manager.c + +libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in new file mode 100644 index 000000000..c27310910 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -0,0 +1,614 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pkcs11 +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_pkcs11_la_LIBADD = +am_libstrongswan_pkcs11_la_OBJECTS = pkcs11_plugin.lo \ + pkcs11_library.lo pkcs11_creds.lo pkcs11_private_key.lo \ + pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_manager.lo +libstrongswan_pkcs11_la_OBJECTS = \ + $(am_libstrongswan_pkcs11_la_OBJECTS) +libstrongswan_pkcs11_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pkcs11_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_pkcs11_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_pkcs11_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pkcs11_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pkcs11_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs11.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs11.la +libstrongswan_pkcs11_la_SOURCES = \ + pkcs11_plugin.h pkcs11_plugin.c pkcs11.h \ + pkcs11_library.h pkcs11_library.c \ + pkcs11_creds.h pkcs11_creds.c \ + pkcs11_private_key.h pkcs11_private_key.c \ + pkcs11_public_key.h pkcs11_public_key.c \ + pkcs11_hasher.h pkcs11_hasher.c \ + pkcs11_manager.h pkcs11_manager.c + +libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pkcs11.la: $(libstrongswan_pkcs11_la_OBJECTS) $(libstrongswan_pkcs11_la_DEPENDENCIES) + $(libstrongswan_pkcs11_la_LINK) $(am_libstrongswan_pkcs11_la_rpath) $(libstrongswan_pkcs11_la_OBJECTS) $(libstrongswan_pkcs11_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_hasher.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_library.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_private_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_public_key.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11.h b/src/libstrongswan/plugins/pkcs11/pkcs11.h new file mode 100644 index 000000000..2e6a1e3ed --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11.h @@ -0,0 +1,1357 @@ +/* pkcs11.h + Copyright 2006, 2007 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. */ + +/* Please submit changes back to the Scute project at + http://www.scute.org/ (or send them to marcus@g10code.com), so that + they can be picked up by other projects from there as well. */ + +/* This file is a modified implementation of the PKCS #11 standard by + RSA Security Inc. It is mostly a drop-in replacement, with the + following change: + + This header file does not require any macro definitions by the user + (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros + for you (if useful, some are missing, let me know if you need + more). + + There is an additional API available that does comply better to the + GNU coding standard. It can be switched on by defining + CRYPTOKI_GNU before including this header file. For this, the + following changes are made to the specification: + + All structure types are changed to a "struct ck_foo" where CK_FOO + is the type name in PKCS #11. + + All non-structure types are changed to ck_foo_t where CK_FOO is the + lowercase version of the type name in PKCS #11. The basic types + (CK_ULONG et al.) are removed without substitute. + + All members of structures are modified in the following way: Type + indication prefixes are removed, and underscore characters are + inserted before words. Then the result is lowercased. + + Note that function names are still in the original case, as they + need for ABI compatibility. + + CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use + <stdbool.h>. + + If CRYPTOKI_COMPAT is defined before including this header file, + then none of the API changes above take place, and the API is the + one defined by the PKCS #11 standard. */ + +#ifndef PKCS11_H +#define PKCS11_H 1 + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* The version of cryptoki we implement. The revision is changed with + each modification of this file. If you do not use the "official" + version of this file, please consider deleting the revision macro + (you may use a macro with a different name to keep track of your + versions). */ +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 20 +#define CRYPTOKI_VERSION_REVISION 6 + + +/* Compatibility interface is default, unless CRYPTOKI_GNU is + given. */ +#ifndef CRYPTOKI_GNU +#ifndef CRYPTOKI_COMPAT +#define CRYPTOKI_COMPAT 1 +#endif +#endif + +/* System dependencies. */ + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) + +/* There is a matching pop below. */ +#pragma pack(push, cryptoki, 1) + +#ifdef CRYPTOKI_EXPORTS +#define CK_SPEC __declspec(dllexport) +#else +#define CK_SPEC __declspec(dllimport) +#endif + +#else + +#define CK_SPEC + +#endif + + +#ifdef CRYPTOKI_COMPAT + /* If we are in compatibility mode, switch all exposed names to the + PKCS #11 variant. There are corresponding #undefs below. */ + +#define ck_flags_t CK_FLAGS +#define ck_version _CK_VERSION + +#define ck_info _CK_INFO +#define cryptoki_version cryptokiVersion +#define manufacturer_id manufacturerID +#define library_description libraryDescription +#define library_version libraryVersion + +#define ck_notification_t CK_NOTIFICATION +#define ck_slot_id_t CK_SLOT_ID + +#define ck_slot_info _CK_SLOT_INFO +#define slot_description slotDescription +#define hardware_version hardwareVersion +#define firmware_version firmwareVersion + +#define ck_token_info _CK_TOKEN_INFO +#define serial_number serialNumber +#define max_session_count ulMaxSessionCount +#define session_count ulSessionCount +#define max_rw_session_count ulMaxRwSessionCount +#define rw_session_count ulRwSessionCount +#define max_pin_len ulMaxPinLen +#define min_pin_len ulMinPinLen +#define total_public_memory ulTotalPublicMemory +#define free_public_memory ulFreePublicMemory +#define total_private_memory ulTotalPrivateMemory +#define free_private_memory ulFreePrivateMemory +#define utc_time utcTime + +#define ck_session_handle_t CK_SESSION_HANDLE +#define ck_user_type_t CK_USER_TYPE +#define ck_state_t CK_STATE + +#define ck_session_info _CK_SESSION_INFO +#define slot_id slotID +#define device_error ulDeviceError + +#define ck_object_handle_t CK_OBJECT_HANDLE +#define ck_object_class_t CK_OBJECT_CLASS +#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE +#define ck_key_type_t CK_KEY_TYPE +#define ck_certificate_type_t CK_CERTIFICATE_TYPE +#define ck_attribute_type_t CK_ATTRIBUTE_TYPE + +#define ck_attribute _CK_ATTRIBUTE +#define value pValue +#define value_len ulValueLen + +#define ck_date _CK_DATE + +#define ck_mechanism_type_t CK_MECHANISM_TYPE + +#define ck_mechanism _CK_MECHANISM +#define parameter pParameter +#define parameter_len ulParameterLen + +#define ck_mechanism_info _CK_MECHANISM_INFO +#define min_key_size ulMinKeySize +#define max_key_size ulMaxKeySize + +#define ck_rv_t CK_RV +#define ck_notify_t CK_NOTIFY + +#define ck_function_list _CK_FUNCTION_LIST + +#define ck_createmutex_t CK_CREATEMUTEX +#define ck_destroymutex_t CK_DESTROYMUTEX +#define ck_lockmutex_t CK_LOCKMUTEX +#define ck_unlockmutex_t CK_UNLOCKMUTEX + +#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS +#define create_mutex CreateMutex +#define destroy_mutex DestroyMutex +#define lock_mutex LockMutex +#define unlock_mutex UnlockMutex +#define reserved pReserved + +#endif /* CRYPTOKI_COMPAT */ + + + +typedef unsigned long ck_flags_t; + +struct ck_version +{ + unsigned char major; + unsigned char minor; +}; + + +struct ck_info +{ + struct ck_version cryptoki_version; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + unsigned char library_description[32]; + struct ck_version library_version; +}; + + +typedef unsigned long ck_notification_t; + +#define CKN_SURRENDER (0) + + +typedef unsigned long ck_slot_id_t; + + +struct ck_slot_info +{ + unsigned char slot_description[64]; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + struct ck_version hardware_version; + struct ck_version firmware_version; +}; + + +#define CKF_TOKEN_PRESENT (1 << 0) +#define CKF_REMOVABLE_DEVICE (1 << 1) +#define CKF_HW_SLOT (1 << 2) +#define CKF_ARRAY_ATTRIBUTE (1 << 30) + + +struct ck_token_info +{ + unsigned char label[32]; + unsigned char manufacturer_id[32]; + unsigned char model[16]; + unsigned char serial_number[16]; + ck_flags_t flags; + unsigned long max_session_count; + unsigned long session_count; + unsigned long max_rw_session_count; + unsigned long rw_session_count; + unsigned long max_pin_len; + unsigned long min_pin_len; + unsigned long total_public_memory; + unsigned long free_public_memory; + unsigned long total_private_memory; + unsigned long free_private_memory; + struct ck_version hardware_version; + struct ck_version firmware_version; + unsigned char utc_time[16]; +}; + + +#define CKF_RNG (1 << 0) +#define CKF_WRITE_PROTECTED (1 << 1) +#define CKF_LOGIN_REQUIRED (1 << 2) +#define CKF_USER_PIN_INITIALIZED (1 << 3) +#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5) +#define CKF_CLOCK_ON_TOKEN (1 << 6) +#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8) +#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9) +#define CKF_TOKEN_INITIALIZED (1 << 10) +#define CKF_SECONDARY_AUTHENTICATION (1 << 11) +#define CKF_USER_PIN_COUNT_LOW (1 << 16) +#define CKF_USER_PIN_FINAL_TRY (1 << 17) +#define CKF_USER_PIN_LOCKED (1 << 18) +#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19) +#define CKF_SO_PIN_COUNT_LOW (1 << 20) +#define CKF_SO_PIN_FINAL_TRY (1 << 21) +#define CKF_SO_PIN_LOCKED (1 << 22) +#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23) + +#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1) +#define CK_EFFECTIVELY_INFINITE (0) + + +typedef unsigned long ck_session_handle_t; + +#define CK_INVALID_HANDLE (0) + + +typedef unsigned long ck_user_type_t; + +#define CKU_SO (0) +#define CKU_USER (1) +#define CKU_CONTEXT_SPECIFIC (2) + + +typedef unsigned long ck_state_t; + +#define CKS_RO_PUBLIC_SESSION (0) +#define CKS_RO_USER_FUNCTIONS (1) +#define CKS_RW_PUBLIC_SESSION (2) +#define CKS_RW_USER_FUNCTIONS (3) +#define CKS_RW_SO_FUNCTIONS (4) + + +struct ck_session_info +{ + ck_slot_id_t slot_id; + ck_state_t state; + ck_flags_t flags; + unsigned long device_error; +}; + +#define CKF_RW_SESSION (1 << 1) +#define CKF_SERIAL_SESSION (1 << 2) + + +typedef unsigned long ck_object_handle_t; + + +typedef unsigned long ck_object_class_t; + +#define CKO_DATA (0) +#define CKO_CERTIFICATE (1) +#define CKO_PUBLIC_KEY (2) +#define CKO_PRIVATE_KEY (3) +#define CKO_SECRET_KEY (4) +#define CKO_HW_FEATURE (5) +#define CKO_DOMAIN_PARAMETERS (6) +#define CKO_MECHANISM (7) +#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + +typedef unsigned long ck_hw_feature_type_t; + +#define CKH_MONOTONIC_COUNTER (1) +#define CKH_CLOCK (2) +#define CKH_USER_INTERFACE (3) +#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + +typedef unsigned long ck_key_type_t; + +#define CKK_RSA (0) +#define CKK_DSA (1) +#define CKK_DH (2) +#define CKK_ECDSA (3) +#define CKK_EC (3) +#define CKK_X9_42_DH (4) +#define CKK_KEA (5) +#define CKK_GENERIC_SECRET (0x10) +#define CKK_RC2 (0x11) +#define CKK_RC4 (0x12) +#define CKK_DES (0x13) +#define CKK_DES2 (0x14) +#define CKK_DES3 (0x15) +#define CKK_CAST (0x16) +#define CKK_CAST3 (0x17) +#define CKK_CAST128 (0x18) +#define CKK_RC5 (0x19) +#define CKK_IDEA (0x1a) +#define CKK_SKIPJACK (0x1b) +#define CKK_BATON (0x1c) +#define CKK_JUNIPER (0x1d) +#define CKK_CDMF (0x1e) +#define CKK_AES (0x1f) +#define CKK_BLOWFISH (0x20) +#define CKK_TWOFISH (0x21) +#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + +typedef unsigned long ck_certificate_type_t; + +#define CKC_X_509 (0) +#define CKC_X_509_ATTR_CERT (1) +#define CKC_WTLS (2) +#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + +typedef unsigned long ck_attribute_type_t; + +#define CKA_CLASS (0) +#define CKA_TOKEN (1) +#define CKA_PRIVATE (2) +#define CKA_LABEL (3) +#define CKA_APPLICATION (0x10) +#define CKA_VALUE (0x11) +#define CKA_OBJECT_ID (0x12) +#define CKA_CERTIFICATE_TYPE (0x80) +#define CKA_ISSUER (0x81) +#define CKA_SERIAL_NUMBER (0x82) +#define CKA_AC_ISSUER (0x83) +#define CKA_OWNER (0x84) +#define CKA_ATTR_TYPES (0x85) +#define CKA_TRUSTED (0x86) +#define CKA_CERTIFICATE_CATEGORY (0x87) +#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88) +#define CKA_URL (0x89) +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a) +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b) +#define CKA_CHECK_VALUE (0x90) +#define CKA_KEY_TYPE (0x100) +#define CKA_SUBJECT (0x101) +#define CKA_ID (0x102) +#define CKA_SENSITIVE (0x103) +#define CKA_ENCRYPT (0x104) +#define CKA_DECRYPT (0x105) +#define CKA_WRAP (0x106) +#define CKA_UNWRAP (0x107) +#define CKA_SIGN (0x108) +#define CKA_SIGN_RECOVER (0x109) +#define CKA_VERIFY (0x10a) +#define CKA_VERIFY_RECOVER (0x10b) +#define CKA_DERIVE (0x10c) +#define CKA_START_DATE (0x110) +#define CKA_END_DATE (0x111) +#define CKA_MODULUS (0x120) +#define CKA_MODULUS_BITS (0x121) +#define CKA_PUBLIC_EXPONENT (0x122) +#define CKA_PRIVATE_EXPONENT (0x123) +#define CKA_PRIME_1 (0x124) +#define CKA_PRIME_2 (0x125) +#define CKA_EXPONENT_1 (0x126) +#define CKA_EXPONENT_2 (0x127) +#define CKA_COEFFICIENT (0x128) +#define CKA_PRIME (0x130) +#define CKA_SUBPRIME (0x131) +#define CKA_BASE (0x132) +#define CKA_PRIME_BITS (0x133) +#define CKA_SUB_PRIME_BITS (0x134) +#define CKA_VALUE_BITS (0x160) +#define CKA_VALUE_LEN (0x161) +#define CKA_EXTRACTABLE (0x162) +#define CKA_LOCAL (0x163) +#define CKA_NEVER_EXTRACTABLE (0x164) +#define CKA_ALWAYS_SENSITIVE (0x165) +#define CKA_KEY_GEN_MECHANISM (0x166) +#define CKA_MODIFIABLE (0x170) +#define CKA_ECDSA_PARAMS (0x180) +#define CKA_EC_PARAMS (0x180) +#define CKA_EC_POINT (0x181) +#define CKA_SECONDARY_AUTH (0x200) +#define CKA_AUTH_PIN_FLAGS (0x201) +#define CKA_ALWAYS_AUTHENTICATE (0x202) +#define CKA_WRAP_WITH_TRUSTED (0x210) +#define CKA_HW_FEATURE_TYPE (0x300) +#define CKA_RESET_ON_INIT (0x301) +#define CKA_HAS_RESET (0x302) +#define CKA_PIXEL_X (0x400) +#define CKA_PIXEL_Y (0x401) +#define CKA_RESOLUTION (0x402) +#define CKA_CHAR_ROWS (0x403) +#define CKA_CHAR_COLUMNS (0x404) +#define CKA_COLOR (0x405) +#define CKA_BITS_PER_PIXEL (0x406) +#define CKA_CHAR_SETS (0x480) +#define CKA_ENCODING_METHODS (0x481) +#define CKA_MIME_TYPES (0x482) +#define CKA_MECHANISM_TYPE (0x500) +#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501) +#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502) +#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503) +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212) +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600) +#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + +struct ck_attribute +{ + ck_attribute_type_t type; + void *value; + unsigned long value_len; +}; + + +struct ck_date +{ + unsigned char year[4]; + unsigned char month[2]; + unsigned char day[2]; +}; + + +typedef unsigned long ck_mechanism_type_t; + +#define CKM_RSA_PKCS_KEY_PAIR_GEN (0) +#define CKM_RSA_PKCS (1) +#define CKM_RSA_9796 (2) +#define CKM_RSA_X_509 (3) +#define CKM_MD2_RSA_PKCS (4) +#define CKM_MD5_RSA_PKCS (5) +#define CKM_SHA1_RSA_PKCS (6) +#define CKM_RIPEMD128_RSA_PKCS (7) +#define CKM_RIPEMD160_RSA_PKCS (8) +#define CKM_RSA_PKCS_OAEP (9) +#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa) +#define CKM_RSA_X9_31 (0xb) +#define CKM_SHA1_RSA_X9_31 (0xc) +#define CKM_RSA_PKCS_PSS (0xd) +#define CKM_SHA1_RSA_PKCS_PSS (0xe) +#define CKM_DSA_KEY_PAIR_GEN (0x10) +#define CKM_DSA (0x11) +#define CKM_DSA_SHA1 (0x12) +#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20) +#define CKM_DH_PKCS_DERIVE (0x21) +#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30) +#define CKM_X9_42_DH_DERIVE (0x31) +#define CKM_X9_42_DH_HYBRID_DERIVE (0x32) +#define CKM_X9_42_MQV_DERIVE (0x33) +#define CKM_SHA256_RSA_PKCS (0x40) +#define CKM_SHA384_RSA_PKCS (0x41) +#define CKM_SHA512_RSA_PKCS (0x42) +#define CKM_SHA256_RSA_PKCS_PSS (0x43) +#define CKM_SHA384_RSA_PKCS_PSS (0x44) +#define CKM_SHA512_RSA_PKCS_PSS (0x45) +#define CKM_RC2_KEY_GEN (0x100) +#define CKM_RC2_ECB (0x101) +#define CKM_RC2_CBC (0x102) +#define CKM_RC2_MAC (0x103) +#define CKM_RC2_MAC_GENERAL (0x104) +#define CKM_RC2_CBC_PAD (0x105) +#define CKM_RC4_KEY_GEN (0x110) +#define CKM_RC4 (0x111) +#define CKM_DES_KEY_GEN (0x120) +#define CKM_DES_ECB (0x121) +#define CKM_DES_CBC (0x122) +#define CKM_DES_MAC (0x123) +#define CKM_DES_MAC_GENERAL (0x124) +#define CKM_DES_CBC_PAD (0x125) +#define CKM_DES2_KEY_GEN (0x130) +#define CKM_DES3_KEY_GEN (0x131) +#define CKM_DES3_ECB (0x132) +#define CKM_DES3_CBC (0x133) +#define CKM_DES3_MAC (0x134) +#define CKM_DES3_MAC_GENERAL (0x135) +#define CKM_DES3_CBC_PAD (0x136) +#define CKM_CDMF_KEY_GEN (0x140) +#define CKM_CDMF_ECB (0x141) +#define CKM_CDMF_CBC (0x142) +#define CKM_CDMF_MAC (0x143) +#define CKM_CDMF_MAC_GENERAL (0x144) +#define CKM_CDMF_CBC_PAD (0x145) +#define CKM_MD2 (0x200) +#define CKM_MD2_HMAC (0x201) +#define CKM_MD2_HMAC_GENERAL (0x202) +#define CKM_MD5 (0x210) +#define CKM_MD5_HMAC (0x211) +#define CKM_MD5_HMAC_GENERAL (0x212) +#define CKM_SHA_1 (0x220) +#define CKM_SHA_1_HMAC (0x221) +#define CKM_SHA_1_HMAC_GENERAL (0x222) +#define CKM_RIPEMD128 (0x230) +#define CKM_RIPEMD128_HMAC (0x231) +#define CKM_RIPEMD128_HMAC_GENERAL (0x232) +#define CKM_RIPEMD160 (0x240) +#define CKM_RIPEMD160_HMAC (0x241) +#define CKM_RIPEMD160_HMAC_GENERAL (0x242) +#define CKM_SHA256 (0x250) +#define CKM_SHA256_HMAC (0x251) +#define CKM_SHA256_HMAC_GENERAL (0x252) +#define CKM_SHA384 (0x260) +#define CKM_SHA384_HMAC (0x261) +#define CKM_SHA384_HMAC_GENERAL (0x262) +#define CKM_SHA512 (0x270) +#define CKM_SHA512_HMAC (0x271) +#define CKM_SHA512_HMAC_GENERAL (0x272) +#define CKM_CAST_KEY_GEN (0x300) +#define CKM_CAST_ECB (0x301) +#define CKM_CAST_CBC (0x302) +#define CKM_CAST_MAC (0x303) +#define CKM_CAST_MAC_GENERAL (0x304) +#define CKM_CAST_CBC_PAD (0x305) +#define CKM_CAST3_KEY_GEN (0x310) +#define CKM_CAST3_ECB (0x311) +#define CKM_CAST3_CBC (0x312) +#define CKM_CAST3_MAC (0x313) +#define CKM_CAST3_MAC_GENERAL (0x314) +#define CKM_CAST3_CBC_PAD (0x315) +#define CKM_CAST5_KEY_GEN (0x320) +#define CKM_CAST128_KEY_GEN (0x320) +#define CKM_CAST5_ECB (0x321) +#define CKM_CAST128_ECB (0x321) +#define CKM_CAST5_CBC (0x322) +#define CKM_CAST128_CBC (0x322) +#define CKM_CAST5_MAC (0x323) +#define CKM_CAST128_MAC (0x323) +#define CKM_CAST5_MAC_GENERAL (0x324) +#define CKM_CAST128_MAC_GENERAL (0x324) +#define CKM_CAST5_CBC_PAD (0x325) +#define CKM_CAST128_CBC_PAD (0x325) +#define CKM_RC5_KEY_GEN (0x330) +#define CKM_RC5_ECB (0x331) +#define CKM_RC5_CBC (0x332) +#define CKM_RC5_MAC (0x333) +#define CKM_RC5_MAC_GENERAL (0x334) +#define CKM_RC5_CBC_PAD (0x335) +#define CKM_IDEA_KEY_GEN (0x340) +#define CKM_IDEA_ECB (0x341) +#define CKM_IDEA_CBC (0x342) +#define CKM_IDEA_MAC (0x343) +#define CKM_IDEA_MAC_GENERAL (0x344) +#define CKM_IDEA_CBC_PAD (0x345) +#define CKM_GENERIC_SECRET_KEY_GEN (0x350) +#define CKM_CONCATENATE_BASE_AND_KEY (0x360) +#define CKM_CONCATENATE_BASE_AND_DATA (0x362) +#define CKM_CONCATENATE_DATA_AND_BASE (0x363) +#define CKM_XOR_BASE_AND_DATA (0x364) +#define CKM_EXTRACT_KEY_FROM_KEY (0x365) +#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370) +#define CKM_SSL3_MASTER_KEY_DERIVE (0x371) +#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372) +#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373) +#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374) +#define CKM_TLS_MASTER_KEY_DERIVE (0x375) +#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376) +#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377) +#define CKM_SSL3_MD5_MAC (0x380) +#define CKM_SSL3_SHA1_MAC (0x381) +#define CKM_MD5_KEY_DERIVATION (0x390) +#define CKM_MD2_KEY_DERIVATION (0x391) +#define CKM_SHA1_KEY_DERIVATION (0x392) +#define CKM_PBE_MD2_DES_CBC (0x3a0) +#define CKM_PBE_MD5_DES_CBC (0x3a1) +#define CKM_PBE_MD5_CAST_CBC (0x3a2) +#define CKM_PBE_MD5_CAST3_CBC (0x3a3) +#define CKM_PBE_MD5_CAST5_CBC (0x3a4) +#define CKM_PBE_MD5_CAST128_CBC (0x3a4) +#define CKM_PBE_SHA1_CAST5_CBC (0x3a5) +#define CKM_PBE_SHA1_CAST128_CBC (0x3a5) +#define CKM_PBE_SHA1_RC4_128 (0x3a6) +#define CKM_PBE_SHA1_RC4_40 (0x3a7) +#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) +#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) +#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) +#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) +#define CKM_PKCS5_PBKD2 (0x3b0) +#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0) +#define CKM_KEY_WRAP_LYNKS (0x400) +#define CKM_KEY_WRAP_SET_OAEP (0x401) +#define CKM_SKIPJACK_KEY_GEN (0x1000) +#define CKM_SKIPJACK_ECB64 (0x1001) +#define CKM_SKIPJACK_CBC64 (0x1002) +#define CKM_SKIPJACK_OFB64 (0x1003) +#define CKM_SKIPJACK_CFB64 (0x1004) +#define CKM_SKIPJACK_CFB32 (0x1005) +#define CKM_SKIPJACK_CFB16 (0x1006) +#define CKM_SKIPJACK_CFB8 (0x1007) +#define CKM_SKIPJACK_WRAP (0x1008) +#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009) +#define CKM_SKIPJACK_RELAYX (0x100a) +#define CKM_KEA_KEY_PAIR_GEN (0x1010) +#define CKM_KEA_KEY_DERIVE (0x1011) +#define CKM_FORTEZZA_TIMESTAMP (0x1020) +#define CKM_BATON_KEY_GEN (0x1030) +#define CKM_BATON_ECB128 (0x1031) +#define CKM_BATON_ECB96 (0x1032) +#define CKM_BATON_CBC128 (0x1033) +#define CKM_BATON_COUNTER (0x1034) +#define CKM_BATON_SHUFFLE (0x1035) +#define CKM_BATON_WRAP (0x1036) +#define CKM_ECDSA_KEY_PAIR_GEN (0x1040) +#define CKM_EC_KEY_PAIR_GEN (0x1040) +#define CKM_ECDSA (0x1041) +#define CKM_ECDSA_SHA1 (0x1042) +#define CKM_ECDH1_DERIVE (0x1050) +#define CKM_ECDH1_COFACTOR_DERIVE (0x1051) +#define CKM_ECMQV_DERIVE (0x1052) +#define CKM_JUNIPER_KEY_GEN (0x1060) +#define CKM_JUNIPER_ECB128 (0x1061) +#define CKM_JUNIPER_CBC128 (0x1062) +#define CKM_JUNIPER_COUNTER (0x1063) +#define CKM_JUNIPER_SHUFFLE (0x1064) +#define CKM_JUNIPER_WRAP (0x1065) +#define CKM_FASTHASH (0x1070) +#define CKM_AES_KEY_GEN (0x1080) +#define CKM_AES_ECB (0x1081) +#define CKM_AES_CBC (0x1082) +#define CKM_AES_MAC (0x1083) +#define CKM_AES_MAC_GENERAL (0x1084) +#define CKM_AES_CBC_PAD (0x1085) +#define CKM_DSA_PARAMETER_GEN (0x2000) +#define CKM_DH_PKCS_PARAMETER_GEN (0x2001) +#define CKM_X9_42_DH_PARAMETER_GEN (0x2002) +#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + +struct ck_mechanism +{ + ck_mechanism_type_t mechanism; + void *parameter; + unsigned long parameter_len; +}; + + +struct ck_mechanism_info +{ + unsigned long min_key_size; + unsigned long max_key_size; + ck_flags_t flags; +}; + +#define CKF_HW (1 << 0) +#define CKF_ENCRYPT (1 << 8) +#define CKF_DECRYPT (1 << 9) +#define CKF_DIGEST (1 << 10) +#define CKF_SIGN (1 << 11) +#define CKF_SIGN_RECOVER (1 << 12) +#define CKF_VERIFY (1 << 13) +#define CKF_VERIFY_RECOVER (1 << 14) +#define CKF_GENERATE (1 << 15) +#define CKF_GENERATE_KEY_PAIR (1 << 16) +#define CKF_WRAP (1 << 17) +#define CKF_UNWRAP (1 << 18) +#define CKF_DERIVE (1 << 19) +#define CKF_EXTENSION ((unsigned long) (1 << 31)) + + +/* Flags for C_WaitForSlotEvent. */ +#define CKF_DONT_BLOCK (1) + + +typedef unsigned long ck_rv_t; + + +typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, + ck_notification_t event, void *application); + +/* Forward reference. */ +struct ck_function_list; + +#define _CK_DECLARE_FUNCTION(name, args) \ +typedef ck_rv_t (*CK_ ## name) args; \ +ck_rv_t CK_SPEC name args + +_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); +_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); +_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); +_CK_DECLARE_FUNCTION (C_GetFunctionList, + (struct ck_function_list **function_list)); + +_CK_DECLARE_FUNCTION (C_GetSlotList, + (unsigned char token_present, ck_slot_id_t *slot_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetSlotInfo, + (ck_slot_id_t slot_id, struct ck_slot_info *info)); +_CK_DECLARE_FUNCTION (C_GetTokenInfo, + (ck_slot_id_t slot_id, struct ck_token_info *info)); +_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, + (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); +_CK_DECLARE_FUNCTION (C_GetMechanismList, + (ck_slot_id_t slot_id, + ck_mechanism_type_t *mechanism_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetMechanismInfo, + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info *info)); +_CK_DECLARE_FUNCTION (C_InitToken, + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); +_CK_DECLARE_FUNCTION (C_InitPIN, + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_SetPIN, + (ck_session_handle_t session, unsigned char *old_pin, + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len)); + +_CK_DECLARE_FUNCTION (C_OpenSession, + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t *session)); +_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); +_CK_DECLARE_FUNCTION (C_GetSessionInfo, + (ck_session_handle_t session, + struct ck_session_info *info)); +_CK_DECLARE_FUNCTION (C_GetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); +_CK_DECLARE_FUNCTION (C_SetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); +_CK_DECLARE_FUNCTION (C_Login, + (ck_session_handle_t session, ck_user_type_t user_type, + unsigned char *pin, unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_CreateObject, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t *object)); +_CK_DECLARE_FUNCTION (C_CopyObject, + (ck_session_handle_t session, ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t *new_object)); +_CK_DECLARE_FUNCTION (C_DestroyObject, + (ck_session_handle_t session, + ck_object_handle_t object)); +_CK_DECLARE_FUNCTION (C_GetObjectSize, + (ck_session_handle_t session, + ck_object_handle_t object, + unsigned long *size)); +_CK_DECLARE_FUNCTION (C_GetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_SetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjectsInit, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjects, + (ck_session_handle_t session, + ck_object_handle_t *object, + unsigned long max_object_count, + unsigned long *object_count)); +_CK_DECLARE_FUNCTION (C_FindObjectsFinal, + (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_EncryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Encrypt, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); +_CK_DECLARE_FUNCTION (C_EncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_EncryptFinal, + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); + +_CK_DECLARE_FUNCTION (C_DecryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Decrypt, + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); +_CK_DECLARE_FUNCTION (C_DecryptUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_DecryptFinal, + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); + +_CK_DECLARE_FUNCTION (C_DigestInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism)); +_CK_DECLARE_FUNCTION (C_Digest, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, + unsigned long *digest_len)); +_CK_DECLARE_FUNCTION (C_DigestUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_DigestKey, + (ck_session_handle_t session, ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_DigestFinal, + (ck_session_handle_t session, + unsigned char *digest, + unsigned long *digest_len)); + +_CK_DECLARE_FUNCTION (C_SignInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Sign, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_SignFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_SignRecover, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + +_CK_DECLARE_FUNCTION (C_VerifyInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Verify, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_VerifyFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_VerifyRecover, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len)); + +_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); + +_CK_DECLARE_FUNCTION (C_GenerateKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_GenerateKeyPair, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t *public_key, + ck_object_handle_t *private_key)); +_CK_DECLARE_FUNCTION (C_WrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); +_CK_DECLARE_FUNCTION (C_UnwrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_DeriveKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); + +_CK_DECLARE_FUNCTION (C_SeedRandom, + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); +_CK_DECLARE_FUNCTION (C_GenerateRandom, + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); + +_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); + + +struct ck_function_list +{ + struct ck_version version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; +}; + + +typedef ck_rv_t (*ck_createmutex_t) (void **mutex); +typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); +typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); +typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); + + +struct ck_c_initialize_args +{ + ck_createmutex_t create_mutex; + ck_destroymutex_t destroy_mutex; + ck_lockmutex_t lock_mutex; + ck_unlockmutex_t unlock_mutex; + ck_flags_t flags; + void *reserved; +}; + + +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) +#define CKF_OS_LOCKING_OK (1 << 1) + +#define CKR_OK (0) +#define CKR_CANCEL (1) +#define CKR_HOST_MEMORY (2) +#define CKR_SLOT_ID_INVALID (3) +#define CKR_GENERAL_ERROR (5) +#define CKR_FUNCTION_FAILED (6) +#define CKR_ARGUMENTS_BAD (7) +#define CKR_NO_EVENT (8) +#define CKR_NEED_TO_CREATE_THREADS (9) +#define CKR_CANT_LOCK (0xa) +#define CKR_ATTRIBUTE_READ_ONLY (0x10) +#define CKR_ATTRIBUTE_SENSITIVE (0x11) +#define CKR_ATTRIBUTE_TYPE_INVALID (0x12) +#define CKR_ATTRIBUTE_VALUE_INVALID (0x13) +#define CKR_DATA_INVALID (0x20) +#define CKR_DATA_LEN_RANGE (0x21) +#define CKR_DEVICE_ERROR (0x30) +#define CKR_DEVICE_MEMORY (0x31) +#define CKR_DEVICE_REMOVED (0x32) +#define CKR_ENCRYPTED_DATA_INVALID (0x40) +#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41) +#define CKR_FUNCTION_CANCELED (0x50) +#define CKR_FUNCTION_NOT_PARALLEL (0x51) +#define CKR_FUNCTION_NOT_SUPPORTED (0x54) +#define CKR_KEY_HANDLE_INVALID (0x60) +#define CKR_KEY_SIZE_RANGE (0x62) +#define CKR_KEY_TYPE_INCONSISTENT (0x63) +#define CKR_KEY_NOT_NEEDED (0x64) +#define CKR_KEY_CHANGED (0x65) +#define CKR_KEY_NEEDED (0x66) +#define CKR_KEY_INDIGESTIBLE (0x67) +#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68) +#define CKR_KEY_NOT_WRAPPABLE (0x69) +#define CKR_KEY_UNEXTRACTABLE (0x6a) +#define CKR_MECHANISM_INVALID (0x70) +#define CKR_MECHANISM_PARAM_INVALID (0x71) +#define CKR_OBJECT_HANDLE_INVALID (0x82) +#define CKR_OPERATION_ACTIVE (0x90) +#define CKR_OPERATION_NOT_INITIALIZED (0x91) +#define CKR_PIN_INCORRECT (0xa0) +#define CKR_PIN_INVALID (0xa1) +#define CKR_PIN_LEN_RANGE (0xa2) +#define CKR_PIN_EXPIRED (0xa3) +#define CKR_PIN_LOCKED (0xa4) +#define CKR_SESSION_CLOSED (0xb0) +#define CKR_SESSION_COUNT (0xb1) +#define CKR_SESSION_HANDLE_INVALID (0xb3) +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4) +#define CKR_SESSION_READ_ONLY (0xb5) +#define CKR_SESSION_EXISTS (0xb6) +#define CKR_SESSION_READ_ONLY_EXISTS (0xb7) +#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8) +#define CKR_SIGNATURE_INVALID (0xc0) +#define CKR_SIGNATURE_LEN_RANGE (0xc1) +#define CKR_TEMPLATE_INCOMPLETE (0xd0) +#define CKR_TEMPLATE_INCONSISTENT (0xd1) +#define CKR_TOKEN_NOT_PRESENT (0xe0) +#define CKR_TOKEN_NOT_RECOGNIZED (0xe1) +#define CKR_TOKEN_WRITE_PROTECTED (0xe2) +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0) +#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1) +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2) +#define CKR_USER_ALREADY_LOGGED_IN (0x100) +#define CKR_USER_NOT_LOGGED_IN (0x101) +#define CKR_USER_PIN_NOT_INITIALIZED (0x102) +#define CKR_USER_TYPE_INVALID (0x103) +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104) +#define CKR_USER_TOO_MANY_TYPES (0x105) +#define CKR_WRAPPED_KEY_INVALID (0x110) +#define CKR_WRAPPED_KEY_LEN_RANGE (0x112) +#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113) +#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114) +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115) +#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120) +#define CKR_RANDOM_NO_RNG (0x121) +#define CKR_DOMAIN_PARAMS_INVALID (0x130) +#define CKR_BUFFER_TOO_SMALL (0x150) +#define CKR_SAVED_STATE_INVALID (0x160) +#define CKR_INFORMATION_SENSITIVE (0x170) +#define CKR_STATE_UNSAVEABLE (0x180) +#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190) +#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191) +#define CKR_MUTEX_BAD (0x1a0) +#define CKR_MUTEX_NOT_LOCKED (0x1a1) +#define CKR_FUNCTION_REJECTED (0x200) +#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31)) + + + +/* Compatibility layer. */ + +#ifdef CRYPTOKI_COMPAT + +#undef CK_DEFINE_FUNCTION +#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name + +/* For NULL. */ +#include <stddef.h> + +typedef unsigned char CK_BYTE; +typedef unsigned char CK_CHAR; +typedef unsigned char CK_UTF8CHAR; +typedef unsigned char CK_BBOOL; +typedef unsigned long int CK_ULONG; +typedef long int CK_LONG; +typedef CK_BYTE *CK_BYTE_PTR; +typedef CK_CHAR *CK_CHAR_PTR; +typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; +typedef CK_ULONG *CK_ULONG_PTR; +typedef void *CK_VOID_PTR; +typedef void **CK_VOID_PTR_PTR; +#define CK_FALSE 0 +#define CK_TRUE 1 +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef TRUE +#define TRUE 1 +#endif +#endif + +typedef struct ck_version CK_VERSION; +typedef struct ck_version *CK_VERSION_PTR; + +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; + +typedef ck_slot_id_t *CK_SLOT_ID_PTR; + +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; + +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; + +typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; + +typedef struct ck_session_info CK_SESSION_INFO; +typedef struct ck_session_info *CK_SESSION_INFO_PTR; + +typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; + +typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; + +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; + +typedef struct ck_date CK_DATE; +typedef struct ck_date *CK_DATE_PTR; + +typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; + +typedef struct ck_mechanism CK_MECHANISM; +typedef struct ck_mechanism *CK_MECHANISM_PTR; + +typedef struct ck_mechanism_info CK_MECHANISM_INFO; +typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; + +typedef struct ck_function_list CK_FUNCTION_LIST; +typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; +typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; + +typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; +typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; + +#define NULL_PTR NULL + +/* Delete the helper macros defined at the top of the file. */ +#undef ck_flags_t +#undef ck_version + +#undef ck_info +#undef cryptoki_version +#undef manufacturer_id +#undef library_description +#undef library_version + +#undef ck_notification_t +#undef ck_slot_id_t + +#undef ck_slot_info +#undef slot_description +#undef hardware_version +#undef firmware_version + +#undef ck_token_info +#undef serial_number +#undef max_session_count +#undef session_count +#undef max_rw_session_count +#undef rw_session_count +#undef max_pin_len +#undef min_pin_len +#undef total_public_memory +#undef free_public_memory +#undef total_private_memory +#undef free_private_memory +#undef utc_time + +#undef ck_session_handle_t +#undef ck_user_type_t +#undef ck_state_t + +#undef ck_session_info +#undef slot_id +#undef device_error + +#undef ck_object_handle_t +#undef ck_object_class_t +#undef ck_hw_feature_type_t +#undef ck_key_type_t +#undef ck_certificate_type_t +#undef ck_attribute_type_t + +#undef ck_attribute +#undef value +#undef value_len + +#undef ck_date + +#undef ck_mechanism_type_t + +#undef ck_mechanism +#undef parameter +#undef parameter_len + +#undef ck_mechanism_info +#undef min_key_size +#undef max_key_size + +#undef ck_rv_t +#undef ck_notify_t + +#undef ck_function_list + +#undef ck_createmutex_t +#undef ck_destroymutex_t +#undef ck_lockmutex_t +#undef ck_unlockmutex_t + +#undef ck_c_initialize_args +#undef create_mutex +#undef destroy_mutex +#undef lock_mutex +#undef unlock_mutex +#undef reserved + +#endif /* CRYPTOKI_COMPAT */ + + +/* System dependencies. */ +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#pragma pack(pop, cryptoki) +#endif + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_H */ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c new file mode 100644 index 000000000..1b1448c6a --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_creds.h" + +#include <debug.h> +#include <utils/linked_list.h> + +typedef struct private_pkcs11_creds_t private_pkcs11_creds_t; + +/** + * Private data of an pkcs11_creds_t object. + */ +struct private_pkcs11_creds_t { + + /** + * Public pkcs11_creds_t interface. + */ + pkcs11_creds_t public; + + /** + * PKCS# library + */ + pkcs11_library_t *lib; + + /** + * Token slot + */ + CK_SLOT_ID slot; + + /** + * List of trusted certificates + */ + linked_list_t *trusted; + + /** + * List of untrusted certificates + */ + linked_list_t *untrusted; +}; + +/** + * Find certificates, optionally trusted + */ +static void find_certificates(private_pkcs11_creds_t *this, + CK_SESSION_HANDLE session, CK_BBOOL trusted) +{ + CK_OBJECT_CLASS class = CKO_CERTIFICATE; + CK_CERTIFICATE_TYPE type = CKC_X_509; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, + {CKA_TRUSTED, &trusted, sizeof(trusted)}, + }; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attr[] = { + {CKA_VALUE, NULL, 0}, + {CKA_LABEL, NULL, 0}, + }; + enumerator_t *enumerator; + linked_list_t *raw; + certificate_t *cert; + struct { + chunk_t value; + chunk_t label; + } *entry; + + raw = linked_list_create(); + enumerator = this->lib->create_object_enumerator(this->lib, + session, tmpl, countof(tmpl), attr, countof(attr)); + while (enumerator->enumerate(enumerator, &object)) + { + entry = malloc(sizeof(*entry)); + entry->value = chunk_clone( + chunk_create(attr[0].pValue, attr[0].ulValueLen)); + entry->label = chunk_clone( + chunk_create(attr[1].pValue, attr[1].ulValueLen)); + raw->insert_last(raw, entry); + } + enumerator->destroy(enumerator); + + while (raw->remove_first(raw, (void**)&entry) == SUCCESS) + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, entry->value, + BUILD_END); + if (cert) + { + DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", + trusted ? "" : "un", entry->label.len, entry->label.ptr); + /* trusted certificates are also returned as untrusted */ + this->untrusted->insert_last(this->untrusted, cert); + if (trusted) + { + this->trusted->insert_last(this->trusted, cert->get_ref(cert)); + } + } + else + { + DBG1(DBG_CFG, " loading cert '%.