diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-02-23 10:34:14 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-02-23 10:34:14 +0000 |
commit | ed7d79f96177044949744da10f4431c1d6242241 (patch) | |
tree | 3aabaa55ed3b5291daef891cfee9befb5235e2b8 /src/libstrongswan/plugins | |
parent | 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (diff) | |
download | vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.tar.gz vyos-strongswan-ed7d79f96177044949744da10f4431c1d6242241.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.3.6)
Diffstat (limited to 'src/libstrongswan/plugins')
202 files changed, 15047 insertions, 7173 deletions
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 4414b2ede..03ef465e0 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/aes DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_aes_la_LIBADD = am_libstrongswan_aes_la_OBJECTS = aes_plugin.lo aes_crypter.lo @@ -58,6 +82,7 @@ libstrongswan_aes_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index c5b091750..10d48cf67 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "aes_crypter.h" /* @@ -36,26 +36,26 @@ typedef struct private_aes_crypter_t private_aes_crypter_t; /** * Class implementing the AES symmetric encryption algorithm. - * + * * @ingroup crypters */ struct private_aes_crypter_t { - + /** * Public part of this class. */ aes_crypter_t public; - + /** * Number of words in the key input block. */ u_int32_t aes_Nkey; - + /** * The number of cipher rounds. */ u_int32_t aes_Nrnd; - + /** * The encryption key schedule. */ @@ -65,7 +65,7 @@ struct private_aes_crypter_t { * The decryption key schedule. */ u_int32_t aes_d_key[AES_KS_LENGTH]; - + /** * Key size of this AES cypher object. */ @@ -84,13 +84,13 @@ struct private_aes_crypter_t { * is not defined, individually declared 32-bit words are used. * 6. Define FAST_VARIABLE if a high speed variable block implementation * is needed (essentially three separate fixed block size code sequences) - * 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven + * 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven * version using 1 table (2 kbytes of table space) or 4 tables (8 * kbytes of table space) for higher speed. - * 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed + * 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed * increase by using tables for the last rounds but with more table * space (2 or 8 kbytes extra). - * 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but + * 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but * slower version is provided. * 10. If fast decryption key scheduling is needed define ONE_IM_TABLE * or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra). @@ -131,17 +131,17 @@ struct private_aes_crypter_t { #if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32 #error an illegal block size has been specified -#endif +#endif /** - * Rotates bytes within words by n positions, moving bytes + * Rotates bytes within words by n positions, moving bytes * to higher index positions with wrap around into low positions. - */ + */ #define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n)))) /** - * Moves bytes by n positions to higher index positions in + * Moves bytes by n positions to higher index positions in * words but without wrap around. - */ + */ #define ups(x,n) ((x) << 8 * (n)) /** @@ -154,7 +154,7 @@ struct private_aes_crypter_t { /* little endian processor without data alignment restrictions: AES_LE_OK */ /* original code: i386 */ -#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) +#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) #define AES_LE_OK 1 /* added (tested): alpha --jjo */ #elif defined(__alpha__)|| defined (__alpha) @@ -220,9 +220,9 @@ struct private_aes_crypter_t { // give improved performance if a fast 32-bit multiply is not available. Note // that a temporary variable u needs to be defined where FFmulX is used. -// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) +// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) // #define m4 0x1b1b1b1b -// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) +// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) // perform column mix operation on four bytes in parallel @@ -343,7 +343,7 @@ static const u_int32_t rcon_tab[29] = #define w2(p) 0x00##p##0000 #define w3(p) 0x##p##000000 -#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) +#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) // data for forward tables (other than last round) @@ -526,7 +526,7 @@ static const u_int32_t it_tab[4][256] = #endif -#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) +#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) // data for inverse tables (last round) @@ -608,7 +608,7 @@ static const u_int32_t il_tab[4][256] = #endif -#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) +#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) #define m_table \ r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\ @@ -733,8 +733,8 @@ static u_int32_t im_tab[4][256]; #if !defined(FF_TABLES) -// It will generally be sensible to use tables to compute finite -// field multiplies and inverses but where memory is scarse this +// It will generally be sensible to use tables to compute finite +// field multiplies and inverses but where memory is scarse this // code might sometimes be better. // return 2 ^ (n - 1) where n is the bit number of the highest bit @@ -743,7 +743,7 @@ static u_int32_t im_tab[4][256]; static unsigned char hibit(const u_int32_t x) { unsigned char r = (unsigned char)((x >> 1) | (x >> 2)); - + r |= (r >> 2); r |= (r >> 4); return (r + 1) >> 1; @@ -761,14 +761,14 @@ static unsigned char FFinv(const unsigned char x) if(!n1) return v1; while(n2 >= n1) - { + { n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2); } - + if(!n2) return v2; while(n1 >= n2) - { + { n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1); } } @@ -815,9 +815,9 @@ static void gen_tabs(void) // 0x011b as modular polynomial - the simplest primitive // root is 0x03, used here to generate the tables - i = 0; w = 1; + i = 0; w = 1; do - { + { pow[i] = (unsigned char)w; pow[i + 255] = (unsigned char)w; log[w] = (unsigned char)i++; @@ -987,8 +987,8 @@ switch(nc) \ // is being computed, return the input state variables which are // needed for each row (r) of the state -// For the fixed block size options, compilers reduce these two -// expressions to fixed variable references. For variable block +// For the fixed block size options, compilers reduce these two +// expressions to fixed variable references. For variable block // size code conditional clauses will sometimes be returned #define unused 77 // Sunset Strip @@ -1226,17 +1226,17 @@ static void encrypt_block(const private_aes_crypter_t *this, const unsigned char switch(this->aes_Nrnd) { - case 14: round(fwd_rnd, b1, b0, kp ); + case 14: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 12: round(fwd_rnd, b1, b0, kp ); + case 12: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 10: round(fwd_rnd, b1, b0, kp ); + case 10: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc); - round(fwd_rnd, b1, b0, kp + 2 * nc); + round(fwd_rnd, b1, b0, kp + 2 * nc); round(fwd_rnd, b0, b1, kp + 3 * nc); - round(fwd_rnd, b1, b0, kp + 4 * nc); + round(fwd_rnd, b1, b0, kp + 4 * nc); round(fwd_rnd, b0, b1, kp + 5 * nc); - round(fwd_rnd, b1, b0, kp + 6 * nc); + round(fwd_rnd, b1, b0, kp + 6 * nc); round(fwd_rnd, b0, b1, kp + 7 * nc); round(fwd_rnd, b1, b0, kp + 8 * nc); round(fwd_lrnd, b0, b1, kp + 9 * nc); @@ -1247,7 +1247,7 @@ static void encrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < (this->aes_Nrnd >> 1) - 1; ++rnd) { - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc; } @@ -1259,7 +1259,7 @@ static void encrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < this->aes_Nrnd - 1; ++rnd) { - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); l_copy(b0, b1); kp += nc; } @@ -1278,7 +1278,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char const u_int32_t *kp = this->aes_d_key; #if !defined(ONE_TABLE) && !defined(FOUR_TABLES) - u_int32_t f2, f4, f8, f9; + u_int32_t f2, f4, f8, f9; #endif state_in(b0, in_blk, kp); kp += nc; @@ -1291,13 +1291,13 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; case 12: round(inv_rnd, b1, b0, kp ); round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 10: round(inv_rnd, b1, b0, kp ); + case 10: round(inv_rnd, b1, b0, kp ); round(inv_rnd, b0, b1, kp + nc); - round(inv_rnd, b1, b0, kp + 2 * nc); + round(inv_rnd, b1, b0, kp + 2 * nc); round(inv_rnd, b0, b1, kp + 3 * nc); - round(inv_rnd, b1, b0, kp + 4 * nc); + round(inv_rnd, b1, b0, kp + 4 * nc); round(inv_rnd, b0, b1, kp + 5 * nc); - round(inv_rnd, b1, b0, kp + 6 * nc); + round(inv_rnd, b1, b0, kp + 6 * nc); round(inv_rnd, b0, b1, kp + 7 * nc); round(inv_rnd, b1, b0, kp + 8 * nc); round(inv_lrnd, b0, b1, kp + 9 * nc); @@ -1308,7 +1308,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < (this->aes_Nrnd >> 1) - 1; ++rnd) { - round(inv_rnd, b1, b0, kp); + round(inv_rnd, b1, b0, kp); round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc; } @@ -1320,7 +1320,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < this->aes_Nrnd - 1; ++rnd) { - round(inv_rnd, b1, b0, kp); + round(inv_rnd, b1, b0, kp); l_copy(b0, b1); kp += nc; } @@ -1340,7 +1340,7 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, int pos; const u_int32_t *iv_i; u_int8_t *in, *out; - + if (decrypted) { *decrypted = chunk_alloc(data.len); @@ -1351,7 +1351,7 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, out = data.ptr; } in = data.ptr; - + pos = data.len-16; in += pos; out += pos; @@ -1386,7 +1386,7 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, int pos; const u_int32_t *iv_i; u_int8_t *in, *out; - + in = data.ptr; out = data.ptr; if (encrypted) @@ -1394,7 +1394,7 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, *encrypted = chunk_alloc(data.len); out = encrypted->ptr; } - + pos=0; while(pos<data.len) { @@ -1440,18 +1440,18 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) { u_int32_t *kf, *kt, rci, f = 0; u_int8_t *in_key = key.ptr; - - this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; - + + this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; + this->aes_e_key[0] = const_word_in(in_key ); this->aes_e_key[1] = const_word_in(in_key + 4); this->aes_e_key[2] = const_word_in(in_key + 8); this->aes_e_key[3] = const_word_in(in_key + 12); - - kf = this->aes_e_key; - kt = kf + nc * (this->aes_Nrnd + 1) - this->aes_Nkey; + + kf = this->aes_e_key; + kt = kf + nc * (this->aes_Nrnd + 1) - this->aes_Nkey; rci = 0; - + switch(this->aes_Nkey) { case 4: do @@ -1463,7 +1463,7 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) } while(kf < kt); break; - + case 6: this->aes_e_key[4] = const_word_in(in_key + 16); this->aes_e_key[5] = const_word_in(in_key + 20); do @@ -1496,18 +1496,18 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) while (kf < kt); break; } - + if(!f) { u_int32_t i; kt = this->aes_d_key + nc * this->aes_Nrnd; kf = this->aes_e_key; - + cpy(kt, kf); kt -= 2 * nc; - + for(i = 1; i < this->aes_Nrnd; ++i) - { + { #if defined(ONE_TABLE) || defined(FOUR_TABLES) #if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES) u_int32_t f2, f4, f8, f9; @@ -1536,18 +1536,18 @@ static void destroy (private_aes_crypter_t *this) aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_aes_crypter_t *this; - + if (algo != ENCR_AES_CBC) { return NULL; } - + this = malloc_thing(private_aes_crypter_t); - + #if !defined(FIXED_TABLES) if(!tab_gen) { gen_tabs(); tab_gen = 1; } #endif - + this->key_size = key_size; switch(key_size) { @@ -1564,13 +1564,13 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size) free(this); return NULL; } - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h index 19ea6b4b7..061d72fd6 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.h +++ b/src/libstrongswan/plugins/aes/aes_crypter.h @@ -30,7 +30,7 @@ typedef struct aes_crypter_t aes_crypter_t; * Class implementing the AES encryption algorithm. */ struct aes_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct aes_crypter_t { /** * Constructor to create aes_crypter_t objects. - * + * * @param key_size key size in bytes * @param algo algorithm to implement * @return aes_crypter_t object, NULL if not supported diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index 63fa48330..c6215cc7f 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -47,12 +47,12 @@ static void destroy(private_aes_plugin_t *this) plugin_t *plugin_create() { private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)aes_crypter_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index a73edb362..5bf52aa56 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/agent DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_agent_la_LIBADD = am_libstrongswan_agent_la_OBJECTS = agent_plugin.lo \ @@ -59,6 +83,7 @@ libstrongswan_agent_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -304,21 +338,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +375,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +383,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +431,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +472,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +494,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +504,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +564,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index 84b85d4bd..299b2cc1d 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -37,7 +37,7 @@ struct private_agent_plugin_t { static void destroy(private_agent_plugin_t *this) { lib->creds->remove_builder(lib->creds, - (builder_constructor_t)agent_private_key_builder); + (builder_function_t)agent_private_key_open); free(this); } @@ -47,11 +47,11 @@ static void destroy(private_agent_plugin_t *this) plugin_t *plugin_create() { private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)agent_private_key_builder); + (builder_function_t)agent_private_key_open); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h index 33a5dcb53..e49af42d8 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.h +++ b/src/libstrongswan/plugins/agent/agent_plugin.h @@ -16,7 +16,7 @@ /** * @defgroup agent_p agent * @ingroup plugins - * + * * @defgroup agent_plugin agent_plugin * @{ @ingroup agent_p */ diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index ffdc6d778..d0a2da87f 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,8 +26,6 @@ #include <library.h> #include <chunk.h> #include <debug.h> -#include <asn1/asn1.h> -#include <asn1/oid.h> #ifndef UNIX_PATH_MAX #define UNIX_PATH_MAX 108 @@ -44,36 +42,26 @@ struct private_agent_private_key_t { * Public interface for this signer. */ agent_private_key_t public; - + /** * ssh-agent unix socket connection */ int socket; - + /** * key identity blob in ssh format */ chunk_t key; - + /** * keysize in bytes */ size_t key_size; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - - /** * reference count */ - refcount_t ref; + refcount_t ref; }; /** @@ -127,7 +115,7 @@ static chunk_t read_string(chunk_t *blob) { int len; chunk_t str; - + len = read_uint32(blob); if (len > blob->len) { @@ -152,11 +140,11 @@ static int open_connection(char *path) DBG1("opening ssh-agent socket %s failed: %s:", path, strerror(errno)); return -1; } - + addr.sun_family = AF_UNIX; addr.sun_path[UNIX_PATH_MAX - 1] = '\0'; strncpy(addr.sun_path, path, UNIX_PATH_MAX - 1); - + if (connect(s, (struct sockaddr*)&addr, SUN_LEN(&addr)) != 0) { DBG1("connecting to ssh-agent socket failed: %s", strerror(errno)); @@ -167,51 +155,14 @@ static int open_connection(char *path) } /** - * check if the ssh agent key blob matches to our public key - */ -static bool matches_pubkey(chunk_t key, public_key_t *pubkey) -{ - chunk_t pubkeydata, hash, n, e; - hasher_t *hasher; - identification_t *id; - bool match; - - if (!pubkey) - { - return TRUE; - } - read_string(&key); - e = read_string(&key); - n = read_string(&key); - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - return FALSE; - } - pubkeydata = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", n), - asn1_integer("c", e)); - hasher->allocate_hash(hasher, pubkeydata, &hash); - free(pubkeydata.ptr); - id = pubkey->get_id(pubkey, ID_PUBKEY_SHA1); - if (!id) - { - return FALSE; - } - match = chunk_equals(id->get_encoding(id), hash); - free(hash.ptr); - return match; -} - -/** * Get the first usable key from the agent */ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) { int len, count; char buf[2048]; - chunk_t blob = chunk_from_buf(buf), key, type, tmp; - + chunk_t blob, key, type, n; + len = htonl(1); buf[0] = SSH_AGENT_ID_REQUEST; if (write(this->socket, &len, sizeof(len)) != sizeof(len) || @@ -220,9 +171,10 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) DBG1("writing to ssh-agent failed"); return FALSE; } - + + blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); - + if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_ID_RESPONSE) @@ -231,51 +183,59 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) return FALSE; } count = read_uint32(&blob); - + while (blob.len) { key = read_string(&blob); - if (key.len) + if (!key.len) + { + break; + } + this->key = key; + type = read_string(&key); + if (!type.len || !strneq("ssh-rsa", type.ptr, type.len)) + { + break; + } + read_string(&key); + n = read_string(&key); + if (n.len <= 512/8) + { + break;; + } + if (pubkey && !private_key_belongs_to(&this->public.interface, pubkey)) { - tmp = key; - type = read_string(&tmp); - read_string(&tmp); - tmp = read_string(&tmp); - if (type.len && strneq("ssh-rsa", type.ptr, type.len) && - tmp.len >= 512/8 && matches_pubkey(key, pubkey)) - { - this->key = chunk_clone(key); - this->key_size = tmp.len; - if (tmp.ptr[0] == 0) - { - this->key_size--; - } - return TRUE; - } continue; } - break; + this->key_size = n.len; + if (n.ptr[0] == 0) + { + this->key_size--; + } + this->key = chunk_clone(this->key); + return TRUE; } + this->key = chunk_empty; return FALSE; } /** * Implementation of agent_private_key.destroy. */ -static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { u_int32_t len, flags; char buf[2048]; - chunk_t blob = chunk_from_buf(buf); - + chunk_t blob; + if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1) { DBG1("signature scheme %N not supported by ssh-agent", signature_scheme_names, scheme); return FALSE; } - + len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len); buf[0] = SSH_AGENT_SIGN_REQUEST; if (write(this->socket, &len, sizeof(len)) != sizeof(len) || @@ -284,7 +244,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, DBG1("writing to ssh-agent failed"); return FALSE; } - + len = htonl(this->key.len); if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, this->key.ptr, this->key.len) != this->key.len) @@ -292,7 +252,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, DBG1("writing to ssh-agent failed"); return FALSE; } - + len = htonl(data.len); if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, data.ptr, data.len) != data.len) @@ -300,14 +260,15 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, DBG1("writing to ssh-agent failed"); return FALSE; } - + flags = htonl(0); if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags)) { DBG1("writing to ssh-agent failed"); return FALSE; } - + + blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || @@ -358,112 +319,49 @@ static size_t get_keysize(private_agent_private_key_t *this) } /** - * Implementation of agent_private_key.destroy. - */ -static identification_t* get_id(private_agent_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - -/** * Implementation of agent_private_key.get_public_key. */ static public_key_t* get_public_key(private_agent_private_key_t *this) { - chunk_t key, n, e, encoded; - public_key_t *public; - + chunk_t key, n, e; + key = this->key; read_string(&key); e = read_string(&key); n = read_string(&key); - encoded = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", n), - asn1_integer("c", e)); - - public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, encoded, BUILD_END); - free(encoded.ptr); - return public; + + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); } /** - * Implementation of agent_private_key.belongs_to. + * Implementation of private_key_t.get_encoding */ -static bool belongs_to(private_agent_private_key_t *this, public_key_t *public) +static bool get_encoding(private_agent_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } return FALSE; } /** - * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info). + * Implementation of private_key_t.get_fingerprint */ -static bool build_ids(private_agent_private_key_t *this) +static bool get_fingerprint(private_agent_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - chunk_t publicKeyInfo, publicKey, hash, key, n, e; - hasher_t *hasher; - + chunk_t n, e, key; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; + } key = this->key; read_string(&key); e = read_string(&key); n = read_string(&key); - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; - } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", n), - asn1_integer("c", e)); - hasher->allocate_hash(hasher, publicKey, &hash); - this->keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - this->keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - return TRUE; -} -/** - * Implementation of private_key_t.get_encoding. - */ -static chunk_t get_encoding(private_agent_private_key_t *this) -{ - return chunk_empty; + return lib->encoding->encode(lib->encoding, type, this, fp, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); } /** @@ -483,32 +381,58 @@ static void destroy(private_agent_private_key_t *this) if (ref_put(&this->ref)) { close(this->socket); - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this->key.ptr); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Internal constructor + * See header. */ -static agent_private_key_t *agent_private_key_create(char *path, - public_key_t *pubkey) +agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) { - private_agent_private_key_t *this = malloc_thing(private_agent_private_key_t); - + private_agent_private_key_t *this; + public_key_t *pubkey = NULL; + char *path = NULL; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_AGENT_SOCKET: + path = va_arg(args, char*); + continue; + case BUILD_PUBLIC_KEY: + pubkey = va_arg(args, public_key_t*); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!path) + { + return FALSE; + } + + this = malloc_thing(private_agent_private_key_t); + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.equals = private_key_equals; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->socket = open_connection(path); if (this->socket < 0) { @@ -516,93 +440,13 @@ static agent_private_key_t *agent_private_key_create(char *path, return NULL; } this->key = chunk_empty; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - if (!read_key(this, pubkey) || !build_ids(this)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** agent unix socket */ - char *socket; - /** matching public key */ - public_key_t *pubkey; -}; -/** - * Implementation of builder_t.build - */ -static agent_private_key_t *build(private_builder_t *this) -{ - agent_private_key_t *key = NULL; - - if (this->socket) - { - key = agent_private_key_create(this->socket, this->pubkey); - } - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - va_list args; - - switch (part) - { - case BUILD_AGENT_SOCKET: - { - va_start(args, part); - this->socket = va_arg(args, char*); - va_end(args); - return; - } - case BUILD_PUBLIC_KEY: - { - va_start(args, part); - this->pubkey = va_arg(args, public_key_t*); - va_end(args); - return; - } - default: - break; - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *agent_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) + if (!read_key(this, pubkey)) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->pubkey = NULL; - this->socket = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h index 929e88a50..3d9500c1a 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.h +++ b/src/libstrongswan/plugins/agent/agent_private_key.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef AGENT_PRIVATE_KEY_H_ #define AGENT_PRIVATE_KEY_H_ +#include <credentials/builder.h> #include <credentials/keys/private_key.h> typedef struct agent_private_key_t agent_private_key_t; @@ -37,12 +38,16 @@ struct agent_private_key_t { }; /** - * Create the builder for a private key. + * Open connection to a private key stored in a SSH agent. * - * @param type type of the key - * @return builder instance + * The function takes BUILD_AGENT_SOCKET and optionally a BUILD_PUBLIC_KEY + * to select a specific key loaded in ssh-agent. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return built key, NULL on failure */ -builder_t *agent_private_key_builder(key_type_t type); +agent_private_key_t *agent_private_key_open(key_type_t type, va_list args); #endif /** AGENT_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.am b/src/libstrongswan/plugins/attr_sql/Makefile.am new file mode 100644 index 000000000..5be310abf --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic \ + -DPLUGINS=\""${libstrongswan_plugins}\"" + +plugin_LTLIBRARIES = libstrongswan-attr-sql.la +libstrongswan_attr_sql_la_SOURCES = \ + attr_sql_plugin.h attr_sql_plugin.c \ + sql_attribute.h sql_attribute.c +libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version + +ipsec_PROGRAMS = pool +pool_SOURCES = pool.c +pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.in b/src/libstrongswan/plugins/attr_sql/Makefile.in new file mode 100644 index 000000000..e157a9b78 --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/Makefile.in @@ -0,0 +1,633 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +ipsec_PROGRAMS = pool$(EXEEXT) +subdir = src/libstrongswan/plugins/attr_sql +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_attr_sql_la_LIBADD = +am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \ + sql_attribute.lo +libstrongswan_attr_sql_la_OBJECTS = \ + $(am_libstrongswan_attr_sql_la_OBJECTS) +libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +PROGRAMS = $(ipsec_PROGRAMS) +am_pool_OBJECTS = pool.$(OBJEXT) +pool_OBJECTS = $(am_pool_OBJECTS) +pool_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_attr_sql_la_SOURCES) $(pool_SOURCES) +DIST_SOURCES = $(libstrongswan_attr_sql_la_SOURCES) $(pool_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic \ + -DPLUGINS=\""${libstrongswan_plugins}\"" + +plugin_LTLIBRARIES = libstrongswan-attr-sql.la +libstrongswan_attr_sql_la_SOURCES = \ + attr_sql_plugin.h attr_sql_plugin.c \ + sql_attribute.h sql_attribute.c + +libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version +pool_SOURCES = pool.c +pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES) + $(libstrongswan_attr_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS) +install-ipsecPROGRAMS: $(ipsec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-ipsecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + +clean-ipsecPROGRAMS: + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +pool$(EXEEXT): $(pool_OBJECTS) $(pool_DEPENDENCIES) + @rm -f pool$(EXEEXT) + $(LINK) $(pool_OBJECTS) $(pool_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_sql_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipsecPROGRAMS install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-ipsecPROGRAMS install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-ipsecPROGRAMS \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c new file mode 100644 index 000000000..66b309c67 --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <library.h> +#include <debug.h> + +#include "attr_sql_plugin.h" +#include "sql_attribute.h" + +typedef struct private_attr_sql_plugin_t private_attr_sql_plugin_t; + +/** + * private data of attr_sql plugin + */ +struct private_attr_sql_plugin_t { + + /** + * implements plugin interface + */ + attr_sql_plugin_t public; + + /** + * database connection instance + */ + database_t *db; + + /** + * configuration attributes + */ + sql_attribute_t *attribute; + +}; + +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_attr_sql_plugin_t *this) +{ + lib->attributes->remove_provider(lib->attributes, &this->attribute->provider); + this->attribute->destroy(this->attribute); + this->db->destroy(this->db); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + char *uri; + private_attr_sql_plugin_t *this; + + uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL); + if (!uri) + { + DBG1("attr-sql plugin: database URI not set"); + return NULL; + } + + this = malloc_thing(private_attr_sql_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->db = lib->db->create(lib->db, uri); + if (!this->db) + { + DBG1("attr-sql plugin failed to connect to database"); + free(this); + return NULL; + } + this->attribute = sql_attribute_create(this->db); + lib->attributes->add_provider(lib->attributes, &this->attribute->provider); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h new file mode 100644 index 000000000..3a60ea0d2 --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup attr_sql attr_sql + * @ingroup plugins + * + * @defgroup sql_plugin sql_plugin + * @{ @ingroup attr_sql + */ + +#ifndef ATTR_SQL_PLUGIN_H_ +#define ATTR_SQL_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct attr_sql_plugin_t attr_sql_plugin_t; + +/** + * SQL database attribute configuration plugin + */ +struct attr_sql_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a sql_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** ATTR_SQL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/attr_sql/pool.c b/src/libstrongswan/plugins/attr_sql/pool.c new file mode 100644 index 000000000..85b30a70f --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/pool.c @@ -0,0 +1,1050 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <getopt.h> +#include <unistd.h> +#include <stdio.h> +#include <time.h> + +#include <debug.h> +#include <library.h> +#include <utils/host.h> +#include <utils/identification.h> +#include <attributes/attributes.h> + +/** + * global database handle + */ +database_t *db; + +/** + * --start/--end/--server addresses of various subcommands + */ +host_t *start = NULL, *end = NULL, *server = NULL; + +/** + * instead of a pool handle a DNS or NBNS attribute + */ +static bool is_attribute(char *name) +{ + return strcaseeq(name, "dns") || strcaseeq(name, "nbns") || + strcaseeq(name, "wins"); +} + +/** + * determine configuration attribute type + */ +static configuration_attribute_type_t get_attribute_type(char *name, host_t* addr) +{ + if (strcaseeq(name, "dns")) + { + return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_DNS : + INTERNAL_IP6_DNS; + } + else + { + return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_NBNS : + INTERNAL_IP6_NBNS; + } +} + +/** + * calculate the size of a pool using start and end address chunk + */ +static u_int get_pool_size(chunk_t start, chunk_t end) +{ + u_int *start_ptr, *end_ptr; + + if (start.len < sizeof(u_int) || end.len < sizeof(u_int)) + { + return 0; + } + start_ptr = (u_int*)(start.ptr + start.len - sizeof(u_int)); + end_ptr = (u_int*)(end.ptr + end.len - sizeof(u_int)); + return ntohl(*end_ptr) - ntohl(*start_ptr) + 1; +} + +/** + * print usage info + */ +static void usage(void) +{ + printf("\ +Usage:\n\ + ipsec pool --status|--add|--del|--resize|--purge [options]\n\ + \n\ + ipsec pool --status\n\ + Show a list of installed pools with statistics.\n\ + \n\ + ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\ + Add a new pool to the database.\n\ + name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\ + start: Start address of the pool\n\ + end: End address of the pool\n\ + timeout: Lease time in hours, 0 for static leases\n\ + \n\ + ipsec pool --add dns|nbns|wins --server <server>\n\ + Add a new DNS or NBNS server to the database.\n\ + server: IP address of the name server\n\ + \n\ + ipsec pool --del <name>\n\ + Delete a pool from the database.\n\ + name: Name of the pool to delete\n\ + \n\ + ipsec pool --del dns|nbns|wins [--server <server>]\n\ + Delete a specific or all DNS or NBNS servers from the database.\n\ + server: IP address of the name server to delete\n\ + \n\ + ipsec pool --resize <name> --end <end>\n\ + Grow or shrink an existing pool.\n\ + name: Name of the pool to resize\n\ + end: New end address for the pool\n\ + \n\ + ipsec pool --leases [--filter <filter>] [--utc]\n\ + Show lease information using filters:\n\ + filter: Filter string containing comma separated key=value filters,\n\ + e.g. id=alice@strongswan.org,addr=1.1.1.1\n\ + pool: name of the pool\n\ + id: assigned identity of the lease\n\ + addr: lease IP address\n\ + tstamp: UNIX timestamp when lease was valid, as integer\n\ + status: status of the lease: online|valid|expired\n\ + utc: Show times in UTC instead of local time\n\ + \n\ + ipsec pool --purge <name>\n\ + Delete lease history of a pool:\n\ + name: Name of the pool to purge\n\ + \n"); + exit(0); +} + +/** + * ipsec pool --status - show pool overview + */ +static void status(void) +{ + enumerator_t *ns, *pool, *lease; + host_t *server; + chunk_t value; + bool found = FALSE; + + /* enumerate IPv4 DNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP4_DNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("dns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + + /* enumerate IPv6 DNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP6_DNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("dns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET6, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + if (found) + { + printf("\n"); + } + else + { + printf("no dns servers found.\n"); + } + found = FALSE; + + /* enumerate IPv4 NBNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP4_NBNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("nbns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + + /* enumerate IPv6 NBNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP6_NBNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("nbns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET6, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + if (found) + { + printf("\n"); + } + else + { + printf("no nbns servers found.\n"); + } + found = FALSE; + + pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools", + DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT); + if (pool) + { + char *name; + chunk_t start_chunk, end_chunk; + host_t *start, *end; + u_int id, timeout, online = 0, used = 0, size = 0; + + while (pool->enumerate(pool, &id, &name, + &start_chunk, &end_chunk, &timeout)) + { + if (!found) + { + printf("%8s %15s %15s %8s %6s %11s %11s\n", "name", "start", + "end", "timeout", "size", "online", "usage"); + found = TRUE; + } + + start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0); + end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0); + size = get_pool_size(start_chunk, end_chunk); + printf("%8s %15H %15H ", name, start, end); + if (timeout) + { + printf("%7dh ", timeout/3600); + } + else + { + printf("%8s ", "static"); + } + printf("%6d ", size); + /* get number of online hosts */ + lease = db->query(db, "SELECT COUNT(*) FROM addresses " + "WHERE pool = ? AND released = 0", + DB_UINT, id, DB_INT); + if (lease) + { + lease->enumerate(lease, &online); + lease->destroy(lease); + } + printf("%5d (%2d%%) ", online, online*100/size); + /* get number of online or valid lieases */ + lease = db->query(db, "SELECT COUNT(*) FROM addresses " + "WHERE addresses.pool = ? " + "AND ((? AND acquired != 0) " + " OR released = 0 OR released > ?) ", + DB_UINT, id, DB_UINT, !timeout, + DB_UINT, time(NULL) - timeout, DB_UINT); + if (lease) + { + lease->enumerate(lease, &used); + lease->destroy(lease); + } + printf("%5d (%2d%%) ", used, used*100/size); + + printf("\n"); + DESTROY_IF(start); + DESTROY_IF(end); + } + pool->destroy(pool); + } + if (!found) + { + printf("no pools found.\n"); + } + exit(0); +} + +/** + * ipsec pool --add - add a new pool + */ +static void add(char *name, host_t *start, host_t *end, int timeout) +{ + chunk_t start_addr, end_addr, cur_addr; + u_int id, count; + + start_addr = start->get_address(start); + end_addr = end->get_address(end); + cur_addr = chunk_clonea(start_addr); + count = get_pool_size(start_addr, end_addr); + + if (start_addr.len != end_addr.len || + memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0) + { + fprintf(stderr, "invalid start/end pair specified.\n"); + exit(-1); + } + if (db->execute(db, &id, + "INSERT INTO pools (name, start, end, timeout) " + "VALUES (?, ?, ?, ?)", + DB_TEXT, name, DB_BLOB, start_addr, + DB_BLOB, end_addr, DB_INT, timeout*3600) != 1) + { + fprintf(stderr, "creating pool failed.\n"); + exit(-1); + } + printf("allocating %d addresses... ", count); + fflush(stdout); + if (db->get_driver(db) == DB_SQLITE) + { /* run population in a transaction for sqlite */ + db->execute(db, NULL, "BEGIN TRANSACTION"); + } + while (TRUE) + { + db->execute(db, NULL, + "INSERT INTO addresses (pool, address, identity, acquired, released) " + "VALUES (?, ?, ?, ?, ?)", + DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); + if (chunk_equals(cur_addr, end_addr)) + { + break; + } + chunk_increment(cur_addr); + } + if (db->get_driver(db) == DB_SQLITE) + { + db->execute(db, NULL, "END TRANSACTION"); + } + printf("done.\n", count); + + exit(0); +} + +/** + * ipsec pool --add dns|nbns|wins - add a DNS or NBNS server entry + */ +static void add_attr(char *name, host_t *server) +{ + configuration_attribute_type_t type; + chunk_t value; + + type = get_attribute_type(name, server); + value = server->get_address(server); + if (db->execute(db, NULL, + "INSERT INTO attributes (type, value) VALUES (?, ?)", + DB_INT, type, DB_BLOB, value) != 1) + { + fprintf(stderr, "adding %s server %H failed.\n", name, server); + exit(-1); + } + printf("added %s server %H\n", name, server); + exit(0); +} + +/** + * ipsec pool --del - delete a pool + */ +static void del(char *name) +{ + enumerator_t *query; + u_int id; + bool found = FALSE; + + query = db->query(db, "SELECT id FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT); + if (!query) + { + fprintf(stderr, "deleting pool failed.\n"); + exit(-1); + } + while (query->enumerate(query, &id)) + { + found = TRUE; + if (db->execute(db, NULL, + "DELETE FROM leases WHERE address IN (" + " SELECT id FROM addresses WHERE pool = ?)", DB_UINT, id) < 0 || + db->execute(db, NULL, + "DELETE FROM addresses WHERE pool = ?", DB_UINT, id) < 0 || + db->execute(db, NULL, + "DELETE FROM pools WHERE id = ?", DB_UINT, id) < 0) + { + fprintf(stderr, "deleting pool failed.\n"); + query->destroy(query); + exit(-1); + } + } + query->destroy(query); + if (!found) + { + fprintf(stderr, "pool '%s' not found.\n", name); + exit(-1); + } + exit(0); +} + +/** + * ipsec pool --del dns|nbns|wins - delete a DNS or NBNS server entry + */ +static void del_attr(char *name, host_t *server) +{ + configuration_attribute_type_t type; + chunk_t value; + u_int id; + enumerator_t *query; + bool found = FALSE; + + if (server) + { + type = get_attribute_type(name, server); + value = server->get_address(server); + query = db->query(db, + "SELECT id, type, value FROM attributes " + "WHERE type = ? AND value = ?", + DB_INT, type, DB_BLOB, value, + DB_UINT, DB_INT, DB_BLOB); + } + else + { + configuration_attribute_type_t type_ip4, type_ip6; + + if (strcaseeq(name, "dns")) + { + type_ip4 = INTERNAL_IP4_DNS; + type_ip6 = INTERNAL_IP6_DNS; + } + else + { + type_ip4 = INTERNAL_IP4_NBNS; + type_ip6 = INTERNAL_IP6_NBNS; + } + + query = db->query(db, + "SELECT id, type, value FROM attributes " + "WHERE type = ? OR type = ?", + DB_INT, type_ip4, DB_INT, type_ip6, + DB_UINT, DB_INT, DB_BLOB); + } + if (!query) + { + fprintf(stderr, "deleting %s servers failed.\n", name); + exit(-1); + } + + while (query->enumerate(query, &id, &type, &value)) + { + int family; + host_t *host; + + found = TRUE; + family = (type == INTERNAL_IP4_DNS || type == INTERNAL_IP4_NBNS) ? + AF_INET : AF_INET6; + host = host_create_from_chunk(family, value, 0); + if (db->execute(db, NULL, + "DELETE FROM attributes WHERE id = ?", + DB_UINT, id) != 1) + { + fprintf(stderr, "deleting %s server %H failed\n", name, host); + query->destroy(query); + DESTROY_IF(host); + exit(-1); + } + printf("deleted %s server %H\n", name, host); + DESTROY_IF(host); + } + query->destroy(query); + + if (!found) + { + printf("no matching %s servers found\n", name); + exit(-1); + } + exit(0); +} + +/** + * ipsec pool --resize - resize a pool if (db->execute(db, NULL, + "DELETE FROM attributes WHERE type = ? AND value = ?", + DB_INT, type, DB_BLOB, value) != 1) + { + fprintf(stderr, "deleting %s server %H failed\n", name, server); + exit(-1); + } + printf("deleted %s server %H\n", name, server); + if (db->execute(db, NULL, + "DELETE FROM attributes WHERE type = ? AND value = ?", + DB_INT, type, DB_BLOB, value) != 1) + { + fprintf(stderr, "deleting %s server %H failed\n", name, server); + exit(-1); + } + printf("deleted %s server %H\n", name, server); + + */ +static void resize(char *name, host_t *end) +{ + enumerator_t *query; + chunk_t old_addr, new_addr, cur_addr; + u_int id, count; + + new_addr = end->get_address(end); + + query = db->query(db, "SELECT id, end FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT, DB_BLOB); + if (!query || !query->enumerate(query, &id, &old_addr)) + { + DESTROY_IF(query); + fprintf(stderr, "resizing pool failed.\n"); + exit(-1); + } + if (old_addr.len != new_addr.len || + memcmp(new_addr.ptr, old_addr.ptr, old_addr.len) < 0) + { + fprintf(stderr, "shrinking of pools not supported.\n"); + query->destroy(query); + exit(-1); + } + cur_addr = chunk_clonea(old_addr); + count = get_pool_size(old_addr, new_addr) - 1; + query->destroy(query); + + if (db->execute(db, NULL, + "UPDATE pools SET end = ? WHERE name = ?", + DB_BLOB, new_addr, DB_TEXT, name) <= 0) + { + fprintf(stderr, "pool '%s' not found.\n", name); + exit(-1); + } + + printf("allocating %d new addresses... ", count); + fflush(stdout); + if (db->get_driver(db) == DB_SQLITE) + { /* run population in a transaction for sqlite */ + db->execute(db, NULL, "BEGIN TRANSACTION"); + } + while (count-- > 0) + { + chunk_increment(cur_addr); + db->execute(db, NULL, + "INSERT INTO addresses (pool, address, identity, acquired, released) " + "VALUES (?, ?, ?, ?, ?)", + DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); + } + if (db->get_driver(db) == DB_SQLITE) + { + db->execute(db, NULL, "END TRANSACTION"); + } + printf("done.\n", count); + + exit(0); +} + +/** + * create the lease query using the filter string + */ +static enumerator_t *create_lease_query(char *filter) +{ + enumerator_t *query; + identification_t *id = NULL; + host_t *addr = NULL; + u_int tstamp = 0; + bool online = FALSE, valid = FALSE, expired = FALSE; + char *value, *pos, *pool = NULL; + enum { + FIL_POOL = 0, + FIL_ID, + FIL_ADDR, + FIL_TSTAMP, + FIL_STATE, + }; + char *const token[] = { + [FIL_POOL] = "pool", + [FIL_ID] = "id", + [FIL_ADDR] = "addr", + [FIL_TSTAMP] = "tstamp", + [FIL_STATE] = "status", + NULL + }; + + /* if the filter string contains a distinguished name as a ID, we replace + * ", " by "/ " in order to not confuse the getsubopt parser */ + pos = filter; + while ((pos = strchr(pos, ','))) + { + if (pos[1] == ' ') + { + pos[0] = '/'; + } + pos++; + } + + while (filter && *filter != '\0') + { + switch (getsubopt(&filter, token, &value)) + { + case FIL_POOL: + if (value) + { + pool = value; + } + break; + case FIL_ID: + if (value) + { + id = identification_create_from_string(value); + } + break; + case FIL_ADDR: + if (value) + { + addr = host_create_from_string(value, 0); + } + if (!addr) + { + fprintf(stderr, "invalid 'addr' in filter string.\n"); + exit(-1); + } + break; + case FIL_TSTAMP: + if (value) + { + tstamp = atoi(value); + } + if (tstamp == 0) + { + online = TRUE; + } + break; + case FIL_STATE: + if (value) + { + if (streq(value, "online")) + { + online = TRUE; + } + else if (streq(value, "valid")) + { + valid = TRUE; + } + else if (streq(value, "expired")) + { + expired = TRUE; + } + else + { + fprintf(stderr, "invalid 'state' in filter string.\n"); + exit(-1); + } + } + break; + default: + fprintf(stderr, "invalid filter string.\n"); + exit(-1); + break; + } + } + query = db->query(db, + "SELECT name, addresses.address, identities.type, " + "identities.data, leases.acquired, leases.released, timeout " + "FROM leases JOIN addresses ON leases.address = addresses.id " + "JOIN pools ON addresses.pool = pools.id " + "JOIN identities ON leases.identity = identities.id " + "WHERE (? OR name = ?) " + "AND (? OR (identities.type = ? AND identities.data = ?)) " + "AND (? OR addresses.address = ?) " + "AND (? OR (? >= leases.acquired AND (? <= leases.released))) " + "AND (? OR leases.released > ? - timeout) " + "AND (? OR leases.released < ? - timeout) " + "AND ? " + "UNION " + "SELECT name, address, identities.type, identities.data, " + "acquired, released, timeout FROM addresses " + "JOIN pools ON addresses.pool = pools.id " + "JOIN identities ON addresses.identity = identities.id " + "WHERE ? AND released = 0 " + "AND (? OR name = ?) " + "AND (? OR (identities.type = ? AND identities.data = ?)) " + "AND (? OR address = ?)", + DB_INT, pool == NULL, DB_TEXT, pool, + DB_INT, id == NULL, + DB_INT, id ? id->get_type(id) : 0, + DB_BLOB, id ? id->get_encoding(id) : chunk_empty, + DB_INT, addr == NULL, + DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, + DB_INT, tstamp == 0, DB_UINT, tstamp, DB_UINT, tstamp, + DB_INT, !valid, DB_INT, time(NULL), + DB_INT, !expired, DB_INT, time(NULL), + DB_INT, !online, + /* union */ + DB_INT, !(valid || expired), + DB_INT, pool == NULL, DB_TEXT, pool, + DB_INT, id == NULL, + DB_INT, id ? id->get_type(id) : 0, + DB_BLOB, id ? id->get_encoding(id) : chunk_empty, + DB_INT, addr == NULL, + DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, + /* res */ + DB_TEXT, DB_BLOB, DB_INT, DB_BLOB, DB_UINT, DB_UINT, DB_UINT); + /* id and addr leak but we can't destroy them until query is destroyed. */ + return query; +} + +/** + * ipsec pool --leases - show lease information of a pool + */ +static void leases(char *filter, bool utc) +{ + enumerator_t *query; + chunk_t address_chunk, identity_chunk; + int identity_type; + char *name; + u_int acquired, released, timeout; + host_t *address; + identification_t *identity; + bool found = FALSE; + + query = create_lease_query(filter); + if (!query) + { + fprintf(stderr, "querying leases failed.\n"); + exit(-1); + } + while (query->enumerate(query, &name, &address_chunk, &identity_type, + &identity_chunk, &acquired, &released, &timeout)) + { + if (!found) + { + int len = utc ? 25 : 21; + + found = TRUE; + printf("%-8s %-15s %-7s %-*s %-*s %s\n", + "name", "address", "status", len, "start", len, "end", "identity"); + } + address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0); + identity = identification_create_from_encoding(identity_type, identity_chunk); + + printf("%-8s %-15H ", name, address); + if (released == 0) + { + printf("%-7s ", "online"); + } + else if (timeout == 0) + { + printf("%-7s ", "static"); + } + else if (released >= time(NULL) - timeout) + { + printf("%-7s ", "valid"); + } + else + { + printf("%-7s ", "expired"); + } + + printf(" %T ", &acquired, utc); + if (released) + { + printf("%T ", &released, utc); + } + else + { + printf(" "); + if (utc) + { + printf(" "); + } + } + printf("%Y\n", identity); + DESTROY_IF(address); + identity->destroy(identity); + } + query->destroy(query); + if (!found) + { + fprintf(stderr, "no matching leases found.\n"); + exit(-1); + } + exit(0); +} + +/** + * ipsec pool --purge - delete expired leases + */ +static void purge(char *name) +{ + int purged = 0; + + purged = db->execute(db, NULL, + "DELETE FROM leases WHERE address IN (" + " SELECT id FROM addresses WHERE pool IN (" + " SELECT id FROM pools WHERE name = ?))", + DB_TEXT, name); + if (purged < 0) + { + fprintf(stderr, "purging pool '%s' failed.\n", name); + exit(-1); + } + fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name); + exit(0); +} + +/** + * atexit handler to close db on shutdown + */ +static void cleanup(void) +{ + db->destroy(db); + DESTROY_IF(start); + DESTROY_IF(end); + DESTROY_IF(server); +} + +int main(int argc, char *argv[]) +{ + char *uri, *name = "", *filter = ""; + int timeout = 0; + bool utc = FALSE; + enum { + OP_USAGE, + OP_STATUS, + OP_ADD, + OP_ADD_ATTR, + OP_DEL, + OP_DEL_ATTR, + OP_RESIZE, + OP_LEASES, + OP_PURGE + } operation = OP_USAGE; + + atexit(library_deinit); + + /* initialize library */ + if (!library_init(NULL)) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "pool", argv[0])) + { + fprintf(stderr, "integrity check of pool failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "pool.load", PLUGINS))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } + + uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL); + if (!uri) + { + fprintf(stderr, "database URI libstrongswan.plugins.attr-sql.database not set.\n"); + exit(SS_RC_INITIALIZATION_FAILED); + } + db = lib->db->create(lib->db, uri); + if (!db) + { + fprintf(stderr, "opening database failed.\n"); + exit(SS_RC_INITIALIZATION_FAILED); + } + atexit(cleanup); + + while (TRUE) + { + int c; + + struct option long_opts[] = { + { "help", no_argument, NULL, 'h' }, + + { "utc", no_argument, NULL, 'u' }, + { "status", no_argument, NULL, 'w' }, + { "add", required_argument, NULL, 'a' }, + { "del", required_argument, NULL, 'd' }, + { "resize", required_argument, NULL, 'r' }, + { "leases", no_argument, NULL, 'l' }, + { "purge", required_argument, NULL, 'p' }, + + { "start", required_argument, NULL, 's' }, + { "end", required_argument, NULL, 'e' }, + { "timeout", required_argument, NULL, 't' }, + { "filter", required_argument, NULL, 'f' }, + { "server", required_argument, NULL, 'v' }, + { 0,0,0,0 } + }; + + c = getopt_long(argc, argv, "", long_opts, NULL); + switch (c) + { + case EOF: + break; + case 'h': + break; + case 'w': + operation = OP_STATUS; + break; + case 'u': + utc = TRUE; + continue; + case 'a': + name = optarg; + operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD; + continue; + case 'd': + name = optarg; + operation = is_attribute(name) ? OP_DEL_ATTR : OP_DEL; + continue; + case 'r': + name = optarg; + operation = OP_RESIZE; + continue; + case 'l': + operation = OP_LEASES; + continue; + case 'p': + name = optarg; + operation = OP_PURGE; + continue; + case 's': + start = host_create_from_string(optarg, 0); + if (start == NULL) + { + fprintf(stderr, "invalid start address: '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + case 'e': + end = host_create_from_string(optarg, 0); + if (end == NULL) + { + fprintf(stderr, "invalid end address: '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + case 't': + timeout = atoi(optarg); + if (timeout == 0 && strcmp(optarg, "0") != 0) + { + fprintf(stderr, "invalid timeout '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + case 'f': + filter = optarg; + continue; + case 'v': + server = host_create_from_string(optarg, 0); + if (server == NULL) + { + fprintf(stderr, "invalid server address: '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + default: + operation = OP_USAGE; + break; + } + break; + } + + switch (operation) + { + case OP_USAGE: + usage(); + break; + case OP_STATUS: + status(); + break; + case OP_ADD: + if (start == NULL || end == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + } + add(name, start, end, timeout); + break; + case OP_ADD_ATTR: + if (server == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + } + add_attr(name, server); + break; + case OP_DEL: + del(name); + break; + case OP_DEL_ATTR: + del_attr(name, server); + break; + case OP_RESIZE: + if (end == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + } + resize(name, end); + break; + case OP_LEASES: + leases(filter, utc); + break; + case OP_PURGE: + purge(name); + break; + } + exit(0); +} + diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.c b/src/libstrongswan/plugins/attr_sql/sql_attribute.c new file mode 100644 index 000000000..a89195b6d --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/sql_attribute.c @@ -0,0 +1,384 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <time.h> + +#include <debug.h> +#include <library.h> + +#include "sql_attribute.h" + +typedef struct private_sql_attribute_t private_sql_attribute_t; + +/** + * private data of sql_attribute + */ +struct private_sql_attribute_t { + + /** + * public functions + */ + sql_attribute_t public; + + /** + * database connection + */ + database_t *db; + + /** + * wheter to record lease history in lease table + */ + bool history; +}; + +/** + * lookup/insert an identity + */ +static u_int get_identity(private_sql_attribute_t *this, identification_t *id) +{ + enumerator_t *e; + u_int row; + + /* look for peer identity in the identities table */ + e = this->db->query(this->db, + "SELECT id FROM identities WHERE type = ? AND data = ?", + DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), + DB_UINT); + + if (e && e->enumerate(e, &row)) + { + e->destroy(e); + return row; + } + DESTROY_IF(e); + /* not found, insert new one */ + if (this->db->execute(this->db, &row, + "INSERT INTO identities (type, data) VALUES (?, ?)", + DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) == 1) + { + return row; + } + return 0; +} + +/** + * Lookup pool by name + */ +static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout) +{ + enumerator_t *e; + u_int pool; + + e = this->db->query(this->db, "SELECT id, timeout FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT, DB_UINT); + if (e && e->enumerate(e, &pool, timeout)) + { + e->destroy(e); + return pool; + } + DESTROY_IF(e); + return 0; +} + +/** + * Look up an existing lease + */ +static host_t* check_lease(private_sql_attribute_t *this, char *name, + u_int pool, u_int identity) +{ + while (TRUE) + { + u_int id; + chunk_t address; + enumerator_t *e; + time_t now = time(NULL); + + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1", + DB_UINT, pool, DB_UINT, identity, DB_UINT, DB_BLOB); + if (!e || !e->enumerate(e, &id, &address)) + { + DESTROY_IF(e); + break; + } + address = chunk_clonea(address); + e->destroy(e); + + if (this->db->execute(this->db, NULL, + "UPDATE addresses SET acquired = ?, released = 0 " + "WHERE id = ? AND identity = ? AND released != 0", + DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0) + { + host_t *host; + + host = host_create_from_chunk(AF_UNSPEC, address, 0); + if (host) + { + DBG1("acquired existing lease for address %H in pool '%s'", + host, name); + return host; + } + } + } + return NULL; +} + +/** + * We check for unallocated addresses or expired leases. First we select an + * address as a candidate, but double check later on if it is still available + * during the update operation. This allows us to work without locking. + */ +static host_t* get_lease(private_sql_attribute_t *this, char *name, + u_int pool, u_int timeout, u_int identity) +{ + while (TRUE) + { + u_int id; + chunk_t address; + enumerator_t *e; + time_t now = time(NULL); + int hits; + + if (timeout) + { + /* check for an expired lease */ + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND released != 0 AND released < ? LIMIT 1", + DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB); + } + else + { + /* with static leases, check for an unallocated address */ + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND identity = 0 LIMIT 1", + DB_UINT, pool, DB_UINT, DB_BLOB); + + } + + if (!e || !e->enumerate(e, &id, &address)) + { + DESTROY_IF(e); + break; + } + address = chunk_clonea(address); + e->destroy(e); + + if (timeout) + { + hits = this->db->execute(this->db, NULL, + "UPDATE addresses SET " + "acquired = ?, released = 0, identity = ? " + "WHERE id = ? AND released != 0 AND released < ?", + DB_UINT, now, DB_UINT, identity, + DB_UINT, id, DB_UINT, now - timeout); + } + else + { + hits = this->db->execute(this->db, NULL, + "UPDATE addresses SET " + "acquired = ?, released = 0, identity = ? " + "WHERE id = ? AND identity = 0", + DB_UINT, now, DB_UINT, identity, DB_UINT, id); + } + if (hits > 0) + { + host_t *host; + + host = host_create_from_chunk(AF_UNSPEC, address, 0); + if (host) + { + DBG1("acquired new lease for address %H in pool '%s'", + host, name); + return host; + } + } + } + DBG1("no available address found in pool '%s'", name); + return NULL; +} + +/** + * Implementation of attribute_provider_t.acquire_address + */ +static host_t* acquire_address(private_sql_attribute_t *this, + char *names, identification_t *id, + host_t *requested) +{ + host_t *address = NULL; + u_int identity, pool, timeout; + + identity = get_identity(this, id); + if (identity) + { + /* check for a single pool first (no concatenation and enumeration) */ + if (strchr(names, ',') == NULL) + { + pool = get_pool(this, names, &timeout); + if (pool) + { + /* check for an existing lease */ + address = check_lease(this, names, pool, identity); + if (address == NULL) + { + /* get an unallocated address or expired lease */ + address = get_lease(this, names, pool, timeout, identity); + } + } + } + else + { + enumerator_t *enumerator; + char *name; + + /* in a first step check for an existing lease over all pools */ + enumerator = enumerator_create_token(names, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + pool = get_pool(this, name, &timeout); + if (pool) + { + address = check_lease(this, name, pool, identity); + if (address) + { + enumerator->destroy(enumerator); + return address; + } + } + } + enumerator->destroy(enumerator); + + /* in a second step get an unallocated address or expired lease */ + enumerator = enumerator_create_token(names, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + pool = get_pool(this, name, &timeout); + if (pool) + { + address = get_lease(this, name, pool, timeout, identity); + if (address) + { + break; + } + } + } + enumerator->destroy(enumerator); + } + } + return address; +} + +/** + * Implementation of attribute_provider_t.release_address + */ +static bool release_address(private_sql_attribute_t *this, + char *name, host_t *address, identification_t *id) +{ + enumerator_t *enumerator; + bool found = FALSE; + time_t now = time(NULL); + + enumerator = enumerator_create_token(name, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + u_int pool, timeout; + + pool = get_pool(this, name, &timeout); + if (pool) + { + if (this->history) + { + this->db->execute(this->db, NULL, + "INSERT INTO leases (address, identity, acquired, released)" + " SELECT id, identity, acquired, ? FROM addresses " + " WHERE pool = ? AND address = ?", + DB_UINT, now, DB_UINT, pool, + DB_BLOB, address->get_address(address)); + } + if (this->db->execute(this->db, NULL, + "UPDATE addresses SET released = ? WHERE " + "pool = ? AND address = ?", DB_UINT, time(NULL), + DB_UINT, pool, DB_BLOB, address->get_address(address)) > 0) + { + found = TRUE; + break; + } + } + } + enumerator->destroy(enumerator); + return found; +} + +/** + * Implementation of sql_attribute_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_sql_attribute_t *this, + identification_t *id, host_t *vip) +{ + if (vip) + { + enumerator_t *enumerator; + + enumerator = this->db->query(this->db, + "SELECT type, value FROM attributes", DB_INT, DB_BLOB); + if (enumerator) + { + return enumerator; + } + } + return enumerator_create_empty(); +} + +/** + * Implementation of sql_attribute_t.destroy + */ +static void destroy(private_sql_attribute_t *this) +{ + free(this); +} + +/* + * see header file + */ +sql_attribute_t *sql_attribute_create(database_t *db) +{ + private_sql_attribute_t *this = malloc_thing(private_sql_attribute_t); + time_t now = time(NULL); + + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address; + this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; + this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *host))create_attribute_enumerator; + this->public.destroy = (void(*)(sql_attribute_t*))destroy; + + this->db = db; + this->history = lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.attr-sql.lease_history", TRUE); + + /* close any "online" leases in the case we crashed */ + if (this->history) + { + this->db->execute(this->db, NULL, + "INSERT INTO leases (address, identity, acquired, released)" + " SELECT id, identity, acquired, ? FROM addresses " + " WHERE released = 0", DB_UINT, now); + } + this->db->execute(this->db, NULL, + "UPDATE addresses SET released = ? WHERE released = 0", + DB_UINT, now); + return &this->public; +} + diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.h b/src/libstrongswan/plugins/attr_sql/sql_attribute.h new file mode 100644 index 000000000..ca87eb27e --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/sql_attribute.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sql_attribute sql_attribute + * @{ @ingroup attr_sql + */ + +#ifndef SQL_ATTRIBUTE_H_ +#define SQL_ATTRIBUTE_H_ + +#include <attributes/attribute_provider.h> +#include <database/database.h> + +typedef struct sql_attribute_t sql_attribute_t; + +/** + * SQL database based IKEv2 cfg attribute provider. + */ +struct sql_attribute_t { + + /** + * Implements attribute provider interface + */ + attribute_provider_t provider; + + /** + * Destroy a sql_attribute instance. + */ + void (*destroy)(sql_attribute_t *this); +}; + +/** + * Create a sql_attribute instance. + */ +sql_attribute_t *sql_attribute_create(database_t *db); + +#endif /** SQL_ATTRIBUTE_H_ @}*/ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am index 3fbc5893b..de8948445 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.am +++ b/src/libstrongswan/plugins/blowfish/Makefile.am @@ -7,6 +7,6 @@ plugin_LTLIBRARIES = libstrongswan-blowfish.la libstrongswan_blowfish_la_SOURCES = \ blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ -bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c +bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index e536b5fc6..7b55d69c7 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/blowfish DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_blowfish_la_LIBADD = am_libstrongswan_blowfish_la_OBJECTS = blowfish_plugin.lo \ @@ -61,6 +85,7 @@ libstrongswan_blowfish_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,6 +251,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -230,7 +259,7 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-blowfish.la libstrongswan_blowfish_la_SOURCES = \ blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ -bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c +bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version all: all-am @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c index c2f3ce2e8..ebcc5dbdf 100644 --- a/src/libstrongswan/plugins/blowfish/bf_enc.c +++ b/src/libstrongswan/plugins/blowfish/bf_enc.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h index 283bf4c43..1375a0aa9 100644 --- a/src/libstrongswan/plugins/blowfish/bf_locl.h +++ b/src/libstrongswan/plugins/blowfish/bf_locl.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h index 9949513c6..79d23db6c 100644 --- a/src/libstrongswan/plugins/blowfish/bf_pi.h +++ b/src/libstrongswan/plugins/blowfish/bf_pi.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -64,262 +64,262 @@ static const BF_KEY bf_init= { 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, 0x9216d5d9L, 0x8979fb1b },{ - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, + 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, + 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, + 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, + 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, + 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, + 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, + 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, + 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, + 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, + 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, + 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, + 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, + 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, + 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, + 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, + 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, + 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, + 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, + 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, + 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, + 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, + 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, + 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, + 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, + 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, + 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, + 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, + 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, + 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, + 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, + 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, + 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, + 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, + 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, + 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, + 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, + 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, + 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, + 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, + 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, + 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, + 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, + 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, + 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, + 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, + 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, + 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, + 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, + 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, + 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, + 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, + 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, + 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, + 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, + 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, + 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, + 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, + 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, + 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, + 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, + 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, + 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, + 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, + 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, + 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, + 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, + 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, + 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, + 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, + 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, + 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, + 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, + 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, + 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, + 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, + 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, + 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, + 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, + 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, + 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, + 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, + 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, + 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, + 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, + 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, + 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, + 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, + 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, + 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, + 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, + 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, + 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, + 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, + 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, + 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, + 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, + 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, + 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, + 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, + 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, + 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, + 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, + 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, + 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, + 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, + 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, + 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, + 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, + 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, + 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, + 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, + 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, + 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, + 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, + 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, + 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, + 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, + 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, + 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, + 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, + 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, + 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, + 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, + 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, + 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, + 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, + 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, + 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, + 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, + 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, + 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, + 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, + 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, + 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, + 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, + 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, + 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, + 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, + 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, + 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, + 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, + 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, + 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, + 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, + 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, + 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, + 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, + 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, + 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, + 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, + 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, + 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, + 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, + 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, + 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, + 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, + 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, + 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, + 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, + 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, + 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, + 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, + 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, + 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, + 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, + 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, + 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, + 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, + 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, + 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, + 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, + 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, + 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, + 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, + 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, + 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, + 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, + 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, + 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, + 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, + 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, + 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, + 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, + 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, + 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, + 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, + 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, + 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, + 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, + 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, + 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, + 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, + 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, + 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, + 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, + 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, + 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, + 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, + 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, + 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, + 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, + 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, + 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, + 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, + 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, + 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, + 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, + 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, + 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, + 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, + 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, + 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, + 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, + 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, + 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, + 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, + 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, + 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, + 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, + 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, + 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, + 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, + 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, + 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, + 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, + 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, + 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, + 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, + 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, + 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, + 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, + 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, + 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, + 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, + 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, + 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, + 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, + 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, + 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, + 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, + 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, + 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, + 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, + 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, + 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, + 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, + 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, + 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, + 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, + 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, + 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, + 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, + 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, + 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, + 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, + 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, } }; diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c index 8cdbbd283..ceec3b8d4 100644 --- a/src/libstrongswan/plugins/blowfish/bf_skey.c +++ b/src/libstrongswan/plugins/blowfish/bf_skey.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h index ccb97e272..9aa30df4b 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish.h +++ b/src/libstrongswan/plugins/blowfish/blowfish.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -90,7 +90,7 @@ extern "C" { * So I've chosen long... * <appro@fy.chalmers.se> */ - + /* des.h-like hack <jjo-ipsec@mendoza.gov.ar> */ #ifndef BF_LONG #ifdef __KERNEL__ @@ -110,7 +110,7 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - + void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 5064bfef6..fb856ed37 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -4,21 +4,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,10 +33,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -48,7 +48,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,23 +61,23 @@ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ - + #include "blowfish_crypter.h" typedef struct private_blowfish_crypter_t private_blowfish_crypter_t; /** * Class implementing the Blowfish symmetric encryption algorithm. - * + * * @ingroup crypters */ struct private_blowfish_crypter_t { - + /** * Public part of this class. */ blowfish_crypter_t public; - + /** * Blowfish key schedule */ @@ -96,7 +96,7 @@ static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { u_int8_t *in, *out; - + if (decrypted) { *decrypted = chunk_alloc(data.len); @@ -121,7 +121,7 @@ static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { u_int8_t *in, *out; - + if (encrypted) { *encrypted = chunk_alloc(data.len); @@ -177,14 +177,14 @@ static void destroy (private_blowfish_crypter_t *this) blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_blowfish_crypter_t *this; - + if (algo != ENCR_BLOWFISH) { return NULL; } - + this = malloc_thing(private_blowfish_crypter_t); - + this->key_size = key_size; this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; @@ -192,6 +192,6 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h index 2bb896e64..71cc09cd0 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h @@ -30,7 +30,7 @@ typedef struct blowfish_crypter_t blowfish_crypter_t; * Class implementing the Blowfish encryption algorithm. */ struct blowfish_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct blowfish_crypter_t { /** * Constructor to create blowfish_crypter_t objects. - * + * * @param key_size key size in bytes * @param algo algorithm to implement * @return blowfish_crypter_t object, NULL if not supported diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 6e2f6d4fa..993dc8b3b 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -48,12 +48,12 @@ static void destroy(private_blowfish_plugin_t *this) plugin_t *plugin_create() { private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, (crypter_constructor_t)blowfish_crypter_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 21d77ac8f..32b2504fe 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/curl DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_curl_la_DEPENDENCIES = am_libstrongswan_curl_la_OBJECTS = curl_plugin.lo curl_fetcher.lo @@ -58,6 +82,7 @@ libstrongswan_curl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -241,9 +270,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -261,23 +290,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 7ee9fa1bd..08315e932 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -33,14 +33,14 @@ struct private_curl_fetcher_t { * Public data */ curl_fetcher_t public; - + /** * CURL handle */ CURL* curl; - + /** - * Optional HTTP headers + * Optional HTTP headers */ struct curl_slist *headers; }; @@ -51,7 +51,7 @@ struct private_curl_fetcher_t { static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data) { size_t realsize = size * nmemb; - + data->ptr = (u_char*)realloc(data->ptr, data->len + realsize); if (data->ptr) { @@ -61,16 +61,14 @@ static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data) return realsize; } -/** - * Implements fetcher_t.fetch. - */ -static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result) +METHOD(fetcher_t, fetch, status_t, + private_curl_fetcher_t *this, char *uri, chunk_t *result) { char error[CURL_ERROR_SIZE]; status_t status; - + *result = chunk_empty; - + if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK) { /* URL type not supported by curl */ return NOT_SUPPORTED; @@ -85,7 +83,7 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result) { curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); } - + DBG2(" sending http request to '%s'...", uri); switch (curl_easy_perform(this->curl)) { @@ -103,13 +101,11 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result) return status; } -/** - * Implementation of fetcher_t.set_option. - */ -static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, ...) +METHOD(fetcher_t, set_option, bool, + private_curl_fetcher_t *this, fetcher_option_t option, ...) { va_list args; - + va_start(args, option); switch (option) { @@ -154,10 +150,8 @@ static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, .. } } -/** - * Implements fetcher_t.destroy - */ -static void destroy(private_curl_fetcher_t *this) +METHOD(fetcher_t, destroy, void, + private_curl_fetcher_t *this) { curl_slist_free_all(this->headers); curl_easy_cleanup(this->curl); @@ -169,20 +163,22 @@ static void destroy(private_curl_fetcher_t *this) */ curl_fetcher_t *curl_fetcher_create() { - private_curl_fetcher_t *this = malloc_thing(private_curl_fetcher_t); - - this->curl = curl_easy_init(); - if (this->curl == NULL) + private_curl_fetcher_t *this; + + INIT(this, + .public.interface = { + .fetch = _fetch, + .set_option = _set_option, + .destroy = _destroy, + }, + .curl = curl_easy_init(), + ); + + if (!this->curl) { free(this); return NULL; } - this->headers = NULL; - - this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; - this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; - this->public.interface.destroy = (void (*)(fetcher_t*))destroy; - return &this->public; } diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.h b/src/libstrongswan/plugins/curl/curl_fetcher.h index 043beb834..6b9cad657 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.h +++ b/src/libstrongswan/plugins/curl/curl_fetcher.h @@ -32,11 +32,6 @@ struct curl_fetcher_t { * Implements fetcher interface */ fetcher_t interface; - - /** - * Destroy a curl_fetcher instance. - */ - void (*destroy)(curl_fetcher_t *this); }; /** diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 97fa07866..13dfa053f 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -52,26 +52,26 @@ plugin_t *plugin_create() { CURLcode res; private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + res = curl_global_init(CURL_GLOBAL_NOTHING); if (res == CURLE_OK) { lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "file://"); - lib->fetcher->add_fetcher(lib->fetcher, + lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "http://"); lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "https://"); - lib->fetcher->add_fetcher(lib->fetcher, + lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "ftp://"); - } - else - { - DBG1("global libcurl initializing failed: %s, curl disabled", + } + else + { + DBG1("global libcurl initializing failed: %s, curl disabled", curl_easy_strerror(res)); - } + } return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 19da339fe..f68b4bd03 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/des DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_des_la_LIBADD = am_libstrongswan_des_la_OBJECTS = des_plugin.lo des_crypter.lo @@ -58,6 +82,7 @@ libstrongswan_des_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 680fe8b6a..142e79613 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -11,17 +11,17 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -36,10 +36,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -73,17 +73,17 @@ typedef struct private_des_crypter_t private_des_crypter_t; * Private data for des_crypter_t */ struct private_des_crypter_t { - + /** * Public part of this class. */ des_crypter_t public; - + /** * Key size, depends on algoritm... */ size_t key_size; - + union { /** key schedule for single des */ des_key_schedule ks; @@ -141,7 +141,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! even newer MIPS CPU's, but at the moment one size fits all for optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ - + #if defined( sun ) /* Newer Sparc's */ #define DES_PTR #define DES_RISC1 @@ -879,7 +879,7 @@ static int des_set_key(des_cblock *key, des_key_schedule *schedule) c2l(in,c); c2l(in,d); - /* do PC1 in 60 simple operations */ + /* do PC1 in 60 simple operations */ /* PERM_OP(d,c,t,4,0x0f0f0f0fL); HPERM_OP(c,t,-2, 0xcccc0000L); HPERM_OP(c,t,-1, 0xaaaa0000L); @@ -1037,7 +1037,7 @@ static void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) /** * DES CBC encrypt decrypt routine */ -static void des_cbc_encrypt(des_cblock *input, des_cblock *output, long length, +static void des_cbc_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule schedule, des_cblock *ivec, int enc) { register DES_LONG tin0,tin1; @@ -1110,7 +1110,7 @@ static void des_cbc_encrypt(des_cblock *input, des_cblock *output, long length, /** * DES ECB encrypt decrypt routine */ -static void des_ecb_encrypt(des_cblock *input, des_cblock *output, long length, +static void des_ecb_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule schedule, int enc) { register DES_LONG tin0,tin1; @@ -1260,7 +1260,7 @@ static void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) /** * Single block 3DES EDE encrypt routine */ -static void des_encrypt3(DES_LONG *data, des_key_schedule ks1, +static void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3) { register DES_LONG l,r; @@ -1283,7 +1283,7 @@ static void des_encrypt3(DES_LONG *data, des_key_schedule ks1, /** * Single block 3DES EDE decrypt routine */ -static void des_decrypt3(DES_LONG *data, des_key_schedule ks1, +static void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3) { register DES_LONG l,r; @@ -1391,7 +1391,7 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len { c2l(in,tin0); c2l(in,tin1); - + t0=tin0; t1=tin1; @@ -1400,7 +1400,7 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); tout0=tin[0]; tout1=tin[1]; - + tout0^=xor0; tout1^=xor1; l2cn(tout0,tout1,out,l+8); @@ -1424,7 +1424,7 @@ static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (decrypted) { @@ -1445,7 +1445,7 @@ static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (encrypted) { @@ -1464,7 +1464,7 @@ static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { u_int8_t *out; - + out = data.ptr; if (decrypted) { @@ -1482,7 +1482,7 @@ static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { u_int8_t *out; - + out = data.ptr; if (encrypted) { @@ -1501,7 +1501,7 @@ static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (decrypted) { @@ -1522,7 +1522,7 @@ static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (encrypted) { @@ -1563,7 +1563,7 @@ static void set_key(private_des_crypter_t *this, chunk_t key) * Implementation of crypter_t.set_key for 3DES. */ static void set_key3(private_des_crypter_t *this, chunk_t key) -{ +{ des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]); des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]); des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]); @@ -1583,12 +1583,12 @@ static void destroy(private_des_crypter_t *this) des_crypter_t *des_crypter_create(encryption_algorithm_t algo) { private_des_crypter_t *this = malloc_thing(private_des_crypter_t); - - /* functions of crypter_t interface */ + + /* functions of crypter_t interface */ this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + /* use functions depending on algorithm */ switch (algo) { diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h index 623b292fc..cffbd4ce3 100644 --- a/src/libstrongswan/plugins/des/des_crypter.h +++ b/src/libstrongswan/plugins/des/des_crypter.h @@ -30,7 +30,7 @@ typedef struct des_crypter_t des_crypter_t; * Class implementing the DES and 3DES encryption algorithms. */ struct des_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct des_crypter_t { /** * Constructor to create des_crypter_t objects. - * + * * @param algo ENCR_DES for single DES, ENCR_3DES for triple DES * @return des_crypter_t object, NULL if algo not supported */ diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index e16b475d4..649d224ab 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -47,16 +47,16 @@ static void destroy(private_des_plugin_t *this) plugin_t *plugin_create() { private_des_plugin_t *this = malloc_thing(private_des_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, (crypter_constructor_t)des_crypter_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am new file mode 100644 index 000000000..fd020f505 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/Makefile.am @@ -0,0 +1,12 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-dnskey.la + +libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \ + dnskey_builder.h dnskey_builder.c + +libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in new file mode 100644 index 000000000..d7d5ff29b --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -0,0 +1,571 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/dnskey +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_dnskey_la_LIBADD = +am_libstrongswan_dnskey_la_OBJECTS = dnskey_plugin.lo \ + dnskey_builder.lo +libstrongswan_dnskey_la_OBJECTS = \ + $(am_libstrongswan_dnskey_la_OBJECTS) +libstrongswan_dnskey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_dnskey_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_dnskey_la_SOURCES) +DIST_SOURCES = $(libstrongswan_dnskey_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-dnskey.la +libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \ + dnskey_builder.h dnskey_builder.c + +libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-dnskey.la: $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_DEPENDENCIES) + $(libstrongswan_dnskey_la_LINK) -rpath $(plugindir) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnskey_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnskey_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c