*s' failed", + entry->label.len, entry->label.ptr); + } + free(entry->value.ptr); + free(entry->label.ptr); + free(entry); + } + raw->destroy(raw); +} + +/** + * Load in the certificates from the token + */ +static bool load_certificates(private_pkcs11_creds_t *this) +{ + CK_SESSION_HANDLE session; + CK_RV rv; + + rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, + NULL, NULL, &session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening session failed: %N", ck_rv_names, rv); + return FALSE; + } + + find_certificates(this, session, CK_TRUE); + find_certificates(this, session, CK_FALSE); + + this->lib->f->C_CloseSession(session); + return TRUE; +} + +/** + * filter function for certs enumerator + */ +static bool certs_filter(identification_t *id, + certificate_t **in, certificate_t **out) +{ + public_key_t *public; + certificate_t *cert = *in; + + if (id == NULL || cert->has_subject(cert, id)) + { + *out = *in; + return TRUE; + } + public = cert->get_public_key(cert); + if (public) + { + if (public->has_fingerprint(public, id->get_encoding(id))) + { + public->destroy(public); + *out = *in; + return TRUE; + } + public->destroy(public); + } + return FALSE; +} + +METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, + private_pkcs11_creds_t *this, certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) +{ + enumerator_t *inner; + + if (cert != CERT_X509 && cert != CERT_ANY) + { + return NULL; + } + if (trusted) + { + inner = this->trusted->create_enumerator(this->trusted); + } + else + { + inner = this->untrusted->create_enumerator(this->untrusted); + } + return enumerator_create_filter(inner, (void*)certs_filter, id, NULL); +} + +METHOD(pkcs11_creds_t, get_library, pkcs11_library_t*, + private_pkcs11_creds_t *this) +{ + return this->lib; +} + +METHOD(pkcs11_creds_t, get_slot, CK_SLOT_ID, + private_pkcs11_creds_t *this) +{ + return this->slot; +} + +METHOD(pkcs11_creds_t, destroy, void, + private_pkcs11_creds_t *this) +{ + this->trusted->destroy_offset(this->trusted, + offsetof(certificate_t, destroy)); + this->untrusted->destroy_offset(this->untrusted, + offsetof(certificate_t, destroy)); + free(this); +} + +/** + * See header + */ +pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot) +{ + private_pkcs11_creds_t *this; + + INIT(this, + .public = { + .set = { + .create_shared_enumerator = (void*)enumerator_create_empty, + .create_private_enumerator = (void*)enumerator_create_empty, + .create_cert_enumerator = _create_cert_enumerator, + .create_cdp_enumerator = (void*)enumerator_create_empty, + .cache_cert = (void*)nop, + }, + .get_library = _get_library, + .get_slot = _get_slot, + .destroy = _destroy, + }, + .lib = p11, + .slot = slot, + .trusted = linked_list_create(), + .untrusted = linked_list_create(), + ); + + if (!load_certificates(this)) + { + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h new file mode 100644 index 000000000..c40a8dea6 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_creds pkcs11_creds + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_CREDS_H_ +#define PKCS11_CREDS_H_ + +typedef struct pkcs11_creds_t pkcs11_creds_t; + +#include "pkcs11_library.h" + +#include <credentials/credential_manager.h> + +/** + * Credential set on top on a PKCS#11 token. + */ +struct pkcs11_creds_t { + + /** + * Implements credential_set_t. + */ + credential_set_t set; + + /** + * Get the PKCS#11 library this set uses. + * + * @return library + */ + pkcs11_library_t* (*get_library)(pkcs11_creds_t *this); + + /** + * Get the slot of the token this set uses. + * + * @return slot + */ + CK_SLOT_ID (*get_slot)(pkcs11_creds_t *this); + + /** + * Destroy a pkcs11_creds_t. + */ + void (*destroy)(pkcs11_creds_t *this); +}; + +/** + * Create a pkcs11_creds instance. + * + * @param p11 loaded PKCS#11 library + * @param slot slot of the token we hand out credentials + */ +pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot); + +#endif /** PKCS11_CREDS_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c new file mode 100644 index 000000000..6d327be40 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -0,0 +1,323 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_hasher.h" + +#include <unistd.h> + +#include <debug.h> +#include <threading/mutex.h> + +#include "pkcs11_manager.h" + +typedef struct private_pkcs11_hasher_t private_pkcs11_hasher_t; + +/** + * Private data of an pkcs11_hasher_t object. + */ +struct private_pkcs11_hasher_t { + + /** + * Public pkcs11_hasher_t interface. + */ + pkcs11_hasher_t public; + + /** + * PKCS#11 library + */ + pkcs11_library_t *lib; + + /** + * Mechanism for this hasher + */ + CK_MECHANISM_PTR mech; + + /** + * Token session + */ + CK_SESSION_HANDLE session; + + /** + * size of the hash + */ + size_t size; + + /** + * Mutex to lock the tokens hashing engine + */ + mutex_t *mutex; + + /** + * do we have an initialized state? + */ + bool have_state; + + /** + * state buffer + */ + CK_BYTE_PTR state; + + /** + * Length of the state buffer + */ + CK_ULONG state_len; +}; + +METHOD(hasher_t, get_hash_size, size_t, + private_pkcs11_hasher_t *this) +{ + return this->size; +} + +/** + * Save the Operation state to host memory + */ +static void save_state(private_pkcs11_hasher_t *this) +{ + CK_RV rv; + + while (TRUE) + { + if (!this->state) + { + rv = this->lib->f->C_GetOperationState(this->session, NULL, + &this->state_len); + if (rv != CKR_OK) + { + break; + } + this->state = malloc(this->state_len); + } + rv = this->lib->f->C_GetOperationState(this->session, this->state, + &this->state_len); + switch (rv) + { + case CKR_BUFFER_TOO_SMALL: + free(this->state); + this->state = NULL; + continue; + case CKR_OK: + this->have_state = TRUE; + return; + default: + break; + } + break; + } + DBG1(DBG_CFG, "C_GetOperationState() failed: %N", ck_rv_names, rv); + abort(); +} + +/** + * Load the Operation state from host memory + */ +static void load_state(private_pkcs11_hasher_t *this) +{ + CK_RV rv; + + rv = this->lib->f->C_SetOperationState(this->session, this->state, + this->state_len, CK_INVALID_HANDLE, CK_INVALID_HANDLE); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_SetOperationState() failed: %N", ck_rv_names, rv); + abort(); + } + this->have_state = FALSE; +} + +METHOD(hasher_t, reset, void, + private_pkcs11_hasher_t *this) +{ + this->have_state = FALSE; +} + +METHOD(hasher_t, get_hash, void, + private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash) +{ + CK_RV rv; + CK_ULONG len; + + this->mutex->lock(this->mutex); + if (this->have_state) + { + load_state(this); + } + else + { + rv = this->lib->f->C_DigestInit(this->session, this->mech); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_DigestInit() failed: %N", ck_rv_names, rv); + abort(); + } + } + if (chunk.len) + { + rv = this->lib->f->C_DigestUpdate(this->session, chunk.ptr, chunk.len); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_DigestUpdate() failed: %N", ck_rv_names, rv); + abort(); + } + } + if (hash) + { + len = this->size; + rv = this->lib->f->C_DigestFinal(this->session, + hash, &len); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_DigestFinal() failed: %N", ck_rv_names, rv); + abort(); + } + } + else + { + save_state(this); + } + this->mutex->unlock(this->mutex); +} + +METHOD(hasher_t, allocate_hash, void, + private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash) +{ + if (hash) + { + *hash = chunk_alloc(this->size); + get_hash(this, chunk, hash->ptr); + } + else + { + get_hash(this, chunk, NULL); + } +} + +METHOD(hasher_t, destroy, void, + private_pkcs11_hasher_t *this) +{ + this->lib->f->C_CloseSession(this->session); + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * Get the Cryptoki mechanism for a hash algorithm + */ +static CK_MECHANISM_PTR algo_to_mechanism(hash_algorithm_t algo, size_t *size) +{ + static struct { + hash_algorithm_t algo; + CK_MECHANISM mechanism; + size_t size; + } mappings[] = { + {HASH_MD2, {CKM_MD2, NULL, 0}, HASH_SIZE_MD2}, + {HASH_MD5, {CKM_MD5, NULL, 0}, HASH_SIZE_MD5}, + {HASH_SHA1, {CKM_SHA_1, NULL, 0}, HASH_SIZE_SHA1}, + {HASH_SHA256, {CKM_SHA256, NULL, 0}, HASH_SIZE_SHA256}, + {HASH_SHA384, {CKM_SHA384, NULL, 0}, HASH_SIZE_SHA384}, + {HASH_SHA512, {CKM_SHA512, NULL, 0}, HASH_SIZE_SHA512}, + }; + int i; + + for (i = 0; i < countof(mappings); i++) + { + if (mappings[i].algo == algo) + { + *size = mappings[i].size; + return &mappings[i].mechanism; + } + } + return NULL; +} + +/** + * Find a token we can use for a hash algorithm + */ +static pkcs11_library_t* find_token(hash_algorithm_t algo, + CK_SESSION_HANDLE *session, CK_MECHANISM_PTR *mout, size_t *size) +{ + enumerator_t *tokens, *mechs; + pkcs11_manager_t *manager; + pkcs11_library_t *current, *found = NULL; + CK_MECHANISM_TYPE type; + CK_MECHANISM_PTR mech; + CK_SLOT_ID slot; + + mech = algo_to_mechanism(algo, size); + if (!mech) + { + return NULL; + } + manager = pkcs11_manager_get(); + if (!manager) + { + return NULL; + } + tokens = manager->create_token_enumerator(manager); + while (tokens->enumerate(tokens, ¤t, &slot)) + { + mechs = current->create_mechanism_enumerator(current, slot); + while (mechs->enumerate(mechs, &type, NULL)) + { + if (type == mech->mechanism) + { + if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION, + NULL, NULL, session) == CKR_OK) + { + found = current; + *mout = mech; + break; + } + } + } + mechs->destroy(mechs); + if (found) + { + break; + } + } + tokens->destroy(tokens); + return found; +} + +/** + * See header + */ +pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo) +{ + private_pkcs11_hasher_t *this; + + INIT(this, + .public = { + .hasher = { + .get_hash_size = _get_hash_size, + .reset = _reset, + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .destroy = _destroy, + }, + }, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); + + this->lib = find_token(algo, &this->session, &this->mech, &this->size); + if (!this->lib) + { + free(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h new file mode 100644 index 000000000..9c55d463e --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_hasher pkcs11_hasher + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_HASHER_H_ +#define PKCS11_HASHER_H_ + +#include <crypto/hashers/hasher.h> + +typedef struct pkcs11_hasher_t pkcs11_hasher_t; + +/** + * Hash implementation using a PKCS#11 token. + */ +struct pkcs11_hasher_t { + + /** + * Implements hasher_t interface. + */ + hasher_t hasher; +}; + +/** + * Creates a PKCS#11 based hasher. + * + * @param algo hash algorithm + * @return hasher, NULL if not supported + */ +pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo); + +#endif /** PKCS11_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c new file mode 100644 index 000000000..9fb1b7769 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -0,0 +1,869 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_library.h" + +#include <dlfcn.h> + +#include <library.h> +#include <debug.h> +#include <threading/mutex.h> +#include <utils/linked_list.h> + +typedef struct private_pkcs11_library_t private_pkcs11_library_t; + + +ENUM_BEGIN(ck_rv_names, CKR_OK, CKR_CANT_LOCK, + "OK", + "CANCEL", + "HOST_MEMORY", + "SLOT_ID_INVALID", + "(0x04)", + "GENERAL_ERROR", + "FUNCTION_FAILED", + "ARGUMENTS_BAD", + "NO_EVENT", + "NEED_TO_CREATE_THREADS", + "CANT_LOCK"); +ENUM_NEXT(ck_rv_names, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_VALUE_INVALID, + CKR_CANT_LOCK, + "ATTRIBUTE_READ_ONLY", + "ATTRIBUTE_SENSITIVE", + "ATTRIBUTE_TYPE_INVALID", + "ATTRIBUTE_VALUE_INVALID"); +ENUM_NEXT(ck_rv_names, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE, + CKR_ATTRIBUTE_VALUE_INVALID, + "DATA_INVALID" + "DATA_LEN_RANGE"); +ENUM_NEXT(ck_rv_names, CKR_DEVICE_ERROR, CKR_DEVICE_REMOVED, + CKR_DATA_LEN_RANGE, + "DEVICE_ERROR", + "DEVICE_MEMORY", + "DEVICE_REMOVED"); +ENUM_NEXT(ck_rv_names, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE, + CKR_DEVICE_REMOVED, + "ENCRYPTED_DATA_INVALID", + "ENCRYPTED_DATA_LEN_RANGE"); +ENUM_NEXT(ck_rv_names, CKR_FUNCTION_CANCELED, CKR_FUNCTION_NOT_SUPPORTED, + CKR_ENCRYPTED_DATA_LEN_RANGE, + "FUNCTION_CANCELED", + "FUNCTION_NOT_PARALLEL", + "(0x52)", + "(0x53)", + "FUNCTION_NOT_SUPPORTED"); +ENUM_NEXT(ck_rv_names, CKR_KEY_HANDLE_INVALID, CKR_KEY_UNEXTRACTABLE, + CKR_FUNCTION_NOT_SUPPORTED, + "KEY_HANDLE_INVALID", + "(0x61)", + "KEY_SIZE_RANGE", + "KEY_TYPE_INCONSISTENT", + "KEY_NOT_NEEDED", + "KEY_CHANGED", + "KEY_NEEDED", + "KEY_INDIGESTIBLE", + "KEY_FUNCTION_NOT_PERMITTED", + "KEY_NOT_WRAPPABLE", + "KEY_UNEXTRACTABLE"); +ENUM_NEXT(ck_rv_names, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, + CKR_KEY_UNEXTRACTABLE, + "MECHANISM_INVALID", + "MECHANISM_PARAM_INVALID"); +ENUM_NEXT(ck_rv_names, CKR_OBJECT_HANDLE_INVALID, CKR_OBJECT_HANDLE_INVALID, + CKR_MECHANISM_PARAM_INVALID, + "OBJECT_HANDLE_INVALID"); +ENUM_NEXT(ck_rv_names, CKR_OPERATION_ACTIVE, CKR_OPERATION_NOT_INITIALIZED, + CKR_OBJECT_HANDLE_INVALID, + "OPERATION_ACTIVE", + "OPERATION_NOT_INITIALIZED"); +ENUM_NEXT(ck_rv_names, CKR_PIN_INCORRECT, CKR_PIN_LOCKED, + CKR_OPERATION_NOT_INITIALIZED, + "PIN_INCORRECT", + "PIN_INVALID", + "PIN_LEN_RANGE", + "PIN_EXPIRED", + "PIN_LOCKED"); +ENUM_NEXT(ck_rv_names, CKR_SESSION_CLOSED, CKR_SESSION_READ_WRITE_SO_EXISTS, + CKR_PIN_LOCKED, + "SESSION_CLOSED", + "SESSION_COUNT", + "(0xb2)", + "SESSION_HANDLE_INVALID", + "SESSION_PARALLEL_NOT_SUPPORTED", + "SESSION_READ_ONLY", + "SESSION_EXISTS", + "SESSION_READ_ONLY_EXISTS", + "SESSION_READ_WRITE_SO_EXISTS"); +ENUM_NEXT(ck_rv_names, CKR_SIGNATURE_INVALID, CKR_SIGNATURE_LEN_RANGE, + CKR_SESSION_READ_WRITE_SO_EXISTS, + "SIGNATURE_INVALID", + "SIGNATURE_LEN_RANGE"); +ENUM_NEXT(ck_rv_names, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT, + CKR_SIGNATURE_LEN_RANGE, + "TEMPLATE_INCOMPLETE", + "TEMPLATE_INCONSISTENT", +); +ENUM_NEXT(ck_rv_names, CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_WRITE_PROTECTED, + CKR_TEMPLATE_INCONSISTENT, + "TOKEN_NOT_PRESENT", + "TOKEN_NOT_RECOGNIZED", + "TOKEN_WRITE_PROTECTED"); +ENUM_NEXT(ck_rv_names, CKR_UNWRAPPING_KEY_HANDLE_INVALID, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, + CKR_TOKEN_WRITE_PROTECTED, + "UNWRAPPING_KEY_HANDLE_INVALID", + "UNWRAPPING_KEY_SIZE_RANGE", + "UNWRAPPING_KEY_TYPE_INCONSISTENT"); +ENUM_NEXT(ck_rv_names, CKR_USER_ALREADY_LOGGED_IN, CKR_USER_TOO_MANY_TYPES, + CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, + "USER_ALREADY_LOGGED_IN", + "USER_NOT_LOGGED_IN", + "USER_PIN_NOT_INITIALIZED", + "USER_TYPE_INVALID", + "USER_ANOTHER_ALREADY_LOGGED_IN", + "USER_TOO_MANY_TYPES"); +ENUM_NEXT(ck_rv_names, CKR_WRAPPED_KEY_INVALID, CKR_WRAPPING_KEY_TYPE_INCONSISTENT, + CKR_USER_TOO_MANY_TYPES, + "WRAPPED_KEY_INVALID", + "(0x111)", + "WRAPPED_KEY_LEN_RANGE", + "WRAPPING_KEY_HANDLE_INVALID", + "WRAPPING_KEY_SIZE_RANGE", + "WRAPPING_KEY_TYPE_INCONSISTENT"); +ENUM_NEXT(ck_rv_names, CKR_RANDOM_SEED_NOT_SUPPORTED, CKR_RANDOM_NO_RNG, + CKR_WRAPPING_KEY_TYPE_INCONSISTENT, + "RANDOM_SEED_NOT_SUPPORTED", + "RANDOM_NO_RNG"); +ENUM_NEXT(ck_rv_names, CKR_DOMAIN_PARAMS_INVALID, CKR_DOMAIN_PARAMS_INVALID, + CKR_RANDOM_NO_RNG, + "DOMAIN_PARAMS_INVALID"); +ENUM_NEXT(ck_rv_names, CKR_BUFFER_TOO_SMALL, CKR_BUFFER_TOO_SMALL, + CKR_DOMAIN_PARAMS_INVALID, + "BUFFER_TOO_SMALL"); +ENUM_NEXT(ck_rv_names, CKR_SAVED_STATE_INVALID, CKR_SAVED_STATE_INVALID, + CKR_BUFFER_TOO_SMALL, + "SAVED_STATE_INVALID"); +ENUM_NEXT(ck_rv_names, CKR_INFORMATION_SENSITIVE, CKR_INFORMATION_SENSITIVE, + CKR_SAVED_STATE_INVALID, + "INFORMATION_SENSITIVE"); +ENUM_NEXT(ck_rv_names, CKR_STATE_UNSAVEABLE, CKR_STATE_UNSAVEABLE, + CKR_INFORMATION_SENSITIVE, + "STATE_UNSAVEABLE"); +ENUM_NEXT(ck_rv_names, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CRYPTOKI_ALREADY_INITIALIZED, + CKR_STATE_UNSAVEABLE, + "CRYPTOKI_NOT_INITIALIZED", + "CRYPTOKI_ALREADY_INITIALIZED"); +ENUM_NEXT(ck_rv_names, CKR_MUTEX_BAD, CKR_MUTEX_NOT_LOCKED, + CKR_CRYPTOKI_ALREADY_INITIALIZED, + "MUTEX_BAD", + "MUTEX_NOT_LOCKED"); +ENUM_NEXT(ck_rv_names, CKR_FUNCTION_REJECTED, CKR_FUNCTION_REJECTED, + CKR_MUTEX_NOT_LOCKED, + "FUNCTION_REJECTED"); +ENUM_END(ck_rv_names, CKR_FUNCTION_REJECTED); + + +ENUM_BEGIN(ck_mech_names, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_DSA_SHA1, + "RSA_PKCS_KEY_PAIR_GEN", + "RSA_PKCS", + "RSA_9796", + "RSA_X_509", + "MD2_RSA_PKCS", + "MD5_RSA_PKCS", + "SHA1_RSA_PKCS", + "RIPEMD128_RSA_PKCS", + "RIPEMD160_RSA_PKCS", + "RSA_PKCS_OAEP", + "RSA_X9_31_KEY_PAIR_GEN", + "RSA_X9_31", + "SHA1_RSA_X9_31", + "RSA_PKCS_PSS", + "SHA1_RSA_PKCS_PSS", + "(0xf)", + "DSA_KEY_PAIR_GEN", + "DSA", + "DSA_SHA1"); +ENUM_NEXT(ck_mech_names, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE, + CKM_DSA_SHA1, + "DH_PKCS_KEY_PAIR_GEN", + "DH_PKCS_DERIVE"); +ENUM_NEXT(ck_mech_names, CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_MQV_DERIVE, + CKM_DH_PKCS_DERIVE, + "X9_42_DH_KEY_PAIR_GEN", + "X9_42_DH_DERIVE", + "X9_42_DH_HYBRID_DERIVE", + "X9_42_MQV_DERIVE"); +ENUM_NEXT(ck_mech_names, CKM_SHA256_RSA_PKCS, CKM_SHA512_RSA_PKCS_PSS, + CKM_X9_42_MQV_DERIVE, + "SHA256_RSA_PKCS", + "SHA384_RSA_PKCS", + "SHA512_RSA_PKCS", + "SHA256_RSA_PKCS_PSS", + "SHA384_RSA_PKCS_PSS", + "SHA512_RSA_PKCS_PSS"); +ENUM_NEXT(ck_mech_names, CKM_RC2_KEY_GEN, CKM_RC2_CBC_PAD, + CKM_SHA512_RSA_PKCS_PSS, + "RC2_KEY_GEN", + "RC2_ECB", + "RC2_CBC", + "RC2_MAC", + "RC2_MAC_GENERAL", + "RC2_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_RC4_KEY_GEN, CKM_RC4, + CKM_RC2_CBC_PAD, + "RC4_KEY_GEN", + "RC4"); +ENUM_NEXT(ck_mech_names, CKM_DES_KEY_GEN, CKM_DES_CBC_PAD, + CKM_RC4, + "DES_KEY_GEN", + "DES_ECB", + "DES_CBC", + "DES_MAC", + "DES_MAC_GENERAL", + "DES_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_DES2_KEY_GEN, CKM_DES3_CBC_PAD, + CKM_DES_CBC_PAD, + "DES2_KEY_GEN", + "DES3_KEY_GEN", + "DES3_ECB", + "DES3_CBC", + "DES3_MAC", + "DES3_MAC_GENERAL", + "DES3_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_CDMF_KEY_GEN, CKM_CDMF_CBC_PAD, + CKM_DES3_CBC_PAD, + "CDMF_KEY_GEN", + "CDMF_ECB", + "CDMF_CBC", + "CDMF_MAC", + "CDMF_MAC_GENERAL", + "CDMF_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_MD2, CKM_MD2_HMAC_GENERAL, + CKM_CDMF_CBC_PAD, + "MD2", + "MD2_HMAC", + "MD2_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_MD5, CKM_MD5_HMAC_GENERAL, + CKM_MD2_HMAC_GENERAL, + "MD5", + "MD5_HMAC", + "MD5_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_SHA_1, CKM_SHA_1_HMAC_GENERAL, + CKM_MD5_HMAC_GENERAL, + "SHA_1", + "SHA_1_HMAC", + "SHA_1_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_RIPEMD128, CKM_RIPEMD128_HMAC_GENERAL, + CKM_SHA_1_HMAC_GENERAL, + "RIPEMD128", + "RIPEMD128_HMAC", + "RIPEMD128_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_RIPEMD160, CKM_RIPEMD160_HMAC_GENERAL, + CKM_RIPEMD128_HMAC_GENERAL, + "RIPEMD160", + "RIPEMD160_HMAC", + "RIPEMD160_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_SHA256, CKM_SHA256_HMAC_GENERAL, + CKM_RIPEMD160_HMAC_GENERAL, + "SHA256", + "SHA256_HMAC", + "SHA256_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_SHA384, CKM_SHA384_HMAC_GENERAL, + CKM_SHA256_HMAC_GENERAL, + "SHA384", + "SHA384_HMAC", + "SHA384_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_SHA512, CKM_SHA512_HMAC_GENERAL, + CKM_SHA384_HMAC_GENERAL , + "SHA512", + "SHA512_HMAC", + "SHA512_HMAC_GENERAL"); +ENUM_NEXT(ck_mech_names, CKM_CAST_KEY_GEN, CKM_CAST_CBC_PAD, + CKM_SHA512_HMAC_GENERAL, + "CAST_KEY_GEN", + "CAST_ECB", + "CAST_CBC", + "CAST_MAC", + "CAST_MAC_GENERAL", + "CAST_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_CAST3_KEY_GEN, CKM_CAST3_CBC_PAD, + CKM_CAST_CBC_PAD, + "CAST3_KEY_GEN", + "CAST3_ECB", + "CAST3_CBC", + "CAST3_MAC", + "CAST3_MAC_GENERAL", + "CAST3_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_CAST128_KEY_GEN, CKM_CAST128_CBC_PAD, + CKM_CAST3_CBC_PAD, + "CAST128_KEY_GEN", + "CAST128_ECB", + "CAST128_CBC", + "CAST128_MAC", + "CAST128_MAC_GENERAL", + "CAST128_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_RC5_KEY_GEN, CKM_RC5_CBC_PAD, + CKM_CAST128_CBC_PAD, + "RC5_KEY_GEN", + "RC5_ECB", + "RC5_CBC", + "RC5_MAC", + "RC5_MAC_GENERAL", + "RC5_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_IDEA_KEY_GEN, CKM_IDEA_CBC_PAD, + CKM_RC5_CBC_PAD, + "IDEA_KEY_GEN", + "IDEA_ECB", + "IDEA_CBC", + "IDEA_MAC", + "IDEA_MAC_GENERAL", + "IDEA_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_GENERIC_SECRET_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN, + CKM_IDEA_CBC_PAD, + "GENERIC_SECRET_KEY_GEN"); +ENUM_NEXT(ck_mech_names, CKM_CONCATENATE_BASE_AND_KEY, CKM_EXTRACT_KEY_FROM_KEY, + CKM_GENERIC_SECRET_KEY_GEN, + "CONCATENATE_BASE_AND_KEY", + "(0x361)", + "CONCATENATE_BASE_AND_DATA", + "CONCATENATE_DATA_AND_BASE", + "XOR_BASE_AND_DATA", + "EXTRACT_KEY_FROM_KEY"); +ENUM_NEXT(ck_mech_names, CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_MASTER_KEY_DERIVE_DH, + CKM_EXTRACT_KEY_FROM_KEY, + "SSL3_PRE_MASTER_KEY_GEN", + "SSL3_MASTER_KEY_DERIVE", + "SSL3_KEY_AND_MAC_DERIVE", + "SSL3_MASTER_KEY_DERIVE_DH", + "TLS_PRE_MASTER_KEY_GEN", + "TLS_MASTER_KEY_DERIVE", + "TLS_KEY_AND_MAC_DERIVE", + "TLS_MASTER_KEY_DERIVE_DH"); +ENUM_NEXT(ck_mech_names, CKM_SSL3_MD5_MAC, CKM_SSL3_SHA1_MAC, + CKM_TLS_MASTER_KEY_DERIVE_DH, + "SSL3_MD5_MAC", + "SSL3_SHA1_MAC"); +ENUM_NEXT(ck_mech_names, CKM_MD5_KEY_DERIVATION, CKM_SHA1_KEY_DERIVATION, + CKM_SSL3_SHA1_MAC, + "MD5_KEY_DERIVATION", + "MD2_KEY_DERIVATION", + "SHA1_KEY_DERIVATION"); +ENUM_NEXT(ck_mech_names, CKM_PBE_MD2_DES_CBC, CKM_PBE_SHA1_RC2_40_CBC, + CKM_SHA1_KEY_DERIVATION, + "PBE_MD2_DES_CBC", + "PBE_MD5_DES_CBC", + "PBE_MD5_CAST_CBC", + "PBE_MD5_CAST3_CBC", + "PBE_MD5_CAST128_CBC", + "PBE_SHA1_CAST128_CBC", + "PBE_SHA1_RC4_128", + "PBE_SHA1_RC4_40", + "PBE_SHA1_DES3_EDE_CBC", + "PBE_SHA1_DES2_EDE_CBC", + "PBE_SHA1_RC2_128_CBC", + "PBE_SHA1_RC2_40_CBC"); +ENUM_NEXT(ck_mech_names, CKM_PKCS5_PBKD2, CKM_PKCS5_PBKD2, + CKM_PBE_SHA1_RC2_40_CBC, + "PKCS5_PBKD2"); +ENUM_NEXT(ck_mech_names, CKM_PBA_SHA1_WITH_SHA1_HMAC, CKM_PBA_SHA1_WITH_SHA1_HMAC, + CKM_PKCS5_PBKD2, + "PBA_SHA1_WITH_SHA1_HMAC"); +ENUM_NEXT(ck_mech_names, CKM_KEY_WRAP_LYNKS, CKM_KEY_WRAP_SET_OAEP, + CKM_PBA_SHA1_WITH_SHA1_HMAC, + "KEY_WRAP_LYNKS", + "KEY_WRAP_SET_OAEP"); +ENUM_NEXT(ck_mech_names, CKM_SKIPJACK_KEY_GEN, CKM_SKIPJACK_RELAYX, + CKM_KEY_WRAP_SET_OAEP, + "SKIPJACK_KEY_GEN", + "SKIPJACK_ECB64", + "SKIPJACK_CBC64", + "SKIPJACK_OFB64", + "SKIPJACK_CFB64", + "SKIPJACK_CFB32", + "SKIPJACK_CFB16", + "SKIPJACK_CFB8", + "SKIPJACK_WRAP", + "SKIPJACK_PRIVATE_WRAP", + "SKIPJACK_RELAYX"); +ENUM_NEXT(ck_mech_names, CKM_KEA_KEY_PAIR_GEN, CKM_KEA_KEY_DERIVE, + CKM_SKIPJACK_RELAYX, + "KEA_KEY_PAIR_GEN", + "KEA_KEY_DERIVE"); +ENUM_NEXT(ck_mech_names, CKM_FORTEZZA_TIMESTAMP, CKM_FORTEZZA_TIMESTAMP, + CKM_KEA_KEY_DERIVE, + "FORTEZZA_TIMESTAMP"); +ENUM_NEXT(ck_mech_names, CKM_BATON_KEY_GEN, CKM_BATON_WRAP, + CKM_FORTEZZA_TIMESTAMP, + "BATON_KEY_GEN", + "BATON_ECB128", + "BATON_ECB96", + "BATON_CBC128", + "BATON_COUNTER", + "BATON_SHUFFLE", + "BATON_WRAP"); +ENUM_NEXT(ck_mech_names, CKM_ECDSA_KEY_PAIR_GEN, CKM_ECDSA_SHA1, + CKM_BATON_WRAP, + "ECDSA_KEY_PAIR_GEN", + "ECDSA", + "ECDSA_SHA1"); +ENUM_NEXT(ck_mech_names, CKM_ECDH1_DERIVE, CKM_ECMQV_DERIVE, + CKM_ECDSA_SHA1, + "ECDH1_DERIVE", + "ECDH1_COFACTOR_DERIVE", + "ECMQV_DERIVE"); +ENUM_NEXT(ck_mech_names, CKM_JUNIPER_KEY_GEN, CKM_JUNIPER_WRAP, + CKM_ECMQV_DERIVE, + "JUNIPER_KEY_GEN", + "JUNIPER_ECB128", + "JUNIPER_CBC128", + "JUNIPER_COUNTER", + "JUNIPER_SHUFFLE", + "JUNIPER_WRAP"); +ENUM_NEXT(ck_mech_names, CKM_FASTHASH, CKM_FASTHASH, + CKM_JUNIPER_WRAP, + "FASTHASH"); +ENUM_NEXT(ck_mech_names, CKM_AES_KEY_GEN, CKM_AES_CBC_PAD, + CKM_FASTHASH, + "AES_KEY_GEN", + "AES_ECB", + "AES_CBC", + "AES_MAC", + "AES_MAC_GENERAL", + "AES_CBC_PAD"); +ENUM_NEXT(ck_mech_names, CKM_DSA_PARAMETER_GEN, CKM_X9_42_DH_PARAMETER_GEN, + CKM_AES_CBC_PAD, + "DSA_PARAMETER_GEN", + "DH_PKCS_PARAMETER_GEN", + "X9_42_DH_PARAMETER_GEN"); +ENUM_END(ck_mech_names, CKM_X9_42_DH_PARAMETER_GEN); + +/** + * Private