new file mode 100644 index 000000000..ba20e7158 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dnskey_builder.h" + +#include <debug.h> +#include <credentials/keys/private_key.h> + + +typedef struct dnskey_rr_t dnskey_rr_t; +typedef enum dnskey_algorithm_t dnskey_algorithm_t; + +/** + * Header of a DNSKEY resource record + */ +struct dnskey_rr_t { + u_int16_t flags; + u_int8_t protocol; + u_int8_t algorithm; + u_int8_t data[]; +} __attribute__((__packed__)); + +/** + * DNSSEC algorithms, RFC4034 Appendix A.1. + */ +enum dnskey_algorithm_t { + DNSKEY_ALG_RSA_MD5 = 1, + DNSKEY_ALG_DH = 2, + DNSKEY_ALG_DSA = 3, + DNSKEY_ALG_ECC = 4, + DNSKEY_ALG_RSA_SHA1 = 5, +}; + +/** + * Load a generic public key from a DNSKEY RR blob + */ +static dnskey_public_key_t *parse_public_key(chunk_t blob) +{ + dnskey_rr_t *rr = (dnskey_rr_t*)blob.ptr; + + if (blob.len < sizeof(dnskey_rr_t)) + { + DBG1("DNSKEY too short"); + return NULL; + } + blob = chunk_skip(blob, sizeof(dnskey_rr_t)); + + switch (rr->algorithm) + { + case DNSKEY_ALG_RSA_SHA1: + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_DNSKEY, blob, BUILD_END); + default: + DBG1("DNSKEY public key algorithm %d not supported", rr->algorithm); + return NULL; + } +} + +/** + * Load a RSA public key from DNSKEY RR data + */ +static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob) +{ + chunk_t n, e; + + if (blob.len < 3) + { + DBG1("RFC 3110 public key blob too short for exponent length"); + return NULL; + } + + if (blob.ptr[0]) + { + e.len = blob.ptr[0]; + blob = chunk_skip(blob, 1); + } + else + { + e.len = blob.ptr[1] * 256 + blob.ptr[2]; + blob = chunk_skip(blob, 3); + } + e.ptr = blob.ptr; + if (e.len >= blob.len) + { + DBG1("RFC 3110 public key blob too short for exponent"); + return NULL; + } + n = chunk_skip(blob, e.len); + + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, + BUILD_END); +} + +/** + * See header. + */ +dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_DNSKEY: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!blob.ptr) + { + return NULL; + } + switch (type) + { + case KEY_ANY: + return parse_public_key(blob); + case KEY_RSA: + return parse_rsa_public_key(blob); + default: + return NULL; + } +} + diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.h b/src/libstrongswan/plugins/dnskey/dnskey_builder.h new file mode 100644 index 000000000..16eff3269 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dnskey_public_key dnskey_public_key + * @{ @ingroup dnskey_p + */ + +#ifndef DNSKEY_BUILDER_H_ +#define DNSKEY_BUILDER_H_ + +#include <credentials/builder.h> +#include <credentials/keys/public_key.h> + +typedef struct dnskey_public_key_t dnskey_public_key_t; + +/** + * Public key implementation supporting RFC4034 decoding. + */ +struct dnskey_public_key_t { + + /** + * Implements public_key_t interface. + */ + public_key_t interface; +}; + +/** + * Load a public key in RFC4034 format. + * + * Takes a BUILD_BLOB_DNSKEY to parse the public key. + * + * @param type type of the key, must be KEY_RSA or KEY_ANY + * @param args builder_part_t argument list + * @return built key, NULL on failure + */ +dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args); + +#endif /** DNSKEY_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c new file mode 100644 index 000000000..83dbe31a1 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dnskey_plugin.h" + +#include <library.h> +#include "dnskey_builder.h" + +typedef struct private_dnskey_plugin_t private_dnskey_plugin_t; + +/** + * private data of dnskey_plugin + */ +struct private_dnskey_plugin_t { + + /** + * public functions + */ + dnskey_plugin_t public; +}; + +/** + * Implementation of dnskey_plugin_t.dnskeytroy + */ +static void destroy(private_dnskey_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)dnskey_public_key_load); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)dnskey_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)dnskey_public_key_load); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h new file mode 100644 index 000000000..17790e1c6 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dnskey_p dnskey + * @ingroup plugins + * + * @defgroup dnskey_plugin dnskey_plugin + * @{ @ingroup dnskey_p + */ + +#ifndef DNSKEY_PLUGIN_H_ +#define DNSKEY_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct dnskey_plugin_t dnskey_plugin_t; + +/** + * Plugin providing RFC4034 public key decoding functions. + */ +struct dnskey_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a dnskey_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** DNSKEY_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 5dcae7f27..b23af6def 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/fips_prf DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_fips_prf_la_LIBADD = am_libstrongswan_fips_prf_la_OBJECTS = fips_prf_plugin.lo fips_prf.lo @@ -60,6 +84,7 @@ libstrongswan_fips_prf_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -242,9 +271,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,23 +291,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -303,21 +337,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -340,7 +374,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -348,29 +382,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -391,13 +430,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -428,6 +471,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -449,6 +493,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -457,18 +503,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -507,6 +563,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index be28f10bc..123d2a244 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -29,22 +29,22 @@ struct private_fips_prf_t { * Public fips_prf_t interface. */ fips_prf_t public; - + /** * key of prf function, "b" long */ u_int8_t *key; - + /** * size of "b" in bytes */ size_t b; - + /** * Keyed SHA1 prf: It does not use SHA1Final operation */ prf_t *keyed_prf; - + /** * G function, either SHA1 or DES */ @@ -57,11 +57,11 @@ struct private_fips_prf_t { static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[]) { int i, c = 0; - + for(i = length - 1; i >= 0; i--) { u_int32_t tmp; - + tmp = a[i] + b[i] + c; sum[i] = 0xff & tmp; c = tmp >> 8; @@ -114,14 +114,13 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) u_int8_t sum[this->b]; u_int8_t *xkey = this->key; u_int8_t one[this->b]; - chunk_t xval_chunk = chunk_from_buf(xval); - + memset(one, 0, this->b); one[this->b - 1] = 0x01; - + /* 3.1 */ chunk_mod(this->b, seed, xseed); - + /* 3.2 */ for (i = 0; i < 2; i++) /* twice */ { @@ -129,14 +128,14 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) add_mod(this->b, xkey, xseed, xval); DBG3("XVAL %b", xval, this->b); /* b. wi = G(t, XVAL ) */ - this->g(this, xval_chunk, &w[i * this->b]); + this->g(this, chunk_create(xval, this->b), &w[i * this->b]); DBG3("w[%d] %b", i, &w[i * this->b], this->b); /* c. XKEY = (1 + XKEY + wi) mod 2b */ add_mod(this->b, xkey, &w[i * this->b], sum); add_mod(this->b, sum, one, xkey); DBG3("XKEY %b", xkey, this->b); } - + /* 3.3 done already, mod q not used */ } @@ -179,7 +178,7 @@ static void set_key(private_fips_prf_t *this, chunk_t key) void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) { u_int8_t buf[64]; - + if (c.len < sizeof(buf)) { /* pad c with zeros */ @@ -193,7 +192,7 @@ void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) /* not more than 512 bits can be G()-ed */ c.len = sizeof(buf); } - + /* use the keyed hasher, but use an empty key to use SHA1 IV */ this->keyed_prf->set_key(this->keyed_prf, chunk_empty); this->keyed_prf->get_bytes(this->keyed_prf, c, res); @@ -215,14 +214,14 @@ static void destroy(private_fips_prf_t *this) fips_prf_t *fips_prf_create(pseudo_random_function_t algo) { private_fips_prf_t *this = malloc_thing(private_fips_prf_t); - + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + switch (algo) { case PRF_FIPS_SHA1_160: @@ -244,7 +243,7 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) return NULL; } this->key = malloc(this->b); - + return &this->public; } diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.h b/src/libstrongswan/plugins/fips_prf/fips_prf.h index b2940be72..514e3c5d9 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.h @@ -37,7 +37,7 @@ typedef struct fips_prf_t fips_prf_t; * The FIPS PRF is stateful; the key changes every time when bytes are acquired. */ struct fips_prf_t { - + /** * Generic prf_t interface for this fips_prf_t class. */ @@ -46,7 +46,7 @@ struct fips_prf_t { /** * Creates a new fips_prf_t object. - * + * * FIPS 186-2 defines G() functions used in the PRF function. It can * be implemented either based on SHA1 or DES. * The G() function is selected using the algo parameter. diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 7576e79ad..6c0842f81 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -47,11 +47,11 @@ static void destroy(private_fips_prf_plugin_t *this) plugin_t *plugin_create() { private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, (prf_constructor_t)fips_prf_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index 7394676e2..a468a5ed9 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -1,7 +1,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-gcrypt.la @@ -14,4 +14,4 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_hasher.h gcrypt_hasher.c libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version -libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS) +libstrongswan_gcrypt_la_LIBADD = -lgcrypt diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index e3d27f7f8..c3081e2dd 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,22 +37,43 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcrypt DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -am__DEPENDENCIES_1 = -libstrongswan_gcrypt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +libstrongswan_gcrypt_la_DEPENDENCIES = am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \ gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \ gcrypt_dh.lo gcrypt_rng.lo gcrypt_crypter.lo gcrypt_hasher.lo @@ -62,6 +85,7 @@ libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -109,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -139,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -172,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -197,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -205,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -213,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -224,10 +251,11 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-gcrypt.la libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \ @@ -238,7 +266,7 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_hasher.h gcrypt_hasher.c libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version -libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS) +libstrongswan_gcrypt_la_LIBADD = -lgcrypt all: all-am .SUFFIXES: @@ -252,9 +280,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -272,23 +300,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -318,21 +351,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -355,7 +388,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -363,29 +396,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -406,13 +444,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -443,6 +485,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -464,6 +507,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -472,18 +517,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -522,6 +577,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index f82d23185..1eee6226d 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,17 +25,17 @@ typedef struct private_gcrypt_crypter_t private_gcrypt_crypter_t; * Private data of gcrypt_crypter_t */ struct private_gcrypt_crypter_t { - + /** * Public part of this class. */ gcrypt_crypter_t public; - + /** * gcrypt cipher handle */ gcry_cipher_hd_t h; - + /** * gcrypt algorithm identifier */ @@ -49,7 +49,7 @@ static void decrypt(private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { gcry_cipher_setiv(this->h, iv.ptr, iv.len); - + if (dst) { *dst = chunk_alloc(data.len); @@ -68,7 +68,7 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { gcry_cipher_setiv(this->h, iv.ptr, iv.len); - + if (dst) { *dst = chunk_alloc(data.len); @@ -86,7 +86,7 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, static size_t get_block_size(private_gcrypt_crypter_t *this) { size_t len = 0; - + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len); return len; } @@ -97,7 +97,7 @@ static size_t get_block_size(private_gcrypt_crypter_t *this) static size_t get_key_size(private_gcrypt_crypter_t *this) { size_t len = 0; - + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len); return len; } @@ -129,7 +129,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, int gcrypt_alg; int mode = GCRY_CIPHER_MODE_CBC; gcry_error_t err; - + switch (algo) { case ENCR_DES: @@ -227,9 +227,9 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, default: return NULL; } - + this = malloc_thing(private_gcrypt_crypter_t); - + this->alg = gcrypt_alg; err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0); if (err) @@ -239,14 +239,14 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, free(this); return NULL; } - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h index c5a5e6723..ce0ead4a8 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h @@ -29,7 +29,7 @@ typedef struct gcrypt_crypter_t gcrypt_crypter_t; * Implementation of crypters using gcrypt. */ struct gcrypt_crypter_t { - + /** * The crypter_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_crypter_t { /** * Constructor to create gcrypt_crypter_t. - * + * * @param algo algorithm to implement * @param key_size key size in bytes * @return gcrypt_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 89d9f2348..59c82f1e7 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -278,7 +278,7 @@ static u_int8_t group18_modulus[] = { typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -312,7 +312,7 @@ static modulus_entry_t modulus_entries[] = { static modulus_entry_t *find_entry(diffie_hellman_group_t group) { int i; - + for (i = 0; i < countof(modulus_entries); i++) { if (modulus_entries[i].group == group) @@ -329,47 +329,47 @@ typedef struct private_gcrypt_dh_t private_gcrypt_dh_t; * Private data of an gcrypt_dh_t object. */ struct private_gcrypt_dh_t { - + /** * Public gcrypt_dh_t interface */ gcrypt_dh_t public; - + /** * Diffie Hellman group number */ u_int16_t group; - - /* + + /* * Generator value - */ + */ gcry_mpi_t g; - + /** * Own private value */ gcry_mpi_t xa; - + /** * Own public value */ gcry_mpi_t ya; - + /** * Other public value */ gcry_mpi_t yb; - + /** * Shared secret */ gcry_mpi_t zz; - + /** * Modulus */ gcry_mpi_t p; - + /** * Modulus length. */ @@ -383,7 +383,7 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) { gcry_mpi_t p_min_1; gcry_error_t err; - + if (this->yb) { gcry_mpi_release(this->yb); @@ -395,11 +395,11 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) DBG1("importing mpi yb failed: %s", gpg_strerror(err)); return; } - + p_min_1 = gcry_mpi_new(this->p_len * 8); gcry_mpi_sub_ui(p_min_1, this->p, 1); - - /* check public value: + + /* check public value: * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1 * 2. a public value larger or equal the modulus is invalid */ if (gcry_mpi_cmp_ui(this->yb, 1) > 0 && @@ -425,7 +425,7 @@ static chunk_t export_mpi(gcry_mpi_t value, size_t len) { chunk_t chunk; size_t written; - + chunk = chunk_alloc(len); gcry_mpi_print(GCRYMPI_FMT_USG, chunk.ptr, chunk.len, &written, value); if (written < len) @@ -490,21 +490,21 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) chunk_t random; rng_t *rng; size_t len; - + entry = find_entry(group); if (!entry) { return NULL; } - + this = malloc_thing(private_gcrypt_dh_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + this->group = group; this->p_len = entry->modulus.len; err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, @@ -524,7 +524,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) { len = entry->opt_len; } - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { /* prefer external randomizer */ @@ -551,14 +551,14 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) /* achieve bitsof(p)-1 by setting MSB to 0 */ gcry_mpi_clear_bit(this->xa, len * 8 - 1); } - + this->g = gcry_mpi_set_ui(NULL, entry->g); this->ya = gcry_mpi_new(this->p_len * 8); this->yb = NULL; this->zz = NULL; - + gcry_mpi_powm(this->ya, this->g, this->xa, this->p); - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h index dbef96ca7..95b68dcd0 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h @@ -29,7 +29,7 @@ typedef struct gcrypt_dh_t gcrypt_dh_t; * Implementation of the Diffie-Hellman algorithm using libgcrypt mpi. */ struct gcrypt_dh_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_dh_t { /** * Creates a new gcrypt_dh_t object. - * + * * @param group Diffie Hellman group number to use * @return gcrypt_dh_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 41e17c897..d12fe11d5 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,12 +25,12 @@ typedef struct private_gcrypt_hasher_t private_gcrypt_hasher_t; * Private data of gcrypt_hasher_t */ struct private_gcrypt_hasher_t { - + /** * Public part of this class. */ gcrypt_hasher_t public; - + /** * gcrypt hasher context */ @@ -101,7 +101,7 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) private_gcrypt_hasher_t *this; int gcrypt_alg; gcry_error_t err; - + switch (algo) { case HASH_MD2: @@ -131,9 +131,9 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) default: return NULL; } - + this = malloc_thing(private_gcrypt_hasher_t); - + err = gcry_md_open(&this->hd, gcrypt_alg, 0); if (err) { @@ -142,13 +142,13 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) free(this); return NULL; } - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h index 6f724fba8..708ccaafb 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h @@ -29,7 +29,7 @@ typedef struct gcrypt_hasher_t gcrypt_hasher_t; * Implementation of hashers using libgcrypt. */ struct gcrypt_hasher_t { - + /** * The hasher_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_hasher_t { /** * Constructor to create gcrypt_hasher_t. - * + * * @param algo algorithm * @return gcrypt_hasher_t, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 939e0886c..8c9ea893b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -24,7 +24,7 @@ #include <library.h> #include <debug.h> -#include <utils/mutex.h> +#include <threading/mutex.h> #include <errno.h> #include <gcrypt.h> @@ -57,7 +57,7 @@ static int mutex_init(void **lock) static int mutex_destroy(void **lock) { mutex_t *mutex = *lock; - + mutex->destroy(mutex); return 0; } @@ -68,7 +68,7 @@ static int mutex_destroy(void **lock) static int mutex_lock(void **lock) { mutex_t *mutex = *lock; - + mutex->lock(mutex); return 0; } @@ -79,7 +79,7 @@ static int mutex_lock(void **lock) static int mutex_unlock(void **lock) { mutex_t *mutex = *lock; - + mutex->unlock(mutex); return 0; } @@ -107,9 +107,11 @@ static void destroy(private_gcrypt_plugin_t *this) lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gcrypt_dh_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gcrypt_rsa_private_key_builder); + (builder_function_t)gcrypt_rsa_private_key_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)gcrypt_rsa_private_key_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gcrypt_rsa_public_key_builder); + (builder_function_t)gcrypt_rsa_public_key_load); free(this); } @@ -119,15 +121,15 @@ static void destroy(private_gcrypt_plugin_t *this) plugin_t *plugin_create() { private_gcrypt_plugin_t *this; - + gcry_control(GCRYCTL_SET_THREAD_CBS, &thread_functions); - + if (!gcry_check_version(GCRYPT_VERSION)) { DBG1("libgcrypt version mismatch"); return NULL; } - + /* we currently do not use secure memory */ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); if (lib->settings->get_bool(lib->settings, @@ -136,11 +138,11 @@ plugin_t *plugin_create() gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); } gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); - + this = malloc_thing(private_gcrypt_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + /* hashers */ lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)gcrypt_hasher_create); @@ -156,7 +158,7 @@ plugin_t *plugin_create() (hasher_constructor_t)gcrypt_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)gcrypt_hasher_create); - + /* crypters */ lib->crypto->add_crypter(lib->crypto, ENCR_3DES, (crypter_constructor_t)gcrypt_crypter_create); @@ -176,39 +178,41 @@ plugin_t *plugin_create() (crypter_constructor_t)gcrypt_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, (crypter_constructor_t)gcrypt_crypter_create); - + /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, + lib->crypto->add_rng(lib->crypto, RNG_WEAK, (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, (rng_constructor_t)gcrypt_rng_create); - + /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gcrypt_dh_create); - + /* RSA */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)gcrypt_rsa_private_key_builder); + (builder_function_t)gcrypt_rsa_private_key_gen); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)gcrypt_rsa_private_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)gcrypt_rsa_public_key_builder); - + (builder_function_t)gcrypt_rsa_public_key_load); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index 64b4eb8d0..d0d252572 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -28,7 +28,7 @@ struct private_gcrypt_rng_t { * Public gcrypt_rng_t interface. */ gcrypt_rng_t public; - + /** * RNG quality of this instance */ @@ -79,7 +79,7 @@ static void destroy(private_gcrypt_rng_t *this) gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) { private_gcrypt_rng_t *this; - + switch (quality) { case RNG_WEAK: @@ -89,15 +89,15 @@ gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) default: return NULL; } - + this = malloc_thing(private_gcrypt_rng_t); - + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; this->public.rng.destroy = (void (*) (rng_t *))destroy; - + this->quality = quality; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h index 3cfde8447..a0cc12369 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup gcrypt_rng gcrypt_rng * @{ @ingroup gcrypt_p @@ -29,7 +29,7 @@ typedef struct gcrypt_rng_t gcrypt_rng_t; * rng_t implementation using libgcrypt. */ struct gcrypt_rng_t { - + /** * Implements rng_t. */ @@ -38,7 +38,7 @@ struct gcrypt_rng_t { /** * Creates an gcrypt_rng_t instance. - * + * * @param quality required quality of gcryptness * @return created gcrypt_rng_t */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index e0e8015db..cd156961e 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -28,27 +28,17 @@ typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t * Private data of a gcrypt_rsa_private_key_t object. */ struct private_gcrypt_rsa_private_key_t { - + /** * Public interface */ gcrypt_rsa_private_key_t public; - + /** * gcrypt S-expression representing an RSA key */ gcry_sexp_t key; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - + /** * reference count */ @@ -56,11 +46,6 @@ struct private_gcrypt_rsa_private_key_t { }; /** - * Implemented in gcrypt_rsa_public_key.c - */ -public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key); - -/** * find a token in a S-expression. If a key is given, its length is used to * pad the output to a given length. */ @@ -69,7 +54,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key) gcry_sexp_t token; chunk_t data = chunk_empty, tmp; size_t len = 0; - + token = gcry_sexp_find_token(sexp, name, 1); if (token) { @@ -123,7 +108,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, gcry_error_t err; chunk_t em; size_t k; - + /* EM = 0x00 || 0x01 || PS || 0x00 || T * PS = 0xFF padding, with length to fill em * T = data @@ -139,7 +124,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, em.ptr[1] = 0x01; em.ptr[em.len - data.len - 1] = 0x00; memcpy(em.ptr + em.len - data.len, data.ptr, data.len); - + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", em.len, em.ptr); chunk_free(&em); @@ -172,7 +157,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, gcry_error_t err; gcry_sexp_t in, out; int hash_oid; - + hash_oid = hasher_algorithm_to_oid(hash_algorithm); if (hash_oid == OID_UNKNOWN) { @@ -185,7 +170,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", hash_name, hash.len, hash.ptr); chunk_free(&hash); @@ -217,7 +202,7 @@ static key_type_t get_type(private_gcrypt_rsa_private_key_t *this) /** * Implementation of gcrypt_rsa_private_key.destroy. */ -static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *sig) { switch (scheme) @@ -253,7 +238,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this, gcry_sexp_t in, out; chunk_t padded; u_char *pos = NULL;; - + err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))", encrypted.len, encrypted.ptr); if (err) @@ -299,97 +284,40 @@ static size_t get_keysize(private_gcrypt_rsa_private_key_t *this) } /** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static identification_t* get_id(private_gcrypt_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - -/** * Implementation of gcrypt_rsa_private_key.get_public_key. */ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this) { - return gcrypt_rsa_public_key_create_from_sexp(this->key); -} + chunk_t n, e; + public_key_t *public; -/** - * Implementation of gcrypt_rsa_private_key.equals. - */ -static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other) -{ - identification_t *keyid; + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); + chunk_free(&n); + chunk_free(&e); -/** - * Implementation of gcrypt_rsa_private_key.belongs_to. - */ -static bool belongs_to(private_gcrypt_rsa_private_key_t *this, - public_key_t *public) -{ - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return public; } /** - * Implementation of private_key_t.get_encoding. + * Implementation of private_key_t.get_encoding */ -static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) +static bool get_encoding(private_gcrypt_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty; + chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty; gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2; gcry_error_t err; - + bool success; + /* p and q are swapped, gcrypt expects p < q */ cp = gcrypt_rsa_find_token(this->key, "q", NULL); cq = gcrypt_rsa_find_token(this->key, "p", NULL); cd = gcrypt_rsa_find_token(this->key, "d", NULL); - + err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL) | gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL) | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL); @@ -402,26 +330,26 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) chunk_clear(&cq); chunk_clear(&cd); DBG1("scanning mpi for export failed: %s", gpg_strerror(err)); - return chunk_empty; + return FALSE; } - + gcry_mpi_sub_ui(p, p, 1); exp1 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); gcry_mpi_mod(exp1, d, p); gcry_mpi_release(p); - + gcry_mpi_sub_ui(q, q, 1); exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); gcry_mpi_mod(exp1, d, q); gcry_mpi_release(q); - + err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1) | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp2.ptr, &cexp2.len, exp2); - + gcry_mpi_release(d); gcry_mpi_release(exp1); gcry_mpi_release(exp2); - + if (err) { DBG1("printing mpi for export failed: %s", gpg_strerror(err)); @@ -430,18 +358,53 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) chunk_clear(&cd); chunk_clear(&cexp1); chunk_clear(&cexp2); - return chunk_empty; + return FALSE; + } + + cn = gcrypt_rsa_find_token(this->key, "n", NULL); + ce = gcrypt_rsa_find_token(this->key, "e", NULL); + cu = gcrypt_rsa_find_token(this->key, "u", NULL); + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, cn, + KEY_PART_RSA_PUB_EXP, ce, KEY_PART_RSA_PRIV_EXP, cd, + KEY_PART_RSA_PRIME1, cp, KEY_PART_RSA_PRIME2, cq, + KEY_PART_RSA_EXP1, cexp1, KEY_PART_RSA_EXP2, cexp2, + KEY_PART_RSA_COEFF, cu, KEY_PART_END); + chunk_free(&cn); + chunk_free(&ce); + chunk_clear(&cd); + chunk_clear(&cp); + chunk_clear(&cq); + chunk_clear(&cexp1); + chunk_clear(&cexp2); + chunk_clear(&cu); + + return success; +} + +/** + * Implementation of private_key_t.get_fingerprint + */ +static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) +{ + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; } - - return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0, - asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)), - asn1_integer("m", cd), - asn1_integer("m", cp), - asn1_integer("m", cq), - asn1_integer("m", cexp1), - asn1_integer("m", cexp2), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "u", NULL))); + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); + + success = lib->encoding->encode(lib->encoding, + type, this, fp, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + return success; } /** @@ -460,9 +423,8 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) { if (ref_put(&this->ref)) { - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); gcry_sexp_release(this->key); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } @@ -473,192 +435,121 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty() { private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->key = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * build the keyids of a private/public key + * See header. */ -bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info) +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, + va_list args) { - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + private_gcrypt_rsa_private_key_t *this; + gcry_sexp_t param; + gcry_error_t err; + u_int key_size = 0; + + while (TRUE) { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) + { + return NULL; } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("m", gcrypt_rsa_find_token(key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(key, "e", NULL))); - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - - return TRUE; -} -/** - * Generate an RSA key of specified key size - */ -static gcrypt_rsa_private_key_t *generate(size_t key_size) -{ - private_gcrypt_rsa_private_key_t *this; - gcry_sexp_t param, key; - gcry_error_t err; - err = gcry_sexp_build(¶m, NULL, "(genkey(rsa(nbits %d)))", key_size); if (err) { DBG1("building S-expression failed: %s", gpg_strerror(err)); return NULL; } - - err = gcry_pk_genkey(&key, param); + this = gcrypt_rsa_private_key_create_empty(); + err = gcry_pk_genkey(&this->key, param); gcry_sexp_release(param); if (err) { + free(this); DBG1("generating RSA key failed: %s", gpg_strerror(err)); return NULL; } - this = gcrypt_rsa_private_key_create_empty(); - this->key = key; - - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; } /** - * ASN.1 definition of a PKCS#1 RSA private key - */ -static const asn1Object_t privkeyObjects[] = { - { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ - { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ - { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ - { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ - { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 10 */ - { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ - { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ - { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ - { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ - { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PRIV_KEY_VERSION 1 -#define PRIV_KEY_MODULUS 2 -#define PRIV_KEY_PUB_EXP 3 -#define PRIV_KEY_PRIV_EXP 4 -#define PRIV_KEY_PRIME1 5 -#define PRIV_KEY_PRIME2 6 -#define PRIV_KEY_EXP1 7 -#define PRIV_KEY_EXP2 8 -#define PRIV_KEY_COEFF 9 - -/** - * load private key from a ASN1 encoded blob + * See header. */ -static gcrypt_rsa_private_key_t *load(chunk_t blob) +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, + va_list args) { private_gcrypt_rsa_private_key_t *this; - asn1_parser_t *parser; - chunk_t object; - int objectID ; - bool success = FALSE; - chunk_t n, e, d, u, p, q; + chunk_t n, e, d, p, q, exp, u; gcry_error_t err; - - n = e = d = u = p = q = chunk_empty; - - parser = asn1_parser_create(privkeyObjects, blob); - parser->set_flags(parser, FALSE, TRUE); - - while (parser->iterate(parser, &objectID, &object)) + + n = e = d = p = q = u = chunk_empty; + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PRIV_KEY_VERSION: - if (object.len > 0 && *object.ptr != 0) - { - goto end; - } - break; - case PRIV_KEY_MODULUS: - n = object; - break; - case PRIV_KEY_PUB_EXP: - e = object; - break; - case PRIV_KEY_PRIV_EXP: - d = object; - break; - case PRIV_KEY_PRIME1: - /* p and q are swapped, as gcrypt expects p < q */ - q = object; - break; - case PRIV_KEY_PRIME2: - p = object; - break; - case PRIV_KEY_EXP1: - case PRIV_KEY_EXP2: - break; - case PRIV_KEY_COEFF: - u = object; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + /* swap p and q, gcrypt expects p < q */ + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + case BUILD_RSA_EXP2: + /* not required for gcrypt */ + exp = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + u = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - -end: - parser->destroy(parser); - - if (!success) - { - return NULL; - } - + this = gcrypt_rsa_private_key_create_empty(); err = gcry_sexp_build(&this->key, NULL, "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))", @@ -677,91 +568,6 @@ end: destroy(this); return NULL; } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; - -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - gcrypt_rsa_private_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gcrypt_rsa_private_key_t *build(private_builder_t *this) -{ - gcrypt_rsa_private_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = load(va_arg(args, chunk_t)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gcrypt_rsa_private_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gcrypt_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h index 2edd7ce5d..4c3605f4b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h @@ -21,6 +21,7 @@ #ifndef GCRYPT_RSA_PRIVATE_KEY_H_ #define GCRYPT_RSA_PRIVATE_KEY_H_ +#include <credentials/builder.h> #include <credentials/keys/private_key.h> typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t; @@ -29,7 +30,7 @@ typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t; * Private_key_t implementation of RSA algorithm using libgcrypt. */ struct gcrypt_rsa_private_key_t { - + /** * Implements private_key_t interface */ @@ -37,11 +38,27 @@ struct gcrypt_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generate a private key using gcrypt. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a gcrypt RSA private keys. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gcrypt_rsa_private_key_builder(key_type_t type); +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, + va_list args); #endif /** GCRYPT_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 4d9c88c6d..e083fac94 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include <gcrypt.h> #include "gcrypt_rsa_public_key.h" @@ -21,7 +21,6 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <asn1/pem.h> #include <crypto/hashers/hasher.h> typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; @@ -30,27 +29,17 @@ typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; * Private data structure with signing context. */ struct private_gcrypt_rsa_public_key_t { - + /** * Public interface for this signer. */ gcrypt_rsa_public_key_t public; - + /** * gcrypt S-expression representing an public RSA key */ gcry_sexp_t key; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - + /** * reference counter */ @@ -61,8 +50,6 @@ struct private_gcrypt_rsa_public_key_t { * Implemented in gcrypt_rsa_private_key.c */ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key); -bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info); /** * verification of a padded PKCS1 signature without an OID @@ -74,7 +61,7 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, gcry_error_t err; chunk_t em; size_t k; - + /* EM = 0x00 || 0x01 || PS || 0x00 || T * PS = 0xFF padding, with length to fill em * T = data @@ -90,7 +77,7 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, em.ptr[1] = 0x01; em.ptr[em.len - data.len - 1] = 0x00; memcpy(em.ptr + em.len - data.len, data.ptr, data.len); - + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", em.len, em.ptr); chunk_free(&em); @@ -129,7 +116,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, chunk_t hash; gcry_error_t err; gcry_sexp_t in, sig; - + hasher = lib->crypto->create_hasher(lib->crypto, algorithm); if (!hasher) { @@ -137,7 +124,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", hash_name, hash.len, hash.ptr); chunk_free(&hash); @@ -146,7 +133,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, DBG1("building data S-expression failed: %s", gpg_strerror(err)); return FALSE; } - + err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))", signature.len, signature.ptr); if (err) @@ -211,7 +198,7 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, { gcry_sexp_t in, out; gcry_error_t err; - + /* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption: * 00 | 02 | RANDOM | 00 | DATA */ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))", @@ -234,66 +221,55 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, } /** - * Implementation of gcrypt_rsa_public_key.equals. + * Implementation of public_key_t.get_keysize. */ -static bool equals(private_gcrypt_rsa_public_key_t *this, public_key_t *other) +static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return gcry_pk_get_nbits(this->key) / 8; } /** - * Implementation of public_key_t.get_keysize. + * Implementation of private_key_t.get_encoding */ -static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) +static bool get_encoding(private_gcrypt_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return gcry_pk_get_nbits(this->key) / 8; + chunk_t n, e; + bool success; + + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, + KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** - * Implementation of public_key_t.get_id. + * Implementation of private_key_t.get_fingerprint */ -static identification_t *get_id(private_gcrypt_rsa_public_key_t *this, - id_type_t type) +static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - switch (type) + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; + return TRUE; } -} + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); -/* - * Implementation of public_key_t.get_encoding. - */ -static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this) -{ - return asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL))); + success = lib->encoding->encode(lib->encoding, + type, this, fp, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + return success; } /** @@ -312,118 +288,57 @@ static void destroy(private_gcrypt_rsa_public_key_t *this) { if (ref_put(&this->ref)) { - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); gcry_sexp_release(this->key); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Generic private constructor - */ -static private_gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_create_empty() -{ - private_gcrypt_rsa_public_key_t *this = malloc_thing(private_gcrypt_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->key = NULL; - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} - -/** - * Create a public key from a S-expression, used in gcrypt_rsa_private_key + * See header. */ -public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key) +gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, + va_list args) { private_gcrypt_rsa_public_key_t *this; gcry_error_t err; chunk_t n, e; - - this = gcrypt_rsa_public_key_create_empty(); - n = gcrypt_rsa_find_token(key, "n", NULL); - e = gcrypt_rsa_find_token(key, "e", NULL); - - err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", - n.len, n.ptr, e.len, e.ptr); - chunk_free(&n); - chunk_free(&e); - if (err) - { - DBG1("loading public key failed: %s", gpg_strerror(err)); - free(this); - return NULL; - } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public.interface; -} -/** - * ASN.1 definition of RSApublicKey - */ -static const asn1Object_t pubkeyObjects[] = { - { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PUB_KEY_RSA_PUBLIC_KEY 0 -#define PUB_KEY_MODULUS 1 -#define PUB_KEY_EXPONENT 2 - -/** - * Load a public key from an ASN1 encoded blob - */ -static gcrypt_rsa_public_key_t *load(chunk_t blob) -{ - private_gcrypt_rsa_public_key_t *this; - asn1_parser_t *parser; - chunk_t object, n, e; - int objectID; - bool success = FALSE; - gcry_error_t err; - n = e = chunk_empty; - - parser = asn1_parser_create(pubkeyObjects, blob); - while (parser->iterate(parser, &objectID, &object)) + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PUB_KEY_MODULUS: - n = object; - break; - case PUB_KEY_EXPONENT: - e = object; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - parser->destroy(parser); - - if (!success) - { - return NULL; - } - - this = gcrypt_rsa_public_key_create_empty(); + + this = malloc_thing(private_gcrypt_rsa_public_key_t); + + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; + this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; + this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; + this->public.interface.equals = public_key_equals; + this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; + this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; + this->public.interface.destroy = (void (*)(public_key_t *this))destroy; + + this->key = NULL; + this->ref = 1; + err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", n.len, n.ptr, e.len, e.ptr); if (err) @@ -432,83 +347,7 @@ static gcrypt_rsa_public_key_t *load(chunk_t blob) free(this); return NULL; } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - gcrypt_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gcrypt_rsa_public_key_t *build(private_builder_t *this) -{ - gcrypt_rsa_public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = load(va_arg(args, chunk_t)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gcrypt_rsa_public_key_t*)this->key); - } - builder_cancel(&this->public); -} -/** - * Builder construction function - */ -builder_t *gcrypt_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h index 102547276..fa18c357b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h @@ -21,10 +21,11 @@ #ifndef GCRYPT_RSA_PUBLIC_KEY_H_ #define GCRYPT_RSA_PUBLIC_KEY_H_ -typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; - +#include <credentials/builder.h> #include <credentials/keys/public_key.h> +typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; + /** * public_key_t implementation of RSA algorithm using libgcrypt. */ @@ -37,11 +38,15 @@ struct gcrypt_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using gcrypt. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gcrypt_rsa_public_key_builder(key_type_t type); +gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, + va_list args); #endif /** GCRYPT_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 8d5dff34b..3077ea7e8 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gmp DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_gmp_la_DEPENDENCIES = am_libstrongswan_gmp_la_OBJECTS = gmp_plugin.lo gmp_diffie_hellman.lo \ @@ -59,6 +83,7 @@ libstrongswan_gmp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index a03e83e66..ea7e6fdd2 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -282,7 +282,7 @@ static u_int8_t group18_modulus[] = { typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -290,25 +290,25 @@ struct modulus_entry_t { * Group number as it is defined in file transform_substructure.h. */ diffie_hellman_group_t group; - + /** * Pointer to first byte of modulus (network order). */ u_int8_t *modulus; - - /* + + /* * Length of modulus in bytes. - */ + */ size_t modulus_len; - - /* + + /* * Optimum length of exponent in bytes. - */ + */ size_t opt_exponent_len; - /* + /* * Generator value. - */ + */ u_int16_t generator; }; @@ -336,47 +336,47 @@ struct private_gmp_diffie_hellman_t { * Public gmp_diffie_hellman_t interface. */ gmp_diffie_hellman_t public; - + /** * Diffie Hellman group number. */ u_int16_t group; - - /* + + /* * Generator value. - */ + */ mpz_t g; - + /** * My private value. */ mpz_t xa; - + /** * My public value. */ mpz_t ya; - + /** * Other public value. - */ + */ mpz_t yb; - + /** * Shared secret. - */ + */ mpz_t zz; /** * Modulus. */ mpz_t p; - + /** * Modulus length. */ size_t p_len; - + /** * Optimal exponent length. */ @@ -394,13 +394,13 @@ struct private_gmp_diffie_hellman_t { static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t value) { mpz_t p_min_1; - + mpz_init(p_min_1); mpz_sub_ui(p_min_1, this->p, 1); - + mpz_import(this->yb, value.len, 1, 1, 1, 0, value.ptr); - - /* check public value: + + /* check public value: * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1 * 2. a public value larger or equal the modulus is invalid */ if (mpz_cmp_ui(this->yb, 1) > 0 && @@ -409,7 +409,7 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v #ifdef EXTENDED_DH_TEST /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */ mpz_t q, one; - + mpz_init(q); mpz_init(one); mpz_fdiv_q_2exp(q, p_min_1, 1); @@ -443,11 +443,11 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *value) { value->len = this->p_len; - value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); - if (value->ptr == NULL) - { - value->len = 0; - } + value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); + if (value->ptr == NULL) + { + value->len = 0; + } } /** @@ -483,7 +483,7 @@ static status_t set_modulus(private_gmp_diffie_hellman_t *this) { int i; status_t status = NOT_FOUND; - + for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++) { if (modulus_entries[i].group == this->group) @@ -533,7 +533,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + /* private variables */ this->group = group; mpz_init(this->p); @@ -542,10 +542,10 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) mpz_init(this->xa); mpz_init(this->zz); mpz_init(this->g); - + this->computed = FALSE; - - /* find a modulus according to group */ + + /* find a modulus according to group */ if (set_modulus(this) != SUCCESS) { destroy(this); @@ -561,7 +561,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) ansi_x9_42 = lib->settings->get_int(lib->settings, "libstrongswan.dh_exponent_ansi_x9_42", TRUE); - exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len; + exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len; rng->allocate_bytes(rng, exponent_len, &random); rng->destroy(rng); @@ -575,7 +575,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2)); mpz_powm(this->ya, this->g, this->xa, this->p); - + return &this->public; } diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h index 774c31cc2..2a54eebb1 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h @@ -30,7 +30,7 @@ typedef struct gmp_diffie_hellman_t gmp_diffie_hellman_t; * Implementation of the Diffie-Hellman algorithm, as in RFC2631. Uses libgmp. */ struct gmp_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -39,7 +39,7 @@ struct gmp_diffie_hellman_t { /** * Creates a new gmp_diffie_hellman_t object. - * + * * @param group Diffie Hellman group number to use * @return gmp_diffie_hellman_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index f6ea964c1..b70ff881c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -41,9 +41,11 @@ static void destroy(private_gmp_plugin_t *this) lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gmp_diffie_hellman_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gmp_rsa_private_key_builder); + (builder_function_t)gmp_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gmp_rsa_public_key_builder); + (builder_function_t)gmp_rsa_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)gmp_rsa_public_key_load); free(this); } @@ -53,31 +55,33 @@ static void destroy(private_gmp_plugin_t *this) plugin_t *plugin_create() { private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - + + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)gmp_rsa_private_key_gen); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)gmp_rsa_private_key_builder); + (builder_function_t)gmp_rsa_private_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)gmp_rsa_public_key_builder); - + (builder_function_t)gmp_rsa_public_key_load); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h index d707d78ea..77d53965d 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.h +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h @@ -16,7 +16,7 @@ /** * @defgroup gmp_p gmp * @ingroup plugins - * + * * @defgroup gmp_plugin gmp_plugin * @{ @ingroup gmp_p */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 259c8e9ad..1829bd459 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -26,7 +26,6 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <pgp/pgp.h> /** * Public exponent to use for key generation. @@ -43,89 +42,82 @@ struct private_gmp_rsa_private_key_t { * Public interface for this signer. */ gmp_rsa_private_key_t public; - - /** - * Version of key, as encoded in PKCS#1 - */ - u_int version; - + /** * Public modulus. */ mpz_t n; - + /** * Public exponent. */ mpz_t e; - + /** * Private prime 1. */ mpz_t p; - + /** * Private Prime 2. */ mpz_t q; - + /** * Private exponent. */ mpz_t d; - + /** * Private exponent 1. */ mpz_t exp1; - + /** * Private exponent 2. */ mpz_t exp2; - + /** * Private coefficient. */ mpz_t coeff; - + /** * Keysize in bytes. */ size_t k; /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - - /** * reference count */ - refcount_t ref; + refcount_t ref; }; /** - * Shared functions defined in gmp_rsa_public_key.c + * Convert a MP integer into a chunk_t */ -extern bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, - identification_t **keyid, - identification_t **keyid_info); -extern gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e); +chunk_t gmp_mpz_to_chunk(const mpz_t value) +{ + chunk_t n; + + n.len = 1 + mpz_sizeinbase(value, 2) / BITS_PER_BYTE; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value); + if (n.ptr == NULL) + { /* if we have zero in "value", gmp returns NULL */ + n.len = 0; + } + return n; +} /** * Auxiliary function overwriting private key material with zero bytes */ -static void mpz_clear_randomized(mpz_t z) +static void mpz_clear_sensitive(mpz_t z) { size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE; u_int8_t *random = alloca(len); - + memset(random, 0, len); /* overwrite mpz_t with zero bytes before clearing it */ mpz_import(z, len, 1, 1, 1, 0, random); @@ -140,28 +132,28 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this, { rng_t *rng; chunk_t random_bytes; - + rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); if (!rng) { DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE); return FAILED; } - + mpz_init(*prime); do { rng->allocate_bytes(rng, prime_size, &random_bytes); /* make sure most significant bit is set */ random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80; - + mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); mpz_nextprime (*prime, *prime); chunk_clear(&random_bytes); } /* check if it isn't too large */ while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size); - + rng->destroy(rng); return SUCCESS; } @@ -173,32 +165,32 @@ static chunk_t rsadp(private_gmp_rsa_private_key_t *this, chunk_t data) { mpz_t t1, t2; chunk_t decrypted; - + mpz_init(t1); mpz_init(t2); - + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); - + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ mpz_mod(t2, t2, this->p); mpz_mul(t2, t2, this->coeff); mpz_mod(t2, t2, this->p); - + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ mpz_add(t1, t1, t2); - + decrypted.len = this->k; decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); if (decrypted.ptr == NULL) { decrypted.len = 0; } - - mpz_clear_randomized(t1); - mpz_clear_randomized(t2); - + + mpz_clear_sensitive(t1); + mpz_clear_sensitive(t2); + return decrypted; } @@ -225,7 +217,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, hasher_t *hasher; chunk_t hash; int hash_oid = hasher_algorithm_to_oid(hash_algorithm); - + if (hash_oid == OID_UNKNOWN) { return FALSE; @@ -238,9 +230,9 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + /* build DER-encoded digestInfo */ - digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm", + digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_algorithmIdentifier(hash_oid), asn1_simple_object(ASN1_OCTET_STRING, hash) ); @@ -254,15 +246,15 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8); return FALSE; } - + /* build chunk to rsa-decrypt: - * EM = 0x00 || 0x01 || PS || 0x00 || T. + * EM = 0x00 || 0x01 || PS || 0x00 || T. * PS = 0xFF padding, with length to fill em * T = encoded_hash */ em.len = this->k; em.ptr = malloc(em.len); - + /* fill em with padding */ memset(em.ptr, 0xFF, em.len); /* set magic bytes */ @@ -274,11 +266,11 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, /* build signature */ *signature = rsasp1(this, em); - + free(digestInfo.ptr); free(em.ptr); - - return TRUE; + + return TRUE; } /** @@ -292,7 +284,7 @@ static key_type_t get_type(private_gmp_rsa_private_key_t *this) /** * Implementation of gmp_rsa_private_key.sign. */ -static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { switch (scheme) @@ -326,7 +318,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto, { chunk_t em, stripped; bool success = FALSE; - + /* rsa decryption using PKCS#1 RSADP */ stripped = em = rsadp(this, crypto); @@ -366,28 +358,22 @@ static size_t get_keysize(private_gmp_rsa_private_key_t *this) } /** - * Implementation of gmp_rsa_private_key.get_id. - */ -static identification_t* get_id(private_gmp_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - -/** * Implementation of gmp_rsa_private_key.get_public_key. */ -static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) +static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) { - return gmp_rsa_public_key_create_from_n_e(this->n, this->e); + chunk_t n, e; + public_key_t *public; + + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); + chunk_free(&n); + chunk_free(&e); + + return public; } /** @@ -395,27 +381,7 @@ static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) */ static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return private_key_equals(&this->public.interface, other); } /** @@ -423,64 +389,67 @@ static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other) */ static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public) { - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return private_key_belongs_to(&this->public.interface, public); } /** - * Convert a MP integer into a chunk_t + * Implementation of private_key_t.get_encoding */ -chunk_t gmp_mpz_to_chunk(const mpz_t value) +static bool get_encoding(private_gmp_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t n; - - n.len = 1 + mpz_sizeinbase(value, 2) / BITS_PER_BYTE; - n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value); - if (n.ptr == NULL) - { /* if we have zero in "value", gmp returns NULL */ - n.len = 0; - } - return n; -} + chunk_t n, e, d, p, q, exp1, exp2, coeff; + bool success; + + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + d = gmp_mpz_to_chunk(this->d); + p = gmp_mpz_to_chunk(this->p); + q = gmp_mpz_to_chunk(this->q); + exp1 = gmp_mpz_to_chunk(this->exp1); + exp2 = gmp_mpz_to_chunk(this->exp2); + coeff = gmp_mpz_to_chunk(this->coeff); + + success = lib->encoding->encode(lib->encoding, + type, NULL, encoding, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_RSA_PRIV_EXP, d, + KEY_PART_RSA_PRIME1, p, KEY_PART_RSA_PRIME2, q, + KEY_PART_RSA_EXP1, exp1, KEY_PART_RSA_EXP2, exp2, + KEY_PART_RSA_COEFF, coeff, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + chunk_clear(&d); + chunk_clear(&p); + chunk_clear(&q); + chunk_clear(&exp1); + chunk_clear(&exp2); + chunk_clear(&coeff); -/** - * Convert a MP integer into a DER coded ASN.1 object - */ -chunk_t gmp_mpz_to_asn1(const mpz_t value) -{ - return asn1_wrap(ASN1_INTEGER, "m", gmp_mpz_to_chunk(value)); + return success; } /** - * Implementation of private_key_t.get_encoding. + * Implementation of private_key_t.get_fingerprint */ -static chunk_t get_encoding(private_gmp_rsa_private_key_t *this) +static bool get_fingerprint(private_gmp_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", - ASN1_INTEGER_0, - gmp_mpz_to_asn1(this->n), - gmp_mpz_to_asn1(this->e), - gmp_mpz_to_asn1(this->d), - gmp_mpz_to_asn1(this->p), - gmp_mpz_to_asn1(this->q), - gmp_mpz_to_asn1(this->exp1), - gmp_mpz_to_asn1(this->exp2), - gmp_mpz_to_asn1(this->coeff)); + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; + } + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + + success = lib->encoding->encode(lib->encoding, type, this, fp, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** @@ -490,7 +459,6 @@ static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *thi { ref_get(&this->ref); return this; - } /** @@ -500,16 +468,15 @@ static void destroy(private_gmp_rsa_private_key_t *this) { if (ref_put(&this->ref)) { - mpz_clear_randomized(this->n); - mpz_clear_randomized(this->e); - mpz_clear_randomized(this->p); - mpz_clear_randomized(this->q); - mpz_clear_randomized(this->d); - mpz_clear_randomized(this->exp1); - mpz_clear_randomized(this->exp2); - mpz_clear_randomized(this->coeff); - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); + mpz_clear_sensitive(this->n); + mpz_clear_sensitive(this->e); + mpz_clear_sensitive(this->p); + mpz_clear_sensitive(this->q); + mpz_clear_sensitive(this->d); + mpz_clear_sensitive(this->exp1); + mpz_clear_sensitive(this->exp2); + mpz_clear_sensitive(this->coeff); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } @@ -521,7 +488,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) { mpz_t t, u, q1; status_t status = SUCCESS; - + /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets. * We actually require more (for security). */ @@ -530,25 +497,25 @@ static status_t check(private_gmp_rsa_private_key_t *this) DBG1("key shorter than 512 bits"); return FAILED; } - + /* we picked a max modulus size to simplify buffer allocation */ if (this->k > 8192 / BITS_PER_BYTE) { DBG1("key larger than 8192 bits"); return FAILED; } - + mpz_init(t); mpz_init(u); mpz_init(q1); - + /* check that n == p * q */ mpz_mul(u, this->p, this->q); if (mpz_cmp(u, this->n) != 0) { status = FAILED; } - + /* check that e divides neither p-1 nor q-1 */ mpz_sub_ui(t, this->p, 1); mpz_mod(t, t, this->e); @@ -556,14 +523,14 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - + mpz_sub_ui(t, this->q, 1); mpz_mod(t, t, this->e); if (mpz_cmp_ui(t, 0) == 0) { status = FAILED; } - + /* check that d is e^-1 (mod lcm(p-1, q-1)) */ /* see PKCS#1v2, aka RFC 2437, for the "lcm" */ mpz_sub_ui(q1, this->q, 1); @@ -571,14 +538,14 @@ static status_t check(private_gmp_rsa_private_key_t *this) mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */ mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */ mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */ - + mpz_mul(t, this->d, this->e); mpz_mod(t, t, u); if (mpz_cmp_ui(t, 1) != 0) { status = FAILED; } - + /* check that exp1 is d mod (p-1) */ mpz_sub_ui(u, this->p, 1); mpz_mod(t, this->d, u); @@ -586,7 +553,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - + /* check that exp2 is d mod (q-1) */ mpz_sub_ui(u, this->q, 1); mpz_mod(t, this->d, u); @@ -594,7 +561,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - + /* check that coeff is (q^-1) mod p */ mpz_mul(t, this->coeff, this->q); mpz_mod(t, t, this->p); @@ -602,10 +569,10 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - - mpz_clear_randomized(t); - mpz_clear_randomized(u); - mpz_clear_randomized(q1); + + mpz_clear_sensitive(t); + mpz_clear_sensitive(u); + mpz_clear_sensitive(q1); if (status != SUCCESS) { DBG1("key integrity tests failed"); @@ -619,63 +586,82 @@ static status_t check(private_gmp_rsa_private_key_t *this) static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void) { private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; - this->public.interface.get_encoding = (chunk_t (*) (private_key_t*))get_encoding; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; this->public.interface.destroy = (void (*) (private_key_t*))destroy; - - this->keyid = NULL; - this->keyid_info = NULL; + this->ref = 1; - + return this; } /** - * Generate an RSA key of specified key size + * See header. */ -static gmp_rsa_private_key_t *generate(size_t key_size) +gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) { - mpz_t p, q, n, e, d, exp1, exp2, coeff; - mpz_t m, q1, t; - private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty(); - + mpz_t p, q, n, e, d, exp1, exp2, coeff, m, q1, t; + private_gmp_rsa_private_key_t *this; + u_int key_size = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) + { + return NULL; + } + + this = gmp_rsa_private_key_create_empty(); key_size = key_size / BITS_PER_BYTE; - + /* Get values of primes p and q */ if (compute_prime(this, key_size/2, &p) != SUCCESS) { free(this); return NULL; - } + } if (compute_prime(this, key_size/2, &q) != SUCCESS) { mpz_clear(p); free(this); return NULL; } - - mpz_init(t); + + mpz_init(t); mpz_init(n); mpz_init(d); mpz_init(exp1); mpz_init(exp2); mpz_init(coeff); - + /* Swapping Primes so p is larger then q */ if (mpz_cmp(p, q) < 0) { mpz_swap(p, q); } - + mpz_mul(n, p, q); /* n = p*q */ mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ mpz_init_set(m, p); /* m = p */ @@ -696,16 +682,16 @@ static gmp_rsa_private_key_t *generate(size_t key_size) mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ mpz_sub_ui(t, q, 1); /* t = q-1 */ mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ - + mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ { mpz_add(coeff, coeff, p); } - mpz_clear_randomized(q1); - mpz_clear_randomized(m); - mpz_clear_randomized(t); + mpz_clear_sensitive(q1); + mpz_clear_sensitive(m); + mpz_clear_sensitive(t); /* apply values */ *(this->p) = *p; @@ -716,145 +702,60 @@ static gmp_rsa_private_key_t *generate(size_t key_size) *(this->exp1) = *exp1; *(this->exp2) = *exp2; *(this->coeff) = *coeff; - + /* set key size in bytes */ this->k = key_size; - + return &this->public; } /** - * ASN.1 definition of a PKCS#1 RSA private key - */ -static const asn1Object_t privkeyObjects[] = { - { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ - { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ - { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ - { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ - { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 10 */ - { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ - { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ - { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ - { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ - { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PRIV_KEY_VERSION 1 -#define PRIV_KEY_MODULUS 2 -#define PRIV_KEY_PUB_EXP 3 -#define PRIV_KEY_PRIV_EXP 4 -#define PRIV_KEY_PRIME1 5 -#define PRIV_KEY_PRIME2 6 -#define PRIV_KEY_EXP1 7 -#define PRIV_KEY_EXP2 8 -#define PRIV_KEY_COEFF 9 - -/** - * load private key from a ASN1 encoded blob + * See header. */ -static gmp_rsa_private_key_t *load_asn1_der(chunk_t blob) +gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) { - asn1_parser_t *parser; - chunk_t object; - int objectID ; - bool success = FALSE; + chunk_t n, e, d, p, q, exp1, exp2, coeff; + private_gmp_rsa_private_key_t *this; - private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty(); - - mpz_init(this->n); - mpz_init(this->e); - mpz_init(this->p); - mpz_init(this->q); - mpz_init(this->d); - mpz_init(this->exp1); - mpz_init(this->exp2); - mpz_init(this->coeff); - - parser = asn1_parser_create(privkeyObjects, blob); - parser->set_flags(parser, FALSE, TRUE); - - while (parser->iterate(parser, &objectID, &object)) + n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty; + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PRIV_KEY_VERSION: - if (object.len > 0 && *object.ptr != 0) - { - DBG1("PKCS#1 private key format is not version 1"); - goto end; - } - break; - case PRIV_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PUB_EXP: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIV_EXP: - mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME1: - mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME2: - mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_EXP1: - mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_EXP2: - mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_COEFF: - mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr); + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + exp1 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP2: + exp2 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + coeff = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); -end: - parser->destroy(parser); - chunk_clear(&blob); + this = gmp_rsa_private_key_create_empty(); - if (!success) - { - destroy(this); - return NULL; - } - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - if (check(this) != SUCCESS) - { - destroy(this); - return NULL; - } - return &this->public; -} - -/** - * load private key from an OpenPGP blob coded according to section - */ -static gmp_rsa_private_key_t *load_pgp(chunk_t blob) -{ - mpz_t u; - int objectID; - chunk_t packet = blob; - private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty(); - mpz_init(this->n); mpz_init(this->e); mpz_init(this->p); @@ -864,205 +765,36 @@ static gmp_rsa_private_key_t *load_pgp(chunk_t blob) mpz_init(this->exp2); mpz_init(this->coeff); - for (objectID = PRIV_KEY_MODULUS; objectID <= PRIV_KEY_COEFF; objectID++) - { - chunk_t object; - - switch (objectID) - { - case PRIV_KEY_PRIV_EXP: - { - pgp_sym_alg_t s2k; - - /* string-to-key usage */ - s2k = pgp_length(&packet, 1); - DBG2("L3 - string-to-key: %d", s2k); - - if (s2k == 255 || s2k == 254) - { - DBG1("string-to-key specifiers not supported"); - goto end; - } - DBG2(" %N", pgp_sym_alg_names, s2k); - - if (s2k != PGP_SYM_ALG_PLAIN) - { - DBG1("%N encryption not supported", pgp_sym_alg_names, s2k); - goto end; - } - break; - } - case PRIV_KEY_EXP1: - case PRIV_KEY_EXP2: - /* not contained in OpenPGP secret key payload */ - continue; - default: - break; - } - - DBG2("L3 - %s:", privkeyObjects[objectID].name); - object.len = pgp_length(&packet, 2); - - if (object.len == PGP_INVALID_LENGTH) - { - DBG1("OpenPGP length is invalid"); - goto end; - } - object.len = (object.len + 7) / BITS_PER_BYTE; - if (object.len > packet.len) - { - DBG1("OpenPGP field is too short"); - goto end; - } - object.ptr = packet.ptr; - packet.ptr += object.len; - packet.len -= object.len; - DBG4("%B", &object); - - switch (objectID) - { - case PRIV_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PUB_EXP: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIV_EXP: - mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME1: - mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME2: - mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_COEFF: - mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr); - break; - } - } - - /* auxiliary variable */ - mpz_init(u); - - /* exp1 = d mod (p-1) */ - mpz_sub_ui(u, this->p, 1); - mpz_mod(this->exp1, this->d, u); - - /* exp2 = d mod (q-1) */ - mpz_sub_ui(u, this->q, 1); - mpz_mod(this->exp2, this->d, u); - - mpz_clear(u); - chunk_clear(&blob); - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; + mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); + mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr); + mpz_import(this->d, d.len, 1, 1, 1, 0, d.ptr); + mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); + mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr); + mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr); + if (!exp1.len) + { /* exp1 missing in key, recalculate: exp1 = d mod (p-1) */ + mpz_sub_ui(this->exp1, this->p, 1); + mpz_mod(this->exp1, this->d, this->exp1); } - if (check(this) != SUCCESS) + else { - destroy(this); - return NULL; + mpz_import(this->exp1, exp1.len, 1, 1, 1, 0, exp1.ptr); } - return &this->public; - -end: - chunk_clear(&blob); - destroy(this); - return NULL; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - gmp_rsa_private_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gmp_rsa_private_key_t *build(private_builder_t *this) -{ - gmp_rsa_private_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t chunk; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_asn1_der(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_BLOB_PGP: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_pgp(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - default: - break; - } + if (!exp2.len) + { /* exp2 missing in key, recalculate: exp2 = d mod (q-1) */ + mpz_sub_ui(this->exp2, this->q, 1); + mpz_mod(this->exp2, this->d, this->exp2); } - if (this->key) + else { - destroy((private_gmp_rsa_private_key_t*)this->key); + mpz_import(this->exp2, exp2.len, 1, 1, 1, 0, exp2.ptr); } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gmp_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) + this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; + if (check(this) != SUCCESS) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h index d47e2583d..db1fcf535 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef GMP_RSA_PRIVATE_KEY_H_ #define GMP_RSA_PRIVATE_KEY_H_ +#include <credentials/builder.h> #include <credentials/keys/private_key.h> typedef struct gmp_rsa_private_key_t gmp_rsa_private_key_t; @@ -37,12 +38,25 @@ struct gmp_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generated a RSA private keys using libgmp. + * + * Accepts the BUILD_KEY_SIZE argument. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return generated key, NULL on failure */ -builder_t *gmp_rsa_private_key_builder(key_type_t type); +gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args); -#endif /** GMP_RSA_PRIVATE_KEY_H_ @}*/ +/** + * Loaded a RSA private keys using libgmp. + * + * Accepts BUILD_RSA_* components. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args); +#endif /** GMP_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index c26187c64..5fea69131 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include <gmp.h> #include <sys/stat.h> #include <unistd.h> @@ -26,9 +26,7 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <asn1/pem.h> #include <crypto/hashers/hasher.h> -#include <pgp/pgp.h> typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t; @@ -40,32 +38,22 @@ struct private_gmp_rsa_public_key_t { * Public interface for this signer. */ gmp_rsa_public_key_t public; - + /** * Public modulus. */ mpz_t n; - + /** * Public exponent. */ mpz_t e; - + /** * Keysize in bytes. */ size_t k; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t *keyid_info; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t *keyid; - + /** * reference counter */ @@ -76,7 +64,6 @@ struct private_gmp_rsa_public_key_t { * Shared functions defined in gmp_rsa_private_key.c */ extern chunk_t gmp_mpz_to_chunk(const mpz_t value); -extern chunk_t gmp_mpz_to_asn1(const mpz_t value); /** * RSAEP algorithm specified in PKCS#1. @@ -85,12 +72,12 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) { mpz_t m, c; chunk_t encrypted; - + mpz_init(c); mpz_init(m); - + mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); - + mpz_powm(c, m, this->e, this->n); encrypted.len = this->k; @@ -99,10 +86,10 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) { encrypted.len = 0; } - + mpz_clear(c); mpz_clear(m); - + return encrypted; } @@ -136,34 +123,34 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, { chunk_t em_ori, em; bool success = FALSE; - + /* remove any preceding 0-bytes from signature */ while (signature.len && *(signature.ptr) == 0x00) { signature = chunk_skip(signature, 1); } - + if (signature.len == 0 || signature.len > this->k) { return INVALID_ARG; } - + /* unpack signature */ em_ori = em = rsavp1(this, signature); - + /* result should look like this: - * EM = 0x00 || 0x01 || PS || 0x00 || T. + * EM = 0x00 || 0x01 || PS || 0x00 || T. * PS = 0xFF padding, with length to fill em * T = oid || hash */ - + /* check magic bytes */ if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) { goto end; } em = chunk_skip(em, 2); - + /* find magic 0x00 */ while (em.len > 0) { @@ -240,7 +227,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, { chunk_t hash; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); if (hasher == NULL) { @@ -290,7 +277,7 @@ static key_type_t get_type(private_gmp_rsa_public_key_t *this) /** * Implementation of public_key_t.verify. */ -static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, +static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature) { switch (scheme) @@ -316,7 +303,7 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme } } -#define MIN_PS_PADDING 8 +#define MIN_PS_PADDING 8 /** * Implementation of public_key_t.encrypt. @@ -327,7 +314,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, chunk_t em; u_char *pos; int padding, i; - rng_t *rng; + rng_t *rng; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng == NULL) @@ -338,7 +325,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* number of pseudo-random padding octets */ padding = this->k - plain.len - 3; - if (padding < MIN_PS_PADDING) + if (padding < MIN_PS_PADDING) { DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING); return FALSE; @@ -346,9 +333,9 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */ DBG2("padding %u bytes of data to the rsa modulus size of %u bytes", - plain.len, this->k); + plain.len, this->k); em.len = this->k; - em.ptr = malloc(em.len); + em.ptr = malloc(em.len); pos = em.ptr; *pos++ = 0x00; *pos++ = 0x02; @@ -373,7 +360,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* now add the data */ memcpy(pos, plain.ptr, plain.len); DBG3("padded data before rsa encryption: %B", &em); - + /* rsa encryption using PKCS#1 RSAEP */ *crypto = rsaep(this, em); DBG3("rsa encrypted data: %B", crypto); @@ -386,27 +373,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, */ static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return public_key_equals(&this->public.interface, other); } /** @@ -418,72 +385,47 @@ static size_t get_keysize(private_gmp_rsa_public_key_t *this) } /** - * Build the PGP version 3 RSA key identifier from n and e using - * MD5 hashed modulus and exponent. + * Implementation of public_key_t.get_encoding */ -static identification_t* gmp_rsa_build_pgp_v3_keyid(mpz_t n, mpz_t e) +static bool get_encoding(private_gmp_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - identification_t *keyid; - chunk_t modulus, mod, exponent, exp, hash; - hasher_t *hasher; - - hasher= lib->crypto->create_hasher(lib->crypto, HASH_MD5); - if (hasher == NULL) - { - DBG1("computation of PGP V3 keyid failed, no MD5 hasher is available"); - return NULL; - } - mod = modulus = gmp_mpz_to_chunk(n); - exp = exponent = gmp_mpz_to_chunk(e); + chunk_t n, e; + bool success; - /* remove leading zero bytes before hashing modulus and exponent */ - while (mod.len > 0 && *mod.ptr == 0x00) - { - mod.ptr++; - mod.len--; - } - while (exp.len > 0 && *exp.ptr == 0x00) - { - exp.ptr++; - exp.len--; - } - hasher->allocate_hash(hasher, mod, NULL); - hasher->allocate_hash(hasher, exp, &hash); - hasher->destroy(hasher); - keyid = identification_create_from_encoding(ID_KEY_ID, hash); - free(hash.ptr); - free(modulus.ptr); - free(exponent.ptr); - return keyid; + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** - * Implementation of public_key_t.get_id. + * Implementation of public_key_t.get_fingerprint */ -static identification_t *get_id(private_gmp_rsa_public_key_t *this, - id_type_t type) +static bool get_fingerprint(private_gmp_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - switch (type) + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - case ID_KEY_ID: - return gmp_rsa_build_pgp_v3_keyid(this->n, this->e); - default: - return NULL; + return TRUE; } -} + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); -/* - * Implementation of public_key_t.get_encoding. - */ -static chunk_t get_encoding(private_gmp_rsa_public_key_t *this) -{ - return asn1_wrap(ASN1_SEQUENCE, "mm", - gmp_mpz_to_asn1(this->n), - gmp_mpz_to_asn1(this->e)); + success = lib->encoding->encode(lib->encoding, type, this, fp, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** @@ -504,369 +446,65 @@ static void destroy(private_gmp_rsa_public_key_t *this) { mpz_clear(this->n); mpz_clear(this->e); - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Generic private constructor + * See header. */ -static private_gmp_rsa_public_key_t *gmp_rsa_public_key_create_empty() +gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) { - private_gmp_rsa_public_key_t *this = malloc_thing(private_gmp_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type; - this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify; - this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t*, id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*) (public_key_t*))get_encoding; - this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref; - this->public.interface.destroy = (void (*) (public_key_t *this))destroy; - - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} + private_gmp_rsa_public_key_t *this; + chunk_t n, e; -/** - * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info). - * Also used in rsa_private_key.c. - */ -bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid, - identification_t **keyid_info) -{ - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; - } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - gmp_mpz_to_asn1(n), - gmp_mpz_to_asn1(e)); - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - - return TRUE; -} - -/** - * Create a public key from mpz values, used in gmp_rsa_private_key - */ -gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e) -{ - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - - mpz_init_set(this->n, n); - mpz_init_set(this->e, e); - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) + n = e = chunk_empty; + while (TRUE) { - destroy(this); - return NULL; - } - return &this->public; -} - -/** - * ASN.1 definition of RSApublicKey - */ -static const asn1Object_t pubkeyObjects[] = { - { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PUB_KEY_RSA_PUBLIC_KEY 0 -#define PUB_KEY_MODULUS 1 -#define PUB_KEY_EXPONENT 2 - -/** - * Load a public key from an ASN.1 encoded blob - */ -static gmp_rsa_public_key_t *load_asn1_der(chunk_t blob) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - bool success = FALSE; - - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - - mpz_init(this->n); - mpz_init(this->e); - - parser = asn1_parser_create(pubkeyObjects, blob); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PUB_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PUB_KEY_EXPONENT: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - free(blob.ptr); - parser->destroy(parser); - - if (!success) + if (!e.ptr || !n.ptr) { - destroy(this); return NULL; } - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} + this = malloc_thing(private_gmp_rsa_public_key_t); -/** - * Load a public key from an OpenPGP blob - */ -static gmp_rsa_public_key_t* load_pgp(chunk_t blob) -{ - int objectID; - chunk_t packet = blob; - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - - mpz_init(this->n); - mpz_init(this->e); - - for (objectID = PUB_KEY_MODULUS; objectID <= PUB_KEY_EXPONENT; objectID++) - { - chunk_t object; - - DBG2("L3 - %s:", pubkeyObjects[objectID].name); - object.len = pgp_length(&packet, 2); - - if (object.len == PGP_INVALID_LENGTH) - { - DBG1("OpenPGP length is invalid"); - goto end; - } - object.len = (object.len + 7) / BITS_PER_BYTE; - if (object.len > packet.len) - { - DBG1("OpenPGP field is too short"); - goto end; - } - object.ptr = packet.ptr; - packet.ptr += object.len; - packet.len -= object.len; - DBG4("%B", &object); - - switch (objectID) - { - case PUB_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PUB_KEY_EXPONENT: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); - break; - } - } - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - free(blob.ptr); - - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; + this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type; + this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify; + this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_; + this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; + this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; + this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref; + this->public.interface.destroy = (void (*) (public_key_t *this))destroy; -end: - free(blob.ptr); - destroy(this); - return NULL; -} + this->ref = 1; -/** - * Load a public key from an RFC 3110 encoded blob - */ -static gmp_rsa_public_key_t *load_rfc_3110(chunk_t blob) -{ - chunk_t exponent, modulus; - u_char *pos = blob.ptr; - size_t len = blob.len; - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - mpz_init(this->n); mpz_init(this->e); - if (blob.len < 3) - { - DBG1("RFC 3110 public key blob too short for exponent length"); - goto end; - } - if (pos[0] != 0x00) - { - exponent = chunk_create(pos + 1, pos[0]); - pos++; - len--; - } - else - { - exponent = chunk_create(pos + 3, 256*pos[1] + pos[2]); - pos += 3; - len -= 3; - } - if (exponent.len > len) - { - DBG1("RFC 3110 public key blob too short for exponent"); - goto end; - } - pos += exponent.len; - len -= exponent.len; - - if (len == 0) - { - DBG1("RFC 3110 public key blob has zero length modulus"); - goto end; - } - modulus = chunk_create(pos, len); + mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); + mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr); - mpz_import(this->n, modulus.len, 1, 1, 1, 0, modulus.ptr); - mpz_import(this->e, exponent.len, 1, 1, 1, 0, exponent.ptr); - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - free(blob.ptr); + this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; - -end: - free(blob.ptr); - destroy(this); - return NULL; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - gmp_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gmp_rsa_public_key_t *build(private_builder_t *this) -{ - gmp_rsa_public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t chunk; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_asn1_der(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_BLOB_PGP: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_pgp(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_BLOB_RFC_3110: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_rfc_3110(chunk_clone(chunk)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gmp_rsa_public_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gmp_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h index ed7b9429f..807f0bb7c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h @@ -22,10 +22,11 @@ #ifndef GMP_RSA_PUBLIC_KEY_H_ #define GMP_RSA_PUBLIC_KEY_H_ -typedef struct gmp_rsa_public_key_t gmp_rsa_public_key_t; - +#include <credentials/builder.h> #include <credentials/keys/public_key.h> +typedef struct gmp_rsa_public_key_t gmp_rsa_public_key_t; + /** * public_key_t implementation of RSA algorithm using libgmp. */ @@ -38,11 +39,14 @@ struct gmp_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using libgmp. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gmp_rsa_public_key_builder(key_type_t type); +gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args); #endif /** GMP_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 389bde8f9..7dc8269a4 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/hmac DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_hmac_la_LIBADD = am_libstrongswan_hmac_la_OBJECTS = hmac_plugin.lo hmac.lo hmac_prf.lo \ @@ -59,6 +83,7 @@ libstrongswan_hmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 6dfa02233..c1ab48899 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -23,7 +23,7 @@ typedef struct private_hmac_t private_hmac_t; /** * Private data of a hmac_t object. - * + * * The variable names are the same as in the RFC. */ struct private_hmac_t { @@ -31,22 +31,22 @@ struct private_hmac_t { * Public hmac_t interface. */ hmac_t hmac; - + /** * Block size, as in RFC. */ u_int8_t b; - + /** * Hash function. */ hasher_t *h; - + /** * Previously xor'ed key using opad. */ chunk_t opaded_key; - + /** * Previously xor'ed key using ipad. */ @@ -58,16 +58,16 @@ struct private_hmac_t { */ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) { - /* H(K XOR opad, H(K XOR ipad, text)) - * + /* H(K XOR opad, H(K XOR ipad, text)) + * * if out is NULL, we append text to the inner hash. * else, we complete the inner and do the outer. - * + * */ - + u_int8_t buffer[this->h->get_hash_size(this->h)]; chunk_t inner; - + if (out == NULL) { /* append data to inner */ @@ -78,14 +78,14 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) /* append and do outer hash */ inner.ptr = buffer; inner.len = this->h->get_hash_size(this->h); - + /* complete inner */ this->h->get_hash(this->h, data, buffer); - + /* do outer */ this->h->get_hash(this->h, this->opaded_key, NULL); this->h->get_hash(this->h, inner, out); - + /* reinit for next call */ this->h->get_hash(this->h, this->ipaded_key, NULL); } @@ -109,7 +109,7 @@ static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out) this->hmac.get_mac(&(this->hmac), data, out->ptr); } } - + /** * Implementation of hmac_t.get_block_size. */ @@ -125,27 +125,27 @@ static void set_key(private_hmac_t *this, chunk_t key) { int i; u_int8_t buffer[this->b]; - + memset(buffer, 0, this->b); - + if (key.len > this->b) - { + { /* if key is too long, it will be hashed */ this->h->get_hash(this->h, key, buffer); } else - { + { /* if not, just copy it in our pre-padded k */ - memcpy(buffer, key.ptr, key.len); + memcpy(buffer, key.ptr, key.len); } - + /* apply ipad and opad to key */ for (i = 0; i < this->b; i++) { this->ipaded_key.ptr[i] = buffer[i] ^ 0x36; this->opaded_key.ptr[i] = buffer[i] ^ 0x5C; } - + /* begin hashing of inner pad */ this->h->reset(this->h); this->h->get_hash(this->h, this->ipaded_key, NULL); @@ -175,7 +175,7 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) this->hmac.get_block_size = (size_t (*)(hmac_t *))get_block_size; this->hmac.set_key = (void (*)(hmac_t *,chunk_t))set_key; this->hmac.destroy = (void (*)(hmac_t *))destroy; - + /* set b, according to hasher */ switch (hash_algorithm) { @@ -190,15 +190,15 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) break; default: free(this); - return NULL; + return NULL; } - + /* build the hasher */ this->h = lib->crypto->create_hasher(lib->crypto, hash_algorithm); if (this->h == NULL) { free(this); - return NULL; + return NULL; } /* build ipad and opad */ diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h index a204d3b17..be1bce66d 100644 --- a/src/libstrongswan/plugins/hmac/hmac.h +++ b/src/libstrongswan/plugins/hmac/hmac.h @@ -36,46 +36,46 @@ typedef struct hmac_t hmac_t; struct hmac_t { /** * Generate message authentication code. - * + * * If buffer is NULL, no result is given back. A next call will - * append the data to already supplied data. If buffer is not NULL, + * append the data to already supplied data. If buffer is not NULL, * the mac of all apended data is calculated, returned and the * state of the hmac_t is reseted. - * + * * @param data chunk of data to authenticate * @param buffer pointer where the generated bytes will be written */ void (*get_mac) (hmac_t *this, chunk_t data, u_int8_t *buffer); - + /** * Generates message authentication code and allocate space for them. - * + * * If chunk is NULL, no result is given back. A next call will - * append the data to already supplied. If chunk is not NULL, + * append the data to already supplied. If chunk is not NULL, * the mac of all apended data is calculated, returned and the * state of the hmac_t reset; - * + * * @param data chunk of data to authenticate * @param chunk chunk which will hold generated bytes */ void (*allocate_mac) (hmac_t *this, chunk_t data, chunk_t *chunk); - + /** * Get the block size of this hmac_t object. - * + * * @return block size in bytes */ - size_t (*get_block_size) (hmac_t *this); - + size_t (*get_block_size) (hmac_t *this); + /** * Set the key for this hmac_t object. - * + * * Any key length is accepted. - * + * * @param key key to set */ void (*set_key) (hmac_t *this, chunk_t key); - + /** * Destroys a hmac_t object. */ @@ -84,7 +84,7 @@ struct hmac_t { /** * Creates a new hmac_t object. - * + * * @param hash_algorithm hash algorithm to use * @return hmac_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index aa1e994b0..94332ee36 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -50,35 +50,35 @@ static void destroy(private_hmac_plugin_t *this) plugin_t *plugin_create() { private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, + + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, (prf_constructor_t)hmac_prf_create); - - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, + + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, (signer_constructor_t)hmac_signer_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c index 454d40be3..cca6e9570 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.c +++ b/src/libstrongswan/plugins/hmac/hmac_prf.c @@ -28,8 +28,8 @@ struct private_hmac_prf_t { /** * Public hmac_prf_t interface. */ - hmac_prf_t public; - + hmac_prf_t public; + /** * Hmac to use for generation. */ @@ -93,7 +93,7 @@ hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo) { private_hmac_prf_t *this; hash_algorithm_t hash; - + switch (algo) { case PRF_HMAC_SHA1: @@ -114,22 +114,22 @@ hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo) default: return NULL; } - + this = malloc_thing(private_hmac_prf_t); this->hmac = hmac_create(hash); if (this->hmac == NULL) { free(this); - return NULL; + return NULL; } - + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h index aa75272e1..975b456f5 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.h +++ b/src/libstrongswan/plugins/hmac/hmac_prf.h @@ -28,12 +28,12 @@ typedef struct hmac_prf_t hmac_prf_t; /** * Implementation of prf_t interface using the HMAC algorithm. - * + * * This simply wraps a hmac_t in a prf_t. More a question of * interface matching. */ struct hmac_prf_t { - + /** * Generic prf_t interface for this hmac_prf_t class. */ @@ -42,7 +42,7 @@ struct hmac_prf_t { /** * Creates a new hmac_prf_t object. - * + * * @param algo algorithm to implement * @return hmac_prf_t object, NULL if hash not supported */ diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c index b44bc2109..f82a8f3a1 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.c +++ b/src/libstrongswan/plugins/hmac/hmac_signer.c @@ -29,12 +29,12 @@ struct private_hmac_signer_t { * Public interface of hmac_signer_t. */ hmac_signer_t public; - + /** * Assigned hmac function. */ hmac_t *hmac; - + /** * Block size (truncation of HMAC Hash) */ @@ -54,7 +54,7 @@ static void get_signature(private_hmac_signer_t *this, else { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - + this->hmac->get_mac(this->hmac, data, mac); memcpy(buffer, mac, this->block_size); } @@ -73,12 +73,12 @@ static void allocate_signature (private_hmac_signer_t *this, else { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - + this->hmac->get_mac(this->hmac, data, mac); chunk->ptr = malloc(this->block_size); chunk->len = this->block_size; - + memcpy(chunk->ptr, mac, this->block_size); } } @@ -90,9 +90,9 @@ static bool verify_signature(private_hmac_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - + this->hmac->get_mac(this->hmac, data, mac); - + if (signature.len != this->block_size) { return FALSE; @@ -142,7 +142,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) private_hmac_signer_t *this; size_t trunc; hash_algorithm_t hash; - + switch (algo) { case AUTH_HMAC_SHA1_96: @@ -180,7 +180,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) default: return NULL; } - + this = malloc_thing(private_hmac_signer_t); this->hmac = hmac_create(hash); if (this->hmac == NULL) @@ -190,7 +190,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) } /* prevent invalid truncation */ this->block_size = min(trunc, this->hmac->get_block_size(this->hmac)); - + /* interface functions */ this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; @@ -199,7 +199,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h index 197e28fa7..0de93440c 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.h +++ b/src/libstrongswan/plugins/hmac/hmac_signer.h @@ -32,7 +32,7 @@ typedef struct hmac_signer_t hmac_signer_t; * HMAC uses a standard hash function implemented in a hasher_t to build a MAC. */ struct hmac_signer_t { - + /** * generic signer_t interface for this signer */ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 93fc9a0c1..d9ebb0147 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ldap DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_ldap_la_DEPENDENCIES = am_libstrongswan_ldap_la_OBJECTS = ldap_plugin.lo ldap_fetcher.lo @@ -58,6 +82,7 @@ libstrongswan_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -241,9 +270,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -261,23 +290,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index b2a40219f..ce5b7d56b 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -38,7 +38,7 @@ struct private_ldap_fetcher_t { * Public data */ ldap_fetcher_t public; - + /** * timeout to use for fetches */ @@ -79,7 +79,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } else { - DBG1("getting LDAP values failed: %s", + DBG1("getting LDAP values failed: %s", ldap_err2string(ldap_result2error(ldap, entry, 0))); } ldap_memfree(attr); @@ -110,7 +110,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, int ldap_version = LDAP_VERSION3; struct timeval timeout; status_t status = FAILED; - + if (!strneq(url, "ldap", 4)) { return NOT_SUPPORTED; @@ -126,7 +126,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, ldap_free_urldesc(lurl); return FAILED; } - + timeout.tv_sec = this->timeout; timeout.tv_usec = 0; @@ -171,7 +171,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, static bool set_option(private_ldap_fetcher_t *this, fetcher_option_t option, ...) { va_list args; - + va_start(args, option); switch (option) { @@ -203,9 +203,9 @@ ldap_fetcher_t *ldap_fetcher_create() this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; this->public.interface.destroy = (void (*)(fetcher_t*))destroy; - + this->timeout = DEFAULT_TIMEOUT; - + return &this->public; } diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 994f3db46..a31308bbf 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -36,7 +36,7 @@ struct private_ldap_plugin_t { */ static void destroy(private_ldap_plugin_t *this) { - lib->fetcher->remove_fetcher(lib->fetcher, + lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create); free(this); } @@ -47,14 +47,14 @@ static void destroy(private_ldap_plugin_t *this) plugin_t *plugin_create() { private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldaps://"); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 7ca6a20cc..6014ddcf8 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md4 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_md4_la_LIBADD = am_libstrongswan_md4_la_OBJECTS = md4_plugin.lo md4_hasher.lo @@ -58,6 +82,7 @@ libstrongswan_md4_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 3801110dc..366d37328 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -2,9 +2,9 @@ * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * Copyright (C) 1990-1992, RSA Data Security, Inc. Created 1990. + * Copyright (C) 1990-1992, RSA Data Security, Inc. Created 1990. * All rights reserved. - * + * * Derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm. * Ported to fulfill hasher_t interface. * @@ -83,7 +83,7 @@ struct private_md4_hasher_t { * Public interface for this hasher. */ md4_hasher_t public; - + /* * State of the hasher. */ @@ -101,7 +101,7 @@ static void Encode (u_int8_t *output, u_int32_t *input, size_t len) { size_t i, j; - for (i = 0, j = 0; j < len; i++, j += 4) + for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (u_int8_t)(input[i] & 0xff); output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); @@ -119,7 +119,7 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | + output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); } } @@ -220,14 +220,14 @@ static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputL partLen = 64 - index; /* Transform as many times as possible. */ - if (inputLen >= partLen) + if (inputLen >= partLen) { memcpy(&this->buffer[index], input, partLen); MD4Transform (this->state, this->buffer); for (i = partLen; i + 63 < inputLen; i += 64) { - MD4Transform (this->state, &input[i]); + MD4Transform (this->state, &input[i]); } index = 0; } @@ -288,7 +288,7 @@ static void get_hash(private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + MD4Update(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -297,11 +297,11 @@ static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *ha MD4Final(this, allocated_hash.ptr); this->public.hasher_interface.reset(&(this->public.hasher_interface)); - + *hash = allocated_hash; } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -337,21 +337,21 @@ static void destroy(private_md4_hasher_t *this) md4_hasher_t *md4_hasher_create(hash_algorithm_t algo) { private_md4_hasher_t *this; - + if (algo != HASH_MD4) { return NULL; } this = malloc_thing(private_md4_hasher_t); - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + /* initialize */ reset(this); - + return &(this->public); } diff --git a/src/libstrongswan/plugins/md4/md4_hasher.h b/src/libstrongswan/plugins/md4/md4_hasher.h index b0b8c65d2..aeb68f718 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.h +++ b/src/libstrongswan/plugins/md4/md4_hasher.h @@ -30,7 +30,7 @@ typedef struct md4_hasher_t md4_hasher_t; * Implementation of hasher_t interface using the MD4 algorithm. */ struct md4_hasher_t { - + /** * Generic hasher_t interface for this hasher. */ @@ -39,7 +39,7 @@ struct md4_hasher_t { /** * Creates a new md4_hasher_t. - * + * * @param algo hash algorithm, must be HASH_MD4 * @return md4_hasher_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index 43ae6261d..ba4041d2d 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -47,12 +47,12 @@ static void destroy(private_md4_plugin_t *this) plugin_t *plugin_create() { private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_MD4, (hasher_constructor_t)md4_hasher_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index fb9bc4b4d..fcb921316 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md5 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_md5_la_LIBADD = am_libstrongswan_md5_la_OBJECTS = md5_plugin.lo md5_hasher.lo @@ -58,6 +82,7 @@ libstrongswan_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index 0ec5c073a..a97ad5cae 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -2,9 +2,9 @@ * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991. + * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991. * All rights reserved. - * + * * Derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. * Ported to fulfill hasher_t interface. * @@ -50,7 +50,7 @@ static u_int8_t PADDING[64] = { /* * ugly macro stuff - */ + */ /* F, G, H and I are basic MD5 functions. */ #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) @@ -98,13 +98,13 @@ struct private_md5_hasher_t { * Public interface for this hasher. */ md5_hasher_t public; - + /* * State of the hasher. */ u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + u_int32_t count[2]; + u_int8_t buffer[64]; }; @@ -117,7 +117,7 @@ static void Encode (u_int8_t *output, u_int32_t *input, size_t len) { size_t i, j; - for (i = 0, j = 0; j < len; i++, j += 4) + for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (u_int8_t)(input[i] & 0xff); output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); @@ -135,7 +135,7 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | + output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); } } @@ -253,14 +253,14 @@ static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputL partLen = 64 - index; /* Transform as many times as possible. */ - if (inputLen >= partLen) + if (inputLen >= partLen) { memcpy(&this->buffer[index], input, partLen); MD5Transform (this->state, this->buffer); for (i = partLen; i + 63 < inputLen; i += 64) { - MD5Transform (this->state, &input[i]); + MD5Transform (this->state, &input[i]); } index = 0; } @@ -321,7 +321,7 @@ static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + MD5Update(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -330,11 +330,11 @@ static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *ha MD5Final(this, allocated_hash.ptr); this->public.hasher_interface.reset(&(this->public.hasher_interface)); - + *hash = allocated_hash; } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -370,21 +370,21 @@ static void destroy(private_md5_hasher_t *this) md5_hasher_t *md5_hasher_create(hash_algorithm_t algo) { private_md5_hasher_t *this; - + if (algo != HASH_MD5) { return NULL; } this = malloc_thing(private_md5_hasher_t); - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + /* initialize */ reset(this); - + return &(this->public); } diff --git a/src/libstrongswan/plugins/md5/md5_hasher.h b/src/libstrongswan/plugins/md5/md5_hasher.h index 0064c177b..7f29a9621 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.h +++ b/src/libstrongswan/plugins/md5/md5_hasher.h @@ -30,7 +30,7 @@ typedef struct md5_hasher_t md5_hasher_t; * Implementation of hasher_t interface using the MD5 algorithm. */ struct md5_hasher_t { - + /** * Generic hasher_t interface for this hasher. */ @@ -39,7 +39,7 @@ struct md5_hasher_t { /** * Creates a new md5_hasher_t. - * + * * @param algo hash algorithm, must be HASH_MD5 * @return md5_hasher_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index b1a3b495c..7592c20df 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -47,12 +47,12 @@ static void destroy(private_md5_plugin_t *this) plugin_t *plugin_create() { private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_MD5, (hasher_constructor_t)md5_hasher_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am index 0daf7655b..c64481fd5 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.am +++ b/src/libstrongswan/plugins/mysql/Makefile.am @@ -1,12 +1,12 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic $(MYSQLCFLAG) plugin_LTLIBRARIES = libstrongswan-mysql.la libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \ mysql_database.h mysql_database.c libstrongswan_mysql_la_LDFLAGS = -module -avoid-version -libstrongswan_mysql_la_LIBADD = -lmysqlclient_r +libstrongswan_mysql_la_LIBADD = $(MYSQLLIB) diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 21fe61923..dc56940d2 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,21 +37,44 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/mysql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_mysql_la_DEPENDENCIES = +am__DEPENDENCIES_1 = +libstrongswan_mysql_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_mysql_la_OBJECTS = mysql_plugin.lo mysql_database.lo libstrongswan_mysql_la_OBJECTS = $(am_libstrongswan_mysql_la_OBJECTS) libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -58,6 +83,7 @@ libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,16 +249,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic $(MYSQLCFLAG) plugin_LTLIBRARIES = libstrongswan-mysql.la libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \ mysql_database.h mysql_database.c libstrongswan_mysql_la_LDFLAGS = -module -avoid-version -libstrongswan_mysql_la_LIBADD = -lmysqlclient_r +libstrongswan_mysql_la_LIBADD = $(MYSQLLIB) all: all-am .SUFFIXES: @@ -243,9 +273,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +293,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -304,21 +339,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +376,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +384,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +432,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +473,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +495,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +505,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +565,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 341217dd4..2338428f2 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -15,13 +15,13 @@ #define _GNU_SOURCE #include <string.h> -#include <pthread.h> -#include <mysql/mysql.h> +#include <mysql.h> #include "mysql_database.h" #include <debug.h> -#include <utils/mutex.h> +#include <threading/thread_value.h> +#include <threading/mutex.h> #include <utils/linked_list.h> /* Older mysql.h headers do not define it, but we need it. It is not returned @@ -42,37 +42,37 @@ struct private_mysql_database_t { * public functions */ mysql_database_t public; - + /** * connection pool, contains conn_t */ linked_list_t *pool; - + /** * mutex to lock pool */ mutex_t *mutex; - + /** - * hostname to connect to - */ + * hostname to connect to + */ char *host; - + /** * username to use */ char *username; - + /** * password */ char *password; - + /** * database name */ char *database; - + /** * tcp port */ @@ -85,12 +85,12 @@ typedef struct conn_t conn_t; * connection pool entry */ struct conn_t { - + /** * MySQL database connection */ MYSQL *mysql; - + /** * connection in use? */ @@ -104,19 +104,20 @@ static void conn_release(conn_t *conn) { conn->in_use = FALSE; } + /** * thread specific initialization flag */ -pthread_key_t initialized; +thread_value_t *initialized; /** * Initialize a thread for mysql usage */ static void thread_initialize() { - if (pthread_getspecific(initialized) == NULL) + if (initialized->get(initialized) == NULL) { - pthread_setspecific(initialized, (void*)TRUE); + initialized->set(initialized, (void*)TRUE); mysql_thread_init(); } } @@ -130,11 +131,7 @@ bool mysql_database_init() { return FALSE; } - if (pthread_key_create(&initialized, (void*)mysql_thread_end)) - { - mysql_library_end(); - return FALSE; - } + initialized = thread_value_create((thread_cleanup_t)mysql_thread_end); return TRUE; } @@ -143,7 +140,7 @@ bool mysql_database_init() */ void mysql_database_deinit() { - pthread_key_delete(initialized); + initialized->destroy(initialized); mysql_thread_end(); /* mysql_library_end(); would be the clean way, however, it hangs... */ } @@ -164,9 +161,9 @@ static conn_t *conn_get(private_mysql_database_t *this) { conn_t *current, *found = NULL; enumerator_t *enumerator; - + thread_initialize(); - + while (TRUE) { this->mutex->lock(this->mutex); @@ -231,28 +228,28 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) { MYSQL_STMT *stmt; int params; - + stmt = mysql_stmt_init(mysql); if (stmt == NULL) { - DBG1("creating MySQL statement failed: %s", mysql_error(mysql)); + DBG1("creating MySQL statement failed: %s", mysql_error(mysql)); return NULL; } if (mysql_stmt_prepare(stmt, sql, strlen(sql))) { - DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt)); - mysql_stmt_close(stmt); - return NULL; + DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); + return NULL; } params = mysql_stmt_param_count(stmt); if (params > 0) { int i; MYSQL_BIND *bind; - + bind = alloca(sizeof(MYSQL_BIND) * params); memset(bind, 0, sizeof(MYSQL_BIND) * params); - + for (i = 0; i < params; i++) { switch (va_arg(*args, db_type_t)) @@ -285,7 +282,7 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) break; } case DB_BLOB: - { + { chunk_t chunk = va_arg(*args, chunk_t); bind[i].buffer_type = MYSQL_TYPE_BLOB; bind[i].buffer = chunk.ptr; @@ -300,28 +297,28 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) bind[i].buffer_length = sizeof(double); break; } - case DB_NULL: + case DB_NULL: { bind[i].buffer_type = MYSQL_TYPE_NULL; break; } default: - DBG1("invalid data type supplied"); - mysql_stmt_close(stmt); - return NULL; + DBG1("invalid data type supplied"); + mysql_stmt_close(stmt); + return NULL; } } if (mysql_stmt_bind_param(stmt, bind)) { - DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt)); - mysql_stmt_close(stmt); + DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); return NULL; } } if (mysql_stmt_execute(stmt)) { - DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt)); - mysql_stmt_close(stmt); + DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); return NULL; } return stmt; @@ -353,9 +350,9 @@ typedef struct { static void mysql_enumerator_destroy(mysql_enumerator_t *this) { int columns, i; - + columns = mysql_stmt_field_count(this->stmt); - + for (i = 0; i < columns; i++) { switch (this->bind[i].buffer_type) @@ -385,9 +382,9 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) { int i, columns; va_list args; - + columns = mysql_stmt_field_count(this->stmt); - + /* free/reset data set of previous call */ for (i = 0; i < columns; i++) { @@ -419,7 +416,7 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) DBG1("fetching MySQL row failed: %s", mysql_stmt_error(this->stmt)); return FALSE; } - + va_start(args, this); for (i = 0; i < columns; i++) { @@ -445,9 +442,9 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) this->bind[i].buffer = malloc(this->length[i]+1); this->bind[i].buffer_length = this->length[i]; *value = this->bind[i].buffer; - mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); - ((char*)this->bind[i].buffer)[this->length[i]] = '\0'; - break; + mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); + ((char*)this->bind[i].buffer)[this->length[i]] = '\0'; + break; } case MYSQL_TYPE_BLOB: { @@ -456,8 +453,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) this->bind[i].buffer_length = this->length[i]; value->ptr = this->bind[i].buffer; value->len = this->length[i]; - mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); - break; + mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); + break; } case MYSQL_TYPE_DOUBLE: { @@ -481,7 +478,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) va_list args; mysql_enumerator_t *enumerator = NULL; conn_t *conn; - + conn = conn_get(this); if (!conn) { @@ -493,7 +490,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) if (stmt) { int columns, i; - + enumerator = malloc_thing(mysql_enumerator_t); enumerator->public.enumerate = (void*)mysql_enumerator_enumerate; enumerator->public.destroy = (void*)mysql_enumerator_destroy; @@ -527,7 +524,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) break; } case DB_BLOB: - { + { enumerator->bind[i].buffer_type = MYSQL_TYPE_BLOB; enumerator->bind[i].length = &enumerator->length[i]; break; @@ -539,17 +536,17 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) break; } default: - DBG1("invalid result data type supplied"); - mysql_enumerator_destroy(enumerator); - va_end(args); - return NULL; + DBG1("invalid result data type supplied"); + mysql_enumerator_destroy(enumerator); + va_end(args); + return NULL; } } if (mysql_stmt_bind_result(stmt, enumerator->bind)) { DBG1("binding MySQL result failed: %s", mysql_stmt_error(stmt)); - mysql_enumerator_destroy(enumerator); - enumerator = NULL; + mysql_enumerator_destroy(enumerator); + enumerator = NULL; } } else @@ -569,7 +566,7 @@ static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) va_list args; conn_t *conn; int affected = -1; - + conn = conn_get(this); if (!conn) { @@ -590,7 +587,7 @@ static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) conn_release(conn); return affected; } - + /** * Implementation of database_t.get_driver */ @@ -646,7 +643,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) { *pos = '\0'; database = pos + 1; - + this->host = strdup(host); this->username = strdup(username); this->password = strdup(password); @@ -668,19 +665,19 @@ mysql_database_t *mysql_database_create(char *uri) { conn_t *conn; private_mysql_database_t *this; - + if (!strneq(uri, "mysql://", 8)) { return NULL; } this = malloc_thing(private_mysql_database_t); - + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; this->public.db.destroy = (void(*)(database_t*))destroy; - + if (!parse_uri(this, uri)) { free(this); @@ -688,13 +685,13 @@ mysql_database_t *mysql_database_create(char *uri) } this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->pool = linked_list_create(); - + /* check connectivity */ conn = conn_get(this); if (!conn) { - destroy(this); - return NULL; + destroy(this); + return NULL; } conn_release(conn); return &this->public; diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 92914ae6d..0e64bbc3d 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -49,16 +49,16 @@ static void destroy(private_mysql_plugin_t *this) plugin_t *plugin_create() { private_mysql_plugin_t *this; - + if (!mysql_database_init()) { DBG1("MySQL client library initialization failed"); return NULL; } - + this = malloc_thing(private_mysql_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->db->add_database(lib->db, (database_constructor_t)mysql_database_create); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index e6d7b479b..aa8ecf06c 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/openssl DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_openssl_la_DEPENDENCIES = am_libstrongswan_openssl_la_OBJECTS = openssl_plugin.lo \ @@ -63,6 +87,7 @@ libstrongswan_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -110,25 +135,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -140,11 +162,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -173,9 +198,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -198,7 +223,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -206,6 +231,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -214,10 +240,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -225,6 +253,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -256,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -276,23 +305,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -325,21 +359,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -362,7 +396,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -370,29 +404,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -413,13 +452,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -450,6 +493,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -471,6 +515,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -479,18 +525,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -529,6 +585,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 424fec60a..a8923ab56 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -23,17 +23,17 @@ typedef struct private_openssl_crypter_t private_openssl_crypter_t; * Private data of openssl_crypter_t */ struct private_openssl_crypter_t { - + /** * Public part of this class. */ openssl_crypter_t public; - + /* * the key */ chunk_t key; - + /* * the cipher to use */ @@ -49,17 +49,17 @@ typedef struct { * Identifier specified in IKEv2 */ int ikev2_id; - + /** * Name of the algorithm, as used in OpenSSL */ char *name; - + /** * Minimum valid key length in bytes */ size_t key_size_min; - + /** * Maximum valid key length in bytes */ @@ -91,7 +91,7 @@ static openssl_algorithm_t encryption_algs[] = { /** * Look up an OpenSSL algorithm name and validate its key size */ -static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, +static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, u_int16_t ikev2_algo, size_t *key_size) { while (openssl_algo->ikev2_id != END_OF_LIST) @@ -104,7 +104,7 @@ static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, { *key_size = openssl_algo->key_size_min; } - + /* validate key size */ if (*key_size < openssl_algo->key_size_min || *key_size > openssl_algo->key_size_max) @@ -123,7 +123,7 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, { int len; u_char *out; - + out = data.ptr; if (dst) { @@ -144,7 +144,7 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, /** * Implementation of crypter_t.decrypt. */ -static void decrypt(private_openssl_crypter_t *this, chunk_t data, +static void decrypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, data, iv, dst, 0); @@ -154,7 +154,7 @@ static void decrypt(private_openssl_crypter_t *this, chunk_t data, /** * Implementation of crypter_t.encrypt. */ -static void encrypt (private_openssl_crypter_t *this, chunk_t data, +static void encrypt (private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, data, iv, dst, 1); @@ -196,13 +196,13 @@ static void destroy (private_openssl_crypter_t *this) /* * Described in header */ -openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, +openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_openssl_crypter_t *this; - + this = malloc_thing(private_openssl_crypter_t); - + switch (algo) { case ENCR_NULL: @@ -218,7 +218,7 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, this->cipher = EVP_get_cipherbyname("aes192"); break; case 32: /* AES-256 */ - this->cipher = EVP_get_cipherbyname("aes256"); + this->cipher = EVP_get_cipherbyname("aes256"); break; default: free(this); @@ -235,7 +235,7 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, this->cipher = EVP_get_cipherbyname("camellia192"); break; case 32: /* CAMELLIA 256 */ - this->cipher = EVP_get_cipherbyname("camellia256"); + this->cipher = EVP_get_cipherbyname("camellia256"); break; default: free(this); @@ -258,22 +258,22 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, break; } } - + if (!this->cipher) { /* OpenSSL does not support the requested algo */ free(this); return NULL; } - + this->key = chunk_alloc(key_size); - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h index e5a899418..7e30ae03c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.h +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h @@ -29,7 +29,7 @@ typedef struct openssl_crypter_t openssl_crypter_t; * Implementation of crypters using OpenSSL. */ struct openssl_crypter_t { - + /** * The crypter_t interface. */ @@ -38,7 +38,7 @@ struct openssl_crypter_t { /** * Constructor to create openssl_crypter_t. - * + * * @param algo algorithm to implement * @param key_size key size in bytes * @return openssl_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index fe042efdc..80a1ee878 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -22,7 +22,7 @@ typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -30,20 +30,20 @@ struct modulus_entry_t { * Group number as it is defined in file transform_substructure.h. */ diffie_hellman_group_t group; - + /** * Pointer to the function to get the modulus. */ BIGNUM *(*get_prime)(BIGNUM *bn); - - /* + + /* * Optimum length of exponent in bits. - */ + */ long opt_exponent_len; - - /* + + /* * Generator value. - */ + */ u_int16_t generator; }; @@ -71,27 +71,27 @@ struct private_openssl_diffie_hellman_t { * Public openssl_diffie_hellman_t interface. */ openssl_diffie_hellman_t public; - + /** * Diffie Hellman group number. */ u_int16_t group; - + /** * Diffie Hellman object */ DH *dh; - + /** * Other public value */ BIGNUM *pub_key; - + /** * Shared secret */ chunk_t shared_secret; - + /** * True if shared secret is computed */ @@ -123,7 +123,7 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, /* shared secret should requires a len according the DH group */ *secret = chunk_alloc(DH_size(this->dh)); memset(secret->ptr, 0, secret->len); - memcpy(secret->ptr + secret->len - this->shared_secret.len, + memcpy(secret->ptr + secret->len - this->shared_secret.len, this->shared_secret.ptr, this->shared_secret.len); return SUCCESS; @@ -137,7 +137,7 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this, chunk_t value) { int len; - + BN_bin2bn(value.ptr, value.len, this->pub_key); chunk_clear(&this->shared_secret); this->shared_secret.ptr = malloc(DH_size(this->dh)); @@ -167,10 +167,10 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this) { int i; bool ansi_x9_42; - + ansi_x9_42 = lib->settings->get_bool(lib->settings, "libstrongswan.dh_exponent_ansi_x9_42", TRUE); - + for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++) { if (modulus_entries[i].group == this->group) @@ -205,32 +205,32 @@ static void destroy(private_openssl_diffie_hellman_t *this) openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group) { private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + this->dh = DH_new(); if (!this->dh) { free(this); return NULL; } - + this->group = group; this->computed = FALSE; this->pub_key = BN_new(); this->shared_secret = chunk_empty; - + /* find a modulus according to group */ if (set_modulus(this) != SUCCESS) { destroy(this); return NULL; } - + /* generate my public and private values */ if (!DH_generate_key(this->dh)) { @@ -238,6 +238,6 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g return NULL; } DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key)); - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h index bdc153812..6c4b4fe81 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct openssl_diffie_hellman_t openssl_diffie_hellman_t; * Implementation of the Diffie-Hellman algorithm using OpenSSL. */ struct openssl_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct openssl_diffie_hellman_t { /** * Creates a new openssl_diffie_hellman_t object. - * + * * @param group Diffie Hellman group number to use * @return openssl_diffie_hellman_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 082aed9ca..671fa41e2 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -31,27 +31,27 @@ struct private_openssl_ec_diffie_hellman_t { * Public openssl_ec_diffie_hellman_t interface. */ openssl_ec_diffie_hellman_t public; - + /** * Diffie Hellman group number. */ u_int16_t group; - + /** * EC private (public) key */ EC_KEY *key; - + /** * EC group */ const EC_GROUP *ec_group; - + /** * Other public key */ EC_POINT *pub_key; - + /** * Shared secret */ @@ -72,13 +72,13 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point) BN_CTX *ctx; BIGNUM *x, *y; bool ret = FALSE; - + ctx = BN_CTX_new(); if (!ctx) { return FALSE; } - + BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -86,17 +86,17 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point) { goto error; } - + if (!openssl_bn_split(chunk, x, y)) { goto error; } - + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto error; } - + ret = TRUE; error: BN_CTX_end(ctx); @@ -114,13 +114,13 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx; BIGNUM *x, *y; bool ret = FALSE; - + ctx = BN_CTX_new(); if (!ctx) { return FALSE; } - + BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -128,12 +128,12 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, { goto error; } - + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) { goto error; } - + if (x_coordinate_only) { y = NULL; @@ -142,7 +142,7 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, { goto error; } - + ret = TRUE; error: BN_CTX_end(ctx); @@ -152,7 +152,7 @@ error: /** * Compute the shared secret. - * + * * We cannot use the function ECDH_compute_key() because that returns only the * x coordinate of the shared secret point (which is defined, for instance, in * 'NIST SP 800-56A'). @@ -166,13 +166,13 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_ const BIGNUM *priv_key; EC_POINT *secret = NULL; bool x_coordinate_only, ret = FALSE; - + priv_key = EC_KEY_get0_private_key(this->key); if (!priv_key) { goto error; } - + secret = EC_POINT_new(this->ec_group); if (!secret) { @@ -183,7 +183,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_ { goto error; } - + /* * The default setting ecp_x_coordinate_only = TRUE * applies the following errata for RFC 4753: @@ -195,7 +195,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_ { goto error; } - + ret = TRUE; error: if (secret) @@ -215,14 +215,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch DBG1("ECDH public value is malformed"); return; } - + chunk_free(&this->shared_secret); - + if (!compute_shared_key(this, &this->shared_secret)) { DBG1("ECDH shared secret computation failed"); return; } - + this->computed = TRUE; } @@ -272,13 +272,13 @@ static void destroy(private_openssl_ec_diffie_hellman_t *this) openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group) { private_openssl_ec_diffie_hellman_t *this = malloc_thing(private_openssl_ec_diffie_hellman_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + switch (group) { case ECP_192_BIT: @@ -300,34 +300,34 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro this->key = NULL; break; } - + if (!this->key) { free(this); return NULL; } - + /* caching the EC group */ this->ec_group = EC_KEY_get0_group(this->key); - + this->pub_key = EC_POINT_new(this->ec_group); if (!this->pub_key) { free(this); return NULL; } - + /* generate an EC private (public) key */ if (!EC_KEY_generate_key(this->key)) { free(this); return NULL; } - + this->group = group; this->computed = FALSE; - + this->shared_secret = chunk_empty; - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h index 9d17aed57..fd60732b9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct openssl_ec_diffie_hellman_t openssl_ec_diffie_hellman_t; * Implementation of the EC Diffie-Hellman algorithm using OpenSSL. */ struct openssl_ec_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct openssl_ec_diffie_hellman_t { /** * Creates a new openssl_ec_diffie_hellman_t object. - * + * * @param group EC Diffie Hellman group number to use * @return openssl_ec_diffie_hellman_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index d6b442ae9..89ced5a9a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -21,6 +22,7 @@ #include <openssl/evp.h> #include <openssl/ecdsa.h> +#include <openssl/x509.h> typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t; @@ -32,175 +34,138 @@ struct private_openssl_ec_private_key_t { * Public interface for this signer. */ openssl_ec_private_key_t public; - + /** * EC key object */ EC_KEY *ec; /** - * Keyid formed as a SHA-1 hash of a privateKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a privateKeyInfo object - */ - identification_t* keyid_info; - - /** * reference count */ - refcount_t ref; + refcount_t ref; }; -/** - * Mapping from the signature scheme defined in (RFC 4754) to the elliptic - * curve and the hash algorithm - */ -typedef struct { - /** - * Scheme specified in RFC 4754 - */ - int scheme; - - /** - * NID of the hash - */ - int hash; - - /** - * NID of the curve - */ - int curve; -} openssl_ecdsa_scheme_t; - -#define END_OF_LIST -1 +/* from ec public key */ +bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp); /** - * Signature schemes + * Build a signature as in RFC 4754 */ -static openssl_ecdsa_scheme_t ecdsa_schemes[] = { - {SIGN_ECDSA_256, NID_sha256, NID_X9_62_prime256v1}, - {SIGN_ECDSA_384, NID_sha384, NID_secp384r1}, - {SIGN_ECDSA_521, NID_sha512, NID_secp521r1}, - {END_OF_LIST, 0, 0}, -}; - -/** - * Look up the hash and curve of a signature scheme - */ -static bool lookup_scheme(int scheme, int *hash, int *curve) +static bool build_signature(private_openssl_ec_private_key_t *this, + chunk_t hash, chunk_t *signature) { - openssl_ecdsa_scheme_t *ecdsa_scheme = ecdsa_schemes; - while (ecdsa_scheme->scheme != END_OF_LIST) + bool built = FALSE; + ECDSA_SIG *sig; + + sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); + if (sig) { - if (scheme == ecdsa_scheme->scheme) - { - *hash = ecdsa_scheme->hash; - *curve = ecdsa_scheme->curve; - return TRUE; - } - ecdsa_scheme++; + /* concatenate BNs r/s to a signature chunk */ + built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)), + sig->r, sig->s, signature); + ECDSA_SIG_free(sig); } - return FALSE; -} - -/** - * shared functions, implemented in openssl_ec_public_key.c - */ -bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid, - identification_t **keyid_info); - -openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec); - - -/** - * Convert an ECDSA_SIG to a chunk by concatenating r and s. - * This function allocates memory for the chunk. - */ -static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk) -{ - return openssl_bn_cat(EC_FIELD_ELEMENT_LEN(group), sig->r, sig->s, chunk); + return built; } /** - * Build the signature + * Build a RFC 4754 signature for a specified curve and hash algorithm */ -static bool build_signature(private_openssl_ec_private_key_t *this, - chunk_t hash, chunk_t *signature) +static bool build_curve_signature(private_openssl_ec_private_key_t *this, + signature_scheme_t scheme, int nid_hash, + int nid_curve, chunk_t data, chunk_t *signature) { - ECDSA_SIG *sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); - bool success; + const EC_GROUP *my_group; + EC_GROUP *req_group; + chunk_t hash; + bool built; - if (!sig) + req_group = EC_GROUP_new_by_curve_name(nid_curve); + if (!req_group) + { + DBG1("signature scheme %N not supported in EC (required curve " + "not supported)", signature_scheme_names, scheme); + return FALSE; + } + my_group = EC_KEY_get0_group(this->ec); + if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) + { + DBG1("signature scheme %N not supported by private key", + signature_scheme_names, scheme); + return FALSE; + } + EC_GROUP_free(req_group); + if (!openssl_hash_chunk(nid_hash, data, &hash)) { return FALSE; } - success = sig2chunk(EC_KEY_get0_group(this->ec), sig, signature); - ECDSA_SIG_free(sig); - return success; + built = build_signature(this, hash, signature); + chunk_free(&hash); + return built; } /** - * Implementation of private_key_t.get_type. + * Build a DER encoded signature as in RFC 3279 */ -static key_type_t get_type(private_openssl_ec_private_key_t *this) +static bool build_der_signature(private_openssl_ec_private_key_t *this, + int hash_nid, chunk_t data, chunk_t *signature) { - return KEY_ECDSA; + chunk_t hash, sig; + int siglen = 0; + bool built; + + if (!openssl_hash_chunk(hash_nid, data, &hash)) + { + return FALSE; + } + sig = chunk_alloc(ECDSA_size(this->ec)); + built = ECDSA_sign(0, hash.ptr, hash.len, sig.ptr, &siglen, this->ec) == 1; + sig.len = siglen; + if (built) + { + *signature = sig; + } + else + { + free(sig.ptr); + } + free(hash.ptr); + return built; } /** * Implementation of private_key_t.sign. */ -static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +static bool sign(private_openssl_ec_private_key_t *this, + signature_scheme_t scheme, chunk_t data, chunk_t *signature) { - bool success; - - if (scheme == SIGN_ECDSA_WITH_NULL) + switch (scheme) { - success = build_signature(this, data, signature); - } - else - { - EC_GROUP *req_group; - const EC_GROUP *my_group; - chunk_t hash = chunk_empty; - int hash_type, curve; - - if (!lookup_scheme(scheme, &hash_type, &curve)) - { - DBG1("signature scheme %N not supported in EC", - signature_scheme_names, scheme); - return FALSE; - } - - req_group = EC_GROUP_new_by_curve_name(curve); - if (!req_group) - { - DBG1("signature scheme %N not supported in EC (required curve not supported)", - signature_scheme_names, scheme); - return FALSE; - } - - my_group = EC_KEY_get0_group(this->ec); - if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) - { - DBG1("signature scheme %N not supported by private key", - signature_scheme_names, scheme); - return FALSE; - } - EC_GROUP_free(req_group); - - if (!openssl_hash_chunk(hash_type, data, &hash)) - { + case SIGN_ECDSA_WITH_NULL: + return build_signature(this, data, signature); + case SIGN_ECDSA_WITH_SHA1_DER: + return build_der_signature(this, NID_sha1, data, signature); + case SIGN_ECDSA_WITH_SHA256_DER: + return build_der_signature(this, NID_sha256, data, signature); + case SIGN_ECDSA_WITH_SHA384_DER: + return build_der_signature(this, NID_sha384, data, signature); + case SIGN_ECDSA_WITH_SHA512_DER: + return build_der_signature(this, NID_sha512, data, signature); + case SIGN_ECDSA_256: + return build_curve_signature(this, scheme, NID_sha256, + NID_X9_62_prime256v1, data, signature); + case SIGN_ECDSA_384: + return build_curve_signature(this, scheme, NID_sha384, + NID_secp384r1, data, signature); + case SIGN_ECDSA_521: + return build_curve_signature(this, scheme, NID_sha512, + NID_secp521r1, data, signature); + default: + DBG1("signature scheme %N not supported", + signature_scheme_names, scheme); return FALSE; - } - success = build_signature(this, hash, signature); - chunk_free(&hash); - } - return success; + } } /** @@ -222,73 +187,70 @@ static size_t get_keysize(private_openssl_ec_private_key_t *this) } /** - * Implementation of private_key_t.get_id. + * Implementation of private_key_t.get_type. */ -static identification_t* get_id(private_openssl_ec_private_key_t *this, - id_type_t type) +static key_type_t get_type(private_openssl_ec_private_key_t *this) { - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } + return KEY_ECDSA; } /** * Implementation of private_key_t.get_public_key. */ -static openssl_ec_public_key_t* get_public_key(private_openssl_ec_private_key_t *this) +static public_key_t* get_public_key(private_openssl_ec_private_key_t *this) { - return openssl_ec_public_key_create_from_private_key(this->ec); + public_key_t *public; + chunk_t key; + u_char *p; + + key = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL)); + p = key.ptr; + i2d_EC_PUBKEY(this->ec, &p); + + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + BUILD_BLOB_ASN1_DER, key, BUILD_END); + free(key.ptr); + return public; } /** - * Implementation of private_key_t.belongs_to. + * Implementation of private_key_t.get_fingerprint. */ -static bool belongs_to(private_openssl_ec_private_key_t *this, public_key_t *public) +static bool get_fingerprint(private_openssl_ec_private_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - identification_t *keyid; - - if (public->get_type(public) != KEY_ECDSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return openssl_ec_fingerprint(this->ec, type, fingerprint); } /** * Implementation of private_key_t.get_encoding. */ -static chunk_t get_encoding(private_openssl_ec_private_key_t *this) +static bool get_encoding(private_openssl_ec_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t enc = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL)); - u_char *p = enc.ptr; - i2d_ECPrivateKey(this->ec, &p); - return enc; + u_char *p; + + switch (type) + { + case KEY_PRIV_ASN1_DER: + { + *encoding = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL)); + p = encoding->ptr; + i2d_ECPrivateKey(this->ec, &p); + return TRUE; + } + default: + return FALSE; + } } /** * Implementation of private_key_t.get_ref. */ -static private_openssl_ec_private_key_t* get_ref(private_openssl_ec_private_key_t *this) +static private_key_t* get_ref(private_openssl_ec_private_key_t *this) { ref_get(&this->ref); - return this; - + return &this->public.interface; } /** @@ -300,10 +262,9 @@ static void destroy(private_openssl_ec_private_key_t *this) { if (this->ec) { + lib->encoding->clear_cache(lib->encoding, this->ec); EC_KEY_free(this->ec); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -311,133 +272,121 @@ static void destroy(private_openssl_ec_private_key_t *this) /** * Internal generic constructor */ -static private_openssl_ec_private_key_t *openssl_ec_private_key_create_empty(void) +static private_openssl_ec_private_key_t *create_empty(void) { private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t); - + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->ec = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * load private key from an ASN1 encoded blob + * See header. */ -static openssl_ec_private_key_t *load(chunk_t blob) +openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, + va_list args) { - u_char *p = blob.ptr; - private_openssl_ec_private_key_t *this = openssl_ec_private_key_create_empty(); - - this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); + private_openssl_ec_private_key_t *this; + u_int key_size = 0; - if (!this->ec) + while (TRUE) { - destroy(this); - return NULL; + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; } - - if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) + if (!key_size) { - destroy(this); return NULL; } - - if (!EC_KEY_check_key(this->ec)) + this = create_empty(); + switch (key_size) + { + case 256: + this->ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + break; + case 384: + this->ec = EC_KEY_new_by_curve_name(NID_secp384r1); + break; + case 521: + this->ec = EC_KEY_new_by_curve_name(NID_secp521r1); + break; + default: + DBG1("EC private key size %d not supported", key_size); + destroy(this); + return NULL; + } + if (EC_KEY_generate_key(this->ec) != 1) { + DBG1("EC private key generation failed", key_size); destroy(this); return NULL; } - + /* encode as a named curve key (no parameters), uncompressed public key */ + EC_KEY_set_asn1_flag(this->ec, OPENSSL_EC_NAMED_CURVE); + EC_KEY_set_conv_form(this->ec, POINT_CONVERSION_UNCOMPRESSED); return &this->public; } -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - openssl_ec_private_key_t *key; -}; - /** - * Implementation of builder_t.build + * See header. */ -static openssl_ec_private_key_t *build(private_builder_t *this) +openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, + va_list args) { - openssl_ec_private_key_t *key = this->key; - - free(this); - return key; -} + private_openssl_ec_private_key_t *this; + chunk_t blob = chunk_empty; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) + + this = create_empty(); + this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (!this->ec) { - destroy((private_openssl_ec_private_key_t*)this->key); + destroy(this); + return NULL; } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *openssl_ec_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_ECDSA) + if (!EC_KEY_check_key(this->ec)) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h index 6a6f7c867..720c63f90 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -21,6 +21,7 @@ #ifndef OPENSSL_EC_PRIVATE_KEY_H_ #define OPENSSL_EC_PRIVATE_KEY_H_ +#include <credentials/builder.h> #include <credentials/keys/private_key.h> typedef struct openssl_ec_private_key_t openssl_ec_private_key_t; @@ -37,11 +38,27 @@ struct openssl_ec_private_key_t { }; /** - * Create the builder for a private key. + * Generate a ECDSA private key using OpenSSL. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_ECDSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a ECDSA private key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. * * @param type type of the key, must be KEY_ECDSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_ec_private_key_builder(key_type_t type); +openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, + va_list args); #endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 635a106dd..f37c736b1 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -32,22 +33,12 @@ struct private_openssl_ec_public_key_t { * Public interface for this signer. */ openssl_ec_public_key_t public; - + /** * EC key object */ EC_KEY *ec; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t *keyid_info; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t *keyid; - + /** * reference counter */ @@ -55,99 +46,83 @@ struct private_openssl_ec_public_key_t { }; /** - * Convert a chunk to an ECDSA_SIG (which must already exist). r and s - * of the signature have to be concatenated in the chunk. - */ -static bool chunk2sig(const EC_GROUP *group, chunk_t chunk, ECDSA_SIG *sig) -{ - return openssl_bn_split(chunk, sig->r, sig->s); -} - -/** * Verification of a signature as in RFC 4754 */ static bool verify_signature(private_openssl_ec_public_key_t *this, - int hash_type, chunk_t data, chunk_t signature) + chunk_t hash, chunk_t signature) { - chunk_t hash = chunk_empty; - ECDSA_SIG *sig; bool valid = FALSE; - - if (hash_type == NID_undef) - { - hash = data; - } - else + ECDSA_SIG *sig; + + sig = ECDSA_SIG_new(); + if (sig) { - if (!openssl_hash_chunk(hash_type, data, &hash)) + /* split the signature chunk in r and s */ + if (openssl_bn_split(signature, sig->r, sig->s)) { - return FALSE; + valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); } + ECDSA_SIG_free(sig); } - - sig = ECDSA_SIG_new(); - if (!sig) - { - goto error; - } - - if (!chunk2sig(EC_KEY_get0_group(this->ec), signature, sig)) + return valid; +} + +/** + * Verify a RFC 4754 signature for a specified curve and hash algorithm + */ +static bool verify_curve_signature(private_openssl_ec_public_key_t *this, + signature_scheme_t scheme, int nid_hash, + int nid_curve, chunk_t data, chunk_t signature) +{ + const EC_GROUP *my_group; + EC_GROUP *req_group; + chunk_t hash; + bool valid; + + req_group = EC_GROUP_new_by_curve_name(nid_curve); + if (!req_group) { - goto error; + DBG1("signature scheme %N not supported in EC (required curve " + "not supported)", signature_scheme_names, scheme); + return FALSE; } - valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); - -error: - if (sig) + my_group = EC_KEY_get0_group(this->ec); + if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) { - ECDSA_SIG_free(sig); + DBG1("signature scheme %N not supported by private key", + signature_scheme_names, scheme); + return FALSE; } - if (hash_type != NID_undef) + EC_GROUP_free(req_group); + if (!openssl_hash_chunk(nid_hash, data, &hash)) { - chunk_free(&hash); + return FALSE; } + valid = verify_signature(this, hash, signature); + chunk_free(&hash); return valid; } - /** - * Verification of the default signature using SHA-1 + * Verification of a DER encoded signature as in RFC 3279 */ -static bool verify_default_signature(private_openssl_ec_public_key_t *this, - chunk_t data, chunk_t signature) +static bool verify_der_signature(private_openssl_ec_public_key_t *this, + int nid_hash, chunk_t data, chunk_t signature) { + chunk_t hash; bool valid = FALSE; - chunk_t hash = chunk_empty; - u_char *p; - ECDSA_SIG *sig; - + /* remove any preceding 0-bytes from signature */ - while (signature.len && *(signature.ptr) == 0x00) - { - signature.len -= 1; - signature.ptr++; - } - - p = signature.ptr; - sig = d2i_ECDSA_SIG(NULL, (const u_char**)&p, signature.len); - if (!sig) - { - return FALSE; - } - - if (!openssl_hash_chunk(NID_sha1, data, &hash)) + while (signature.len && signature.ptr[0] == 0x00) { - goto error; + signature = chunk_skip(signature, 1); } - - valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); - -error: - if (sig) + if (openssl_hash_chunk(nid_hash, data, &hash)) { - ECDSA_SIG_free(sig); + valid = ECDSA_verify(0, hash.ptr, hash.len, + signature.ptr, signature.len, this->ec); + free(hash.ptr); } - chunk_free(&hash); return valid; } @@ -162,21 +137,30 @@ static key_type_t get_type(private_openssl_ec_public_key_t *this) /** * Implementation of public_key_t.verify. */ -static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) +static bool verify(private_openssl_ec_public_key_t *this, + signature_scheme_t scheme, chunk_t data, chunk_t signature) { switch (scheme) { + case SIGN_ECDSA_WITH_SHA1_DER: + return verify_der_signature(this, NID_sha1, data, signature); + case SIGN_ECDSA_WITH_SHA256_DER: + return verify_der_signature(this, NID_sha256, data, signature); + case SIGN_ECDSA_WITH_SHA384_DER: + return verify_der_signature(this, NID_sha384, data, signature); + case SIGN_ECDSA_WITH_SHA512_DER: + return verify_der_signature(this, NID_sha512, data, signature); case SIGN_ECDSA_WITH_NULL: - return verify_signature(this, NID_undef, data, signature); - case SIGN_ECDSA_WITH_SHA1: - return verify_default_signature(this, data, signature); + return verify_signature(this, data, signature); case SIGN_ECDSA_256: - return verify_signature(this, NID_sha256, data, signature); + return verify_curve_signature(this, scheme, NID_sha256, + NID_X9_62_prime256v1, data, signature); case SIGN_ECDSA_384: - return verify_signature(this, NID_sha384, data, signature); + return verify_curve_signature(this, scheme, NID_sha384, + NID_secp384r1, data, signature); case SIGN_ECDSA_521: - return verify_signature(this, NID_sha512, data, signature); + return verify_curve_signature(this, scheme, NID_sha512, + NID_secp521r1, data, signature); default: DBG1("signature scheme %N not supported in EC", signature_scheme_names, scheme); @@ -187,7 +171,8 @@ static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t sch /** * Implementation of public_key_t.get_keysize. */ -static bool encrypt_(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain) +static bool encrypt_(private_openssl_ec_public_key_t *this, + chunk_t crypto, chunk_t *plain) { DBG1("EC public key encryption not implemented"); return FALSE; @@ -202,64 +187,85 @@ static size_t get_keysize(private_openssl_ec_public_key_t *this) } /** - * Implementation of public_key_t.get_id. + * Calculate fingerprint from a EC_KEY, also used in ec private key. */ -static identification_t *get_id(private_openssl_ec_public_key_t *this, - id_type_t type) +bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp) { + hasher_t *hasher; + chunk_t key; + u_char *p; + + if (lib->encoding->get_cache(lib->encoding, type, ec, fp)) + { + return TRUE; + } switch (type) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; + case KEY_ID_PUBKEY_SHA1: + key = chunk_alloc(i2o_ECPublicKey(ec, NULL)); + p = key.ptr; + i2o_ECPublicKey(ec, &p); + break; + case KEY_ID_PUBKEY_INFO_SHA1: + key = chunk_alloc(i2d_EC_PUBKEY(ec, NULL)); + p = key.ptr; + i2d_EC_PUBKEY(ec, &p); + break; default: - return NULL; + return FALSE; + } + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + free(key.ptr); + return FALSE; } + hasher->allocate_hash(hasher, key, fp); + hasher->destroy(hasher); + free(key.ptr); + lib->encoding->cache(lib->encoding, type, ec, *fp); + return TRUE; } /** - * Encodes the public key - */ -static chunk_t get_encoding_raw(EC_KEY *ec) + * Implementation of private_key_t.get_fingerprint. + */ +static bool get_fingerprint(private_openssl_ec_public_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - /* since the points can be stored in three different forms this may not - * be correct for all cases */ - const EC_GROUP *group = EC_KEY_get0_group(ec); - const EC_POINT *pub = EC_KEY_get0_public_key(ec); - chunk_t enc = chunk_alloc(EC_POINT_point2oct(group, pub, - POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)); - EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED, - enc.ptr, enc.len, NULL); - return enc; + return openssl_ec_fingerprint(this->ec, type, fingerprint); } /** - * Encodes the public key info (public key with ec parameters) - */ -static chunk_t get_encoding_full(EC_KEY *ec) -{ - chunk_t enc = chunk_alloc(i2d_EC_PUBKEY(ec, NULL)); - u_char *p = enc.ptr; - i2d_EC_PUBKEY(ec, &p); - return enc; -} - -/* - * Implementation of public_key_t.get_encoding. + * Implementation of private_key_t.get_encoding. */ -static chunk_t get_encoding(private_openssl_ec_public_key_t *this) +static bool get_encoding(private_openssl_ec_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return get_encoding_full(this->ec); + u_char *p; + + switch (type) + { + case KEY_PUB_SPKI_ASN1_DER: + { + *encoding = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL)); + p = encoding->ptr; + i2d_EC_PUBKEY(this->ec, &p); + return TRUE; + } + default: + return FALSE; + } } /** * Implementation of public_key_t.get_ref. */ -static private_openssl_ec_public_key_t* get_ref(private_openssl_ec_public_key_t *this) +static public_key_t* get_ref(private_openssl_ec_public_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface; } /** @@ -271,10 +277,9 @@ static void destroy(private_openssl_ec_public_key_t *this) { if (this->ec) { + lib->encoding->clear_cache(lib->encoding, this->ec); EC_KEY_free(this->ec); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -282,168 +287,62 @@ static void destroy(private_openssl_ec_public_key_t *this) /** * Generic private constructor */ -static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty() +static private_openssl_ec_public_key_t *create_empty() { private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t); - + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; + this->public.interface.equals = public_key_equals; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - + this->ec = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * Build key identifier from the public key using SHA1 hashed publicKey(Info). - * Also used in openssl_ec_private_key.c. + * See header. */ -bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid, - identification_t **keyid_info) +openssl_ec_public_key_t *openssl_ec_public_key_load(key_type_t type, + va_list args) { - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use EC"); - return FALSE; - } - - publicKey = get_encoding_raw(ec); - - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = get_encoding_full(ec); - - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - chunk_free(&publicKey); - - return TRUE; -} + private_openssl_ec_public_key_t *this; + chunk_t blob = chunk_empty; -/** - * Load a public key from an ASN1 encoded blob - */ -static openssl_ec_public_key_t *load(chunk_t blob) -{ - u_char *p = blob.ptr; - private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty(); - - this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); - - if (!this->ec) + if (type != KEY_ECDSA) { - destroy(this); return NULL; } - - if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -/** - * Create a public key from BIGNUM values, used in openssl_ec_private_key.c - */ -openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec) -{ - return (openssl_ec_public_key_t*)load(get_encoding_full(ec)); -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - openssl_ec_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static openssl_ec_public_key_t *build(private_builder_t *this) -{ - openssl_ec_public_key_t *key = this->key; - - free(this); - return key; -} -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) - { - destroy((private_openssl_ec_public_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *openssl_ec_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_ECDSA) + this = create_empty(); + this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&blob.ptr, blob.len); + if (!this->ec) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h index bdbb2fe6e..29d607d38 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h @@ -23,6 +23,7 @@ typedef struct openssl_ec_public_key_t openssl_ec_public_key_t; +#include <credentials/builder.h> #include <credentials/keys/public_key.h> /** @@ -37,11 +38,15 @@ struct openssl_ec_public_key_t { }; /** - * Create the builder for a public key. + * Load a ECDSA public key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. * * @param type type of the key, must be KEY_ECDSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_ec_public_key_builder(key_type_t type); +openssl_ec_public_key_t *openssl_ec_public_key_load(key_type_t type, + va_list args); #endif /** OPENSSL_EC_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 90a5229d5..7556bc594 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -23,19 +23,19 @@ typedef struct private_openssl_hasher_t private_openssl_hasher_t; * Private data of openssl_hasher_t */ struct private_openssl_hasher_t { - + /** * Public part of this class. */ openssl_hasher_t public; - + /** * the hasher to use */ const EVP_MD *hasher; - + /** - * the current digest context + * the current digest context */ EVP_MD_CTX *ctx; }; @@ -49,7 +49,7 @@ typedef struct { * Identifier specified in IKEv2 */ int ikev2_id; - + /** * Name of the algorithm, as used in OpenSSL */ @@ -76,7 +76,7 @@ static openssl_algorithm_t integrity_algs[] = { /** * Look up an OpenSSL algorithm name */ -static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, +static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, u_int16_t ikev2_algo) { while (openssl_algo->ikev2_id != END_OF_LIST) @@ -133,7 +133,7 @@ static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk, } else { - get_hash(this, chunk, NULL); + get_hash(this, chunk, NULL); } } @@ -152,7 +152,7 @@ static void destroy (private_openssl_hasher_t *this) openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) { private_openssl_hasher_t *this; - + char* name = lookup_algorithm(integrity_algs, algo); if (!name) { @@ -161,7 +161,7 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) } this = malloc_thing(private_openssl_hasher_t); - + this->hasher = EVP_get_digestbyname(name); if (!this->hasher) { @@ -169,17 +169,17 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) free(this); return NULL; } - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + this->ctx = EVP_MD_CTX_create(); - + /* initialization */ reset(this); - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h index aec5bc7dd..fd7a043d1 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.h +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h @@ -29,7 +29,7 @@ typedef struct openssl_hasher_t openssl_hasher_t; * Implementation of hashers using OpenSSL. */ struct openssl_hasher_t { - + /** * The hasher_t interface. */ @@ -38,7 +38,7 @@ struct openssl_hasher_t { /** * Constructor to create openssl_hasher_t. - * + * * @param algo algorithm * @return openssl_hasher_t, NULL if not supported */ diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index ce6716f5a..548a76bb4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -18,12 +18,13 @@ #include <openssl/evp.h> #include <openssl/engine.h> #include <openssl/crypto.h> -#include <pthread.h> #include "openssl_plugin.h" #include <library.h> -#include <utils/mutex.h> +#include <threading/thread.h> +#include <threading/mutex.h> +#include "openssl_util.h" #include "openssl_crypter.h" #include "openssl_hasher.h" #include "openssl_diffie_hellman.h" @@ -82,7 +83,7 @@ struct CRYPTO_dynlock_value { static struct CRYPTO_dynlock_value *create_function(const char *file, int line) { struct CRYPTO_dynlock_value *lock; - + lock = malloc_thing(struct CRYPTO_dynlock_value); lock->mutex = mutex_create(MUTEX_TYPE_DEFAULT); return lock; @@ -119,7 +120,7 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock, */ static unsigned long id_function(void) { - return (unsigned long)pthread_self(); + return (unsigned long)thread_current_id(); } /** @@ -130,12 +131,12 @@ static void threading_init() int i, num_locks; CRYPTO_set_id_callback(id_function); - CRYPTO_set_locking_callback(locking_function); - + CRYPTO_set_locking_callback(locking_function); + CRYPTO_set_dynlock_create_callback(create_function); CRYPTO_set_dynlock_lock_callback(lock_function); CRYPTO_set_dynlock_destroy_callback(destroy_function); - + num_locks = CRYPTO_num_locks(); mutex = malloc(sizeof(mutex_t*) * num_locks); for (i = 0; i < num_locks; i++) @@ -150,7 +151,7 @@ static void threading_init() static void threading_cleanup() { int i, num_locks; - + num_locks = CRYPTO_num_locks(); for (i = 0; i < num_locks; i++) { @@ -169,25 +170,31 @@ static void destroy(private_openssl_plugin_t *this) (crypter_constructor_t)openssl_crypter_create); lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)openssl_hasher_create); - lib->crypto->remove_dh(lib->crypto, + lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->remove_dh(lib->crypto, + lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_rsa_private_key_builder); + (builder_function_t)openssl_rsa_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)openssl_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_rsa_public_key_builder); + (builder_function_t)openssl_rsa_private_key_connect); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_ec_private_key_builder); + (builder_function_t)openssl_rsa_public_key_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_ec_public_key_builder); - + (builder_function_t)openssl_ec_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)openssl_ec_private_key_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)openssl_ec_public_key_load); + ENGINE_cleanup(); EVP_cleanup(); CONF_modules_free(); - + threading_cleanup(); - + free(this); } @@ -197,18 +204,18 @@ static void destroy(private_openssl_plugin_t *this) plugin_t *plugin_create() { private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + threading_init(); - + OPENSSL_config(NULL); OpenSSL_add_all_algorithms(); - + /* activate support for hardware accelerators */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); - + /* crypter */ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)openssl_crypter_create); @@ -230,7 +237,7 @@ plugin_t *plugin_create() (crypter_constructor_t)openssl_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_NULL, (crypter_constructor_t)openssl_crypter_create); - + /* hasher */ lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)openssl_hasher_create); @@ -248,48 +255,53 @@ plugin_t *plugin_create() (hasher_constructor_t)openssl_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)openssl_hasher_create); - - /* ec diffie hellman */ - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); + + /* (ec) diffie hellman */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_256_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_384_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_521_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); - - /* diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - + /* rsa */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)openssl_rsa_private_key_builder); + (builder_function_t)openssl_rsa_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)openssl_rsa_private_key_gen); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)openssl_rsa_private_key_connect); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)openssl_rsa_public_key_builder); - + (builder_function_t)openssl_rsa_public_key_load); + /* ec */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, - (builder_constructor_t)openssl_ec_private_key_builder); + (builder_function_t)openssl_ec_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + (builder_function_t)openssl_ec_private_key_gen); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, - (builder_constructor_t)openssl_ec_public_key_builder); - + (builder_function_t)openssl_ec_public_key_load); + return &this->public.plugin; } + diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 95c0ffdc8..078f889a6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -37,42 +38,25 @@ struct private_openssl_rsa_private_key_t { * Public interface for this signer. */ openssl_rsa_private_key_t public; - + /** * RSA object from OpenSSL */ RSA *rsa; - + /** * TRUE if the key is from an OpenSSL ENGINE and might not be readable */ bool engine; /** - * Keyid formed as a SHA-1 hash of a privateKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a privateKeyInfo object - */ - identification_t* keyid_info; - - /** * reference count */ - refcount_t ref; + refcount_t ref; }; -/** - * shared functions, implemented in openssl_rsa_public_key.c - */ -bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid, - identification_t **keyid_info); - - -openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e); - +/* implemented in rsa public key */ +bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp); /** * Build an EMPSA PKCS1 signature described in PKCS#1 @@ -104,7 +88,7 @@ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, { return FALSE; } - + ctx = EVP_MD_CTX_create(); key = EVP_PKEY_new(); if (!ctx || !key) @@ -127,7 +111,7 @@ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, { success = TRUE; } - + error: if (key) { @@ -156,7 +140,7 @@ static key_type_t get_type(private_openssl_rsa_private_key_t *this) /** * Implementation of openssl_rsa_private_key.sign. */ -static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { switch (scheme) @@ -201,95 +185,56 @@ static size_t get_keysize(private_openssl_rsa_private_key_t *this) } /** - * Implementation of openssl_rsa_private_key.get_id. - */ -static identification_t* get_id(private_openssl_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - -/** * Implementation of openssl_rsa_private_key.get_public_key. */ -static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) +static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) { - return openssl_rsa_public_key_create_from_n_e(this->rsa->n, this->rsa->e); + chunk_t enc; + public_key_t *key; + u_char *p; + + enc = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL)); + p = enc.ptr; + i2d_RSAPublicKey(this->rsa, &p); + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_ASN1_DER, enc, BUILD_END); + free(enc.ptr); + return key; } /** - * Implementation of openssl_rsa_private_key.equals. + * Implementation of public_key_t.get_fingerprint. */ -static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other) +static bool get_fingerprint(private_openssl_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } -/** - * Implementation of openssl_rsa_private_key.belongs_to. +/* + * Implementation of public_key_t.get_encoding. */ -static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public) +static bool get_encoding(private_openssl_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - identification_t *keyid; + u_char *p; - if (public->get_type(public) != KEY_RSA) + if (this->engine) { return FALSE; } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} - -/** - * Implementation of private_key_t.get_encoding. - */ -static chunk_t get_encoding(private_openssl_rsa_private_key_t *this) -{ - chunk_t enc = chunk_empty; - if (!this->engine) + switch (type) { - enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); - u_char *p = enc.ptr; - i2d_RSAPrivateKey(this->rsa, &p); + case KEY_PRIV_ASN1_DER: + { + *encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); + p = encoding->ptr; + i2d_RSAPrivateKey(this->rsa, &p); + return TRUE; + } + default: + return FALSE; } - return enc; } /** @@ -299,7 +244,6 @@ static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_ke { ref_get(&this->ref); return this; - } /** @@ -311,10 +255,9 @@ static void destroy(private_openssl_rsa_private_key_t *this) { if (this->rsa) { + lib->encoding->clear_cache(lib->encoding, this->rsa); RSA_free(this->rsa); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -322,238 +265,215 @@ static void destroy(private_openssl_rsa_private_key_t *this) /** * Internal generic constructor */ -static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(void) +static private_openssl_rsa_private_key_t *create_empty(void) { private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; - this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; this->public.interface.destroy = (void (*) (private_key_t*))destroy; - + this->engine = FALSE; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * Generate an RSA key of specified key size + * See header. */ -static openssl_rsa_private_key_t *generate(size_t key_size) +openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, + va_list args) { - private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty(); - - this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL); - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) + private_openssl_rsa_private_key_t *this; + u_int key_size = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) { - destroy(this); return NULL; } - + this = create_empty(); + this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL); + return &this->public; } /** - * load private key from an ASN1 encoded blob + * See header */ -static openssl_rsa_private_key_t *load(chunk_t blob) +openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, + va_list args) { - u_char *p = blob.ptr; - private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty(); - - this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); - - if (!this->rsa) + private_openssl_rsa_private_key_t *this; + chunk_t blob, n, e, d, p, q, exp1, exp2, coeff; + + blob = n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty; + while (TRUE) { - destroy(this); - return NULL; + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + exp1 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP2: + exp2 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + coeff = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; } - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) + + this = create_empty(); + if (blob.ptr) { - destroy(this); - return NULL; + this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (this->rsa && RSA_check_key(this->rsa)) + { + return &this->public; + } } - - if (!RSA_check_key(this->rsa)) + else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr) { - destroy(this); - return NULL; + this->rsa = RSA_new(); + this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); + this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); + this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + if (exp1.ptr) + { + this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); + } + if (exp2.ptr) + { + this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); + } + this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + if (RSA_check_key(this->rsa)) + { + return &this->public; + } } - - return &this->public; + destroy(this); + return NULL; } /** - * load private key from a smart card + * See header. */ -static openssl_rsa_private_key_t *load_from_smartcard(char *keyid, char *pin) +openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, + va_list args) { - private_openssl_rsa_private_key_t *this = NULL; + private_openssl_rsa_private_key_t *this; + char *keyid = NULL, *pin = NULL; EVP_PKEY *key; - char *engine_id = lib->settings->get_str(lib->settings, + char *engine_id; + ENGINE *engine; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_SMARTCARD_KEYID: + keyid = va_arg(args, char*); + continue; + case BUILD_SMARTCARD_PIN: + pin = va_arg(args, char*); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!keyid || !pin) + { + return NULL; + } + + engine_id = lib->settings->get_str(lib->settings, "library.plugins.openssl.engine_id", "pkcs11"); - - ENGINE *engine = ENGINE_by_id(engine_id); + engine = ENGINE_by_id(engine_id); if (!engine) { DBG1("engine '%s' is not available", engine_id); return NULL; } - if (!ENGINE_init(engine)) { DBG1("failed to initialize engine '%s'", engine_id); - goto error; + ENGINE_free(engine); + return NULL; } - if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0)) { DBG1("failed to set PIN on engine '%s'", engine_id); - goto error; + ENGINE_free(engine); + return NULL; } - + key = ENGINE_load_private_key(engine, keyid, NULL, NULL); - if (!key) { - DBG1("failed to load private key with ID '%s' from engine '%s'", keyid, - engine_id); - goto error; - } - ENGINE_free(engine); - - this = openssl_rsa_private_key_create_empty(); - this->rsa = EVP_PKEY_get1_RSA(key); - this->engine = TRUE; - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) - { - destroy(this); + DBG1("failed to load private key with ID '%s' from engine '%s'", + keyid, engine_id); + ENGINE_free(engine); return NULL; } - return &this->public; - -error: ENGINE_free(engine); - return NULL; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - openssl_rsa_private_key_t *key; - /** temporary stored smartcard key ID */ - char *keyid; - /** temporary stored smartcard pin */ - char *pin; -}; -/** - * Implementation of builder_t.build - */ -static openssl_rsa_private_key_t *build(private_builder_t *this) -{ - openssl_rsa_private_key_t *key = this->key; - - if (this->keyid && this->pin) - { - key = load_from_smartcard(this->keyid, this->pin); - } - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t chunk; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - case BUILD_SMARTCARD_KEYID: - { - va_start(args, part); - this->keyid = va_arg(args, char*); - va_end(args); - return; - } - case BUILD_SMARTCARD_PIN: - { - va_start(args, part); - this->pin = va_arg(args, char*); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_openssl_rsa_private_key_t*)this->key); - } - builder_cancel(&this->public); -} + this = create_empty(); + this->rsa = EVP_PKEY_get1_RSA(key); + this->engine = TRUE; -/** - * Builder construction function - */ -builder_t *openssl_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - this->keyid = NULL; - this->pin = NULL; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h index 53ec44b28..079dfa46a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h @@ -21,6 +21,7 @@ #ifndef OPENSSL_RSA_PRIVATE_KEY_H_ #define OPENSSL_RSA_PRIVATE_KEY_H_ +#include <credentials/builder.h> #include <credentials/keys/private_key.h> typedef struct openssl_rsa_private_key_t openssl_rsa_private_key_t; @@ -37,11 +38,40 @@ struct openssl_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generate a RSA private key using OpenSSL. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a RSA private key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, + va_list args); + +/** + * Connect to a RSA private key on a smartcard. + * + * Accepts the BUILD_SMARTCARD_KEYID and the BUILD_SMARTCARD_PIN + * arguments. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_rsa_private_key_builder(key_type_t type); +openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, + va_list args); #endif /** OPENSSL_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index bc1ba35b6..422262b19 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -31,22 +32,12 @@ struct private_openssl_rsa_public_key_t { * Public interface for this signer. */ openssl_rsa_public_key_t public; - + /** * RSA object from OpenSSL */ RSA *rsa; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t *keyid_info; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t *keyid; - + /** * reference counter */ @@ -109,7 +100,7 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this, goto error; } valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1); - + error: if (key) { @@ -134,7 +125,7 @@ static key_type_t get_type(private_openssl_rsa_public_key_t *this) /** * Implementation of public_key_t.verify. */ -static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, +static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature) { switch (scheme) @@ -163,41 +154,14 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc /** * Implementation of public_key_t.get_keysize. */ -static bool encrypt_(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain) +static bool encrypt_(private_openssl_rsa_public_key_t *this, + chunk_t crypto, chunk_t *plain) { DBG1("RSA public key encryption not implemented"); return FALSE; } /** - * Implementation of public_key_t.equals. - */ -static bool equals(private_openssl_rsa_public_key_t *this, public_key_t *other) -{ - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} - -/** * Implementation of public_key_t.get_keysize. */ static size_t get_keysize(private_openssl_rsa_public_key_t *this) @@ -206,79 +170,92 @@ static size_t get_keysize(private_openssl_rsa_public_key_t *this) } /** - * Implementation of public_key_t.get_id. + * Calculate fingerprint from a RSA key, also used in rsa private key. */ -static identification_t *get_id(private_openssl_rsa_public_key_t *this, - id_type_t type) +bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp) { + hasher_t *hasher; + chunk_t key; + u_char *p; + + if (lib->encoding->get_cache(lib->encoding, type, rsa, fp)) + { + return TRUE; + } switch (type) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; + case KEY_ID_PUBKEY_SHA1: + key = chunk_alloc(i2d_RSAPublicKey(rsa, NULL)); + p = key.ptr; + i2d_RSAPublicKey(rsa, &p); + break; + case KEY_ID_PUBKEY_INFO_SHA1: + key = chunk_alloc(i2d_RSA_PUBKEY(rsa, NULL)); + p = key.ptr; + i2d_RSA_PUBKEY(rsa, &p); + break; default: - return NULL; + return FALSE; } + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + free(key.ptr); + return FALSE; + } + hasher->allocate_hash(hasher, key, fp); + free(key.ptr); + hasher->destroy(hasher); + lib->encoding->cache(lib->encoding, type, rsa, *fp); + return TRUE; } /** - * Encodes the public key - */ -static chunk_t get_encoding_raw(RSA *rsa) -{ - chunk_t enc = chunk_alloc(i2d_RSAPublicKey(rsa, NULL)); - u_char *p = enc.ptr; - i2d_RSAPublicKey(rsa, &p); - return enc; -} - -/** - * Encodes the public key with the algorithm used + * Implementation of public_key_t.get_fingerprint. */ -static chunk_t get_encoding_with_algo(RSA *rsa) +static bool get_fingerprint(private_openssl_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - u_char *p; - chunk_t enc; - X509_PUBKEY *pubkey = X509_PUBKEY_new(); - - ASN1_OBJECT_free(pubkey->algor->algorithm); - pubkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); - - if (pubkey->algor->parameter == NULL || - pubkey->algor->parameter->type != V_ASN1_NULL) - { - ASN1_TYPE_free(pubkey->algor->parameter); - pubkey->algor->parameter = ASN1_TYPE_new(); - pubkey->algor->parameter->type = V_ASN1_NULL; - } - - enc = get_encoding_raw(rsa); - M_ASN1_BIT_STRING_set(pubkey->public_key, enc.ptr, enc.len); - chunk_free(&enc); - - enc = chunk_alloc(i2d_X509_PUBKEY(pubkey, NULL)); - p = enc.ptr; - i2d_X509_PUBKEY(pubkey, &p); - X509_PUBKEY_free(pubkey); - return enc; + return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } /* * Implementation of public_key_t.get_encoding. */ -static chunk_t get_encoding(private_openssl_rsa_public_key_t *this) +static bool get_encoding(private_openssl_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return get_encoding_raw(this->rsa); + u_char *p; + + switch (type) + { + case KEY_PUB_SPKI_ASN1_DER: + { + *encoding = chunk_alloc(i2d_RSA_PUBKEY(this->rsa, NULL)); + p = encoding->ptr; + i2d_RSA_PUBKEY(this->rsa, &p); + return TRUE; + } + case KEY_PUB_ASN1_DER: + { + *encoding = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL)); + p = encoding->ptr; + i2d_RSAPublicKey(this->rsa, &p); + return TRUE; + } + default: + return FALSE; + } } /** * Implementation of public_key_t.get_ref. */ -static private_openssl_rsa_public_key_t* get_ref(private_openssl_rsa_public_key_t *this) +static public_key_t* get_ref(private_openssl_rsa_public_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface; } /** @@ -290,10 +267,9 @@ static void destroy(private_openssl_rsa_public_key_t *this) { if (this->rsa) { + lib->encoding->clear_cache(lib->encoding, this->rsa); RSA_free(this->rsa); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -301,179 +277,75 @@ static void destroy(private_openssl_rsa_public_key_t *this) /** * Generic private constructor */ -static private_openssl_rsa_public_key_t *openssl_rsa_public_key_create_empty() +static private_openssl_rsa_public_key_t *create_empty() { private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t); - + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; + this->public.interface.equals = public_key_equals; this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} - -/** - * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info). - * Also used in openssl_rsa_private_key.c. - */ -bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid, - identification_t **keyid_info) -{ - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; - } - - publicKey = get_encoding_raw(rsa); - - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = get_encoding_with_algo(rsa); - - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - chunk_free(&publicKey); - - return TRUE; -} - -/** - * Create a public key from BIGNUM values, used in openssl_rsa_private_key.c - */ -openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e) -{ - private_openssl_rsa_public_key_t *this = openssl_rsa_public_key_create_empty(); - - this->rsa = RSA_new(); - this->rsa->n = BN_dup(n); - this->rsa->e = BN_dup(e); - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} -/** - * Load a public key from an ASN1 encoded blob - */ -static openssl_rsa_public_key_t *load(chunk_t blob) -{ - u_char *p = blob.ptr; - private_openssl_rsa_public_key_t *this = openssl_rsa_public_key_create_empty(); - - this->rsa = d2i_RSAPublicKey(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); - - if (!this->rsa) - { - destroy(this); - return NULL; - } + this->rsa = NULL; + this->ref = 1; - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; + return this; } -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for key loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - openssl_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static openssl_rsa_public_key_t *build(private_builder_t *this) +openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, + va_list args) { - openssl_rsa_public_key_t *key = this->key; - - free(this); - return key; -} + private_openssl_rsa_public_key_t *this; + chunk_t blob, n, e; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + n = e = blob = chunk_empty; + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) + + this = create_empty(); + if (blob.ptr) { - destroy((private_openssl_rsa_public_key_t*)this->key); + this->rsa = d2i_RSAPublicKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (this->rsa) + { + return &this->public; + } } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *openssl_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) + else if (n.ptr && e.ptr) { - return NULL; + this->rsa = RSA_new(); + this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + return &this->public; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + destroy(this); + return NULL; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h index ff99ddbc5..620aa51ce 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h @@ -37,11 +37,15 @@ struct openssl_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_rsa_public_key_builder(key_type_t type); +openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, + va_list args); #endif /** OPENSSL_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index c8c453f64..55b18a524 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -18,6 +19,7 @@ #include <debug.h> #include <openssl/evp.h> +#include <openssl/x509.h> /** * Described in header. @@ -31,30 +33,30 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash) { return FALSE; } - - ctx = EVP_MD_CTX_create(); + + ctx = EVP_MD_CTX_create(); if (!ctx) { goto error; } - + if (!EVP_DigestInit_ex(ctx, hasher, NULL)) { goto error; } - + if (!EVP_DigestUpdate(ctx, data.ptr, data.len)) { goto error; } - + *hash = chunk_alloc(hasher->md_size); if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL)) { chunk_free(hash); goto error; } - + ret = TRUE; error: if (ctx) @@ -70,18 +72,18 @@ error: bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) { int offset; - + chunk->len = len + (b ? len : 0); chunk->ptr = malloc(chunk->len); memset(chunk->ptr, 0, chunk->len); - + /* convert a */ offset = len - BN_num_bytes(a); if (!BN_bn2bin(a, chunk->ptr + offset)) { goto error; } - + /* optionally convert and concatenate b */ if (b) { @@ -90,8 +92,8 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) { goto error; } - } - + } + return TRUE; error: chunk_free(chunk); @@ -105,19 +107,20 @@ error: bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b) { int len; - + if ((chunk.len % 2) != 0) { return FALSE; } - + len = chunk.len / 2; - + if (!BN_bin2bn(chunk.ptr, len, a) || !BN_bin2bn(chunk.ptr + len, len, b)) { return FALSE; } - + return TRUE; } + diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index 6ba1ff07b..538008f2c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -31,9 +31,9 @@ /** * Creates a hash of a given type of a chunk of data. - * + * * Note: this function allocates memory for the hash - * + * * @param hash_type NID of the hash * @param data the chunk of data to hash * @param hash chunk that contains the hash @@ -44,9 +44,9 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash); /** * Concatenates two bignums into a chunk, thereby enfocing the length of * a single BIGNUM, if necessary, by pre-pending it with zeros. - * + * * Note: this function allocates memory for the chunk - * + * * @param len the length of a single BIGNUM * @param a first BIGNUM * @param b second BIGNUM @@ -57,7 +57,7 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk); /** * Splits a chunk into two bignums of equal binary length. - * + * * @param chunk a chunk that contains the two BIGNUMs * @param a first BIGNUM * @param b second BIGNUM diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 44f533744..59ea98799 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/padlock DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_padlock_la_LIBADD = am_libstrongswan_padlock_la_OBJECTS = padlock_plugin.lo \ @@ -60,6 +84,7 @@ libstrongswan_padlock_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index afdd85b79..9edea4bd3 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -26,12 +26,12 @@ typedef struct private_padlock_aes_crypter_t private_padlock_aes_crypter_t; * Private data of padlock_aes_crypter_t */ struct private_padlock_aes_crypter_t { - + /** * Public part of this class. */ padlock_aes_crypter_t public; - + /* * the key */ @@ -56,7 +56,7 @@ typedef struct { /** * Invoke the actual de/encryption */ -static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, +static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, int count, void *iv) { asm volatile( @@ -81,7 +81,7 @@ static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, /* * Implementation of crypter_t.crypt */ -static void crypt(private_padlock_aes_crypter_t *this, char *iv, +static void crypt(private_padlock_aes_crypter_t *this, char *iv, chunk_t src, chunk_t *dst, bool enc) { cword cword PADLOCK_ALIGN; @@ -110,7 +110,7 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv, /** * Implementation of crypter_t.decrypt. */ -static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, +static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, iv.ptr, data, dst, TRUE); @@ -120,7 +120,7 @@ static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, /** * Implementation of crypter_t.encrypt. */ -static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data, +static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, iv.ptr, data, dst, FALSE); @@ -162,18 +162,18 @@ static void destroy (private_padlock_aes_crypter_t *this) /* * Described in header */ -padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, +padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_padlock_aes_crypter_t *this; - + if (algo != ENCR_AES_CBC) { return NULL; } - + this = malloc_thing(private_padlock_aes_crypter_t); - + switch (key_size) { case 16: /* AES 128 */ @@ -185,15 +185,15 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, free(this); return NULL; } - + this->key = chunk_alloc(key_size); - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h index d8ac9c2a0..d4c7a7577 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h @@ -30,7 +30,7 @@ typedef struct padlock_aes_crypter_t padlock_aes_crypter_t; * Implementation of AES-128 using VIA Padlock. */ struct padlock_aes_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct padlock_aes_crypter_t { /** * Constructor to create padlock_aes_crypter_t. - * + * * @param key_size key size in bytes, currently supports only 16. * @param algo algorithm to implement, must be ENCR_AES_CBC * @return padlock_aes_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index e241b59be..32b18ec4b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -55,7 +55,7 @@ struct private_padlock_plugin_t { * public functions */ padlock_plugin_t public; - + /** * features supported by Padlock */ @@ -81,11 +81,11 @@ static padlock_feature_t get_padlock_features() { char vendor[3 * sizeof(int) + 1]; int a, b, c, d; - + cpuid(0, a, b, c, d); /* VendorID string is in b-d-c (yes, in this order) */ snprintf(vendor, sizeof(vendor), "%.4s%.4s%.4s", &b, &d, &c); - + /* check if we have a VIA chip */ if (streq(vendor, "CentaurHauls")) { @@ -134,9 +134,9 @@ static void destroy(private_padlock_plugin_t *this) plugin_t *plugin_create() { private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->features = get_padlock_features(); if (!this->features) { @@ -154,7 +154,7 @@ plugin_t *plugin_create() this->features & PADLOCK_ACE2_ENABLED ? " ACE2" : "", this->features & PADLOCK_PHE_ENABLED ? " PHE" : "", this->features & PADLOCK_PMM_ENABLED ? " PMM" : ""); - + if (this->features & PADLOCK_RNG_ENABLED) { lib->crypto->add_rng(lib->crypto, RNG_TRUE, diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c index 8a04dccfc..8ff46081b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.c +++ b/src/libstrongswan/plugins/padlock/padlock_rng.c @@ -36,12 +36,12 @@ enum padlock_quality_factor_t { * Private data of an padlock_rng_t object. */ struct private_padlock_rng_t { - + /** * Public padlock_rng_t interface. */ padlock_rng_t public; - + /** * Padlock quality factor */ @@ -56,14 +56,14 @@ static void rng(char *buf, int len, int quality) while (len > 0)
{ int status; - + /* run XSTORE until we have all bytes needed. We do not use REP, as * this should not be performance critical and it's easier this way. */ asm volatile ( ".byte 0x0F,0xA7,0xC0 \n\t"