data of an pkcs11_library_t object. + */ +struct private_pkcs11_library_t { + + /** + * Public pkcs11_library_t interface. + */ + pkcs11_library_t public; + + /** + * dlopen() handle + */ + void *handle; + + /** + * Name as passed to the constructor + */ + char *name; +}; + +METHOD(pkcs11_library_t, get_name, char*, + private_pkcs11_library_t *this) +{ + return this->name; +} + +/** + * Object enumerator + */ +typedef struct { + /* implements enumerator_t */ + enumerator_t public; + /* session */ + CK_SESSION_HANDLE session; + /* pkcs11 library */ + pkcs11_library_t *lib; + /* attributes to retreive */ + CK_ATTRIBUTE_PTR attr; + /* number of attributes */ + CK_ULONG count; + /* currently allocated attributes, to free */ + linked_list_t *freelist; +} object_enumerator_t; + +/** + * Free contents of attributes in a list + */ +static void free_attrs(object_enumerator_t *this) +{ + CK_ATTRIBUTE_PTR attr; + + while (this->freelist->remove_last(this->freelist, (void**)&attr) == SUCCESS) + { + free(attr->pValue); + attr->pValue = NULL; + attr->ulValueLen = 0; + } +} + +/** + * Get attributes for a given object during enumeration + */ +static bool get_attributes(object_enumerator_t *this, CK_OBJECT_HANDLE object) +{ + CK_RV rv; + int i; + + free_attrs(this); + + /* get length of objects first */ + rv = this->lib->f->C_GetAttributeValue(this->session, object, + this->attr, this->count); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv); + return FALSE; + } + /* allocate required chunks */ + for (i = 0; i < this->count; i++) + { + if (this->attr[i].pValue == NULL && + this->attr[i].ulValueLen != 0 && this->attr[i].ulValueLen != -1) + { + this->attr[i].pValue = malloc(this->attr[i].ulValueLen); + this->freelist->insert_last(this->freelist, &this->attr[i]); + } + } + /* get the data */ + rv = this->lib->f->C_GetAttributeValue(this->session, object, + this->attr, this->count); + if (rv != CKR_OK) + { + free_attrs(this); + DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv); + return FALSE; + } + return TRUE; +} + +METHOD(enumerator_t, object_enumerate, bool, + object_enumerator_t *this, CK_OBJECT_HANDLE *out) +{ + CK_OBJECT_HANDLE object; + CK_ULONG found; + CK_RV rv; + + rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv); + return FALSE; + } + if (found) + { + if (this->attr) + { + if (!get_attributes(this, object)) + { + return FALSE; + } + } + *out = object; + return TRUE; + } + return FALSE; +} + +METHOD(enumerator_t, object_destroy, void, + object_enumerator_t *this) +{ + this->lib->f->C_FindObjectsFinal(this->session); + free_attrs(this); + this->freelist->destroy(this->freelist); + free(this); +} + +METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*, + private_pkcs11_library_t *this, CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR tmpl, CK_ULONG tcount, + CK_ATTRIBUTE_PTR attr, CK_ULONG acount) +{ + object_enumerator_t *enumerator; + CK_RV rv; + + rv = this->public.f->C_FindObjectsInit(session, tmpl, tcount); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_FindObjectsInit() failed: %N", ck_rv_names, rv); + return enumerator_create_empty(); + } + + INIT(enumerator, + .public = { + .enumerate = (void*)_object_enumerate, + .destroy = _object_destroy, + }, + .session = session, + .lib = &this->public, + .attr = attr, + .count = acount, + .freelist = linked_list_create(), + ); + return &enumerator->public; +} + +/** + * Enumerator over mechanisms + */ +typedef struct { + /* implements enumerator_t */ + enumerator_t public; + /* PKCS#11 library */ + pkcs11_library_t *lib; + /* slot of token */ + CK_SLOT_ID slot; + /* mechanism type list */ + CK_MECHANISM_TYPE_PTR mechs; + /* number of mechanism types */ + CK_ULONG count; + /* current mechanism */ + CK_ULONG current; +} mechanism_enumerator_t; + +METHOD(enumerator_t, enumerate_mech, bool, + mechanism_enumerator_t *this, CK_MECHANISM_TYPE* type, + CK_MECHANISM_INFO *info) +{ + CK_RV rv; + + if (this->current >= this->count) + { + return FALSE; + } + if (info) + { + rv = this->lib->f->C_GetMechanismInfo(this->slot, + this->mechs[this->current], info); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetMechanismInfo() failed: %N", ck_rv_names, rv); + return FALSE; + } + } + *type = this->mechs[this->current++]; + return TRUE; +} + +METHOD(enumerator_t, destroy_mech, void, + mechanism_enumerator_t *this) +{ + free(this->mechs); + free(this); +} + +METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*, + private_pkcs11_library_t *this, CK_SLOT_ID slot) +{ + mechanism_enumerator_t *enumerator; + CK_RV rv; + + INIT(enumerator, + .public = { + .enumerate = (void*)_enumerate_mech, + .destroy = _destroy_mech, + }, + .lib = &this->public, + .slot = slot, + ); + + rv = enumerator->lib->f->C_GetMechanismList(slot, NULL, &enumerator->count); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv); + free(enumerator); + return enumerator_create_empty(); + } + enumerator->mechs = malloc(sizeof(CK_MECHANISM_TYPE) * enumerator->count); + enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs, + &enumerator->count); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv); + destroy_mech(enumerator); + return enumerator_create_empty(); + } + return &enumerator->public; +} + +METHOD(pkcs11_library_t, destroy, void, + private_pkcs11_library_t *this) +{ + this->public.f->C_Finalize(NULL); + dlclose(this->handle); + free(this); +} + +/** + * See header + */ +void pkcs11_library_trim(char *str, int len) +{ + int i; + + str[len - 1] = '\0'; + for (i = len - 2; i > 0; i--) + { + if (str[i] == ' ') + { + str[i] = '\0'; + continue; + } + break; + } +} + +/** + * Mutex creation callback + */ +static CK_RV CreateMutex(CK_VOID_PTR_PTR data) +{ + *data = mutex_create(MUTEX_TYPE_DEFAULT); + return CKR_OK; +} + +/** + * Mutex destruction callback + */ +static CK_RV DestroyMutex(CK_VOID_PTR data) +{ + mutex_t *mutex = (mutex_t*)data; + + mutex->destroy(mutex); + return CKR_OK; +} + +/** + * Mutex lock callback + */ +static CK_RV LockMutex(CK_VOID_PTR data) +{ + mutex_t *mutex = (mutex_t*)data; + + mutex->lock(mutex); + return CKR_OK; +} + +/** + * Mutex unlock callback + */ +static CK_RV UnlockMutex(CK_VOID_PTR data) +{ + mutex_t *mutex = (mutex_t*)data; + + mutex->unlock(mutex); + return CKR_OK; +} + +/** + * Initialize a PKCS#11 library + */ +static bool initialize(private_pkcs11_library_t *this, char *name, char *file) +{ + CK_C_GetFunctionList pC_GetFunctionList; + CK_INFO info; + CK_RV rv; + CK_C_INITIALIZE_ARGS args = { + .CreateMutex = CreateMutex, + .DestroyMutex = DestroyMutex, + .LockMutex = LockMutex, + .UnlockMutex = UnlockMutex, + }; + + pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList"); + if (!pC_GetFunctionList) + { + DBG1(DBG_CFG, "C_GetFunctionList not found for '%s': %s", name, dlerror()); + return FALSE; + } + rv = pC_GetFunctionList(&this->public.f); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetFunctionList() error for '%s': %N", + name, ck_rv_names, rv); + return FALSE; + } + + rv = this->public.f->C_Initialize(&args); + if (rv == CKR_CANT_LOCK) + { /* try OS locking */ + memset(&args, 0, sizeof(args)); + args.flags = CKF_OS_LOCKING_OK; + rv = this->public.f->C_Initialize(&args); + } + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_Initialize() error for '%s': %N", + name, ck_rv_names, rv); + return FALSE; + } + rv = this->public.f->C_GetInfo(&info); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetInfo() error for '%s': %N", + name, ck_rv_names, rv); + this->public.f->C_Finalize(NULL); + return FALSE; + } + + pkcs11_library_trim(info.manufacturerID, + strnlen(info.manufacturerID, sizeof(info.manufacturerID))); + pkcs11_library_trim(info.libraryDescription, + strnlen(info.libraryDescription, sizeof(info.libraryDescription))); + + DBG1(DBG_CFG, "loaded PKCS#11 v%d.%d library '%s' (%s)", + info.cryptokiVersion.major, info.cryptokiVersion.minor, name, file); + DBG1(DBG_CFG, " %s: %s v%d.%d", + info.manufacturerID, info.libraryDescription, + info.libraryVersion.major, info.libraryVersion.minor); + if (args.flags & CKF_OS_LOCKING_OK) + { + DBG1(DBG_CFG, " uses OS locking functions"); + } + return TRUE; +} + +/** + * See header + */ +pkcs11_library_t *pkcs11_library_create(char *name, char *file) +{ + private_pkcs11_library_t *this; + + INIT(this, + .public = { + .get_name = _get_name, + .create_object_enumerator = _create_object_enumerator, + .create_mechanism_enumerator = _create_mechanism_enumerator, + .destroy = _destroy, + }, + .name = name, + .handle = dlopen(file, RTLD_LAZY), + ); + + if (!this->handle) + { + DBG1(DBG_CFG, "opening PKCS#11 library failed: %s", dlerror()); + free(this); + return NULL; + } + + if (!initialize(this, name, file)) + { + dlclose(this->handle); + free(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h new file mode 100644 index 000000000..1457d24d4 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_library pkcs11_library + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_LIBRARY_H_ +#define PKCS11_LIBRARY_H_ + +typedef struct pkcs11_library_t pkcs11_library_t; + +#include "pkcs11.h" + +#include <enum.h> +#include <utils/enumerator.h> + +/** + * A loaded and initialized PKCS#11 library. + */ +struct pkcs11_library_t { + + /** + * PKCS#11 function list, as returned by C_GetFunctionList + */ + CK_FUNCTION_LIST_PTR f; + + /** + * Get the name this instance was created with. + * + * @return name, as passed to constructor + */ + char* (*get_name)(pkcs11_library_t *this); + + /** + * Create an enumerator over CK_OBJECT_HANDLE using a search template. + * + * An optional attribute array is automatically filled in with the + * objects associated attributes. If the value of an output attribute + * is NULL, the value gets allocated/freed during enumeration. + * + * @param session session to use + * @param tmpl search template + * @param tcount number of attributes in the search template + * @param attr attributes to read from object + * @param acount number of attributes to read + */ + enumerator_t* (*create_object_enumerator)(pkcs11_library_t *this, + CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR tmpl, CK_ULONG tcount, + CK_ATTRIBUTE_PTR attr, CK_ULONG acount); + + /** + * Create an enumerator over supported mechanisms of a token. + * + * The resulting enumerator enumerates over the mechanism type, and if + * a non-NULL pointer is given, over the mechanism info details. + * + * @param slot slot of the token + * @return enumerator over (CK_MECHANISM_TYPE, CK_MECHANISM_INFO) + */ + enumerator_t* (*create_mechanism_enumerator)(pkcs11_library_t *this, + CK_SLOT_ID slot); + + /** + * Destroy a pkcs11_library_t. + */ + void (*destroy)(pkcs11_library_t *this); +}; + +/** + * Enum names for CK_RV return values + */ +extern enum_name_t *ck_rv_names; + +/** + * Enum names for CK_MECHANISM_TYPE values + */ +extern enum_name_t *ck_mech_names; + +/** + * Trim/null terminate a string returned by the varius PKCS#11 functions. + * + * @param str string to trim + * @param len max length of the string + */ +void pkcs11_library_trim(char *str, int len); + +/** + * Create a pkcs11_library instance. + * + * @param name an arbitrary name, for debugging + * @param file pkcs11 library file to dlopen() + * @return library abstraction + */ +pkcs11_library_t *pkcs11_library_create(char *name, char *file); + +#endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c new file mode 100644 index 000000000..0c27600a6 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -0,0 +1,407 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_manager.h" + +#include <debug.h> +#include <utils/linked_list.h> +#include <threading/thread.h> + +#include "pkcs11_library.h" + +#include <processing/jobs/callback_job.h> + +typedef struct private_pkcs11_manager_t private_pkcs11_manager_t; + +/** + * Private data of an pkcs11_manager_t object. + */ +struct private_pkcs11_manager_t { + + /** + * Public pkcs11_manager_t interface. + */ + pkcs11_manager_t public; + + /** + * List of loaded libraries, as lib_entry_t + */ + linked_list_t *libs; + + /** + * Slot event callback function + */ + pkcs11_manager_token_event_t cb; + + /** + * Slot event user data + */ + void *data; +}; + +/** + * Entry for a loaded library + */ +typedef struct { + /* back reference to this */ + private_pkcs11_manager_t *this; + /* associated library path */ + char *path; + /* loaded library */ + pkcs11_library_t *lib; + /* event dispatcher job */ + callback_job_t *job; +} lib_entry_t; + +/** + * Destroy a lib_entry_t + */ +static void lib_entry_destroy(lib_entry_t *entry) +{ + if (entry->job) + { + entry->job->cancel(entry->job); + } + entry->lib->destroy(entry->lib); + free(entry); +} + +/** + * Print supported mechanisms of a token in a slot + */ +static void print_mechs(lib_entry_t *entry, CK_SLOT_ID slot) +{ + enumerator_t *enumerator; + CK_MECHANISM_TYPE type; + CK_MECHANISM_INFO info; + + enumerator = entry->lib->create_mechanism_enumerator(entry->lib, slot); + while (enumerator->enumerate(enumerator, &type, &info)) + { + DBG2(DBG_CFG, " %N %lu-%lu [ %s%s%s%s%s%s%s%s%s%s%s%s%s]", + ck_mech_names, type, + info.ulMinKeySize, info.ulMaxKeySize, + info.flags & CKF_HW ? "HW " : "", + info.flags & CKF_ENCRYPT ? "ENCR " : "", + info.flags & CKF_DECRYPT ? "DECR " : "", + info.flags & CKF_DIGEST ? "DGST " : "", + info.flags & CKF_SIGN ? "SIGN " : "", + info.flags & CKF_SIGN_RECOVER ? "SIGN_RCVR " : "", + info.flags & CKF_VERIFY ? "VRFY " : "", + info.flags & CKF_VERIFY_RECOVER ? "VRFY_RCVR " : "", + info.flags & CKF_GENERATE ? "GEN " : "", + info.flags & CKF_GENERATE_KEY_PAIR ? "GEN_KEY_PAIR " : "", + info.flags & CKF_WRAP ? "WRAP " : "", + info.flags & CKF_UNWRAP ? "UNWRAP " : "", + info.flags & CKF_DERIVE ? "DERIVE " : ""); + } + enumerator->destroy(enumerator); +} + +/** + * Handle a token + */ +static void handle_token(lib_entry_t *entry, CK_SLOT_ID slot) +{ + CK_TOKEN_INFO info; + CK_RV rv; + + rv = entry->lib->f->C_GetTokenInfo(slot, &info); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetTokenInfo failed: %N", ck_rv_names, rv); + return; + } + pkcs11_library_trim(info.label, sizeof(info.label)); + pkcs11_library_trim(info.manufacturerID, sizeof(info.manufacturerID)); + pkcs11_library_trim(info.model, sizeof(info.model)); + DBG1(DBG_CFG, " %s (%s: %s)", + info.label, info.manufacturerID, info.model); + + print_mechs(entry, slot); +} + +/** + * Handle slot changes + */ +static void handle_slot(lib_entry_t *entry, CK_SLOT_ID slot, bool hot) +{ + CK_SLOT_INFO info; + CK_RV rv; + + rv = entry->lib->f->C_GetSlotInfo(slot, &info); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetSlotInfo failed: %N", ck_rv_names, rv); + return; + } + + pkcs11_library_trim(info.slotDescription, sizeof(info.slotDescription)); + if (info.flags & CKF_TOKEN_PRESENT) + { + DBG1(DBG_CFG, " found token in slot '%s':%lu (%s)", + entry->lib->get_name(entry->lib), slot, info.slotDescription); + handle_token(entry, slot); + if (hot) + { + entry->this->cb(entry->this->data, entry->lib, slot, TRUE); + } + } + else + { + DBG1(DBG_CFG, "token removed from slot '%s':%lu (%s)", + entry->lib->get_name(entry->lib), slot, info.slotDescription); + if (hot) + { + entry->this->cb(entry->this->data, entry->lib, slot, FALSE); + } + } +} + +/** + * Dispatch slot events + */ +static job_requeue_t dispatch_slot_events(lib_entry_t *entry) +{ + CK_SLOT_ID slot; + CK_RV rv; + bool old; + + old = thread_cancelability(TRUE); + rv = entry->lib->f->C_WaitForSlotEvent(0, &slot, NULL); + thread_cancelability(old); + if (rv == CKR_FUNCTION_NOT_SUPPORTED || rv == CKR_NO_EVENT) + { + DBG1(DBG_CFG, "module '%s' does not support hot-plugging, cancelled", + entry->lib->get_name(entry->lib)); + return JOB_REQUEUE_NONE; + } + if (rv == CKR_CRYPTOKI_NOT_INITIALIZED) + { /* C_Finalize called, abort */ + return JOB_REQUEUE_NONE; + } + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "error in C_WaitForSlotEvent: %N", ck_rv_names, rv); + } + handle_slot(entry, slot, TRUE); + + return JOB_REQUEUE_DIRECT; +} + +/** + * End dispatching, unset job + */ +static void end_dispatch(lib_entry_t *entry) +{ + entry->job = NULL; +} + +/** + * Get the slot list of a library + */ +static CK_SLOT_ID_PTR get_slot_list(pkcs11_library_t *p11, CK_ULONG *out) +{ + CK_SLOT_ID_PTR slots; + CK_ULONG count; + CK_RV rv; + + rv = p11->f->C_GetSlotList(TRUE, NULL, &count); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetSlotList() failed: %N", ck_rv_names, rv); + return NULL; + } + if (count == 0) + { + return NULL; + } + slots = malloc(sizeof(CK_SLOT_ID) * count); + rv = p11->f->C_GetSlotList(TRUE, slots, &count); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetSlotList() failed: %N", ck_rv_names, rv); + free(slots); + return NULL; + } + *out = count; + return slots; +} + +/** + * Query the slots for tokens + */ +static void query_slots(lib_entry_t *entry) +{ + CK_ULONG count; + CK_SLOT_ID_PTR slots; + int i; + + slots = get_slot_list(entry->lib, &count); + if (slots) + { + for (i = 0; i < count; i++) + { + handle_slot(entry, slots[i], FALSE); + } + free(slots); + } +} + +/** + * Token enumerator + */ +typedef struct { + /* implements enumerator */ + enumerator_t public; + /* inner enumerator over PKCS#11 libraries */ + enumerator_t *inner; + /* active library entry */ + lib_entry_t *entry; + /* slot list with tokens */ + CK_SLOT_ID_PTR slots; + /* number of slots */ + CK_ULONG count; + /* current slot */ + int current; +} token_enumerator_t; + +METHOD(enumerator_t, enumerate_token, bool, + token_enumerator_t *this, pkcs11_library_t **out, CK_SLOT_ID *slot) +{ + if (this->current >= this->count) + { + free(this->slots); + this->slots = NULL; + this->current = 0; + } + while (!this->slots) + { + if (!this->inner->enumerate(this->inner, &this->entry)) + { + return FALSE; + } + this->slots = get_slot_list(this->entry->lib, &this->count); + } + *out = this->entry->lib; + *slot = this->slots[this->current++]; + return TRUE; +} + +METHOD(enumerator_t, destroy_token, void, + token_enumerator_t *this) +{ + this->inner->destroy(this->inner); + free(this->slots); + free(this); +} + +METHOD(pkcs11_manager_t, create_token_enumerator, enumerator_t*, + private_pkcs11_manager_t *this) +{ + token_enumerator_t *enumerator; + + INIT(enumerator, + .public = { + .enumerate = (void*)_enumerate_token, + .destroy = _destroy_token, + }, + .inner = this->libs->create_enumerator(this->libs), + ); + return &enumerator->public; +} + +/** + * Singleton instance + */ +static private_pkcs11_manager_t *singleton = NULL; + +METHOD(pkcs11_manager_t, destroy, void, + private_pkcs11_manager_t *this) +{ + this->libs->destroy_function(this->libs, (void*)lib_entry_destroy); + free(this); + singleton = NULL; +} + +/** + * See header + */ +pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, + void *data) +{ + private_pkcs11_manager_t *this; + enumerator_t *enumerator; + lib_entry_t *entry; + char *module; + + INIT(this, + .public = { + .create_token_enumerator = _create_token_enumerator, + .destroy = _destroy, + }, + .libs = linked_list_create(), + .cb = cb, + .data = data, + ); + + enumerator = lib->settings->create_section_enumerator(lib->settings, + "libstrongswan.plugins.pkcs11.modules"); + while (enumerator->enumerate(enumerator, &module)) + { + INIT(entry, + .this = this, + ); + + entry->path = lib->settings->get_str(lib->settings, + "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module); + if (!entry->path) + { + DBG1(DBG_CFG, "PKCS11 module '%s' misses library path", module); + free(entry); + continue; + } + entry->lib = pkcs11_library_create(module, entry->path); + if (!entry->lib) + { + free(entry); + continue; + } + this->libs->insert_last(this->libs, entry); + } + enumerator->destroy(enumerator); + + singleton = this; + + enumerator = this->libs->create_enumerator(this->libs); + while (enumerator->enumerate(enumerator, &entry)) + { + query_slots(entry); + entry->job = callback_job_create((void*)dispatch_slot_events, + entry, (void*)end_dispatch, NULL); + lib->processor->queue_job(lib->processor, (job_t*)entry->job); + } + enumerator->destroy(enumerator); + + return &this->public; +} + +/** + * See header + */ +pkcs11_manager_t *pkcs11_manager_get() +{ + return (pkcs11_manager_t*)singleton; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h new file mode 100644 index 000000000..b80d67324 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_manager pkcs11_manager + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_MANAGER_H_ +#define PKCS11_MANAGER_H_ + +typedef struct pkcs11_manager_t pkcs11_manager_t; + +#include <library.h> + +#include "pkcs11_library.h" + +/** + * Token event callback function. + * + * @param data user supplied data, as passed to pkcs11_manager_create() + * @param p11 loaded PKCS#11 library token belongs to + * @param slot slot number the event occured in + * @param add TRUE if token was added to the slot, FALSE if removed + */ +typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11, + CK_SLOT_ID slot, bool add); + + +/** + * Manages multiple PKCS#11 libraries with hot pluggable slots + */ +struct pkcs11_manager_t { + + /** + * Create an enumerator over all tokens. + * + * @return enumerator over (pkcs11_library_t*,CK_SLOT_ID) + */ + enumerator_t* (*create_token_enumerator)(pkcs11_manager_t *this); + + /** + * Destroy a pkcs11_manager_t. + */ + void (*destroy)(pkcs11_manager_t *this); +}; + +/** + * Create a pkcs11_manager instance. + * + * @param cb token event callback function + * @param data user data to pass to token event callback + * @return instance + */ +pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, + void *data); + + +/** + * Get the singleton instance of the manager + * + * @return instance, NULL if none available + */ +pkcs11_manager_t *pkcs11_manager_get(); + +#endif /** PKCS11_MANAGER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c new file mode 100644 index 000000000..ace405c23 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_plugin.h" + +#include <library.h> +#include <debug.h> +#include <utils/linked_list.h> +#include <threading/mutex.h> + +#include "pkcs11_manager.h" +#include "pkcs11_creds.h" +#include "pkcs11_private_key.h" +#include "pkcs11_public_key.h" +#include "pkcs11_hasher.h" + +typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; + +/** + * private data of pkcs11_plugin + */ +struct private_pkcs11_plugin_t { + + /** + * public functions + */ + pkcs11_plugin_t public; + + /** + * PKCS#11 library/slot manager + */ + pkcs11_manager_t *manager; + + /** + * List of credential sets, pkcs11_creds_t + */ + linked_list_t *creds; + + /** + * mutex to lock list + */ + mutex_t *mutex; +}; + +/** + * Token event callback function + */ +static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, + CK_SLOT_ID slot, bool add) +{ + enumerator_t *enumerator; + pkcs11_creds_t *creds, *found = NULL;; + + if (add) + { + creds = pkcs11_creds_create(p11, slot); + if (creds) + { + this->mutex->lock(this->mutex); + this->creds->insert_last(this->creds, creds); + this->mutex->unlock(this->mutex); + lib->credmgr->add_set(lib->credmgr, &creds->set); + } + } + else + { + this->mutex->lock(this->mutex); + enumerator = this->creds->create_enumerator(this->creds); + while (enumerator->enumerate(enumerator, &creds)) + { + if (creds->get_library(creds) == p11 && + creds->get_slot(creds) == slot) + { + found = creds; + this->creds->remove_at(this->creds, enumerator); + break; + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); + + if (found) + { + lib->credmgr->remove_set(lib->credmgr, &found->set); + found->destroy(found); + /* flush the cache after a token is gone */ + lib->credmgr->flush_cache(lib->credmgr, CERT_X509); + } + } +} + +METHOD(plugin_t, destroy, void, + private_pkcs11_plugin_t *this) +{ + pkcs11_creds_t *creds; + + lib->creds->remove_builder(lib->creds, + (builder_function_t)pkcs11_private_key_connect); + while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS) + { + lib->credmgr->remove_set(lib->credmgr, &creds->set); + creds->destroy(creds); + } + lib->crypto->remove_hasher(lib->crypto, + (hasher_constructor_t)pkcs11_hasher_create); + this->creds->destroy(this->creds); + this->manager->destroy(this->manager); + this->mutex->destroy(this->mutex); + free(this); +} + +/* + * see header file + */ +plugin_t *pkcs11_plugin_create() +{ + private_pkcs11_plugin_t *this; + enumerator_t *enumerator; + pkcs11_library_t *p11; + CK_SLOT_ID slot; + + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + .creds = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); + + this->manager = pkcs11_manager_create((void*)token_event_cb, this); + + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) + { + lib->crypto->add_hasher(lib->crypto, HASH_MD2, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, + (hasher_constructor_t)pkcs11_hasher_create); + } + + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, + (builder_function_t)pkcs11_private_key_connect); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, + (builder_function_t)pkcs11_public_key_load); + + enumerator = this->manager->create_token_enumerator(this->manager); + while (enumerator->enumerate(enumerator, &p11, &slot)) + { + token_event_cb(this, p11, slot, TRUE); + } + enumerator->destroy(enumerator); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h new file mode 100644 index 000000000..432e2173a --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11 pkcs11 + * @ingroup plugins + * + * @defgroup pkcs11_plugin pkcs11_plugin + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_PLUGIN_H_ +#define PKCS11_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct pkcs11_plugin_t pkcs11_plugin_t; + +/** + * Plugin providing PKCS#11 token support. + */ +struct pkcs11_plugin_t { + + /** + * Implements plugin interface, + */ + plugin_t plugin; +}; + +#endif /** PKCS11_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c new file mode 100644 index 000000000..cabca3f54 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -0,0 +1,600 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_private_key.h" + +#include "pkcs11_library.h" +#include "pkcs11_manager.h" + +#include <debug.h> +#include <threading/mutex.h> + +typedef struct private_pkcs11_private_key_t private_pkcs11_private_key_t; + +/** + * Private data of an pkcs11_private_key_t object. + */ +struct private_pkcs11_private_key_t { + + /** + * Public pkcs11_private_key_t interface. + */ + pkcs11_private_key_t public; + + /** + * PKCS#11 module + */ + pkcs11_library_t *lib; + + /** + * Token session + */ + CK_SESSION_HANDLE session; + + /** + * Mutex to lock session + */ + mutex_t *mutex; + + /** + * Key object on the token + */ + CK_OBJECT_HANDLE object; + + /** + * Key requires reauthentication for each signature/decryption + */ + CK_BBOOL reauth; + + /** + * Keyid of the key we use + */ + identification_t *keyid; + + /** + * Associated public key + */ + public_key_t *pubkey; + + /** + * References to this key + */ + refcount_t ref; +}; + +METHOD(private_key_t, get_type, key_type_t, + private_pkcs11_private_key_t *this) +{ + return this->pubkey->get_type(this->pubkey); +} + +METHOD(private_key_t, get_keysize, int, + private_pkcs11_private_key_t *this) +{ + return this->pubkey->get_keysize(this->pubkey); +} + +/** + * See header. + */ +CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme) +{ + static struct { + signature_scheme_t scheme; + CK_MECHANISM mechanism; + } mappings[] = { + {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}}, + {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}}, + {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}}, + {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}}, + {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}}, + {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}}, + }; + int i; + + for (i = 0; i < countof(mappings); i++) + { + if (mappings[i].scheme == scheme) + { + return &mappings[i].mechanism; + } + } + return NULL; +} + +/** + * See header. + */ +CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme) +{ + static struct { + encryption_scheme_t scheme; + CK_MECHANISM mechanism; + } mappings[] = { + {ENCRYPT_RSA_PKCS1, {CKM_RSA_PKCS, NULL, 0}}, + {ENCRYPT_RSA_OAEP_SHA1, {CKM_RSA_PKCS_OAEP, NULL, 0}}, + }; + int i; + + for (i = 0; i < countof(mappings); i++) + { + if (mappings[i].scheme == scheme) + { + return &mappings[i].mechanism; + } + } + return NULL; +} + +/** + * Reauthenticate to do a signature + */ +static bool reauth(private_pkcs11_private_key_t *this) +{ + enumerator_t *enumerator; + shared_key_t *shared; + chunk_t pin; + CK_RV rv; + bool found = FALSE, success = FALSE; + + enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, + SHARED_PIN, this->keyid, NULL); + while (enumerator->enumerate(enumerator, &shared, NULL, NULL)) + { + found = TRUE; + pin = shared->get_key(shared); + rv = this->lib->f->C_Login(this->session, CKU_CONTEXT_SPECIFIC, + pin.ptr, pin.len); + if (rv == CKR_OK) + { + success = TRUE; + break; + } + DBG1(DBG_CFG, "reauthentication login failed: %N", ck_rv_names, rv); + } + enumerator->destroy(enumerator); + + if (!found) + { + DBG1(DBG_CFG, "private key requires reauthentication, but no PIN found"); + return FALSE; + } + return success; +} + +METHOD(private_key_t, sign, bool, + private_pkcs11_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) +{ + CK_MECHANISM_PTR mechanism; + CK_BYTE_PTR buf; + CK_ULONG len; + CK_RV rv; + + mechanism = pkcs11_signature_scheme_to_mech(scheme); + if (!mechanism) + { + DBG1(DBG_LIB, "signature scheme %N not supported", + signature_scheme_names, scheme); + return FALSE; + } + this->mutex->lock(this->mutex); + rv = this->lib->f->C_SignInit(this->session, mechanism, this->object); + if (this->reauth && !reauth(this)) + { + return FALSE; + } + if (rv != CKR_OK) + { + this->mutex->unlock(this->mutex); + DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv); + return FALSE; + } + len = (get_keysize(this) + 7) / 8; + buf = malloc(len); + rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len); + this->mutex->unlock(this->mutex); + if (rv != CKR_OK) + { + DBG1(DBG_LIB, "C_Sign() failed: %N", ck_rv_names, rv); + free(buf); + return FALSE; + } + *signature = chunk_create(buf, len); + return TRUE; +} + +METHOD(private_key_t, decrypt, bool, + private_pkcs11_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypt, chunk_t *plain) +{ + CK_MECHANISM_PTR mechanism; + CK_BYTE_PTR buf; + CK_ULONG len; + CK_RV rv; + + mechanism = pkcs11_encryption_scheme_to_mech(scheme); + if (!mechanism) + { + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; + } + this->mutex->lock(this->mutex); + rv = this->lib->f->C_DecryptInit(this->session, mechanism, this->object); + if (this->reauth && !reauth(this)) + { + return FALSE; + } + if (rv != CKR_OK) + { + this->mutex->unlock(this->mutex); + DBG1(DBG_LIB, "C_DecryptInit() failed: %N", ck_rv_names, rv); + return FALSE; + } + len = (get_keysize(this) + 7) / 8; + buf = malloc(len); + rv = this->lib->f->C_Decrypt(this->session, crypt.ptr, crypt.len, buf, &len); + this->mutex->unlock(this->mutex); + if (rv != CKR_OK) + { + DBG1(DBG_LIB, "C_Decrypt() failed: %N", ck_rv_names, rv); + free(buf); + return FALSE; + } + *plain = chunk_create(buf, len); + return TRUE; +} + +METHOD(private_key_t, get_public_key, public_key_t*, + private_pkcs11_private_key_t *this) +{ + return this->pubkey->get_ref(this->pubkey); +} + +METHOD(private_key_t, get_fingerprint, bool, + private_pkcs11_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + return this->pubkey->get_fingerprint(this->pubkey, type, fingerprint); +} + +METHOD(private_key_t, get_encoding, bool, + private_pkcs11_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return FALSE; +} + +METHOD(private_key_t, get_ref, private_key_t*, + private_pkcs11_private_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(private_key_t, destroy, void, + private_pkcs11_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + if (this->pubkey) + { + this->pubkey->destroy(this->pubkey); + } + this->mutex->destroy(this->mutex); + this->keyid->destroy(this->keyid); + this->lib->f->C_CloseSession(this->session); + free(this); + } +} + +/** + * Find the PKCS#11 library by its friendly name + */ +static pkcs11_library_t* find_lib(char *module) +{ + pkcs11_manager_t *manager; + enumerator_t *enumerator; + pkcs11_library_t *p11, *found = NULL; + CK_SLOT_ID slot; + + manager = pkcs11_manager_get(); + if (!manager) + { + return NULL; + } + enumerator = manager->create_token_enumerator(manager); + while (enumerator->enumerate(enumerator, &p11, &slot)) + { + if (streq(module, p11->get_name(p11))) + { + found = p11; + break; + } + } + enumerator->destroy(enumerator); + return found; +} + +/** + * Find the PKCS#11 lib having a keyid, and optionally a slot + */ +static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot) +{ + pkcs11_manager_t *manager; + enumerator_t *enumerator; + pkcs11_library_t *p11, *found = NULL; + CK_SLOT_ID current; + + manager = pkcs11_manager_get(); + if (!manager) + { + return NULL; + } + enumerator = manager->create_token_enumerator(manager); + while (enumerator->enumerate(enumerator, &p11, ¤t)) + { + if (*slot == -1 || *slot == current) + { + /* we look for a public key, it is usually readable without login */ + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_ID, keyid.ptr, keyid.len}, + }; + CK_OBJECT_HANDLE object; + CK_SESSION_HANDLE session; + CK_RV rv; + enumerator_t *keys; + + rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL, + &session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", + ck_rv_names, rv); + continue; + } + keys = p11->create_object_enumerator(p11, session, + tmpl, countof(tmpl), NULL, 0); + if (keys->enumerate(keys, &object)) + { + DBG1(DBG_CFG, "found key on PKCS#11 token '%s':%d", + p11->get_name(p11), current); + found = p11; + *slot = current; + } + keys->destroy(keys); + p11->f->C_CloseSession(session); + if (found) + { + break; + } + } + } + enumerator->destroy(enumerator); + return found; +} + +/** + * Find the key on the token + */ +static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) +{ + CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_ID, keyid.ptr, keyid.len}, + }; + CK_OBJECT_HANDLE object; + CK_KEY_TYPE type; + CK_BBOOL reauth; + CK_ATTRIBUTE attr[] = { + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, + {CKA_MODULUS, NULL, 0}, + {CKA_PUBLIC_EXPONENT, NULL, 0}, + }; + enumerator_t *enumerator; + chunk_t modulus, pubexp; + + enumerator = this->lib->create_object_enumerator(this->lib, + this->session, tmpl, countof(tmpl), attr, countof(attr)); + if (enumerator->enumerate(enumerator, &object)) + { + switch (type) + { + case CKK_RSA: + if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1) + { + DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); + break; + } + modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen); + pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen); + this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, + KEY_RSA, BUILD_RSA_MODULUS, modulus, + BUILD_RSA_PUB_EXP, pubexp, BUILD_END); + if (!this->pubkey) + { + DBG1(DBG_CFG, "extracting public key from PKCS#11 RSA " + "private key failed"); + } + this->reauth = reauth; + this->object = object; + break; + default: + DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type); + break; + } + } + enumerator->destroy(enumerator); + return this->pubkey != NULL; +} + +/** + * Find a PIN and try to log in + */ +static bool login(private_pkcs11_private_key_t *this, int slot) +{ + enumerator_t *enumerator; + shared_key_t *shared; + chunk_t pin; + CK_RV rv; + CK_SESSION_INFO info; + bool found = FALSE, success = FALSE; + + rv = this->lib->f->C_GetSessionInfo(this->session, &info); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetSessionInfo failed: %N", ck_rv_names, rv); + return FALSE; + } + if (info.state != CKS_RO_PUBLIC_SESSION && + info.state != CKS_RW_PUBLIC_SESSION) + { /* already logged in with another session, skip */ + return TRUE; + } + + enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, + SHARED_PIN, this->keyid, NULL); + while (enumerator->enumerate(enumerator, &shared, NULL, NULL)) + { + found = TRUE; + pin = shared->get_key(shared); + rv = this->lib->f->C_Login(this->session, CKU_USER, pin.ptr, pin.len); + if (rv == CKR_OK) + { + success = TRUE; + break; + } + DBG1(DBG_CFG, "login to '%s':%d failed: %N", + this->lib->get_name(this->lib), slot, ck_rv_names, rv); + } + enumerator->destroy(enumerator); + + if (!found) + { + DBG1(DBG_CFG, "no PIN found for PKCS#11 key %Y", this->keyid); + return FALSE; + } + return success; +} + +/** + * See header. + */ +pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) +{ + private_pkcs11_private_key_t *this; + char *module = NULL; + chunk_t keyid = chunk_empty; + int slot = -1; + CK_RV rv; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_PKCS11_KEYID: + keyid = va_arg(args, chunk_t); + continue; + case BUILD_PKCS11_SLOT: + slot = va_arg(args, int); + continue; + case BUILD_PKCS11_MODULE: + module = va_arg(args, char*); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!keyid.len) + { + return NULL; + } + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + + if (module && slot != -1) + { + this->lib = find_lib(module); + if (!this->lib) + { + DBG1(DBG_CFG, "PKCS#11 module '%s' not found", module); + free(this); + return NULL; + } + } + else + { + this->lib = find_lib_by_keyid(keyid, &slot); + if (!this->lib) + { + DBG1(DBG_CFG, "no PKCS#11 module found having a keyid %#B", &keyid); + free(this); + return NULL; + } + } + + rv = this->lib->f->C_OpenSession(slot, CKF_SERIAL_SESSION, + NULL, NULL, &this->session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening private key session on '%s':%d failed: %N", + module, slot, ck_rv_names, rv); + free(this); + return NULL; + } + + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->keyid = identification_create_from_encoding(ID_KEY_ID, keyid); + + if (!login(this, slot)) + { + destroy(this); + return NULL; + } + + if (!find_key(this, keyid)) + { + destroy(this); + return NULL; + } + + return &this->public; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h new file mode 100644 index 000000000..428913f0a --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_private_key pkcs11_private_key + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_PRIVATE_KEY_H_ +#define PKCS11_PRIVATE_KEY_H_ + +typedef struct pkcs11_private_key_t pkcs11_private_key_t; + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +#include "pkcs11.h" + +/** + * Private Key implementation on top of PKCS#11. + */ +struct pkcs11_private_key_t { + + /** + * Implements private_key_t interface. + */ + private_key_t key; +}; + +/** + * Open a private key on a PKCS#11 device. + * + * Accepts the BUILD_SMARTCARD_KEYID and the BUILD_SMARTCARD_PIN arguments. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args); + +/** + * Get the Cryptoki mechanism for a signature scheme. + */ +CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme); + +/** + * Get the Cryptoki mechanism for a encryption scheme. + */ +CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme); + +#endif /** PKCS11_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c new file mode 100644 index 000000000..8d32d9a3f --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -0,0 +1,473 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_public_key.h" + +#include "pkcs11.h" +#include "pkcs11_private_key.h" +#include "pkcs11_manager.h" + +#include <debug.h> +#include <threading/mutex.h> + +typedef struct private_pkcs11_public_key_t private_pkcs11_public_key_t; + +/** + * Private data of an pkcs11_public_key_t object. + */ +struct private_pkcs11_public_key_t { + + /** + * Public pkcs11_public_key_t interface. + */ + pkcs11_public_key_t public; + + /** + * Type of the key + */ + key_type_t type; + + /** + * Key size in bytes + */ + size_t k; + + /** + * PKCS#11 library this key uses + */ + pkcs11_library_t *lib; + + /** + * Slot the token is in + */ + CK_SLOT_ID slot; + + /** + * Session we use + */ + CK_SESSION_HANDLE session; + + /** + * Object handle to the key + */ + CK_OBJECT_HANDLE object; + + /** + * Mutex to lock session + */ + mutex_t *mutex; + + /** + * References to this key + */ + refcount_t ref; +}; + +METHOD(public_key_t, get_type, key_type_t, + private_pkcs11_public_key_t *this) +{ + return this->type; +} + +METHOD(public_key_t, get_keysize, int, + private_pkcs11_public_key_t *this) +{ + return this->k * 8; +} + +METHOD(public_key_t, verify, bool, + private_pkcs11_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t sig) +{ + CK_MECHANISM_PTR mechanism; + CK_RV rv; + + mechanism = pkcs11_signature_scheme_to_mech(scheme); + if (!mechanism) + { + DBG1(DBG_LIB, "signature scheme %N not supported", + signature_scheme_names, scheme); + return FALSE; + } + if (sig.len && sig.ptr[0] == 0) + { /* trim leading zero byte in sig */ + sig = chunk_skip(sig, 1); + } + this->mutex->lock(this->mutex); + rv = this->lib->f->C_VerifyInit(this->session, mechanism, this->object); + if (rv != CKR_OK) + { + this->mutex->unlock(this->mutex); + DBG1(DBG_LIB, "C_VerifyInit() failed: %N", ck_rv_names, rv); + return FALSE; + } + rv = this->lib->f->C_Verify(this->session, data.ptr, data.len, + sig.ptr, sig.len); + this->mutex->unlock(this->mutex); + if (rv != CKR_OK) + { + DBG1(DBG_LIB, "C_Verify() failed: %N", ck_rv_names, rv); + return FALSE; + } + return TRUE; +} + +METHOD(public_key_t, encrypt, bool, + private_pkcs11_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypt) +{ + CK_MECHANISM_PTR mechanism; + CK_BYTE_PTR buf; + CK_ULONG len; + CK_RV rv; + + mechanism = pkcs11_encryption_scheme_to_mech(scheme); + if (!mechanism) + { + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; + } + this->mutex->lock(this->mutex); + rv = this->lib->f->C_EncryptInit(this->session, mechanism, this->object); + if (rv != CKR_OK) + { + this->mutex->unlock(this->mutex); + DBG1(DBG_LIB, "C_EncryptInit() failed: %N", ck_rv_names, rv); + return FALSE; + } + len = (get_keysize(this) + 7) / 8; + buf = malloc(len); + rv = this->lib->f->C_Encrypt(this->session, plain.ptr, plain.len, buf, &len); + this->mutex->unlock(this->mutex); + if (rv != CKR_OK) + { + DBG1(DBG_LIB, "C_Encrypt() failed: %N", ck_rv_names, rv); + free(buf); + return FALSE; + } + *crypt = chunk_create(buf, len); + return TRUE; +} + +/** + * Encode RSA key using a given encoding type + */ +static bool encode_rsa(private_pkcs11_public_key_t *this, + cred_encoding_type_t type, void *cache, chunk_t *encoding) +{ + CK_RV rv; + bool success = FALSE; + chunk_t n, e; + CK_ATTRIBUTE attr[] = { + {CKA_MODULUS, NULL, 0}, + {CKA_PUBLIC_EXPONENT, NULL, 0}, + }; + + rv = this->lib->f->C_GetAttributeValue(this->session, this->object, + attr, countof(attr)); + if (rv != CKR_OK || + attr[0].ulValueLen == 0 || attr[0].ulValueLen == -1 || + attr[1].ulValueLen == 0 || attr[1].ulValueLen == -1) + { + return FALSE; + } + attr[0].pValue = malloc(attr[0].ulValueLen); + attr[1].pValue = malloc(attr[1].ulValueLen); + rv = this->lib->f->C_GetAttributeValue(this->session, this->object, + attr, countof(attr)); + if (rv == CKR_OK) + { + n = chunk_create(attr[0].pValue, attr[0].ulValueLen); + e = chunk_create(attr[1].pValue, attr[1].ulValueLen); + success = lib->encoding->encode(lib->encoding, type, cache, encoding, + CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END); + } + free(attr[0].pValue); + free(attr[1].pValue); + return success; +} + +METHOD(public_key_t, get_encoding, bool, + private_pkcs11_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + switch (this->type) + { + case KEY_RSA: + return encode_rsa(this, type, NULL, encoding); + default: + return FALSE; + } +} + +METHOD(public_key_t, get_fingerprint, bool, + private_pkcs11_public_key_t *this, cred_encoding_type_t type, chunk_t *fp) +{ + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; + } + switch (this->type) + { + case KEY_RSA: + return encode_rsa(this, type, this, fp); + default: + return FALSE; + } +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_pkcs11_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_pkcs11_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + this->lib->f->C_CloseSession(this->session); + this->mutex->destroy(this->mutex); + free(this); + } +} + +/** + * Create an empty PKCS#11 public key + */ +static private_pkcs11_public_key_t *create(key_type_t type, size_t k, + pkcs11_library_t *p11, CK_SLOT_ID slot, + CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) +{ + private_pkcs11_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .type = type, + .k = k, + .lib = p11, + .slot = slot, + .session = session, + .object = object, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .ref = 1, + ); + + return this; +} + +/** + * Find a key object, including PKCS11 library and slot + */ +static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e) +{ + private_pkcs11_public_key_t *this = NULL; + pkcs11_manager_t *manager; + enumerator_t *enumerator, *keys; + pkcs11_library_t *p11; + CK_SLOT_ID slot; + + manager = pkcs11_manager_get(); + if (!manager) + { + return NULL; + } + + enumerator = manager->create_token_enumerator(manager); + while (enumerator->enumerate(enumerator, &p11, &slot)) + { + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_RSA; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_MODULUS, n.ptr, n.len}, + {CKA_PUBLIC_EXPONENT, e.ptr, e.len}, + }; + CK_OBJECT_HANDLE object; + CK_SESSION_HANDLE session; + CK_RV rv; + + rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, + &session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv); + continue; + } + keys = p11->create_object_enumerator(p11, session, + tmpl, countof(tmpl), NULL, 0); + if (keys->enumerate(keys, &object)) + { + this = create(KEY_RSA, n.len, p11, slot, session, object); + keys->destroy(keys); + break; + } + keys->destroy(keys); + p11->f->C_CloseSession(session); + } + enumerator->destroy(enumerator); + return this; +} + +/** + * Create a key object in a suitable token session + */ +static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) +{ + private_pkcs11_public_key_t *this = NULL; + pkcs11_manager_t *manager; + enumerator_t *enumerator, *mechs; + pkcs11_library_t *p11; + CK_SLOT_ID slot; + + manager = pkcs11_manager_get(); + if (!manager) + { + return NULL; + } + + enumerator = manager->create_token_enumerator(manager); + while (enumerator->enumerate(enumerator, &p11, &slot)) + { + CK_MECHANISM_TYPE mech; + CK_MECHANISM_INFO info; + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_RSA; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_MODULUS, n.ptr, n.len}, + {CKA_PUBLIC_EXPONENT, e.ptr, e.len} + }; + CK_OBJECT_HANDLE object; + CK_SESSION_HANDLE session; + CK_RV rv; + + mechs = p11->create_mechanism_enumerator(p11, slot); + while (mechs->enumerate(mechs, &mech, &info)) + { + if (!(info.flags & CKF_VERIFY)) + { + continue; + } + switch (mech) + { + case CKM_RSA_PKCS: + case CKM_SHA1_RSA_PKCS: + case CKM_SHA256_RSA_PKCS: + case CKM_SHA384_RSA_PKCS: + case CKM_SHA512_RSA_PKCS: + case CKM_MD5_RSA_PKCS: + break; + default: + continue; + } + rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, + &session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", + ck_rv_names, rv); + continue; + } + rv = p11->f->C_CreateObject(session, tmpl, countof(tmpl), &object); + if (rv == CKR_OK) + { + this = create(KEY_RSA, n.len, p11, slot, session, object); + DBG2(DBG_CFG, "created RSA public key on token '%s':%d ", + p11->get_name(p11), slot); + break; + } + else + { + DBG1(DBG_CFG, "creating RSA public key on token '%s':%d " + "failed: %N", p11->get_name(p11), slot, ck_rv_names, rv); + p11->f->C_CloseSession(session); + } + } + mechs->destroy(mechs); + if (this) + { + break; + } + } + enumerator->destroy(enumerator); + return this; +} + +/** + * See header + */ +pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args) +{ + private_pkcs11_public_key_t *this; + chunk_t n, e; + + n = e = chunk_empty; + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (type == KEY_RSA && e.ptr && n.ptr) + { + if (n.len && n.ptr[0] == 0) + { /* trim leading zero byte in modulus */ + n = chunk_skip(n, 1); + } + this = find_rsa_key(n, e); + if (this) + { + return &this->public; + } + this = create_rsa_key(n, e); + if (this) + { + return &this->public; + } + } + return NULL; +} + diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h new file mode 100644 index 000000000..4fd94620e --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_public_key pkcs11_public_key + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_PUBLIC_KEY_H_ +#define PKCS11_PUBLIC_KEY_H_ + +typedef struct pkcs11_public_key_t pkcs11_public_key_t; + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +/** + * PKCS#11 based public key implementation. + */ +struct pkcs11_public_key_t { + + /** + * Implements public_key_t. + */ + public_key_t key; +}; + +/** + * Create a public key in a PKCS#11 session. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args); + +#endif /** PKCS11_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 336d0bc02..e1427bf15 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -189,7 +189,6 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) plugin = load_plugin(this, path, token); if (plugin) { - /* insert in front to destroy them in reverse order */ this->plugins->insert_last(this->plugins, plugin); this->names->insert_last(this->names, token); } @@ -215,12 +214,13 @@ static void unload(private_plugin_loader_t *this) plugin_t *plugin; char *name; - while (this->plugins->remove_first(this->plugins, + /* unload plugins in reverse order */ + while (this->plugins->remove_last(this->plugins, (void**)&plugin) == SUCCESS) { plugin->destroy(plugin); } - while (this->names->remove_first(this->names, (void**)&name) == SUCCESS) + while (this->names->remove_last(this->names, (void**)&name) == SUCCESS) { free(name); } diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 4dc5985cd..495223855 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -197,14 +200,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -244,7 +257,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index b0eabc9ee..6f41ada2a 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -50,7 +50,7 @@ plugin_t *pubkey_plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, (builder_function_t)pubkey_cert_wrap); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index af929080d..efd24c761 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -197,14 +200,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -244,7 +257,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 871566e65..16a9d21c5 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -199,14 +202,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -246,7 +259,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c index d352a9583..02393b907 100644 --- a/src/libstrongswan/plugins/revocation/revocation_plugin.c +++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c @@ -52,7 +52,11 @@ plugin_t *revocation_plugin_create() private_revocation_plugin_t *this; INIT(this, - .public.plugin.destroy = _destroy, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, .validator = revocation_validator_create(), ); lib->credmgr->add_validator(lib->credmgr, &this->validator->validator); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 703764e5e..1036bedfc 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 5e490f2e5..579e6f9b0 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -195,14 +198,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -242,7 +255,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 6d81d0d81..9c9b57f98 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -198,14 +201,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -245,7 +258,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 6d3b05d19..049301977 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -13,9 +13,14 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \ test_vectors/3des_cbc.c \ test_vectors/aes_cbc.c \ + test_vectors/aes_ctr.c \ test_vectors/aes_xcbc.c \ + test_vectors/aes_ccm.c \ + test_vectors/aes_gcm.c \ test_vectors/blowfish.c \ test_vectors/camellia_cbc.c \ + test_vectors/camellia_ctr.c \ + test_vectors/camellia_xcbc.c \ test_vectors/cast.c \ test_vectors/des.c \ test_vectors/idea.c \ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 20a6db81e..9be3f825a 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -75,10 +76,11 @@ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_test_vectors_la_LIBADD = am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ - 3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \ - cast.lo des.lo idea.lo null.lo rc5.lo serpent_cbc.lo \ - twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo sha1.lo \ - sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo + 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_ccm.lo \ + aes_gcm.lo blowfish.lo camellia_cbc.lo camellia_ctr.lo \ + camellia_xcbc.lo cast.lo des.lo idea.lo null.lo rc5.lo \ + serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo \ + sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo libstrongswan_test_vectors_la_OBJECTS = \ $(am_libstrongswan_test_vectors_la_OBJECTS) libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \ @@ -171,6 +173,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -202,14 +206,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -224,24 +231,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -249,7 +263,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ @@ -269,9 +286,14 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \ test_vectors/3des_cbc.c \ test_vectors/aes_cbc.c \ + test_vectors/aes_ctr.c \ test_vectors/aes_xcbc.c \ + test_vectors/aes_ccm.c \ + test_vectors/aes_gcm.c \ test_vectors/blowfish.c \ test_vectors/camellia_cbc.c \ + test_vectors/camellia_ctr.c \ + test_vectors/camellia_xcbc.c \ test_vectors/cast.c \ test_vectors/des.c \ test_vectors/idea.c \ @@ -376,9 +398,14 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/3des_cbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ccm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ctr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_gcm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_xcbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_cbc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_ctr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_xcbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_prf.Plo@am__quote@ @@ -433,6 +460,13 @@ aes_cbc.lo: test_vectors/aes_cbc.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c +aes_ctr.lo: test_vectors/aes_ctr.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ctr.lo -MD -MP -MF $(DEPDIR)/aes_ctr.Tpo -c -o aes_ctr.lo `test -f 'test_vectors/aes_ctr.c' || echo '$(srcdir)/'`test_vectors/aes_ctr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ctr.Tpo $(DEPDIR)/aes_ctr.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_ctr.c' object='aes_ctr.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_ctr.lo `test -f 'test_vectors/aes_ctr.c' || echo '$(srcdir)/'`test_vectors/aes_ctr.c + aes_xcbc.lo: test_vectors/aes_xcbc.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo @@ -440,6 +474,20 @@ aes_xcbc.lo: test_vectors/aes_xcbc.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c +aes_ccm.lo: test_vectors/aes_ccm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ccm.lo -MD -MP -MF $(DEPDIR)/aes_ccm.Tpo -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ccm.Tpo $(DEPDIR)/aes_ccm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_ccm.c' object='aes_ccm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c + +aes_gcm.lo: test_vectors/aes_gcm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_gcm.lo -MD -MP -MF $(DEPDIR)/aes_gcm.Tpo -c -o aes_gcm.lo `test -f 'test_vectors/aes_gcm.c' || echo '$(srcdir)/'`test_vectors/aes_gcm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_gcm.Tpo $(DEPDIR)/aes_gcm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_gcm.c' object='aes_gcm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_gcm.lo `test -f 'test_vectors/aes_gcm.c' || echo '$(srcdir)/'`test_vectors/aes_gcm.c + blowfish.lo: test_vectors/blowfish.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo @@ -454,6 +502,20 @@ camellia_cbc.lo: test_vectors/camellia_cbc.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c +camellia_ctr.lo: test_vectors/camellia_ctr.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_ctr.lo -MD -MP -MF $(DEPDIR)/camellia_ctr.Tpo -c -o camellia_ctr.lo `test -f 'test_vectors/camellia_ctr.c' || echo '$(srcdir)/'`test_vectors/camellia_ctr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_ctr.Tpo $(DEPDIR)/camellia_ctr.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_ctr.c' object='camellia_ctr.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_ctr.lo `test -f 'test_vectors/camellia_ctr.c' || echo '$(srcdir)/'`test_vectors/camellia_ctr.c + +camellia_xcbc.lo: test_vectors/camellia_xcbc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_xcbc.lo -MD -MP -MF $(DEPDIR)/camellia_xcbc.Tpo -c -o camellia_xcbc.lo `test -f 'test_vectors/camellia_xcbc.c' || echo '$(srcdir)/'`test_vectors/camellia_xcbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_xcbc.Tpo $(DEPDIR)/camellia_xcbc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_xcbc.c' object='camellia_xcbc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_xcbc.lo `test -f 'test_vectors/camellia_xcbc.c' || echo '$(srcdir)/'`test_vectors/camellia_xcbc.c + cast.lo: test_vectors/cast.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index b182dd829..ab4689c1c 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -19,6 +19,15 @@ TEST_VECTOR_CRYPTER(aes_cbc3) TEST_VECTOR_CRYPTER(aes_cbc4) TEST_VECTOR_CRYPTER(aes_cbc5) TEST_VECTOR_CRYPTER(aes_cbc6) +TEST_VECTOR_CRYPTER(aes_ctr1) +TEST_VECTOR_CRYPTER(aes_ctr2) +TEST_VECTOR_CRYPTER(aes_ctr3) +TEST_VECTOR_CRYPTER(aes_ctr4) +TEST_VECTOR_CRYPTER(aes_ctr5) +TEST_VECTOR_CRYPTER(aes_ctr6) +TEST_VECTOR_CRYPTER(aes_ctr7) +TEST_VECTOR_CRYPTER(aes_ctr8) +TEST_VECTOR_CRYPTER(aes_ctr9) TEST_VECTOR_CRYPTER(blowfish1) TEST_VECTOR_CRYPTER(blowfish2) TEST_VECTOR_CRYPTER(camellia_cbc1) @@ -27,6 +36,15 @@ TEST_VECTOR_CRYPTER(camellia_cbc3) TEST_VECTOR_CRYPTER(camellia_cbc4) TEST_VECTOR_CRYPTER(camellia_cbc5) TEST_VECTOR_CRYPTER(camellia_cbc6) +TEST_VECTOR_CRYPTER(camellia_ctr1) +TEST_VECTOR_CRYPTER(camellia_ctr2) +TEST_VECTOR_CRYPTER(camellia_ctr3) +TEST_VECTOR_CRYPTER(camellia_ctr4) +TEST_VECTOR_CRYPTER(camellia_ctr5) +TEST_VECTOR_CRYPTER(camellia_ctr6) +TEST_VECTOR_CRYPTER(camellia_ctr7) +TEST_VECTOR_CRYPTER(camellia_ctr8) +TEST_VECTOR_CRYPTER(camellia_ctr9) TEST_VECTOR_CRYPTER(cast1) TEST_VECTOR_CRYPTER(des_cbc1) TEST_VECTOR_CRYPTER(des_cbc2) @@ -49,11 +67,31 @@ TEST_VECTOR_CRYPTER(twofish_cbc1) TEST_VECTOR_CRYPTER(twofish_cbc2) TEST_VECTOR_CRYPTER(twofish_cbc3) +TEST_VECTOR_AEAD(aes_ccm1) +TEST_VECTOR_AEAD(aes_ccm2) +TEST_VECTOR_AEAD(aes_ccm3) +TEST_VECTOR_AEAD(aes_ccm4) +TEST_VECTOR_AEAD(aes_ccm5) +TEST_VECTOR_AEAD(aes_ccm6) +TEST_VECTOR_AEAD(aes_ccm7) +TEST_VECTOR_AEAD(aes_ccm8) +TEST_VECTOR_AEAD(aes_ccm9) +TEST_VECTOR_AEAD(aes_ccm10) +TEST_VECTOR_AEAD(aes_ccm11) +TEST_VECTOR_AEAD(aes_gcm1) +TEST_VECTOR_AEAD(aes_gcm2) +TEST_VECTOR_AEAD(aes_gcm3) +TEST_VECTOR_AEAD(aes_gcm4) +TEST_VECTOR_AEAD(aes_gcm5) +TEST_VECTOR_AEAD(aes_gcm6) +TEST_VECTOR_AEAD(aes_gcm7) + TEST_VECTOR_SIGNER(aes_xcbc_s1) TEST_VECTOR_SIGNER(aes_xcbc_s2) TEST_VECTOR_SIGNER(aes_xcbc_s3) TEST_VECTOR_SIGNER(aes_xcbc_s4) TEST_VECTOR_SIGNER(aes_xcbc_s5) +TEST_VECTOR_SIGNER(camellia_xcbc_s1) TEST_VECTOR_SIGNER(md5_hmac_s1) TEST_VECTOR_SIGNER(md5_hmac_s2) TEST_VECTOR_SIGNER(md5_hmac_s3) @@ -118,6 +156,9 @@ TEST_VECTOR_PRF(aes_xcbc_p4) TEST_VECTOR_PRF(aes_xcbc_p5) TEST_VECTOR_PRF(aes_xcbc_p6) TEST_VECTOR_PRF(aes_xcbc_p7) +TEST_VECTOR_PRF(camellia_xcbc_p1) +TEST_VECTOR_PRF(camellia_xcbc_p2) +TEST_VECTOR_PRF(camellia_xcbc_p3) TEST_VECTOR_PRF(md5_hmac_p1) TEST_VECTOR_PRF(md5_hmac_p2) TEST_VECTOR_PRF(md5_hmac_p3) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c new file mode 100644 index 000000000..8de180ad5 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c @@ -0,0 +1,157 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * Test vectors with 11 bytes nonces are hard to find, neither RFC3610 nor + * NIST 800-38C has one. These vectors are taken from the Linux kernel, + * originally from "fips cavs fax files on hand at Red Hat". + */ +aead_test_vector_t aes_ccm1 = { + .