: "=D"(buf), "=a"(status)
: "d"(quality), "D"(buf)); - + /* bits[0..4] of status word contains the number of bytes read */ len -= status & 0x1F; } @@ -78,7 +78,7 @@ static void allocate_bytes(private_padlock_rng_t *this, size_t bytes, chunk->len = bytes; /* padlock requires some additional bytes */ chunk->ptr = malloc(bytes + 7); - + rng(chunk->ptr, chunk->len, this->quality); } @@ -89,7 +89,7 @@ static void get_bytes(private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer) { chunk_t chunk; - + /* Padlock needs a larger buffer than "bytes", we need a new buffer */ allocate_bytes(this, bytes, &chunk); memcpy(buffer, chunk.ptr, bytes); @@ -110,11 +110,11 @@ static void destroy(private_padlock_rng_t *this) padlock_rng_t *padlock_rng_create(rng_quality_t quality) { private_padlock_rng_t *this = malloc_thing(private_padlock_rng_t); - + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; this->public.rng.destroy = (void (*) (rng_t *))destroy; - + /* map RNG quality to Padlock quality factor */ switch (quality) { @@ -128,7 +128,7 @@ padlock_rng_t *padlock_rng_create(rng_quality_t quality) this->quality = PADLOCK_QF3; break; } - + return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h index 237d8fbe2..776be8937 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.h +++ b/src/libstrongswan/plugins/padlock/padlock_rng.h @@ -29,7 +29,7 @@ typedef struct padlock_rng_t padlock_rng_t; * Hardware-RNG based on via Padlock. */ struct padlock_rng_t { - + /** * Implements rng_t interface. */ @@ -44,4 +44,4 @@ struct padlock_rng_t { */ padlock_rng_t *padlock_rng_create(rng_quality_t quality); -#endif /** PADLOCK_RNG_ @}*/ +#endif /** PADLOCK_RNG_H_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index b5a6abc64..60b516675 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -32,7 +32,7 @@ struct private_padlock_sha1_hasher_t { * Public interface for this hasher. */ padlock_sha1_hasher_t public; - + /** * data collected to hash */ @@ -45,8 +45,8 @@ struct private_padlock_sha1_hasher_t { static void padlock_sha1(int len, u_char *in, u_char *out) { /* rep xsha1 */ - asm volatile ( - ".byte 0xf3, 0x0f, 0xa6, 0xc8" + asm volatile ( + ".byte 0xf3, 0x0f, 0xa6, 0xc8" : "+S"(in), "+D"(out) : "c"(len), "a"(0)); } @@ -57,7 +57,7 @@ static void padlock_sha1(int len, u_char *in, u_char *out) static void sha1(chunk_t data, u_int32_t *digest) { u_int32_t hash[128] PADLOCK_ALIGN; - + hash[0] = 0x67452301; hash[1] = 0xefcdab89; hash[2] = 0x98badcfe; @@ -105,14 +105,14 @@ static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, sha1(this->data, (u_int32_t*)hash); } else - { /* hash directly if no previous data found */ + { /* hash directly if no previous data found */ sha1(chunk, (u_int32_t*)hash); } reset(this); } else { - append_data(this, chunk); + append_data(this, chunk); } } @@ -129,10 +129,10 @@ static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, } else { - get_hash(this, chunk, NULL); + get_hash(this, chunk, NULL); } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -156,20 +156,20 @@ static void destroy(private_padlock_sha1_hasher_t *this) padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo) { private_padlock_sha1_hasher_t *this; - + if (algo != HASH_SHA1) { return NULL; } - + this = malloc_thing(private_padlock_sha1_hasher_t); this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + this->data = chunk_empty; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h index afa1e046d..740bdfe98 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h @@ -30,7 +30,7 @@ typedef struct padlock_sha1_hasher_t padlock_sha1_hasher_t; * Implementation of hasher_t interface using the SHA1 algorithm. */ struct padlock_sha1_hasher_t { - + /** * Implements hasher_t interface. */ diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am new file mode 100644 index 000000000..98f356aaf --- /dev/null +++ b/src/libstrongswan/plugins/pem/Makefile.am @@ -0,0 +1,12 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-pem.la + +libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \ + pem_builder.c pem_builder.h + +libstrongswan_pem_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in new file mode 100644 index 000000000..e81b4f78f --- /dev/null +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -0,0 +1,569 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pem +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_pem_la_LIBADD = +am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo +libstrongswan_pem_la_OBJECTS = $(am_libstrongswan_pem_la_OBJECTS) +libstrongswan_pem_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pem_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pem_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pem_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-pem.la +libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \ + pem_builder.c pem_builder.h + +libstrongswan_pem_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pem.la: $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_DEPENDENCIES) + $(libstrongswan_pem_la_LINK) -rpath $(plugindir) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c new file mode 100644 index 000000000..2f285e9bc --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -0,0 +1,566 @@ +/* + * Copyright (C) 2009 Martin Willi + * Copyright (C) 2001-2008 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pem_builder.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> +#include <stddef.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/mman.h> +#include <sys/stat.h> + +#include <debug.h> +#include <library.h> +#include <utils/lexparser.h> +#include <asn1/asn1.h> +#include <crypto/hashers/hasher.h> +#include <crypto/crypters/crypter.h> +#include <credentials/certificates/x509.h> + +#define PKCS5_SALT_LEN 8 /* bytes */ + +/** + * check the presence of a pattern in a character string, skip if found + */ +static bool present(char* pattern, chunk_t* ch) +{ + u_int len = strlen(pattern); + + if (ch->len >= len && strneq(ch->ptr, pattern, len)) + { + *ch = chunk_skip(*ch, len); + return TRUE; + } + return FALSE; +} + +/** + * find a boundary of the form -----tag name----- + */ +static bool find_boundary(char* tag, chunk_t *line) +{ + chunk_t name = chunk_empty; + + if (!present("-----", line) || + !present(tag, line) || + *line->ptr != ' ') + { + return FALSE; + } + *line = chunk_skip(*line, 1); + + /* extract name */ + name.ptr = line->ptr; + while (line->len > 0) + { + if (present("-----", line)) + { + DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr); + return TRUE; + } + line->ptr++; line->len--; name.len++; + } + return FALSE; +} + +/* + * decrypts a passphrase protected encrypted data block + */ +static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, + size_t key_size, chunk_t iv, chunk_t passphrase) +{ + hasher_t *hasher; + crypter_t *crypter; + chunk_t salt = { iv.ptr, PKCS5_SALT_LEN }; + chunk_t hash; + chunk_t decrypted; + chunk_t key = {alloca(key_size), key_size}; + u_int8_t padding, *last_padding_pos, *first_padding_pos; + + /* build key from passphrase and IV */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); + if (hasher == NULL) + { + DBG1(" MD5 hash algorithm not available"); + return NOT_SUPPORTED; + } + hash.len = hasher->get_hash_size(hasher); + hash.ptr = alloca(hash.len); + hasher->get_hash(hasher, passphrase, NULL); + hasher->get_hash(hasher, salt, hash.ptr); + memcpy(key.ptr, hash.ptr, hash.len); + + if (key.len > hash.len) + { + hasher->get_hash(hasher, hash, NULL); + hasher->get_hash(hasher, passphrase, NULL); + hasher->get_hash(hasher, salt, hash.ptr); + memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len); + } + hasher->destroy(hasher); + + /* decrypt blob */ + crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); + if (crypter == NULL) + { + DBG1(" %N encryption algorithm not available", + encryption_algorithm_names, alg); + return NOT_SUPPORTED; + } + crypter->set_key(crypter, key); + + if (iv.len != crypter->get_block_size(crypter) || + blob->len % iv.len) + { + crypter->destroy(crypter); + DBG1(" data size is not multiple of block size"); + return PARSE_ERROR; + } + crypter->decrypt(crypter, *blob, iv, &decrypted); + crypter->destroy(crypter); + memcpy(blob->ptr, decrypted.ptr, blob->len); + chunk_free(&decrypted); + + /* determine amount of padding */ + last_padding_pos = blob->ptr + blob->len - 1; + padding = *last_padding_pos; + if (padding > blob->len) + { + first_padding_pos = blob->ptr; + } + else + { + first_padding_pos = last_padding_pos - padding; + } + /* check the padding pattern */ + while (--last_padding_pos > first_padding_pos) + { + if (*last_padding_pos != padding) + { + DBG1(" invalid passphrase"); + return INVALID_ARG; + } + } + /* remove padding */ + blob->len -= padding; + return SUCCESS; +} + +/** + * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934) + */ +static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data, + bool *pgp) +{ + typedef enum { + PEM_PRE = 0, + PEM_MSG = 1, + PEM_HEADER = 2, + PEM_BODY = 3, + PEM_POST = 4, + PEM_ABORT = 5 + } state_t; + + encryption_algorithm_t alg = ENCR_UNDEFINED; + size_t key_size = 0; + bool encrypted = FALSE; + state_t state = PEM_PRE; + chunk_t src = *blob; + chunk_t dst = *blob; + chunk_t line = chunk_empty; + chunk_t iv = chunk_empty; + chunk_t passphrase; + int try = 0; + u_char iv_buf[HASH_SIZE_MD5]; + + dst.len = 0; + iv.ptr = iv_buf; + iv.len = 0; + + while (fetchline(&src, &line)) + { + if (state == PEM_PRE) + { + if (find_boundary("BEGIN", &line)) + { + state = PEM_MSG; + } + continue; + } + else + { + if (find_boundary("END", &line)) + { + state = PEM_POST; + break; + } + if (state == PEM_MSG) + { + state = PEM_HEADER; + if (memchr(line.ptr, ':', line.len) == NULL) + { + state = PEM_BODY; + } + } + if (state == PEM_HEADER) + { + err_t ugh = NULL; + chunk_t name = chunk_empty; + chunk_t value = chunk_empty; + + /* an empty line separates HEADER and BODY */ + if (line.len == 0) + { + state = PEM_BODY; + continue; + } + + /* we are looking for a parameter: value pair */ + DBG2(" %.*s", (int)line.len, line.ptr); + ugh = extract_parameter_value(&name, &value, &line); + if (ugh != NULL) + { + continue; + } + if (match("Proc-Type", &name) && *value.ptr == '4') + { + encrypted = TRUE; + } + else if (match("DEK-Info", &name)) + { + chunk_t dek; + + if (!extract_token(&dek, ',', &value)) + { + dek = value; + } + if (match("DES-EDE3-CBC", &dek)) + { + alg = ENCR_3DES; + key_size = 24; + } + else if (match("AES-128-CBC", &dek)) + { + alg = ENCR_AES_CBC; + key_size = 16; + } + else if (match("AES-192-CBC", &dek)) + { + alg = ENCR_AES_CBC; + key_size = 24; + } + else if (match("AES-256-CBC", &dek)) + { + alg = ENCR_AES_CBC; + key_size = 32; + } + else + { + DBG1(" encryption algorithm '%.*s' not supported", + dek.len, dek.ptr); + return NOT_SUPPORTED; + } + eat_whitespace(&value); + iv = chunk_from_hex(value, iv.ptr); + } + } + else /* state is PEM_BODY */ + { + chunk_t data; + + /* remove any trailing whitespace */ + if (!extract_token(&data ,' ', &line)) + { + data = line; + } + + /* check for PGP armor checksum */ + if (*data.ptr == '=') + { + *pgp = TRUE; + data.ptr++; + data.len--; + DBG2(" armor checksum: %.*s", (int)data.len, data.ptr); + continue; + } + + if (blob->len - dst.len < data.len / 4 * 3) + { + state = PEM_ABORT; + } + data = chunk_from_base64(data, dst.ptr); + + dst.ptr += data.len; + dst.len += data.len; + } + } + } + /* set length to size of binary blob */ + blob->len = dst.len; + + if (state != PEM_POST) + { + DBG1(" file coded in unknown format, discarded"); + return PARSE_ERROR; + } + if (!encrypted) + { + return SUCCESS; + } + if (!cb) + { + DBG1(" missing passphrase"); + return INVALID_ARG; + } + while (TRUE) + { + passphrase = cb(cb_data, ++try); + if (!passphrase.len || !passphrase.ptr) + { + return INVALID_ARG; + } + switch (pem_decrypt(blob, alg, key_size, iv, passphrase)) + { + case INVALID_ARG: + /* bad passphrase, retry */ + continue; + case SUCCESS: + return SUCCESS; + default: + return FAILED; + } + } +} + +/** + * load the credential from a blob + */ +static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, + chunk_t(*cb)(void*,int), void *cb_data, + x509_flag_t flags) +{ + void *cred = NULL; + bool pgp = FALSE; + + blob = chunk_clone(blob); + if (!is_asn1(blob)) + { + if (pem_to_bin(&blob, cb, cb_data, &pgp) != SUCCESS) + { + chunk_clear(&blob); + return NULL; + } + if (pgp && type == CRED_PRIVATE_KEY) + { + /* PGP encoded keys are parsed with a KEY_ANY key type, as it + * can contain any type of key. However, ipsec.secrets uses + * RSA for PGP keys, which is actually wrong. */ + subtype = KEY_ANY; + } + } + /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */ + if (type == CRED_CERTIFICATE && subtype == CERT_ANY) + { + subtype = pgp ? CERT_GPG : CERT_X509; + } + cred = lib->creds->create(lib->creds, type, subtype, + pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob, + flags ? BUILD_X509_FLAG : BUILD_END, + flags, BUILD_END); + chunk_clear(&blob); + return cred; +} + +/** + * load the credential from a file + */ +static void *load_from_file(char *file, credential_type_t type, int subtype, + chunk_t(*cb)(void*,int), void *cb_data, + x509_flag_t flags) +{ + void *cred = NULL; + struct stat sb; + void *addr; + int fd; + + fd = open(file, O_RDONLY); + if (fd == -1) + { + DBG1(" opening '%s' failed: %s", file, strerror(errno)); + return NULL; + } + + if (fstat(fd, &sb) == -1) + { + DBG1(" getting file size of '%s' failed: %s", file, strerror(errno)); + close(fd); + return NULL; + } + + addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (addr == MAP_FAILED) + { + DBG1(" mapping '%s' failed: %s", file, strerror(errno)); + close(fd); + return NULL; + } + + cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, + cb, cb_data, flags); + + munmap(addr, sb.st_size); + close(fd); + return cred; +} + +/** + * load the credential from a file descriptor + */ +static void *load_from_fd(int fd, credential_type_t type, int subtype, + chunk_t(*cb)(void*,int), void *cb_data, + x509_flag_t flags) +{ + char buf[8096]; + char *pos = buf; + ssize_t len, total = 0; + + while (TRUE) + { + len = read(fd, pos, buf + sizeof(buf) - pos); + if (len < 0) + { + DBG1("reading from file descriptor failed: %s", strerror(errno)); + return NULL; + } + if (len == 0) + { + break; + } + total += len; + if (total == sizeof(buf)) + { + DBG1("buffer too small to read from file descriptor"); + return NULL; + } + } + return load_from_blob(chunk_create(buf, total), type, subtype, + cb, cb_data, flags); +} + +/** + * passphrase callback to use if passphrase given + */ +static chunk_t given_passphrase_cb(chunk_t *passphrase, int try) +{ + if (try > 1) + { /* try only once for given passphrases */ + return chunk_empty; + } + return *passphrase; +} + +/** + * Load all kind of PEM encoded credentials. + */ +static void *pem_load(credential_type_t type, int subtype, va_list args) +{ + char *file = NULL; + int fd = -1; + chunk_t pem = chunk_empty, passphrase = chunk_empty; + chunk_t (*cb)(void *data, int try) = NULL; + void *cb_data = NULL; + int flags = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_FROM_FILE: + file = va_arg(args, char*); + continue; + case BUILD_FROM_FD: + fd = va_arg(args, int); + continue; + case BUILD_BLOB_PEM: + pem = va_arg(args, chunk_t); + continue; + case BUILD_PASSPHRASE: + passphrase = va_arg(args, chunk_t); + if (passphrase.len && passphrase.ptr) + { + cb = (void*)given_passphrase_cb; + cb_data = &passphrase; + } + continue; + case BUILD_PASSPHRASE_CALLBACK: + cb = va_arg(args, chunk_t(*)(void*,int)); + cb_data = va_arg(args, void*); + continue; + case BUILD_X509_FLAG: + flags = va_arg(args, int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (pem.ptr) + { + return load_from_blob(pem, type, subtype, cb, cb_data, flags); + } + if (file) + { + return load_from_file(file, type, subtype, cb, cb_data, flags); + } + if (fd != -1) + { + return load_from_fd(fd, type, subtype, cb, cb_data, flags); + } + return NULL; +} + +/** + * Private key PEM loader. + */ +private_key_t *pem_private_key_load(key_type_t type, va_list args) +{ + return pem_load(CRED_PRIVATE_KEY, type, args); +} + +/** + * Public key PEM loader. + */ +public_key_t *pem_public_key_load(key_type_t type, va_list args) +{ + return pem_load(CRED_PUBLIC_KEY, type, args); +} + +/** + * Certificate PEM loader. + */ +certificate_t *pem_certificate_load(certificate_type_t type, va_list args) +{ + return pem_load(CRED_CERTIFICATE, type, args); +} + diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h new file mode 100644 index 000000000..189a5430f --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_builder.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pem_builder pem_builder + * @{ @ingroup pem_p + */ + +#ifndef PEM_PRIVATE_KEY_H_ +#define PEM_PRIVATE_KEY_H_ + +#include <credentials/builder.h> +#include <credentials/credential_factory.h> +#include <credentials/keys/private_key.h> +#include <credentials/certificates/certificate.h> + +/** + * Load PEM encoded private keys. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return private key, NULL if failed + */ +private_key_t *pem_private_key_load(key_type_t type, va_list args); + +/** + * Load PEM encoded public keys. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return public key, NULL if failed + */ +public_key_t *pem_public_key_load(key_type_t type, va_list args); + +/** + * Build PEM encoded certificates. + * + * @param type type of the certificate + * @param args builder_part_t argument list + * @return certificate, NULL if failed + */ +certificate_t *pem_certificate_load(certificate_type_t type, va_list args); + +#endif /** PEM_PRIVATE_KEY_H_ @}*/ + diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c new file mode 100644 index 000000000..5a5149ca8 --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pem_plugin.h" + +#include <library.h> +#include "pem_builder.h" + +typedef struct private_pem_plugin_t private_pem_plugin_t; + +/** + * private data of pem_plugin + */ +struct private_pem_plugin_t { + + /** + * public functions + */ + pem_plugin_t public; +}; + +/** + * Implementation of pem_plugin_t.pemtroy + */ +static void destroy(private_pem_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)pem_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pem_public_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pem_certificate_load); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + /* register private key PEM decoding builders */ + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + (builder_function_t)pem_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)pem_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + (builder_function_t)pem_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, + (builder_function_t)pem_private_key_load); + + /* register public key PEM decoding builders */ + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)pem_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)pem_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + (builder_function_t)pem_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, + (builder_function_t)pem_public_key_load); + + /* register certificate PEM decoding builders */ + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, + (builder_function_t)pem_certificate_load); + + /* register pluto specific certificate formats */ + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, + (builder_function_t)pem_certificate_load); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h new file mode 100644 index 000000000..75616c496 --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pem_p pem + * @ingroup plugins + * + * @defgroup pem_plugin pem_plugin + * @{ @ingroup pem_p + */ + +#ifndef PEM_PLUGIN_H_ +#define PEM_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct pem_plugin_t pem_plugin_t; + +/** + * Plugin providing support to load credentials in PEM format + */ +struct pem_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a pem_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** PEM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am new file mode 100644 index 000000000..c232971bb --- /dev/null +++ b/src/libstrongswan/plugins/pgp/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-pgp.la + +libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \ + pgp_utils.h pgp_utils.c \ + pgp_cert.h pgp_cert.c \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c + +libstrongswan_pgp_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in new file mode 100644 index 000000000..70840c400 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -0,0 +1,576 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pgp +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_pgp_la_LIBADD = +am_libstrongswan_pgp_la_OBJECTS = pgp_plugin.lo pgp_utils.lo \ + pgp_cert.lo pgp_encoder.lo pgp_builder.lo +libstrongswan_pgp_la_OBJECTS = $(am_libstrongswan_pgp_la_OBJECTS) +libstrongswan_pgp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pgp_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pgp_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pgp_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-pgp.la +libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \ + pgp_utils.h pgp_utils.c \ + pgp_cert.h pgp_cert.c \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c + +libstrongswan_pgp_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pgp.la: $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_DEPENDENCIES) + $(libstrongswan_pgp_la_LINK) -rpath $(plugindir) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_cert.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_encoder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_utils.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c new file mode 100644 index 000000000..d262d18ff --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2009 Martin Willi + * Copyright (C) 2002-2009 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_builder.h" +#include "pgp_utils.h" + +#include <enum.h> +#include <debug.h> +#include <credentials/keys/private_key.h> + +/** + * Load a generic public key from a PGP packet + */ +static public_key_t *parse_public_key(chunk_t blob) +{ + u_int32_t alg; + public_key_t *key; + + if (!pgp_read_scalar(&blob, 1, &alg)) + { + return NULL; + } + switch (alg) + { + case PGP_PUBKEY_ALG_RSA: + case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_PGP, blob, BUILD_END); + break; + default: + DBG1("PGP public key algorithm %N not supported", + pgp_pubkey_alg_names, alg); + return NULL; + } + return key; +} + +/** + * Load a RSA public key from a PGP packet + */ +static public_key_t *parse_rsa_public_key(chunk_t blob) +{ + chunk_t mpi[2]; + int i; + + for (i = 0; i < 2; i++) + { + if (!pgp_read_mpi(&blob, &mpi[i])) + { + return NULL; + } + } + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, mpi[0], BUILD_RSA_PUB_EXP, mpi[1], + BUILD_END); +} + +/** + * Load a RSA private key from a PGP packet + */ +static private_key_t *parse_rsa_private_key(chunk_t blob) +{ + chunk_t mpi[6]; + u_int32_t s2k; + int i; + + for (i = 0; i < 2; i++) + { + if (!pgp_read_mpi(&blob, &mpi[i])) + { + return NULL; + } + } + if (!pgp_read_scalar(&blob, 1, &s2k)) + { + return NULL; + } + if (s2k == 255 || s2k == 254) + { + DBG1("string-to-key specifiers not supported"); + return NULL; + } + if (s2k != PGP_SYM_ALG_PLAIN) + { + DBG1("%N private key encryption not supported", pgp_sym_alg_names, s2k); + return NULL; + } + + for (i = 2; i < 6; i++) + { + if (!pgp_read_mpi(&blob, &mpi[i])) + { + return NULL; + } + } + + /* PGP has uses p < q, but we use p > q */ + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_RSA_MODULUS, mpi[0], BUILD_RSA_PUB_EXP, mpi[1], + BUILD_RSA_PRIV_EXP, mpi[2], BUILD_RSA_PRIME2, mpi[3], + BUILD_RSA_PRIME1, mpi[4], BUILD_RSA_COEFF, mpi[5], + BUILD_END); +} + +/** + * Implementation of private_key_t.sign for encryption-only keys + */ +static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) +{ + DBG1("signing failed - decryption only key"); + return FALSE; +} + +/** + * Implementation of private_key_t.decrypt for signature-only keys + */ +static bool decrypt_not_allowed(private_key_t *this, + chunk_t crypto, chunk_t *plain) +{ + DBG1("decryption failed - signature only key"); + return FALSE; +} + +/** + * Load a generic private key from a PGP packet + */ +static private_key_t *parse_private_key(chunk_t blob) +{ + chunk_t packet; + pgp_packet_tag_t tag; + u_int32_t version, created, days, alg; + private_key_t *key; + + if (!pgp_read_packet(&blob, &packet, &tag)) + { + return NULL; + } + if (!pgp_read_scalar(&packet, 1, &version)) + { + return FALSE; + } + switch (version) + { + case 3: + if (!pgp_read_scalar(&packet, 2, &days)) + { + return NULL; + } + break; + case 4: + break; + default: + DBG1("PGP packet version V%d not supported", version); + return FALSE; + } + if (!pgp_read_scalar(&packet, 4, &created)) + { + return NULL; + } + if (!pgp_read_scalar(&packet, 1, &alg)) + { + return NULL; + } + switch (alg) + { + case PGP_PUBKEY_ALG_RSA: + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_PGP, packet, BUILD_END); + case PGP_PUBKEY_ALG_RSA_ENC_ONLY: + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_PGP, packet, BUILD_END); + if (key) + { + key->sign = sign_not_allowed; + } + return key; + case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_PGP, packet, BUILD_END); + if (key) + { + key->decrypt = decrypt_not_allowed; + } + return key; + case PGP_PUBKEY_ALG_ECDSA: + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + BUILD_BLOB_PGP, packet, BUILD_END); + case PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY: + case PGP_PUBKEY_ALG_DSA: + case PGP_PUBKEY_ALG_ECC: + case PGP_PUBKEY_ALG_ELGAMAL: + case PGP_PUBKEY_ALG_DIFFIE_HELLMAN: + default: + return NULL; + } +} + +/** + * See header. + */ +public_key_t *pgp_public_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + switch (type) + { + case KEY_ANY: + return parse_public_key(blob); + case KEY_RSA: + return parse_rsa_public_key(blob); + default: + return NULL; + } +} + +/** + * See header. + */ +private_key_t *pgp_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + switch (type) + { + case KEY_ANY: + return parse_private_key(blob); + case KEY_RSA: + return parse_rsa_private_key(blob); + default: + return NULL; + } +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.h b/src/libstrongswan/plugins/pgp/pgp_builder.h new file mode 100644 index 000000000..1168babd6 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_builder.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_public_key pgp_public_key + * @{ @ingroup pgp + */ + +#ifndef PGP_BUILDER_H_ +#define PGP_BUILDER_H_ + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +/** + * Load a generic or an RSA public key using PGP decoding. + * + * @param type type of the key, either KEY_ANY or KEY_RSA + * @param args builder_part_t argument list + * @return private key, NULL if failed + */ +public_key_t *pgp_public_key_load(key_type_t type, va_list args); + +/** + * Load a generic or RSA private key using PGP decoding. + * + * @param type type of the key, either KEY_ANY or KEY_RSA + * @param args builder_part_t argument list + * @return builder instance + */ +private_key_t *pgp_private_key_load(key_type_t type, va_list args); + +#endif /** PGP_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c new file mode 100644 index 000000000..fa2612285 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -0,0 +1,501 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_cert.h" +#include "pgp_utils.h" + +#include <time.h> + +#include <debug.h> + +typedef struct private_pgp_cert_t private_pgp_cert_t; + +/** + * Private data of an pgp_cert_t object. + */ +struct private_pgp_cert_t { + + /** + * Implements pgp_cert_t interface. + */ + pgp_cert_t public; + + /** + * Public key of the certificate + */ + public_key_t *key; + + /** + * version of the public key + */ + u_int32_t version; + + /** + * creation time + */ + u_int32_t created; + + /** + * days the certificate is valid + */ + u_int32_t valid; + + /** + * userid of the certificate + */ + identification_t *user_id; + + /** + * v3 or v4 fingerprint of the PGP public key + */ + chunk_t fingerprint; + + /** + * full PGP encoding + */ + chunk_t encoding; + + /** + * reference counter + */ + refcount_t ref; +}; + + +/** + * Implementation of certificate_t.get_type + */ +static certificate_type_t get_type(private_pgp_cert_t *this) +{ + return CERT_GPG; +} + +/** + * Implementation of certificate_t.get_subject + */ +static identification_t* get_subject(private_pgp_cert_t *this) +{ + return this->user_id; +} + +/** + * Implementation of certificate_t.get_issuer + */ +static identification_t* get_issuer(private_pgp_cert_t *this) +{ + return this->user_id; +} + +/** + * Implementation of certificate_t.has_subject. + */ +static id_match_t has_subject(private_pgp_cert_t *this, + identification_t *subject) +{ + id_match_t match_user_id; + + match_user_id = this->user_id->matches(this->user_id, subject); + if (match_user_id == ID_MATCH_NONE && + subject->get_type(subject) == ID_KEY_ID && + chunk_equals(this->fingerprint, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } + return match_user_id; +} + +/** + * Implementation of certificate_t.has_subject. + */ +static id_match_t has_issuer(private_pgp_cert_t *this, identification_t *issuer) +{ + return ID_MATCH_NONE; +} + +/** + * Implementation of certificate_t.issued_by + */ +static bool issued_by(private_pgp_cert_t *this, certificate_t *issuer) +{ + /* TODO: check signature blobs for a valid signature */ + return FALSE; +} + +/** + * Implementation of certificate_t.get_public_key + */ +static public_key_t* get_public_key(private_pgp_cert_t *this) +{ + this->key->get_ref(this->key); + return this->key; +} + +/** + * Implementation of certificate_t.get_ref + */ +static private_pgp_cert_t* get_ref(private_pgp_cert_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of certificate_t.get_validity. + */ +static bool get_validity(private_pgp_cert_t *this, time_t *when, + time_t *not_before, time_t *not_after) +{ + time_t t, until; + + if (when) + { + t = *when; + } + else + { + t = time(NULL); + } + if (not_before) + { + *not_before = this->created; + } + if (this->valid) + { + until = this->valid + this->created * 24 * 60 * 60; + } + else + { + /* Jan 19 03:14:07 UTC 2038 */ + until = TIME_32_BIT_SIGNED_MAX; + } + if (not_after) + { + *not_after = until; + } + return (t >= this->valid && t <= until); +} + +/** + * Implementation of certificate_t.is_newer. + */ +static bool is_newer(certificate_t *this, certificate_t *that) +{ + time_t this_update, that_update, now = time(NULL); + bool new; + + this->get_validity(this, &now, &this_update, NULL); + that->get_validity(that, &now, &that_update, NULL); + new = this_update > that_update; + DBG1(" certificate from %T is %s - existing certificate from %T %s", + &this_update, FALSE, new ? "newer":"not newer", + &that_update, FALSE, new ? "replaced":"retained"); + return new; +} + +/** + * Implementation of certificate_t.get_encoding. + */ +static chunk_t get_encoding(private_pgp_cert_t *this) +{ + return chunk_clone(this->encoding); +} + +/** + * Implementation of certificate_t.equals. + */ +static bool equals(private_pgp_cert_t *this, certificate_t *other) +{ + chunk_t encoding; + bool equal; + + if (this == (private_pgp_cert_t*)other) + { + return TRUE; + } + if (other->get_type(other) != CERT_X509) + { + return FALSE; + } + if (other->equals == (void*)equals) + { /* skip allocation if we have the same implementation */ + return chunk_equals(this->encoding, ((private_pgp_cert_t*)other)->encoding); + } + encoding = other->get_encoding(other); + equal = chunk_equals(this->encoding, encoding); + free(encoding.ptr); + return equal; +} + +/** + * Implementation of pgp_cert_t.destroy. + */ +static void destroy(private_pgp_cert_t *this) +{ + if (ref_put(&this->ref)) + { + DESTROY_IF(this->key); + DESTROY_IF(this->user_id); + free(this->fingerprint.ptr); + free(this->encoding.ptr); + free(this); + } +} + +/** + * Implementation of pgp_certificate_t.get_fingerprint. + */ +static chunk_t get_fingerprint(private_pgp_cert_t *this) +{ + return this->fingerprint; +} + +/** + * See header + */ +private_pgp_cert_t *create_empty() +{ + private_pgp_cert_t *this = malloc_thing(private_pgp_cert_t); + + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer; + this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; + this->public.interface.get_fingerprint = (chunk_t (*)(pgp_certificate_t*))get_fingerprint; + + this->key = NULL; + this->version = 0; + this->created = 0; + this->valid = 0; + this->user_id = NULL; + this->fingerprint = chunk_empty; + this->encoding = chunk_empty; + this->ref = 1; + + return this; +} + +/** + * Parse the public key packet of a PGP certificate + */ +static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) +{ + chunk_t pubkey_packet = packet; + + if (!pgp_read_scalar(&packet, 1, &this->version)) + { + return FALSE; + } + switch (this->version) + { + case 3: + if (!pgp_read_scalar(&packet, 4, &this->created) || + !pgp_read_scalar(&packet, 2, &this->valid)) + { + return FALSE; + } + break; + case 4: + if (!pgp_read_scalar(&packet, 4, &this->created)) + { + return FALSE; + } + break; + default: + DBG1("PGP packet version V%d not supported", this->version); + return FALSE; + } + if (this->valid) + { + DBG2("L2 - created %T, valid %d days", &this->created, FALSE, this->valid); + } + else + { + DBG2("L2 - created %T, never expires", &this->created, FALSE); + } + DESTROY_IF(this->key); + this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_BLOB_PGP, packet, BUILD_END); + if (this->key == NULL) + { + return FALSE; + } + + /* compute V4 or V3 fingerprint according to section 12.2 of RFC 4880 */ + if (this->version == 4) + { + chunk_t pubkey_packet_header = chunk_from_chars( + 0x99, pubkey_packet.len / 256, pubkey_packet.len % 256 + ); + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + DBG1("no SHA-1 hasher available"); + return FALSE; + } + hasher->allocate_hash(hasher, pubkey_packet_header, NULL); + hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint); + hasher->destroy(hasher); + DBG2("L2 - v4 fingerprint %#B", &this->fingerprint); + } + else + { + /* V3 fingerprint is computed by public_key_t class */ + if (!this->key->get_fingerprint(this->key, KEY_ID_PGPV3, + &this->fingerprint)) + { + return FALSE; + } + this->fingerprint = chunk_clone(this->fingerprint); + DBG2("L2 - v3 fingerprint %#B", &this->fingerprint); + } + return TRUE; +} + +/** + * Parse the signature packet of a PGP certificate + */ +static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) +{ + u_int32_t version, len, type, created; + + if (!pgp_read_scalar(&packet, 1, &version)) + { + return FALSE; + } + + /* we parse only v3 or v4 signature packets */ + if (version != 3 && version != 4) + { + DBG2("L2 - v%d signature ignored", version); + return TRUE; + } + if (version == 4) + { + if (!pgp_read_scalar(&packet, 1, &type)) + { + return FALSE; + } + DBG2("L2 - v%d signature of type 0x%02x", version, type); + } + else + { + if (!pgp_read_scalar(&packet, 1, &len) || len != 5) + { + return FALSE; + } + if (!pgp_read_scalar(&packet, 1, &type) || + !pgp_read_scalar(&packet, 4, &created)) + { + return FALSE; + } + DBG2("L2 - v3 signature of type 0x%02x, created %T", type, + &created, FALSE); + } + /* TODO: parse and save signature to a list */ + return TRUE; +} + +/** + * Parse the userid packet of a PGP certificate + */ +static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet) +{ + DESTROY_IF(this->user_id); + this->user_id = identification_create_from_encoding(ID_KEY_ID, packet); + DBG2("L2 - '%Y'", this->user_id); + return TRUE; +} + +/** + * See header. + */ +pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args) +{ + chunk_t packet, blob = chunk_empty; + pgp_packet_tag_t tag; + private_pgp_cert_t *this; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + this = create_empty(); + this->encoding = chunk_clone(blob); + while (blob.len) + { + if (!pgp_read_packet(&blob, &packet, &tag)) + { + destroy(this); + return NULL; + } + switch (tag) + { + case PGP_PKT_PUBLIC_KEY: + if (!parse_public_key(this, packet)) + { + destroy(this); + return NULL; + } + break; + case PGP_PKT_SIGNATURE: + if (!parse_signature(this, packet)) + { + destroy(this); + return FALSE; + } + break; + case PGP_PKT_USER_ID: + if (!parse_user_id(this, packet)) + { + destroy(this); + return FALSE; + } + break; + default: + DBG1("ignoring %N packet in PGP certificate", + pgp_packet_tag_names, tag); + break; + } + } + if (this->key) + { + return &this->public; + } + destroy(this); + return NULL; +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.h b/src/libstrongswan/plugins/pgp/pgp_cert.h new file mode 100644 index 000000000..4db795ddc --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_cert.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_cert pgp_cert + * @{ @ingroup pgp + */ + +#ifndef PGP_CERT_H_ +#define PGP_CERT_H_ + +#include <credentials/certificates/pgp_certificate.h> + +typedef struct pgp_cert_t pgp_cert_t; + +/** + * PGP certificate implementation. + */ +struct pgp_cert_t { + + /** + * Implements pgp_certificate_t. + */ + pgp_certificate_t interface; +}; + +/** + * Load a PGP certificate. + * + * @param type type of the certificate, CERT_GPG + * @param args builder_part_t argument list + * @return builder instance + */ +pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args); + +#endif /** PGP_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c new file mode 100644 index 000000000..56acac597 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_encoder.h" + +#include <debug.h> + +/** + * Build a PGPv3 fingerprint + */ +static bool build_v3_fingerprint(chunk_t *encoding, va_list args) +{ + hasher_t *hasher; + chunk_t n, e; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); + if (!hasher) + { + DBG1("MD5 hash algorithm not supported, PGP fingerprinting failed"); + return FALSE; + } + /* remove leading zero bytes before hashing modulus and exponent */ + while (n.len > 0 && n.ptr[0] == 0x00) + { + n = chunk_skip(n, 1); + } + while (e.len > 0 && e.ptr[0] == 0x00) + { + e = chunk_skip(e, 1); + } + hasher->allocate_hash(hasher, n, NULL); + hasher->allocate_hash(hasher, e, encoding); + hasher->destroy(hasher); + return TRUE; + } + return FALSE; +} + +/** + * See header. + */ +bool pgp_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args) +{ + switch (type) + { + case KEY_ID_PGPV3: + return build_v3_fingerprint(encoding, args); + default: + return FALSE; + } +} + diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h b/src/libstrongswan/plugins/pgp/pgp_encoder.h index d3198fab2..9df143399 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,21 +14,19 @@ */ /** - * @defgroup pubkey_public_key pubkey_public_key - * @{ @ingroup pubkey_p + * @defgroup pgp_encoder pgp_encoder + * @{ @ingroup pgp */ -#ifndef PUBKEY_PUBLIC_KEY_H_ -#define PUBKEY_PUBLIC_KEY_H_ +#ifndef PGP_ENCODER_H_ +#define PGP_ENCODER_H_ -#include <credentials/keys/public_key.h> +#include <credentials/keys/key_encoding.h> /** - * Create the builder for a generic public key. - * - * @param type type of the key, must be KEY_ANY - * @return builder instance + * Encoding function for PGP fingerprints. */ -builder_t *pubkey_public_key_builder(key_type_t type); +bool pgp_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args); -#endif /** PUBKEY_RSA_PUBLIC_KEY_H_ @}*/ +#endif /** PGP_ENCODER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c new file mode 100644 index 000000000..eabb3695f --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_plugin.h" + +#include <library.h> +#include "pgp_builder.h" +#include "pgp_encoder.h" +#include "pgp_cert.h" + +typedef struct private_pgp_plugin_t private_pgp_plugin_t; + +/** + * private data of pgp_plugin + */ +struct private_pgp_plugin_t { + + /** + * public functions + */ + pgp_plugin_t public; +}; + +/** + * Implementation of pgp_plugin_t.pgptroy + */ +static void destroy(private_pgp_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)pgp_public_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pgp_private_key_load); + + lib->creds->remove_builder(lib->creds, + (builder_function_t)pgp_cert_load); + + lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode); + + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)pgp_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)pgp_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + (builder_function_t)pgp_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)pgp_private_key_load); + + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, + (builder_function_t)pgp_cert_load); + + lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h new file mode 100644 index 000000000..95765cd76 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp pgp + * @ingroup plugins + * + * @defgroup pgp_plugin pgp_plugin + * @{ @ingroup pgp + */ + +#ifndef PGP_PLUGIN_H_ +#define PGP_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct pgp_plugin_t pgp_plugin_t; + +/** + * Plugin providing PKCS#1 private/public key decoding functions + */ +struct pgp_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a pgp_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** PGP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c new file mode 100644 index 000000000..1658f3232 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -0,0 +1,180 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_utils.h" + +#include <debug.h> + +ENUM_BEGIN(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_RSA, PGP_PUBKEY_ALG_RSA_SIGN_ONLY, + "RSA", + "RSA_ENC_ONLY", + "RSA_SIGN_ONLY" +); +ENUM_NEXT(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY, PGP_PUBKEY_ALG_DIFFIE_HELLMAN, PGP_PUBKEY_ALG_RSA_SIGN_ONLY, + "ELGAMAL_ENC_ONLY", + "DSA", + "ECC", + "ECDSA", + "ELGAMAL", + "DIFFIE_HELLMAN" +); +ENUM_END(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_DIFFIE_HELLMAN); + +ENUM(pgp_sym_alg_names, PGP_SYM_ALG_PLAIN, PGP_SYM_ALG_TWOFISH, + "PLAINTEXT", + "IDEA", + "3DES", + "CAST5", + "BLOWFISH", + "SAFER", + "DES", + "AES_128", + "AES_192", + "AES_256", + "TWOFISH" +); + +ENUM_BEGIN(pgp_packet_tag_names, PGP_PKT_RESERVED, PGP_PKT_PUBLIC_SUBKEY, + "Reserved", + "Public-Key Encrypted Session Key Packet", + "Signature Packet", + "Symmetric-Key Encrypted Session Key Packet", + "One-Pass Signature Packet", + "Secret Key Packet", + "Public Key Packet", + "Secret Subkey Packet", + "Compressed Data Packet", + "Symmetrically Encrypted Data Packet", + "Marker Packet", + "Literal Data Packet", + "Trust Packet", + "User ID Packet", + "Public Subkey Packet" +); +ENUM_NEXT(pgp_packet_tag_names, PGP_PKT_USER_ATTRIBUTE, PGP_PKT_MOD_DETECT_CODE, PGP_PKT_PUBLIC_SUBKEY, + "User Attribute Packet", + "Sym. Encrypted and Integrity Protected Data Packet", + "Modification Detection Code Packet" +); +ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE); + +/** + * Read a PGP scalar of bytes length, advance blob + */ +bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) +{ + u_int32_t res = 0; + + if (bytes > blob->len) + { + DBG1("PGP data too short to read %d byte scalar", bytes); + return FALSE; + } + while (bytes-- > 0) + { + res = 256 * res + blob->ptr[0]; + *blob = chunk_skip(*blob, 1); + } + *scalar = res; + return TRUE; +} + +/** + * Read a PGP MPI, advance blob + */ +bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) +{ + u_int32_t bits, bytes; + + if (!pgp_read_scalar(blob, 2, &bits)) + { + DBG1("PGP data too short to read MPI length"); + return FALSE; + } + bytes = (bits + 7) / 8; + if (bytes > blob->len) + { + DBG1("PGP data too short to read %d byte MPI", bytes); + return FALSE; + } + *mpi = chunk_create(blob->ptr, bytes); + *blob = chunk_skip(*blob, bytes); + return TRUE; +} + +/** + * Read length of an PGP old packet length encoding + */ +static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length) +{ + /* bits 0 and 1 define the packet length type */ + u_char type; + + if (!blob->len) + { + return FALSE; + } + type = 0x03 & blob->ptr[0]; + *blob = chunk_skip(*blob, 1); + + if (type > 2) + { + return FALSE; + } + return pgp_read_scalar(blob, type == 0 ? 1 : type * 2, length); +} + +/** + * See header. + */ +bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) +{ + u_int32_t len; + u_char t; + + if (!blob->len) + { + DBG1("missing input"); + return FALSE; + } + t = blob->ptr[0]; + + /* bit 7 must be set */ + if (!