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 0, + .key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05\x2e\x01\xd1\xfc\x5d\x82\x66\x2e" + "\x96\xac\x59", + .iv = "\x30\x07\xa1\xe2\xa2\xc7\x55\x24", + .plain = "\x19\xc8\x81\xf6\xe9\x86\xff\x93\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e" + "\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c\x35\x2e\xad\xe0\x62\xf9\x91\xa1", + .cipher = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1" + "\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a\x57\x2b\xbe\x5d\x98\xa6\xb1\x32" + "\xda\x24\xea\xd9\xa1\x39\x98\xfd\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8", +}; + +aead_test_vector_t aes_ccm2 = { + .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 32, + .key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3" + "\x4f\xa3\x19", + .iv = "\xd3\x01\x5a\xd8\x30\x60\x15\x56", + .adata = "\xda\xe6\x28\x9c\x45\x2d\xfd\x63\x5e\xda\x4c\xb6\xe6\xfc\xf9\xb7" + "\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1\x0a\x63\x09\x78\xbc\x2c\x55\xde", + .plain = "\x87\xa3\x36\xfd\x96\xb3\x93\x78\xa9\x28\x63\xba\x12\xa3\x14\x85" + "\x57\x1e\x06\xc9\x7b\x21\xef\x76\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e", + .cipher = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19\xfc\x70\xc4\x6d\x8e\xb7\x99\xab" + "\xc5\x4b\xa2\xac\xd3\xf3\x48\xff\x3b\xb5\xce\x53\xef\xde\xbb\x02" + "\xa9\x86\x15\x6c\x13\xfe\xda\x0a\x22\xb8\x29\x3d\xd8\x39\x9a\x23", +}; + +aead_test_vector_t aes_ccm3 = { + .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 0, .alen = 32, + .key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1\xa3\xf0\xff\xdd\x4e\x4b\x12\x75" + "\x53\x14\x73\x66\x8d\x88\xf6\x80\xa0\x20\x35", + .iv = "\x26\xf2\x21\x8d\x50\x20\xda\xe2", + .adata = "\x5b\x9e\x13\x67\x02\x5e\xef\xc1\x6c\xf9\xd7\x1e\x52\x8f\x7a\x47" + "\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d\xd8\x9e\x2b\x56\x10\x23\x56\xe7", + .cipher = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc\xad\x0c\x7a\x63\xf6\x61\xfd\x9b", +}; + +aead_test_vector_t aes_ccm4 = { + .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 32, .alen = 32, + .key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42\xef\x7a\xd3\xce\xfc\x84\x60\x62" + "\xca\xb4\x40\xaf\x5f\xc9\xc9\x01\xd6\x3c\x8c", + .iv = "\x86\x84\xb6\xcd\xef\x09\x2e\x94", + .adata = "\x02\x65\x78\x3c\xe9\x21\x30\x91\xb1\xb9\xda\x76\x9a\x78\x6d\x95" + "\xf2\x88\x32\xa3\xf2\x50\xcb\x4c\xe3\x00\x73\x69\x84\x69\x87\x79", + .plain = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c\x43\x69\x3a\x2d\x8e\x70\xad\x7e" + "\xe0\xe5\x46\x09\x80\x89\x13\xb2\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b", + .cipher = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62\x5d\x51\xc2\x16\xd8\xbd\x06\x9f" + "\x9b\x6a\x09\x70\xc1\x51\x83\xc2\x66\x88\x1d\x4f\x9a\xda\xe0\x1e" + "\xc7\x79\x11\x58\xe5\x6b\x20\x40\x7a\xea\x46\x42\x8b\xe4\x6f\xe1", +}; + +aead_test_vector_t aes_ccm5 = { + .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 32, .alen = 32, + .key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a\xbd\x01\x99\xd5\x8a\xdf\x71\x3a" + "\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b" + "\x1e\x29\x91", + .iv = "\xad\x8e\xc1\x53\x0a\xcf\x2d\xbe", + .adata = "\x19\xb6\x1f\x57\xc4\xf3\xf0\x8b\x78\x2b\x94\x02\x29\x0f\x42\x27" + "\x6b\x75\xcb\x98\x34\x08\x7e\x79\xe4\x3e\x49\x0d\x84\x8b\x22\x87", + .plain = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66" + "\xbf\x17\x99\x62\x4a\x39\x27\x1f\x1d\xdc\x24\xae\x19\x2f\x98\x4c", + .cipher = "\x19\xb8\x61\x33\x45\x2b\x43\x96\x6f\x51\xd0\x20\x30\x7d\x9b\xc6" + "\x26\x3d\xf8\xc9\x65\x16\xa8\x9f\xf0\x62\x17\x34\xf2\x1e\x8d\x75" + "\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d", +}; + +aead_test_vector_t aes_ccm6 = { + .alg = ENCR_AES_CCM_ICV12, .key_size = 32, .len = 32, .alen = 32, + .key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c\x45\x41\xb8\xbd\x5c\xa7\xc2\x32" + "\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c\x09\x75\x9a\x9b\x3c\x9b\x27\x39" + "\xf9\xd9\x4e", + .iv = "\x63\xb5\x3d\x9d\x43\xf6\x1e\x50", + .adata = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b\x13\x02\x01\x0c\x83\x4c\x96\x35" + "\x8e\xd6\x39\xcf\x7d\x14\x9b\x94\xb0\x39\x36\xe6\x8f\x57\xe0\x13", + .plain = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6\x83\x72\x07\x4f\xcf\xfa\x66\x89" + "\x5f\xca\xb1\xba\xd5\x8f\x2c\x27\x30\xdb\x75\x09\x93\xd4\x65\xe4", + .cipher = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d" + "\xcc\x63\x44\x25\x07\x78\x4f\x9e\x96\xb8\x88\xeb\xbc\x48\x1f\x06" + "\x39\xaf\x39\xac\xd8\x4a\x80\x39\x7b\x72\x8a\xf7", +}; + +aead_test_vector_t aes_ccm7 = { + .alg = ENCR_AES_CCM_ICV16, .key_size = 32, .len = 32, .alen = 32, + .key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83\x8c\x76\x95\xd4\xb6\xdc\xf3\x46" + "\xf9\x8f\xad\xe3\x02\x13\x83\x77\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b" + "\x24\xa7\x8b", + .iv = "\x07\xcb\xcc\x0e\xe6\x33\xbf\xf5", + .adata = "\xd4\xdb\x30\x1d\x03\xfe\xfd\x5f\x87\xd4\x8c\xb6\xb6\xf1\x7a\x5d" + "\xab\x90\x65\x8d\x8e\xca\x4d\x4f\x16\x0c\x40\x90\x4b\xc7\x36\x73", + .plain = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d" + "\x6c\xde\xbc\xf1\x90\xea\x6a\xb2\x35\x86\x36\xaf\x5c\xfe\x4b\x3a", + .cipher = "\x83\x6f\x40\x87\x72\xcf\xc1\x13\xef\xbb\x80\x21\x04\x6c\x58\x09" + "\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf" + "\x5c\xda\xb2\x33\xe5\x13\xe2\x0d\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8", +}; + +aead_test_vector_t aes_ccm8 = { + .alg = ENCR_AES_CCM_ICV8, .key_size = 16, .len = 0, .alen = 0, + .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1\xff\x80\x2e\x48\x7d\x82\xf8\xb9" + "\xaf\x94\x87", + .iv = "\x78\x35\x82\x81\x7f\x88\x94\x68", + .cipher = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3", +}; + +aead_test_vector_t aes_ccm9 = { + .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 0, .alen = 32, + .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" + "\xa4\x48\x93\x39\x26\x71\x4a\xc6\xee\x49\x83", + .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e", + .adata = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" + "\xa4\xf0\x13\x05\xd1\x77\x99\x67\x11\xc4\xc6\xdb\x00\x56\x36\x61", + .cipher = "\x71\x99\xfa\xf4\x44\x12\x68\x9b", +}; + +aead_test_vector_t aes_ccm10 = { + .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 0, .alen = 0, + .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c" + "\x20\x2c\xad\x30\xc2\x2b\x41\xfb\x0e\x85\xbc\x33\xad\x0f\x2b\xff" + "\xee\x49\x83", + .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e", + .cipher = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2", +}; + +aead_test_vector_t aes_ccm11 = { + .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 32, .alen = 32, + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba\xee\x49\x83", + .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e", + .adata = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" + "\xa4\xf0\x13\x05\xd1\x77\x99\x67\x11\xc4\xc6\xdb\x00\x56\x36\x61", + .plain = "\x85\x34\x66\x42\xc8\x92\x0f\x36\x58\xe0\x6b\x91\x3c\x98\x5c\xbb" + "\x0a\x85\xcc\x02\xad\x7a\x96\xe9\x65\x43\xa4\xc3\x0f\xdc\x55\x81", + .cipher = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2" + "\x66\xca\x61\x1e\x96\x7a\x61\xb3\x1c\x16\x45\x52\xba\x04\x9c\x9f" + "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1", +}; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c new file mode 100644 index 000000000..1e5126a70 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * Test 1 of RFC3686 + */ +crypter_test_vector_t aes_ctr1 = { + .alg = ENCR_AES_CTR, .key_size = 16, .len = 16, + .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc\x4b\xf7\xa5\x76\x55\x77\xf3\x9e" + "\x00\x00\x00\x30", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "Single block msg", + .cipher = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79\x2d\x61\x75\xa3\x26\x13\x11\xb8" +}; + +/** + * Test 2 of RFC3686 + */ +crypter_test_vector_t aes_ctr2 = { + .alg = ENCR_AES_CTR, .key_size = 16, .len = 32, + .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7\x43\xd6\xce\x1f\x32\x53\x91\x63" + "\x00\x6c\xb6\xdb", + .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .cipher = "\x51\x04\xa1\x06\x16\x8a\x72\xd9\x79\x0d\x41\xee\x8e\xda\xd3\x88" + "\xeb\x2e\x1e\xfc\x46\xda\x57\xc8\xfc\xe6\x30\xdf\x91\x41\xbe\x28" +}; + +/** + * Test 3 of RFC3686 + */ +crypter_test_vector_t aes_ctr3 = { + .alg = ENCR_AES_CTR, .key_size = 16, .len = 36, + .key = "\x76\x91\xbe\x03\x5e\x50\x20\xa8\xac\x6e\x61\x85\x29\xf9\xa0\xdc" + "\x00\xe0\x01\x7b", + .iv = "\x27\x77\x7f\x3f\x4a\x17\x86\xf0", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23", + .cipher = "\xc1\xcf\x48\xa8\x9f\x2f\xfd\xd9\xcf\x46\x52\xe9\xef\xdb\x72\xd7" + "\x45\x40\xa4\x2b\xde\x6d\x78\x36\xd5\x9a\x5c\xea\xae\xf3\x10\x53" + "\x25\xb2\x07\x2f", +}; + +/** + * Test 4 of RFC3686 + */ +crypter_test_vector_t aes_ctr4 = { + .alg = ENCR_AES_CTR, .key_size = 24, .len = 16, + .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed" + "\x86\x3d\x06\xcc\xfd\xb7\x85\x15" + "\x00\x00\x00\x48", + .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb", + .plain = "Single block msg", + .cipher = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8\x4e\x79\x35\xa0\x03\xcb\xe9\x28", +}; + +/** + * Test 5 of RFC3686 + */ +crypter_test_vector_t aes_ctr5 = { + .alg = ENCR_AES_CTR, .key_size = 24, .len = 32, + .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c\x19\xe7\x34\x08\x19\xe0\xf6\x9c" + "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a" + "\x00\x96\xb0\x3b", + .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .cipher = "\x45\x32\x43\xfc\x60\x9b\x23\x32\x7e\xdf\xaa\xfa\x71\x31\xcd\x9f" + "\x84\x90\x70\x1c\x5a\xd4\xa7\x9c\xfc\x1f\xe0\xff\x42\xf4\xfb\x00", +}; + +/** + * Test 6 of RFC3686 + */ +crypter_test_vector_t aes_ctr6 = { + .alg = ENCR_AES_CTR, .key_size = 24, .len = 36, + .key = "\x02\xbf\x39\x1e\xe8\xec\xb1\x59\xb9\x59\x61\x7b\x09\x65\x27\x9b" + "\xf5\x9b\x60\xa7\x86\xd3\xe0\xfe" + "\x00\x07\xbd\xfd", + .iv = "\x5c\xbd\x60\x27\x8d\xcc\x09\x12", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23", + .cipher = "\x96\x89\x3f\xc5\x5e\x5c\x72\x2f\x54\x0b\x7d\xd1\xdd\xf7\xe7\x58" + "\xd2\x88\xbc\x95\xc6\x91\x65\x88\x45\x36\xc8\x11\x66\x2f\x21\x88" + "\xab\xee\x09\x35", +}; + +/** + * Test 7 of RFC3686 + */ +crypter_test_vector_t aes_ctr7 = { + .alg = ENCR_AES_CTR, .key_size = 32, .len = 16, + .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f\x4c\x8a\x05\x42\xc8\x69\x6f\x6c" + "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04" + "\x00\x00\x00\x60", + .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2", + .plain = "Single block msg", + .cipher = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7\x56\x08\x63\xdc\x71\xe3\xe0\xc0", +}; + +/** + * Test 8 of RFC3686 + */ +crypter_test_vector_t aes_ctr8 = { + .alg = ENCR_AES_CTR, .key_size = 32, .len = 32, + .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb\x07\x96\x36\x58\x79\xef\xf8\x86" + "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74\x4b\x50\x59\x0c\x87\xa2\x38\x84" + "\x00\xfa\xac\x24", + .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .cipher = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c\x49\xee\x00\x0b\x80\x4e\xb2\xa9" + "\xb8\x30\x6b\x50\x8f\x83\x9d\x6a\x55\x30\x83\x1d\x93\x44\xaf\x1c", +}; + +/** + * Test 9 of RFC3686 + */ +crypter_test_vector_t aes_ctr9 = { + .alg = ENCR_AES_CTR, .key_size = 32, .len = 36, + .key = "\xff\x7a\x61\x7c\xe6\x91\x48\xe4\xf1\x72\x6e\x2f\x43\x58\x1d\xe2" + "\xaa\x62\xd9\xf8\x05\x53\x2e\xdf\xf1\xee\xd6\x87\xfb\x54\x15\x3d" + "\x00\x1c\xc5\xb7", + .iv = "\x51\xa5\x1d\x70\xa1\xc1\x11\x48", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23", + .cipher = "\xeb\x6c\x52\x82\x1d\x0b\xbb\xf7\xce\x75\x94\x46\x2a\xca\x4f\xaa" + "\xb4\x07\xdf\x86\x65\x69\xfd\x07\xf4\x8c\xc0\xb5\x83\xd6\x07\x1f" + "\x1e\xc0\xe6\xb8", +}; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c new file mode 100644 index 000000000..7534633e1 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * From the Linux kernel, those with an IV. Originally from + * McGrew & Viega - http://citeseer.ist.psu.edu/656989.html + */ +aead_test_vector_t aes_gcm1 = { + .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .len = 64, .alen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55", + .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" + "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e" + "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" + "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85" + "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6", +}; + +aead_test_vector_t aes_gcm2 = { + .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .len = 64, .alen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55", + .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" + "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e" + "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" + "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85" + "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd", +}; + +aead_test_vector_t aes_gcm3 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 64, .alen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55", + .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" + "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e" + "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" + "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85" + "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4", +}; + +aead_test_vector_t aes_gcm4 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 60, .alen = 20, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39", + .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xab\xad\xda\xd2", + .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" + "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e" + "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" + "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x5b\xc9\x4f\xbc" + "\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47", +}; + +aead_test_vector_t aes_gcm5 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .len = 64, .alen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55", + .cipher = "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57" + "\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" + "\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47" + "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56" + "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14", +}; + +aead_test_vector_t aes_gcm6 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 64, .alen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55", + .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" + "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa" + "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38" + "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x89\x80\x15\xad" + "\xb0\x94\xda\xc5\xd9\x34\x71\xbd\xec\x1a\x50\x22\x70\xe3\xcc\x6c", +}; + +aead_test_vector_t aes_gcm7 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 60, .alen = 20, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xab\xad\xda\xd2", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39", + .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" + "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa" + "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38" + "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x76\xfc\x6e\xce" + "\x0f\x4e\x17\x68\xcd\xdf\x88\x53\xbb\x2d\x55\x1b", +}; + diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c new file mode 100644 index 000000000..241e6ca7a --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * Test 1 of RFC5528 + */ +crypter_test_vector_t camellia_ctr1 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 16, + .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc\x4b\xf7\xa5\x76\x55\x77\xf3\x9e" + "\x00\x00\x00\x30", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "Single block msg", + .cipher = "\xd0\x9d\xc2\x9a\x82\x14\x61\x9a\x20\x87\x7c\x76\xdb\x1f\x0b\x3f" +}; + +/** + * Test 2 of RFC5528 + */ +crypter_test_vector_t camellia_ctr2 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 32, + .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7\x43\xd6\xce\x1f\x32\x53\x91\x63" + "\x00\x6c\xb6\xdb", + .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .cipher = "\xdb\xf3\xc7\x8d\xc0\x83\x96\xd4\xda\x7c\x90\x77\x65\xbb\xcb\x44" + "\x2b\x8e\x8e\x0f\x31\xf0\xdc\xa7\x2c\x74\x17\xe3\x53\x60\xe0\x48" +}; + +/** + * Test 3 of RFC5528 + */ +crypter_test_vector_t camellia_ctr3 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 36, + .key = "\x76\x91\xbe\x03\x5e\x50\x20\xa8\xac\x6e\x61\x85\x29\xf9\xa0\xdc" + "\x00\xe0\x01\x7b", + .iv = "\x27\x77\x7f\x3f\x4a\x17\x86\xf0", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23", + .cipher = "\xb1\x9d\x1f\xcd\xcb\x75\xeb\x88\x2f\x84\x9c\xe2\x4d\x85\xcf\x73" + "\x9c\xe6\x4b\x2b\x5c\x9d\x73\xf1\x4f\x2d\x5d\x9d\xce\x98\x89\xcd" + "\xdf\x50\x86\x96", +}; + +/** + * Test 4 of RFC5528 + */ +crypter_test_vector_t camellia_ctr4 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 16, + .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed" + "\x86\x3d\x06\xcc\xfd\xb7\x85\x15" + "\x00\x00\x00\x48", + .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb", + .plain = "Single block msg", + .cipher = "\x23\x79\x39\x9e\x8a\x8d\x2b\x2b\x16\x70\x2f\xc7\x8b\x9e\x96\x96", +}; + +/** + * Test 5 of RFC5528 + */ +crypter_test_vector_t camellia_ctr5 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 32, + .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c\x19\xe7\x34\x08\x19\xe0\xf6\x9c" + "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a" + "\x00\x96\xb0\x3b", + .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .cipher = "\x7d\xef\x34\xf7\xa5\xd0\xe4\x15\x67\x4b\x7f\xfc\xae\x67\xc7\x5d" + "\xd0\x18\xb8\x6f\xf2\x30\x51\xe0\x56\x39\x2a\x99\xf3\x5a\x4c\xed", +}; + +/** + * Test 6 of RFC5528 + */ +crypter_test_vector_t camellia_ctr6 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 36, + .key = "\x02\xbf\x39\x1e\xe8\xec\xb1\x59\xb9\x59\x61\x7b\x09\x65\x27\x9b" + "\xf5\x9b\x60\xa7\x86\xd3\xe0\xfe" + "\x00\x07\xbd\xfd", + .iv = "\x5c\xbd\x60\x27\x8d\xcc\x09\x12", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23", + .cipher = "\x57\x10\xe5\x56\xe1\x48\x7a\x20\xb5\xac\x0e\x73\xf1\x9e\x4e\x78" + "\x76\xf3\x7f\xdc\x91\xb1\xef\x4d\x4d\xad\xe8\xe6\x66\xa6\x4d\x0e" + "\xd5\x57\xab\x57", +}; + +/** + * Test 7 of RFC5528 + */ +crypter_test_vector_t camellia_ctr7 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 16, + .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f\x4c\x8a\x05\x42\xc8\x69\x6f\x6c" + "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04" + "\x00\x00\x00\x60", + .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2", + .plain = "Single block msg", + .cipher = "\x34\x01\xf9\xc8\x24\x7e\xff\xce\xbd\x69\x94\x71\x4c\x1b\xbb\x11", +}; + +/** + * Test 8 of RFC5528 + */ +crypter_test_vector_t camellia_ctr8 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 32, + .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb\x07\x96\x36\x58\x79\xef\xf8\x86" + "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74\x4b\x50\x59\x0c\x87\xa2\x38\x84" + "\x00\xfa\xac\x24", + .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + .cipher = "\xd6\xc3\x03\x92\x24\x6f\x78\x08\xa8\x3c\x2b\x22\xa8\x83\x9e\x45" + "\xe5\x1c\xd4\x8a\x1c\xdf\x40\x6e\xbc\x9c\xc2\xd3\xab\x83\x41\x08", +}; + +/** + * Test 9 of RFC5528 + */ +crypter_test_vector_t camellia_ctr9 = { + .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 36, + .key = "\xff\x7a\x61\x7c\xe6\x91\x48\xe4\xf1\x72\x6e\x2f\x43\x58\x1d\xe2" + "\xaa\x62\xd9\xf8\x05\x53\x2e\xdf\xf1\xee\xd6\x87\xfb\x54\x15\x3d" + "\x00\x1c\xc5\xb7", + .iv = "\x51\xa5\x1d\x70\xa1\xc1\x11\x48", + .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23", + .cipher = "\xa4\xda\x23\xfc\xe6\xa5\xff\xaa\x6d\x64\xae\x9a\x06\x52\xa4\x2c" + "\xd1\x61\xa3\x4b\x65\xf9\x67\x9f\x75\xc0\x1f\x10\x1f\x71\x27\x6f" + "\x15\xef\x0d\x8d", +}; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c new file mode 100644 index 000000000..2a58b3732 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * draft-kanno-ipsecme-camellia-xcbc Test Case #1 + */ +signer_test_vector_t camellia_xcbc_s1 = { + .alg = AUTH_CAMELLIA_XCBC_96, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .mac = "\x3d\x04\x2d\xd4\xe7\xbc\x79\x1c\xee\x32\x04\x15", +}; + +prf_test_vector_t camellia_xcbc_p1 = { + .alg = PRF_CAMELLIA128_XCBC, .key_size = 16, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .out = "\x3d\x04\x2d\xd4\xe7\xbc\x79\x1c\xee\x32\x04\x15\xc5\xe3\x26\xd6", +}; + +/** + * draft-kanno-ipsecme-camellia-xcbc Test Case #2 + */ +prf_test_vector_t camellia_xcbc_p2 = { + .alg = PRF_CAMELLIA128_XCBC, .key_size = 10, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09", + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .out = "\xb9\x16\xb4\x23\x42\x0a\x90\x6c\xd7\xd7\xb6\x72\xa2\x4e\x97\x6f", +}; + +/** + * draft-kanno-ipsecme-camellia-xcbc Test #3 + */ +prf_test_vector_t camellia_xcbc_p3 = { + .alg = PRF_CAMELLIA128_XCBC, .key_size = 18, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\xed\xcb", + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .out = "\xb9\x71\x46\x36\x9d\x31\x94\x0f\xf5\x7a\x0d\xdf\x22\x33\xc1\xd2", +}; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index 234d237f3..f3a254d8d 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -20,6 +20,7 @@ /* define symbols of all test vectors */ #define TEST_VECTOR_CRYPTER(x) crypter_test_vector_t x; +#define TEST_VECTOR_AEAD(x) aead_test_vector_t x; #define TEST_VECTOR_SIGNER(x) signer_test_vector_t x; #define TEST_VECTOR_HASHER(x) hasher_test_vector_t x; #define TEST_VECTOR_PRF(x) prf_test_vector_t x; @@ -28,12 +29,14 @@ #include "test_vectors.h" #undef TEST_VECTOR_CRYPTER +#undef TEST_VECTOR_AEAD #undef TEST_VECTOR_SIGNER #undef TEST_VECTOR_HASHER #undef TEST_VECTOR_PRF #undef TEST_VECTOR_RNG #define TEST_VECTOR_CRYPTER(x) +#define TEST_VECTOR_AEAD(x) #define TEST_VECTOR_SIGNER(x) #define TEST_VECTOR_HASHER(x) #define TEST_VECTOR_PRF(x) @@ -48,6 +51,14 @@ static crypter_test_vector_t *crypter[] = { #undef TEST_VECTOR_CRYPTER #define TEST_VECTOR_CRYPTER(x) +#undef TEST_VECTOR_AEAD +#define TEST_VECTOR_AEAD(x) &x, +static aead_test_vector_t *aead[] = { +#include "test_vectors.h" +}; +#undef TEST_VECTOR_AEAD +#define TEST_VECTOR_AEAD(x) + #undef TEST_VECTOR_SIGNER #define TEST_VECTOR_SIGNER(x) &x, static signer_test_vector_t *signer[] = { @@ -116,6 +127,11 @@ plugin_t *test_vectors_plugin_create() lib->crypto->add_test_vector(lib->crypto, ENCRYPTION_ALGORITHM, crypter[i]); } + for (i = 0; i < countof(aead); i++) + { + lib->crypto->add_test_vector(lib->crypto, + AEAD_ALGORITHM, aead[i]); + } for (i = 0; i < countof(signer); i++) { lib->crypto->add_test_vector(lib->crypto, diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index f40427f3f..b1cc2f168 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -197,14 +200,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -244,7 +257,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 92b576aa5..559090aa0 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -260,7 +260,7 @@ static const asn1Object_t otherNameObjects[] = { /** * Extracts an otherName */ -static bool parse_otherName(chunk_t blob, int level0) +static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type) { asn1_parser_t *parser; chunk_t object; @@ -268,7 +268,7 @@ static bool parse_otherName(chunk_t blob, int level0) int oid = OID_UNKNOWN; bool success = FALSE; - parser = asn1_parser_create(otherNameObjects, blob); + parser = asn1_parser_create(otherNameObjects, *blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) @@ -279,13 +279,27 @@ static bool parse_otherName(chunk_t blob, int level0) oid = asn1_known_oid(object); break; case ON_OBJ_VALUE: - if (oid == OID_XMPP_ADDR) + switch (oid) { - if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING, - parser->get_level(parser)+1, "xmppAddr")) - { - goto end; - } + case OID_XMPP_ADDR: + if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING, + parser->get_level(parser)+1, "xmppAddr")) + { + goto end; + } + break; + case OID_USER_PRINCIPAL_NAME: + if (asn1_parse_simple_object(&object, ASN1_UTF8STRING, + parser->get_level(parser)+1, "msUPN")) + { /* we handle UPNs as RFC822 addr */ + *blob = object; + *type = ID_RFC822_ADDR; + } + else + { + goto end; + } + break; } break; default: @@ -379,7 +393,8 @@ static identification_t *parse_generalName(chunk_t blob, int level0) } break; case GN_OBJ_OTHER_NAME: - if (!parse_otherName(object, parser->get_level(parser)+1)) + if (!parse_otherName(&object, parser->get_level(parser)+1, + &id_type)) { goto end; } @@ -1091,15 +1106,28 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje identification_t *current; enumerator_t *enumerator; id_match_t match, best; + chunk_t encoding; - if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID) + if (subject->get_type(subject) == ID_KEY_ID) { - if (chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + encoding = subject->get_encoding(subject); + + if (this->encoding_hash.len && + chunk_equals(this->encoding_hash, encoding)) + { + return ID_MATCH_PERFECT; + } + if (this->subjectKeyIdentifier.len && + chunk_equals(this->subjectKeyIdentifier, encoding)) + { + return ID_MATCH_PERFECT; + } + if (this->public_key && + this->public_key->has_fingerprint(this->public_key, encoding)) { return ID_MATCH_PERFECT; } } - best = this->subject->matches(this->subject, subject); enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames); while (enumerator->enumerate(enumerator, ¤t)) diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c index bfb0ca621..7b488484e 100644 --- a/src/libstrongswan/plugins/x509/x509_pkcs10.c +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -684,7 +684,7 @@ x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args) enumerator->destroy(enumerator); continue; } - case BUILD_PASSPHRASE: + case BUILD_CHALLENGE_PWD: cert->challengePassword = chunk_clone(va_arg(args, chunk_t)); continue; case BUILD_DIGEST_ALG: diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index 8391781e2..11a7f023c 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -73,25 +73,25 @@ plugin_t *x509_plugin_create() this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, (builder_function_t)x509_cert_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE, (builder_function_t)x509_cert_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE, (builder_function_t)x509_ac_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, TRUE, (builder_function_t)x509_ac_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE, (builder_function_t)x509_crl_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE, (builder_function_t)x509_crl_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE, (builder_function_t)x509_ocsp_request_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, TRUE, (builder_function_t)x509_ocsp_response_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE, (builder_function_t)x509_pkcs10_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, TRUE, (builder_function_t)x509_pkcs10_load); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 69bba8d6f..e82e5246f 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index b9f03eeac..be18d92b8 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -27,10 +27,11 @@ typedef struct private_xcbc_t private_xcbc_t; * The variable names are the same as in the RFC. */ struct private_xcbc_t { + /** * Public xcbc_t interface. */ - xcbc_t xcbc; + xcbc_t public; /** * Block size, in bytes @@ -135,9 +136,9 @@ static void final(private_xcbc_t *this, u_int8_t *out) if (this->remaining_bytes == this->b && !this->zero) { /* a) If the blocksize of M[n] is 128 bits: - * XOR M[n] with E[n-1] and Key K2, then encrypt the result with - * Key K1, yielding E[n]. - */ + * XOR M[n] with E[n-1] and Key K2, then encrypt the result with + * Key K1, yielding E[n]. + */ memxor(this->e, this->remaining, this->b); memxor(this->e, this->k2, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); @@ -147,20 +148,20 @@ static void final(private_xcbc_t *this, u_int8_t *out) /* b) If the blocksize of M[n] is less than 128 bits: * * i) Pad M[n] with a single "1" bit, followed by the number of - * "0" bits (possibly none) required to increase M[n]'s - * blocksize to 128 bits. - */ - if (this->remaining_bytes < this->b) - { - this->remaining[this->remaining_bytes] = 0x80; - while (++this->remaining_bytes < this->b) - { - this->remaining[this->remaining_bytes] = 0x00; - } - } - /* ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result - * with Key K1, yielding E[n]. - */ + * "0" bits (possibly none) required to increase M[n]'s + * blocksize to 128 bits. + */ + if (this->remaining_bytes < this->b) + { + this->remaining[this->remaining_bytes] = 0x80; + while (++this->remaining_bytes < this->b) + { + this->remaining[this->remaining_bytes] = 0x00; + } + } + /* ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result + * with Key K1, yielding E[n]. + */ memxor(this->e, this->remaining, this->b); memxor(this->e, this->k3, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); @@ -174,10 +175,8 @@ static void final(private_xcbc_t *this, u_int8_t *out) this->zero = TRUE; } -/** - * Implementation of xcbc_t.get_mac. - */ -static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out) +METHOD(xcbc_t, get_mac, void, + private_xcbc_t *this, chunk_t data, u_int8_t *out) { /* update E, do not process last block */ update(this, data); @@ -188,18 +187,14 @@ static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out) } } -/** - * Implementation of xcbc_t.get_block_size. - */ -static size_t get_block_size(private_xcbc_t *this) +METHOD(xcbc_t, get_block_size, size_t, + private_xcbc_t *this) { return this->b; } -/** - * Implementation of xcbc_t.set_key. - */ -static void set_key(private_xcbc_t *this, chunk_t key) +METHOD(xcbc_t, set_key, void, + private_xcbc_t *this, chunk_t key) { chunk_t iv, k1, lengthened; @@ -228,11 +223,11 @@ static void set_key(private_xcbc_t *this, chunk_t key) /* * (1) Derive 3 128-bit keys (K1, K2 and K3) from the 128-bit secret - * key K, as follows: - * K1 = 0x01010101010101010101010101010101 encrypted with Key K - * K2 = 0x02020202020202020202020202020202 encrypted with Key K - * K3 = 0x03030303030303030303030303030303 encrypted with Key K - */ + * key K, as follows: + * K1 = 0x01010101010101010101010101010101 encrypted with Key K + * K2 = 0x02020202020202020202020202020202 encrypted with Key K + * K3 = 0x03030303030303030303030303030303 encrypted with Key K + */ this->k1->set_key(this->k1, lengthened); memset(this->k2, 0x02, this->b); this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL); @@ -243,10 +238,8 @@ static void set_key(private_xcbc_t *this, chunk_t key) this->k1->set_key(this->k1, k1); } -/** - * Implementation of xcbc_t.destroy. - */ -static void destroy(private_xcbc_t *this) +METHOD(xcbc_t, destroy, void, + private_xcbc_t *this) { this->k1->destroy(this->k1); free(this->k2); @@ -263,35 +256,38 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) { private_xcbc_t *this; crypter_t *crypter; + u_int8_t b; crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) { return NULL; } + b = crypter->get_block_size(crypter); /* input and output of crypter must be equal for xcbc */ - if (crypter->get_block_size(crypter) != key_size) + if (b != key_size) { crypter->destroy(crypter); return NULL; } - this = malloc_thing(private_xcbc_t); - this->xcbc.get_mac = (void (*)(xcbc_t *,chunk_t,u_int8_t*))get_mac; - this->xcbc.get_block_size = (size_t (*)(xcbc_t *))get_block_size; - this->xcbc.set_key = (void (*)(xcbc_t *,chunk_t))set_key; - this->xcbc.destroy = (void (*)(xcbc_t *))destroy; - - this->b = crypter->get_block_size(crypter); - this->k1 = crypter; - this->k2 = malloc(this->b); - this->k3 = malloc(this->b); - this->e = malloc(this->b); - memset(this->e, 0, this->b); - this->remaining = malloc(this->b); - this->remaining_bytes = 0; - this->zero = TRUE; - - return &this->xcbc; + INIT(this, + .public = { + .get_mac = _get_mac, + .get_block_size = _get_block_size, + .set_key = _set_key, + .destroy = _destroy, + }, + .b = b, + .k1 = crypter, + .k2 = malloc(b), + .k3 = malloc(b), + .e = malloc(b), + .remaining = malloc(b), + .zero = TRUE, + ); + memset(this->e, 0, b); + + return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 9d903bfaa..88156f383 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -32,15 +32,13 @@ struct private_xcbc_plugin_t { xcbc_plugin_t public; }; -/** - * Implementation of xcbc_plugin_t.xcbctroy - */ -static void destroy(private_xcbc_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_xcbc_plugin_t *this) { lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)xcbc_prf_create); + (prf_constructor_t)xcbc_prf_create); lib->crypto->remove_signer(lib->crypto, - (signer_constructor_t)xcbc_signer_create); + (signer_constructor_t)xcbc_signer_create); free(this); } @@ -49,14 +47,24 @@ static void destroy(private_xcbc_plugin_t *this) */ plugin_t *xcbc_plugin_create() { - private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t); + private_xcbc_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, - (prf_constructor_t)xcbc_prf_create); + (prf_constructor_t)xcbc_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, + (prf_constructor_t)xcbc_prf_create); lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, - (signer_constructor_t)xcbc_signer_create); + (signer_constructor_t)xcbc_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, + (signer_constructor_t)xcbc_signer_create); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c index 2459dc616..ac9e1fda0 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c @@ -35,18 +35,14 @@ struct private_xcbc_prf_t { xcbc_t *xcbc; }; -/** - * Implementation of prf_t.get_bytes. - */ -static void get_bytes(private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer) +METHOD(prf_t, get_bytes, void, + private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer) { this->xcbc->get_mac(this->xcbc, seed, buffer); } -/** - * Implementation of prf_t.allocate_bytes. - */ -static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk) +METHOD(prf_t, allocate_bytes, void, + private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk) { if (chunk) { @@ -59,35 +55,27 @@ static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chun } } -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_block_size(private_xcbc_prf_t *this) +METHOD(prf_t, get_block_size, size_t, + private_xcbc_prf_t *this) { return this->xcbc->get_block_size(this->xcbc); } -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_key_size(private_xcbc_prf_t *this) +METHOD(prf_t, get_key_size, size_t, + private_xcbc_prf_t *this) { /* in xcbc, block and key size are always equal */ return this->xcbc->get_block_size(this->xcbc); } -/** - * Implementation of prf_t.set_key. - */ -static void set_key(private_xcbc_prf_t *this, chunk_t key) +METHOD(prf_t, set_key, void, + private_xcbc_prf_t *this, chunk_t key) { this->xcbc->set_key(this->xcbc, key); } -/** - * Implementation of prf_t.destroy. - */ -static void destroy(private_xcbc_prf_t *this) +METHOD(prf_t, destroy, void, + private_xcbc_prf_t *this) { this->xcbc->destroy(this->xcbc); free(this); @@ -106,6 +94,9 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo) case PRF_AES128_XCBC: xcbc = xcbc_create(ENCR_AES_CBC, 16); break; + case PRF_CAMELLIA128_XCBC: + xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16); + break; default: return NULL; } @@ -114,15 +105,19 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo) return NULL; } - this = malloc_thing(private_xcbc_prf_t); - this->xcbc = xcbc; - - this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; - this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; - this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; - this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; - this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; - this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; + INIT(this, + .public = { + .prf = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .xcbc = xcbc, + ); return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h index d2db9af41..294a853b4 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h @@ -34,9 +34,9 @@ typedef struct xcbc_prf_t xcbc_prf_t; struct xcbc_prf_t { /** - * Generic prf_t interface for this xcbc_prf_t class. + * Implements prf_t interface. */ - prf_t prf_interface; + prf_t prf; }; /** diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c index 1c98d39d7..ece592323 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c @@ -41,11 +41,8 @@ struct private_xcbc_signer_t { size_t block_size; }; -/** - * Implementation of signer_t.get_signature. - */ -static void get_signature(private_xcbc_signer_t *this, - chunk_t data, u_int8_t *buffer) +METHOD(signer_t, get_signature, void, + private_xcbc_signer_t *this, chunk_t data, u_int8_t *buffer) { if (buffer == NULL) { /* append mode */ @@ -60,11 +57,8 @@ static void get_signature(private_xcbc_signer_t *this, } } -/** - * Implementation of signer_t.allocate_signature. - */ -static void allocate_signature (private_xcbc_signer_t *this, - chunk_t data, chunk_t *chunk) +METHOD(signer_t, allocate_signature, void, + private_xcbc_signer_t *this, chunk_t data, chunk_t *chunk) { if (chunk == NULL) { /* append mode */ @@ -83,11 +77,8 @@ static void allocate_signature (private_xcbc_signer_t *this, } } -/** - * Implementation of signer_t.verify_signature. - */ -static bool verify_signature(private_xcbc_signer_t *this, - chunk_t data, chunk_t signature) +METHOD(signer_t, verify_signature, bool, + private_xcbc_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; @@ -100,38 +91,29 @@ static bool verify_signature(private_xcbc_signer_t *this, return memeq(signature.ptr, mac, this->block_size); } -/** - * Implementation of signer_t.get_key_size. - */ -static size_t get_key_size(private_xcbc_signer_t *this) +METHOD(signer_t, get_key_size, size_t, + private_xcbc_signer_t *this) { return this->xcbc->get_block_size(this->xcbc); } -/** - * Implementation of signer_t.get_block_size. - */ -static size_t get_block_size(private_xcbc_signer_t *this) +METHOD(signer_t, get_block_size, size_t, + private_xcbc_signer_t *this) { return this->block_size; } -/** - * Implementation of signer_t.set_key. - */ -static void set_key(private_xcbc_signer_t *this, chunk_t key) +METHOD(signer_t, set_key, void, + private_xcbc_signer_t *this, chunk_t key) { this->xcbc->set_key(this->xcbc, key); } -/** - * Implementation of signer_t.destroy. - */ -static status_t destroy(private_xcbc_signer_t *this) +METHOD(signer_t, destroy, void, + private_xcbc_signer_t *this) { this->xcbc->destroy(this->xcbc); free(this); - return SUCCESS; } /* @@ -149,6 +131,10 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) xcbc = xcbc_create(ENCR_AES_CBC, 16); trunc = 12; break; + case AUTH_CAMELLIA_XCBC_96: + xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16); + trunc = 12; + break; default: return NULL; } @@ -157,18 +143,21 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) return NULL; } - this = malloc_thing(private_xcbc_signer_t); - this->xcbc = xcbc; - this->block_size = min(trunc, xcbc->get_block_size(xcbc)); - - /* interface functions */ - this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; - this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; - this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature; - this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size; - this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; - this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; - this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; + INIT(this, + .public = { + .signer = { + .get_signature = _get_signature, + .allocate_signature = _allocate_signature, + .verify_signature = _verify_signature, + .get_key_size = _get_key_size, + .get_block_size = _get_block_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .xcbc = xcbc, + .block_size = min(trunc, xcbc->get_block_size(xcbc)), + ); return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h index 181cfe299..56b55f223 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h @@ -31,9 +31,9 @@ typedef struct xcbc_signer_t xcbc_signer_t; struct xcbc_signer_t { /** - * generic signer_t interface for this signer + * Implements signer_t interface. */ - signer_t signer_interface; + signer_t signer; }; /** |