(t & 0x80)) + { + DBG1("invalid packet tag"); + return FALSE; + } + /* bit 6 set defines new packet format */ + if (t & 0x40) + { + DBG1("new PGP packet format not supported"); + return FALSE; + } + + t = (t & 0x3C) >> 2; + if (!pgp_old_packet_length(blob, &len) || len > blob->len) + { + DBG1("invalid packet length"); + return FALSE; + } + *data = chunk_create(blob->ptr, len); + *blob = chunk_skip(*blob, len); + *tag = t; + DBG2("L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len); + DBG3("%B", data); + return TRUE; +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h new file mode 100644 index 000000000..203a0a85d --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_utils.h @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_utils pgp_utils + * @{ @ingroup pgp + */ + +#ifndef PGP_UTILS_H_ +#define PGP_UTILS_H_ + +#include <library.h> + +typedef enum pgp_pubkey_alg_t pgp_pubkey_alg_t; +typedef enum pgp_sym_alg_t pgp_sym_alg_t; +typedef enum pgp_packet_tag_t pgp_packet_tag_t; + +/** + * OpenPGP public key algorithms as defined in section 9.1 of RFC 4880 + */ +enum pgp_pubkey_alg_t { + PGP_PUBKEY_ALG_RSA = 1, + PGP_PUBKEY_ALG_RSA_ENC_ONLY = 2, + PGP_PUBKEY_ALG_RSA_SIGN_ONLY = 3, + PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY = 16, + PGP_PUBKEY_ALG_DSA = 17, + PGP_PUBKEY_ALG_ECC = 18, + PGP_PUBKEY_ALG_ECDSA = 19, + PGP_PUBKEY_ALG_ELGAMAL = 20, + PGP_PUBKEY_ALG_DIFFIE_HELLMAN = 21, +}; + +/** + * Enum names of pgp_pubkey_alg_t + */ +extern enum_name_t *pgp_pubkey_alg_names; + +/** + * OpenPGP symmetric key algorithms as defined in section 9.2 of RFC 4880 + */ +enum pgp_sym_alg_t { + PGP_SYM_ALG_PLAIN = 0, + PGP_SYM_ALG_IDEA = 1, + PGP_SYM_ALG_3DES = 2, + PGP_SYM_ALG_CAST5 = 3, + PGP_SYM_ALG_BLOWFISH = 4, + PGP_SYM_ALG_SAFER = 5, + PGP_SYM_ALG_DES = 6, + PGP_SYM_ALG_AES_128 = 7, + PGP_SYM_ALG_AES_192 = 8, + PGP_SYM_ALG_AES_256 = 9, + PGP_SYM_ALG_TWOFISH = 10 +}; + +/** + * Enum names of pgp_sym_alg_t + */ +extern enum_name_t *pgp_sym_alg_names; + +/** + * OpenPGP packet tags as defined in section 4.3 of RFC 4880 + */ +enum pgp_packet_tag_t { + PGP_PKT_RESERVED = 0, + PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1, + PGP_PKT_SIGNATURE = 2, + PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3, + PGP_PKT_ONE_PASS_SIGNATURE_PKT = 4, + PGP_PKT_SECRET_KEY = 5, + PGP_PKT_PUBLIC_KEY = 6, + PGP_PKT_SECRET_SUBKEY = 7, + PGP_PKT_COMPRESSED_DATA = 8, + PGP_PKT_SYMKEY_ENC_DATA = 9, + PGP_PKT_MARKER = 10, + PGP_PKT_LITERAL_DATA = 11, + PGP_PKT_TRUST = 12, + PGP_PKT_USER_ID = 13, + PGP_PKT_PUBLIC_SUBKEY = 14, + PGP_PKT_USER_ATTRIBUTE = 17, + PGP_PKT_SYM_ENC_INT_PROT_DATA = 18, + PGP_PKT_MOD_DETECT_CODE = 19 +}; + +/** + * Enum names of pgp_packet_tag_t + */ +extern enum_name_t *pgp_packet_tag_names; + +/** + * Parse a PGP encoded MPI. + * + * @param blob blob to read from, gets advanced + * @param mpi parsed MPI value + * @return TRUE if MPI parsed successfully + */ +bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi); + +/** + * Parse a PGP encoded Scalar. + * + * @param blob blob to read from, gets advanced + * @param bytes number of bytes the scalar uses for encoding + * @param scalar resultin scalar + * @return TRUE if scalar parsed successfully + */ +bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar); + +/** + * Parse a PGP packet. + * + * @param blob blob to read from, gets advanced + * @param data contained packet data + * @param tag tag of the parsed PGP packet + * @return TRUE if packet parsed successfully + */ +bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag); + +#endif /** PGP_UTILS_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am new file mode 100644 index 000000000..88d25a26b --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/Makefile.am @@ -0,0 +1,13 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-pkcs1.la + +libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \ + pkcs1_encoder.h pkcs1_encoder.c \ + pkcs1_builder.h pkcs1_builder.c + +libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in new file mode 100644 index 000000000..4439cd60f --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -0,0 +1,572 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pkcs1 +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_pkcs1_la_LIBADD = +am_libstrongswan_pkcs1_la_OBJECTS = pkcs1_plugin.lo pkcs1_encoder.lo \ + pkcs1_builder.lo +libstrongswan_pkcs1_la_OBJECTS = $(am_libstrongswan_pkcs1_la_OBJECTS) +libstrongswan_pkcs1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pkcs1_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pkcs1_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pkcs1_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-pkcs1.la +libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \ + pkcs1_encoder.h pkcs1_encoder.c \ + pkcs1_builder.h pkcs1_builder.c + +libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pkcs1.la: $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_DEPENDENCIES) + $(libstrongswan_pkcs1_la_LINK) -rpath $(plugindir) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1_encoder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c new file mode 100644 index 000000000..fbd35e830 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2000-2008 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs1_builder.h" + +#include <debug.h> +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> +#include <credentials/keys/private_key.h> + +/** + * ASN.1 definition of a subjectPublicKeyInfo structure + */ +static const asn1Object_t pkinfoObjects[] = { + { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 1 +#define PKINFO_SUBJECT_PUBLIC_KEY 2 + +/** + * Load a generic public key from an ASN.1 encoded blob + */ +static public_key_t *parse_public_key(chunk_t blob) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + public_key_t *key = NULL; + key_type_t type = KEY_ANY; + + parser = asn1_parser_create(pkinfoObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM: + { + int oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser)+1, NULL); + + if (oid == OID_RSA_ENCRYPTION) + { + type = KEY_RSA; + } + else if (oid == OID_EC_PUBLICKEY) + { + /* we need the whole subjectPublicKeyInfo for EC public keys */ + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, + KEY_ECDSA, BUILD_BLOB_ASN1_DER, blob, BUILD_END); + goto end; + } + else + { + /* key type not supported */ + goto end; + } + break; + } + case PKINFO_SUBJECT_PUBLIC_KEY: + if (object.len > 0 && *object.ptr == 0x00) + { + /* skip initial bit string octet defining 0 unused bits */ + object = chunk_skip(object, 1); + } + DBG2("-- > --"); + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, + BUILD_BLOB_ASN1_DER, object, BUILD_END); + DBG2("-- < --"); + break; + } + } + +end: + parser->destroy(parser); + return key; +} + +/** + * ASN.1 definition of RSApublicKey + */ +static const asn1Object_t pubkeyObjects[] = { + { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PUB_KEY_RSA_PUBLIC_KEY 0 +#define PUB_KEY_MODULUS 1 +#define PUB_KEY_EXPONENT 2 + +/** + * Load a RSA public key from an ASN.1 encoded blob. + */ +static public_key_t *parse_rsa_public_key(chunk_t blob) +{ + chunk_t n, e; + asn1_parser_t *parser; + chunk_t object; + int objectID; + bool success = FALSE; + + parser = asn1_parser_create(pubkeyObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PUB_KEY_MODULUS: + n = object; + break; + case PUB_KEY_EXPONENT: + e = object; + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + + if (!success) + { + return NULL; + } + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); +} + +/** + * ASN.1 definition of a PKCS#1 RSA private key + */ +static const asn1Object_t privkeyObjects[] = { + { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ + { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ + { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ + { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ + { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ + { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ + { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ + { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | + ASN1_LOOP }, /* 10 */ + { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ + { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ + { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ + { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ + { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PRIV_KEY_VERSION 1 +#define PRIV_KEY_MODULUS 2 +#define PRIV_KEY_PUB_EXP 3 +#define PRIV_KEY_PRIV_EXP 4 +#define PRIV_KEY_PRIME1 5 +#define PRIV_KEY_PRIME2 6 +#define PRIV_KEY_EXP1 7 +#define PRIV_KEY_EXP2 8 +#define PRIV_KEY_COEFF 9 + +/** + * Load a RSA private key from a ASN1 encoded blob. + */ +static private_key_t *parse_rsa_private_key(chunk_t blob) +{ + chunk_t n, e, d, p, q, exp1, exp2, coeff; + asn1_parser_t *parser; + chunk_t object; + int objectID ; + bool success = FALSE; + + parser = asn1_parser_create(privkeyObjects, blob); + parser->set_flags(parser, FALSE, TRUE); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PRIV_KEY_VERSION: + if (object.len > 0 && *object.ptr != 0) + { + DBG1("PKCS#1 private key format is not version 1"); + goto end; + } + break; + case PRIV_KEY_MODULUS: + n = object; + break; + case PRIV_KEY_PUB_EXP: + e = object; + break; + case PRIV_KEY_PRIV_EXP: + d = object; + break; + case PRIV_KEY_PRIME1: + p = object; + break; + case PRIV_KEY_PRIME2: + q = object; + break; + case PRIV_KEY_EXP1: + exp1 = object; + break; + case PRIV_KEY_EXP2: + exp2 = object; + break; + case PRIV_KEY_COEFF: + coeff = object; + break; + } + } + success = parser->success(parser); + +end: + parser->destroy(parser); + if (!success) + { + return NULL; + } + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_RSA_PRIV_EXP, d, + BUILD_RSA_PRIME1, p, BUILD_RSA_PRIME2, q, BUILD_RSA_EXP1, exp1, + BUILD_RSA_EXP2, exp2, BUILD_RSA_COEFF, coeff, BUILD_END); +} + +/** + * See header. + */ +public_key_t *pkcs1_public_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + switch (type) + { + case KEY_ANY: + return parse_public_key(blob); + case KEY_RSA: + return parse_rsa_public_key(blob); + default: + return NULL; + } +} + +/** + * See header. + */ +private_key_t *pkcs1_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + return parse_rsa_private_key(blob); +} + diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h new file mode 100644 index 000000000..62ca9f351 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs1_public_key pkcs1_public_key + * @{ @ingroup pkcs1 + */ + +#ifndef PKCS1_BUILDER_H_ +#define PKCS1_BUILDER_H_ + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +/** + * Load a generic or an RSA public key from PKCS#1 data. + * + * @param type type of the key, either KEY_ANY or KEY_RSA + * @param args builder_part_t argument list + * @return public key, NULL on failure + */ +public_key_t *pkcs1_public_key_load(key_type_t type, va_list args); + +/** + * Load a RSA public key from PKCS#1 data. + * + * @param type type of the key, KEY_RSA + * @param args builder_part_t argument list + * @return private key, NULL on failure + */ +private_key_t *pkcs1_private_key_load(key_type_t type, va_list args); + +#endif /** PKCS1_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c new file mode 100644 index 000000000..0a8da815a --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs1_encoder.h" + +#include <debug.h> +#include <asn1/asn1.h> +#include <asn1/oid.h> + +/** + * Encode a public key in PKCS#1/ASN.1 DER + */ +bool build_pub(chunk_t *encoding, va_list args) +{ + chunk_t n, e; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + *encoding = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_INTEGER, "c", n), + asn1_wrap(ASN1_INTEGER, "c", e)); + return TRUE; + } + return FALSE; +} + +/** + * Encode a public key in PKCS#1/ASN.1 DER, contained in subjectPublicKeyInfo + */ +bool build_pub_info(chunk_t *encoding, va_list args) +{ + chunk_t n, e; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + *encoding = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_INTEGER, "c", n), + asn1_wrap(ASN1_INTEGER, "c", e)))); + return TRUE; + } + return FALSE; +} + +/** + * Encode a private key in PKCS#1/ASN.1 DER + */ +bool build_priv(chunk_t *encoding, va_list args) +{ + chunk_t n, e, d, p, q, exp1, exp2, coeff; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_RSA_PRIV_EXP, &d, + KEY_PART_RSA_PRIME1, &p, KEY_PART_RSA_PRIME2, &q, + KEY_PART_RSA_EXP1, &exp1, KEY_PART_RSA_EXP2, &exp2, + KEY_PART_RSA_COEFF, &coeff, KEY_PART_END)) + { + *encoding = asn1_wrap(ASN1_SEQUENCE, "cmmssssss", + ASN1_INTEGER_0, + asn1_wrap(ASN1_INTEGER, "c", n), + asn1_wrap(ASN1_INTEGER, "c", e), + asn1_wrap(ASN1_INTEGER, "c", d), + asn1_wrap(ASN1_INTEGER, "c", p), + asn1_wrap(ASN1_INTEGER, "c", q), + asn1_wrap(ASN1_INTEGER, "c", exp1), + asn1_wrap(ASN1_INTEGER, "c", exp2), + asn1_wrap(ASN1_INTEGER, "c", coeff)); + return TRUE; + } + return FALSE; +} + +/** + * Build the SHA1 hash of pubkey(info) ASN.1 data + */ +static bool hash_pubkey(chunk_t pubkey, chunk_t *hash) +{ + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + chunk_free(&pubkey); + DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + return FALSE; + } + hasher->allocate_hash(hasher, pubkey, hash); + hasher->destroy(hasher); + chunk_free(&pubkey); + return TRUE; +} + +/** + * build the fingerprint of the subjectPublicKeyInfo object + */ +static bool build_info_sha1(chunk_t *encoding, va_list args) +{ + chunk_t pubkey; + + if (build_pub_info(&pubkey, args)) + { + return hash_pubkey(pubkey, encoding); + } + return FALSE; +} + +/** + * build the fingerprint of the subjectPublicKey object + */ +static bool build_sha1(chunk_t *encoding, va_list args) +{ + chunk_t pubkey; + + if (build_pub(&pubkey, args)) + { + return hash_pubkey(pubkey, encoding); + } + return FALSE; +} + +/** + * See header. + */ +bool pkcs1_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args) +{ + switch (type) + { + case KEY_ID_PUBKEY_INFO_SHA1: + return build_info_sha1(encoding, args); + case KEY_ID_PUBKEY_SHA1: + return build_sha1(encoding, args); + case KEY_PUB_ASN1_DER: + return build_pub(encoding, args); + case KEY_PUB_SPKI_ASN1_DER: + return build_pub_info(encoding, args); + case KEY_PRIV_ASN1_DER: + return build_priv(encoding, args); + default: + return FALSE; + } +} + + diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h new file mode 100644 index 000000000..11d9f27f2 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs1_encoder pkcs1_encoder + * @{ @ingroup pkcs1 + */ + +#ifndef PKCS1_ENCODER_H_ +#define PKCS1_ENCODER_H_ + +#include <credentials/keys/key_encoding.h> + +/** + * Encoding function for PKCS#1/ASN.1 fingerprints/key formats. + */ +bool pkcs1_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args); + +#endif /** PKCS1_ENCODER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c new file mode 100644 index 000000000..9d71e1388 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs1_plugin.h" + +#include <library.h> +#include "pkcs1_builder.h" +#include "pkcs1_encoder.h" + +typedef struct private_pkcs1_plugin_t private_pkcs1_plugin_t; + +/** + * private data of pkcs1_plugin + */ +struct private_pkcs1_plugin_t { + + /** + * public functions + */ + pkcs1_plugin_t public; +}; + +/** + * Implementation of pkcs1_plugin_t.pkcs1troy + */ +static void destroy(private_pkcs1_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)pkcs1_public_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pkcs1_private_key_load); + + lib->encoding->remove_encoder(lib->encoding, pkcs1_encoder_encode); + + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)pkcs1_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)pkcs1_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)pkcs1_private_key_load); + + lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h new file mode 100644 index 000000000..465c7ef2c --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs1 pkcs1 + * @ingroup plugins + * + * @defgroup pkcs1_plugin pkcs1_plugin + * @{ @ingroup pkcs1 + */ + +#ifndef PKCS1_PLUGIN_H_ +#define PKCS1_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct pkcs1_plugin_t pkcs1_plugin_t; + +/** + * Plugin providing PKCS#1 private/public key decoding functions + */ +struct pkcs1_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a pkcs1_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** PKCS1_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 6ca71540c..28c800c0c 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -27,11 +27,11 @@ typedef struct plugin_t plugin_t; * Interface definition of a plugin. */ struct plugin_t { - + /** - * Destroy a plugin instance. - */ - void (*destroy)(plugin_t *this); + * Destroy a plugin instance. + */ + void (*destroy)(plugin_t *this); }; diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 459ba9ba9..d4513f25a 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -37,12 +37,12 @@ struct private_plugin_loader_t { * public functions */ plugin_loader_t public; - + /** * list of loaded plugins */ linked_list_t *plugins; - + /** * names of loaded plugins */ @@ -59,9 +59,9 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, void *handle; plugin_t *plugin; plugin_constructor_t constructor; - + snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name); - + if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) @@ -101,7 +101,7 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, return NULL; } DBG2("plugin '%s': loaded successfully", name); - + /* we do not store or free dlopen() handles, leak_detective requires * the modules to keep loaded until leak report */ return plugin; @@ -110,26 +110,50 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, /** * Implementation of plugin_loader_t.load_plugins. */ -static int load(private_plugin_loader_t *this, char *path, char *list) +static bool load(private_plugin_loader_t *this, char *path, char *list) { - plugin_t *plugin; enumerator_t *enumerator; char *token; - int count = 0; - + bool critical_failed = FALSE; + + if (path == NULL) + { + path = PLUGINDIR; + } + enumerator = enumerator_create_token(list, " ", " "); - while (enumerator->enumerate(enumerator, &token)) + while (!critical_failed && enumerator->enumerate(enumerator, &token)) { + plugin_t *plugin; + bool critical = FALSE; + int len; + + token = strdup(token); + len = strlen(token); + if (token[len-1] == '!') + { + critical = TRUE; + token[len-1] = '\0'; + } plugin = load_plugin(this, path, token); if (plugin) - { /* insert in front to destroy them in reverse order */ + { + /* insert in front to destroy them in reverse order */ this->plugins->insert_last(this->plugins, plugin); - this->names->insert_last(this->names, strdup(token)); - count++; + this->names->insert_last(this->names, token); + } + else + { + if (critical) + { + critical_failed = TRUE; + DBG1("loading critical plugin '%s' failed", token); + } + free(token); } } enumerator->destroy(enumerator); - return count; + return !critical_failed; } /** @@ -139,7 +163,7 @@ static void unload(private_plugin_loader_t *this) { plugin_t *plugin; char *name; - + while (this->plugins->remove_first(this->plugins, (void**)&plugin) == SUCCESS) { @@ -157,7 +181,7 @@ static void unload(private_plugin_loader_t *this) static enumerator_t* create_plugin_enumerator(private_plugin_loader_t *this) { return this->names->create_enumerator(this->names); -} +} /** * Implementation of plugin_loader_t.destroy @@ -175,15 +199,15 @@ static void destroy(private_plugin_loader_t *this) plugin_loader_t *plugin_loader_create() { private_plugin_loader_t *this = malloc_thing(private_plugin_loader_t); - - this->public.load = (int(*)(plugin_loader_t*, char *path, char *prefix))load; + + this->public.load = (bool(*)(plugin_loader_t*, char *path, char *prefix))load; this->public.unload = (void(*)(plugin_loader_t*))unload; this->public.create_plugin_enumerator = (enumerator_t*(*)(plugin_loader_t*))create_plugin_enumerator; this->public.destroy = (void(*)(plugin_loader_t*))destroy; - + this->plugins = linked_list_create(); this->names = linked_list_create(); - + return &this->public; } diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index 6230f9d68..f72c91c60 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -28,33 +28,37 @@ typedef struct plugin_loader_t plugin_loader_t; /** * The plugin_loader loads plugins from a directory and initializes them */ -struct plugin_loader_t { - +struct plugin_loader_t { + /** * Load a list of plugins from a directory. * - * @param path path containing loadable plugins + * Each plugin in list may have a ending exclamation mark (!) to mark it + * as a critical plugin. If loading a critical plugin fails, plugin loading + * is aborted and FALSE is returned. + * + * @param path path containing loadable plugins, NULL for default * @param list space separated list of plugins to load - * @return number of successfully loaded plugins + * @return TRUE if all critical plugins loaded successfully */ - int (*load)(plugin_loader_t *this, char *path, char *list); - + bool (*load)(plugin_loader_t *this, char *path, char *list); + /** * Unload all loaded plugins. */ void (*unload)(plugin_loader_t *this); - + /** * Create an enumerator over all loaded plugin names. * * @return enumerator over char* */ enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this); - + /** - * Unload loaded plugins, destroy plugin_loader instance. - */ - void (*destroy)(plugin_loader_t *this); + * Unload loaded plugins, destroy plugin_loader instance. + */ + void (*destroy)(plugin_loader_t *this); }; /** diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am index 9423e6689..770d77325 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.am +++ b/src/libstrongswan/plugins/pubkey/Makefile.am @@ -6,8 +6,7 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-pubkey.la libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \ - pubkey_cert.h pubkey_cert.c\ - pubkey_public_key.h pubkey_public_key.c + pubkey_cert.h pubkey_cert.c libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index a672e2ea8..f95e7b357 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,23 +37,44 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pubkey DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_pubkey_la_LIBADD = -am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo \ - pubkey_public_key.lo +am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo libstrongswan_pubkey_la_OBJECTS = \ $(am_libstrongswan_pubkey_la_OBJECTS) libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -60,6 +83,7 @@ libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,14 +249,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-pubkey.la libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \ - pubkey_cert.h pubkey_cert.c\ - pubkey_public_key.h pubkey_public_key.c + pubkey_cert.h pubkey_cert.c libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version all: all-am @@ -245,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -303,25 +335,24 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_cert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_plugin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_public_key.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -344,7 +375,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -352,29 +383,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -395,13 +431,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -432,6 +472,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -453,6 +494,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -461,18 +504,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -511,6 +564,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index 863a8a1d4..f149f6379 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -17,11 +17,6 @@ #include <debug.h> -/** - * defined in pubkey_public_key.c - */ -extern public_key_t *pubkey_public_key_load(chunk_t blob); - typedef struct private_pubkey_cert_t private_pubkey_cert_t; /** @@ -33,17 +28,22 @@ struct private_pubkey_cert_t { * public functions */ pubkey_cert_t public; - + /** * wrapped public key */ public_key_t *key; - + /** * dummy issuer id, ID_ANY */ identification_t *issuer; - + + /** + * subject, ID_KEY_ID of the public key + */ + identification_t *subject; + /** * reference count */ @@ -63,7 +63,7 @@ static certificate_type_t get_type(private_pubkey_cert_t *this) */ static identification_t* get_subject(private_pubkey_cert_t *this) { - return this->key->get_id(this->key, ID_PUBKEY_INFO_SHA1); + return this->subject; } /** @@ -80,14 +80,21 @@ static identification_t* get_issuer(private_pubkey_cert_t *this) static id_match_t has_subject(private_pubkey_cert_t *this, identification_t *subject) { - identification_t *id; - - id = this->key->get_id(this->key, subject->get_type(subject)); - if (id) + if (subject->get_type(subject) == ID_KEY_ID) { - return id->matches(id, subject); + key_encoding_type_t type; + chunk_t fingerprint; + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + if (this->key->get_fingerprint(this->key, type, &fingerprint) && + chunk_equals(fingerprint, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } + } } - return ID_MATCH_NONE; + return ID_MATCH_NONE; } /** @@ -104,15 +111,19 @@ static id_match_t has_issuer(private_pubkey_cert_t *this, */ static bool equals(private_pubkey_cert_t *this, certificate_t *other) { - if (this == (private_pubkey_cert_t*)other) - { - return TRUE; - } - if (other->get_type(other) != CERT_TRUSTED_PUBKEY) + public_key_t *other_key; + + other_key = other->get_public_key(other); + if (other_key) { - return FALSE; + if (public_key_equals(this->key, other_key)) + { + other_key->destroy(other_key); + return TRUE; + } + other_key->destroy(other_key); } - return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_INFO_SHA1)); + return FALSE; } /** @@ -131,6 +142,7 @@ static public_key_t* get_public_key(private_pubkey_cert_t *this) this->key->get_ref(this->key); return this->key; } + /** * Implementation of certificate_t.get_validity. */ @@ -155,13 +167,19 @@ static bool is_newer(certificate_t *this, certificate_t *that) { return FALSE; } - + /** * Implementation of certificate_t.get_encoding. */ static chunk_t get_encoding(private_pubkey_cert_t *this) { - return this->key->get_encoding(this->key); + chunk_t encoding; + + if (this->key->get_encoding(this->key, KEY_PUB_ASN1_DER, &encoding)) + { + return encoding; + } + return chunk_empty; } /** @@ -180,6 +198,7 @@ static void destroy(private_pubkey_cert_t *this) { if (ref_put(&this->ref)) { + this->subject->destroy(this->subject); this->issuer->destroy(this->issuer); this->key->destroy(this->key); free(this); @@ -192,7 +211,8 @@ static void destroy(private_pubkey_cert_t *this) static pubkey_cert_t *pubkey_cert_create(public_key_t *key) { private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t); - + chunk_t fingerprint; + this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -206,97 +226,60 @@ static pubkey_cert_t *pubkey_cert_create(public_key_t *key) this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals; this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.interface.destroy = (void (*)(certificate_t *this))destroy; - + this->ref = 1; this->key = key; this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty); - - return &this->public; -} - -static pubkey_cert_t *pubkey_cert_create_from_chunk(chunk_t blob) -{ - public_key_t *key = pubkey_public_key_load(chunk_clone(blob)); + if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &fingerprint)) + { + this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint); + } + else + { + this->subject = identification_create_from_encoding(ID_ANY, chunk_empty); + } - return (key)? pubkey_cert_create(key) : NULL; + return &this->public; } -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for key loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - pubkey_cert_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static pubkey_cert_t *build(private_builder_t *this) +pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args) { - pubkey_cert_t *key = this->key; - - free(this); - return key; -} + public_key_t *key = NULL; + chunk_t blob = chunk_empty; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + while (TRUE) { - va_list args; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = pubkey_cert_create_from_chunk(va_arg(args, chunk_t)); - va_end(args); - return; - } + blob = va_arg(args, chunk_t); + continue; case BUILD_PUBLIC_KEY: - { - va_start(args, part); - this->key = pubkey_cert_create(va_arg(args, public_key_t*)); - va_end(args); - return; - } - default: + key = va_arg(args, public_key_t*); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) + if (key) { - destroy((private_pubkey_cert_t*)this->key); + key->get_ref(key); } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *pubkey_cert_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_TRUSTED_PUBKEY) + else if (blob.ptr) { - return NULL; + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_BLOB_ASN1_DER, blob, BUILD_END); } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + if (key) + { + return pubkey_cert_create(key); + } + return NULL; } diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h index 394fc8b98..a2d735342 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h @@ -21,6 +21,7 @@ #ifndef PUBKEY_CERT_H_ #define PUBKEY_CERT_H_ +#include <credentials/builder.h> #include <credentials/certificates/certificate.h> typedef struct pubkey_cert_t pubkey_cert_t; @@ -37,13 +38,14 @@ struct pubkey_cert_t { }; /** - * Create the builder for a trusted public key. + * Create a trusted public key cert using a public key. * - * The builders add() function takes BUILD_PUBLIC_KEY to enwrap. + * The build accepts a BUILD_PUBLIC_KEY or a BUILD_BLOB_ASN1_DER part. * * @param type type of the certificate, must be CERT_pubkey_cert - * @return builder instance + * @param args builder_part_t argument list + * @return pubkey_cert_t, NULL on failure */ -builder_t *pubkey_cert_builder(certificate_type_t type); +pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args); #endif /** PUBKEY_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index 7672e8dc1..ad84eed99 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -17,7 +17,6 @@ #include <library.h> #include "pubkey_cert.h" -#include "pubkey_public_key.h" typedef struct private_pubkey_plugin_t private_pubkey_plugin_t; @@ -38,9 +37,7 @@ struct private_pubkey_plugin_t { static void destroy(private_pubkey_plugin_t *this) { lib->creds->remove_builder(lib->creds, - (builder_constructor_t)pubkey_cert_builder); - lib->creds->remove_builder(lib->creds, - (builder_constructor_t)pubkey_public_key_builder); + (builder_function_t)pubkey_cert_wrap); free(this); } @@ -50,13 +47,11 @@ static void destroy(private_pubkey_plugin_t *this) plugin_t *plugin_create() { private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, - (builder_constructor_t)pubkey_cert_builder); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - (builder_constructor_t)pubkey_public_key_builder); + (builder_function_t)pubkey_cert_wrap); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c b/src/libstrongswan/plugins/pubkey/pubkey_public_key.c deleted file mode 100644 index 6d3ae66ab..000000000 --- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2008 Martin Willi - * Copyright (C) 2000-2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "pubkey_public_key.h" - -#include <debug.h> -#include <asn1/pem.h> -#include <asn1/oid.h> -#include <asn1/asn1.h> -#include <asn1/asn1_parser.h> - -/** - * ASN.1 definition of a subjectPublicKeyInfo structure - */ -static const asn1Object_t pkinfoObjects[] = { - { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 1 -#define PKINFO_SUBJECT_PUBLIC_KEY 2 - - -/** - * Load a public key from an ASN.1 encoded blob - * Also used by pubkey_cert.c - */ -public_key_t *pubkey_public_key_load(chunk_t blob) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - public_key_t *key = NULL; - key_type_t type = KEY_ANY; - - parser = asn1_parser_create(pkinfoObjects, blob); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM: - { - int oid = asn1_parse_algorithmIdentifier(object, - parser->get_level(parser)+1, NULL); - - if (oid == OID_RSA_ENCRYPTION) - { - type = KEY_RSA; - } - else if (oid == OID_EC_PUBLICKEY) - { - /* we need the whole subjectPublicKeyInfo for EC public keys */ - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, - KEY_ECDSA, BUILD_BLOB_ASN1_DER, blob, BUILD_END); - goto end; - } - else - { - /* key type not supported */ - goto end; - } - break; - } - case PKINFO_SUBJECT_PUBLIC_KEY: - if (object.len > 0 && *object.ptr == 0x00) - { - /* skip initial bit string octet defining 0 unused bits */ - object = chunk_skip(object, 1); - } - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, - BUILD_BLOB_ASN1_DER, object, BUILD_END); - break; - } - } - -end: - parser->destroy(parser); - free(blob.ptr); - return key; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static public_key_t *build(private_builder_t *this) -{ - public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t blob; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - blob = va_arg(args, chunk_t); - this->key = pubkey_public_key_load(chunk_clone(blob)); - va_end(args); - return; - } - case BUILD_BLOB_ASN1_PEM: - { - bool pgp; - char *pem; - - va_start(args, part); - pem = va_arg(args, char *); - blob = chunk_clone(chunk_create(pem, strlen(pem))); - if (pem_to_bin(&blob, chunk_empty, &pgp) == SUCCESS) - { - this->key = pubkey_public_key_load(chunk_clone(blob)); - } - free(blob.ptr); - va_end(args); - return; - } - default: - break; - } - } - DESTROY_IF(this->key); - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *pubkey_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_ANY) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am index 9a11b8567..7c2283ae7 100644 --- a/src/libstrongswan/plugins/random/Makefile.am +++ b/src/libstrongswan/plugins/random/Makefile.am @@ -1,7 +1,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ +-DDEV_RANDOM=\"${random_device}\" \ +-DDEV_URANDOM=\"${urandom_device}\" plugin_LTLIBRARIES = libstrongswan-random.la diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index a2869fb51..355ab14bc 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/random DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_random_la_LIBADD = am_libstrongswan_random_la_OBJECTS = random_plugin.lo random_rng.lo @@ -59,6 +83,7 @@ libstrongswan_random_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,10 +249,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ +-DDEV_RANDOM=\"${random_device}\" \ +-DDEV_URANDOM=\"${urandom_device}\" + plugin_LTLIBRARIES = libstrongswan-random.la libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \ random_rng.c random_rng.h @@ -243,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -304,21 +341,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +378,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +386,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +434,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +475,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +497,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +507,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +567,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index 5f04f1d79..df0a8f556 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -47,14 +47,14 @@ static void destroy(private_random_plugin_t *this) plugin_t *plugin_create() { private_random_plugin_t *this = malloc_thing(private_random_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_rng(lib->crypto, RNG_STRONG, + + lib->crypto->add_rng(lib->crypto, RNG_STRONG, (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, (rng_constructor_t)random_rng_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h index 8145c7875..6ce0f71be 100644 --- a/src/libstrongswan/plugins/random/random_plugin.h +++ b/src/libstrongswan/plugins/random/random_plugin.h @@ -16,7 +16,7 @@ /** * @defgroup random_p random * @ingroup plugins - * + * * @defgroup random_plugin random_plugin * @{ @ingroup random_p */ diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 22d21574e..34f300296 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -43,12 +43,12 @@ struct private_random_rng_t { * Public random_rng_t interface. */ random_rng_t public; - + /** * random device, depends on quality */ int dev; - + /** * file we read random bytes from */ @@ -63,9 +63,9 @@ static void get_bytes(private_random_rng_t *this, size_t bytes, { size_t done; ssize_t got; - + done = 0; - + while (done < bytes) { got = read(this->dev, buffer + done, bytes - done); @@ -120,7 +120,7 @@ random_rng_t *random_rng_create(rng_quality_t quality) { this->file = DEV_URANDOM; } - + this->dev = open(this->file, 0); if (this->dev < 0) { diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h index bcb9cb204..4e6f3afb2 100644 --- a/src/libstrongswan/plugins/random/random_rng.h +++ b/src/libstrongswan/plugins/random/random_rng.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup random_rng random_rng * @{ @ingroup random_p @@ -29,7 +29,7 @@ typedef struct random_rng_t random_rng_t; * rng_t implementation on top of /dev/[u]random */ struct random_rng_t { - + /** * Implements rng_t. */ @@ -38,7 +38,7 @@ struct random_rng_t { /** * Creates an random_rng_t instance. - * + * * @param quality required quality of randomness * @return created random_rng_t */ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index f1f5807ab..4f08b882c 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha1 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sha1_la_LIBADD = am_libstrongswan_sha1_la_OBJECTS = sha1_plugin.lo sha1_hasher.lo \ @@ -59,6 +83,7 @@ libstrongswan_sha1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -305,21 +339,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -342,7 +376,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -350,29 +384,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -393,13 +432,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -430,6 +473,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -451,6 +495,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -459,18 +505,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -509,6 +565,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index ba3dd9592..85bc89f37 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * + * * Ported from Steve Reid's <steve@edmweb.com> implementation * "SHA1 in C" found in strongSwan. * @@ -24,7 +24,7 @@ /* * ugly macro stuff - */ + */ #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) #if BYTE_ORDER == LITTLE_ENDIAN @@ -54,64 +54,64 @@ struct private_sha1_hasher_t { * Public interface for this hasher. */ sha1_hasher_t public; - + /* * State of the hasher. Shared with sha1_prf.c, do not change it!!! */ u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + u_int32_t count[2]; + u_int8_t buffer[64]; }; -/* +/* * Hash a single 512-bit block. This is the core of the algorithm. * */ static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) { u_int32_t a, b, c, d, e; typedef union { - u_int8_t c[64]; - u_int32_t l[16]; + u_int8_t c[64]; + u_int32_t l[16]; } CHAR64LONG16; CHAR64LONG16 block[1]; /* use array to appear as a pointer */ - memcpy(block, buffer, 64); + memcpy(block, buffer, 64); - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; - memset(block, '\0', sizeof(block)); + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; + memset(block, '\0', sizeof(block)); } /** @@ -122,33 +122,33 @@ void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len) u_int32_t i; u_int32_t j; - j = this->count[0]; - if ((this->count[0] += len << 3) < j) - { + j = this->count[0]; + if ((this->count[0] += len << 3) < j) + { this->count[1]++; - } - this->count[1] += (len>>29); - j = (j >> 3) & 63; - if ((j + len) > 63) - { - memcpy(&this->buffer[j], data, (i = 64-j)); - SHA1Transform(this->state, this->buffer); - for ( ; i + 63 < len; i += 64) - { - SHA1Transform(this->state, &data[i]); - } - j = 0; - } - else - { - i = 0; - } - memcpy(&this->buffer[j], &data[i], len - i); + } + this->count[1] += (len>>29); + j = (j >> 3) & 63; + if ((j + len) > 63) + { + memcpy(&this->buffer[j], data, (i = 64-j)); + SHA1Transform(this->state, this->buffer); + for ( ; i + 63 < len; i += 64) + { + SHA1Transform(this->state, &data[i]); + } + j = 0; + } + else + { + i = 0; + } + memcpy(&this->buffer[j], &data[i], len - i); } -/* - * Add padding and return the message digest. +/* + * Add padding and return the message digest. */ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) { @@ -156,23 +156,23 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) u_int8_t finalcount[8]; u_int8_t c; - for (i = 0; i < 8; i++) - { - finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)] - >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ - } - c = 0200; - SHA1Update(this, &c, 1); - while ((this->count[0] & 504) != 448) - { + for (i = 0; i < 8; i++) + { + finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + c = 0200; + SHA1Update(this, &c, 1); + while ((this->count[0] & 504) != 448) + { c = 0000; - SHA1Update(this, &c, 1); - } - SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */ - for (i = 0; i < 20; i++) - { - digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); - } + SHA1Update(this, &c, 1); + } + SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) + { + digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } } /** @@ -181,12 +181,12 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) static void reset(private_sha1_hasher_t *this) { this->state[0] = 0x67452301; - this->state[1] = 0xEFCDAB89; - this->state[2] = 0x98BADCFE; - this->state[3] = 0x10325476; - this->state[4] = 0xC3D2E1F0; - this->count[0] = 0; - this->count[1] = 0; + this->state[1] = 0xEFCDAB89; + this->state[2] = 0x98BADCFE; + this->state[3] = 0x10325476; + this->state[4] = 0xC3D2E1F0; + this->count[0] = 0; + this->count[1] = 0; } /** @@ -209,15 +209,15 @@ static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *h { SHA1Update(this, chunk.ptr, chunk.len); if (hash != NULL) - { + { hash->ptr = malloc(HASH_SIZE_SHA1); hash->len = HASH_SIZE_SHA1; - + SHA1Final(this, hash->ptr); reset(this); } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -250,10 +250,10 @@ sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo) this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + /* initialize */ reset(this); - + return &(this->public); } diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.h b/src/libstrongswan/plugins/sha1/sha1_hasher.h index b9bfe1c86..7fa6f1bc0 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.h +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.h @@ -30,7 +30,7 @@ typedef struct sha1_hasher_t sha1_hasher_t; * Implementation of hasher_t interface using the SHA1 algorithm. */ struct sha1_hasher_t { - + /** * Implements hasher_t interface. */ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index b9eb62ac5..a038228da 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -50,14 +50,14 @@ static void destroy(private_sha1_plugin_t *this) plugin_t *plugin_create() { private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)sha1_hasher_create); lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, (prf_constructor_t)sha1_prf_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index 4a5f7c293..a68779d37 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -29,13 +29,13 @@ struct private_sha1_hasher_t { * Public interface for this hasher. */ sha1_hasher_t public; - + /* * State of the hasher. From sha1_hasher.c, do not change it! */ u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + u_int32_t count[2]; + u_int8_t buffer[64]; }; /** @@ -107,7 +107,7 @@ static void set_key(private_sha1_prf_t *this, chunk_t key) { int i, rounds; u_int32_t *iv = (u_int32_t*)key.ptr; - + this->hasher->public.hasher_interface.reset(&this->hasher->public.hasher_interface); rounds = min(key.len/sizeof(u_int32_t), sizeof(this->hasher->state)); for (i = 0; i < rounds; i++) @@ -142,9 +142,9 @@ sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo) this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + this->hasher = (private_sha1_hasher_t*)sha1_hasher_create(HASH_SHA1); - + return &this->public; } diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.h b/src/libstrongswan/plugins/sha1/sha1_prf.h index b6cd2f9d0..1ab4cbc24 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.h +++ b/src/libstrongswan/plugins/sha1/sha1_prf.h @@ -29,7 +29,7 @@ typedef struct sha1_prf_t sha1_prf_t; * Implementation of prf_t interface using keyed SHA1 algorithm (used for EAP-AKA). */ struct sha1_prf_t { - + /** * Implements prf_t interface. */ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index b34286813..e4ea58094 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sha2_la_LIBADD = am_libstrongswan_sha2_la_OBJECTS = sha2_plugin.lo sha2_hasher.lo @@ -58,6 +82,7 @@ libstrongswan_sha2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 645f4d786..d407fad1b 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -31,7 +31,7 @@ struct private_sha512_hasher_t { * Public interface for this hasher. */ sha2_hasher_t public; - + unsigned char sha_out[128]; /* results are here, bytes 0..47/0..63 */ u_int64_t sha_H[8]; u_int64_t sha_blocks; @@ -50,7 +50,7 @@ struct private_sha256_hasher_t { * Public interface for this hasher. */ sha2_hasher_t public; - + unsigned char sha_out[64]; /* results are here, bytes 0...31 */ u_int32_t sha_H[8]; u_int64_t sha_blocks; @@ -60,7 +60,7 @@ struct private_sha256_hasher_t { static const u_int32_t sha224_hashInit[8] = { 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, - 0x64f98fa7, 0xbefa4fa4 + 0x64f98fa7, 0xbefa4fa4 }; static const u_int32_t sha256_hashInit[8] = { @@ -139,7 +139,7 @@ static const u_int64_t sha512_K[80] = { /** * Single block SHA256 transformation */ -static void sha256_transform(private_sha256_hasher_t *ctx, +static void sha256_transform(private_sha256_hasher_t *ctx, const unsigned char *datap) { register int j; @@ -168,7 +168,7 @@ static void sha256_transform(private_sha256_hasher_t *ctx, j = 0; do { - if(j >= 16) + if(j >= 16) { Wm2 = W[j - 2]; Wm15 = W[j - 15]; @@ -198,7 +198,7 @@ static void sha256_transform(private_sha256_hasher_t *ctx, /** * Update SHA256 hash */ -static void sha256_write(private_sha256_hasher_t *ctx, +static void sha256_write(private_sha256_hasher_t *ctx, const unsigned char *datap, int length) { while(length > 0) @@ -243,7 +243,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) { sha256_write(ctx, &padByte, 1); } - + /* write bit length, big endian byte order */ ctx->sha_out[56] = bitLength >> 56; ctx->sha_out[57] = bitLength >> 48; @@ -254,7 +254,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) ctx->sha_out[62] = bitLength >> 8; ctx->sha_out[63] = bitLength; sha256_transform(ctx, &ctx->sha_out[0]); - + /* return results in ctx->sha_out[0...31] */ datap = &ctx->sha_out[0]; j = 0; @@ -283,7 +283,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) /** * Single block SHA384/SHA512 transformation */ -static void sha512_transform(private_sha512_hasher_t *ctx, +static void sha512_transform(private_sha512_hasher_t *ctx, const unsigned char *datap) { register int j; @@ -343,14 +343,14 @@ static void sha512_transform(private_sha512_hasher_t *ctx, /** * Update a SHA384/SHA512 hash */ -static void sha512_write(private_sha512_hasher_t *ctx, +static void sha512_write(private_sha512_hasher_t *ctx, const unsigned char *datap, int length) { - while(length > 0) + while(length > 0) { - if(!ctx->sha_bufCnt) + if(!ctx->sha_bufCnt) { - while(length >= sizeof(ctx->sha_out)) + while(length >= sizeof(ctx->sha_out)) { sha512_transform(ctx, datap); datap += sizeof(ctx->sha_out); @@ -360,7 +360,7 @@ static void sha512_write(private_sha512_hasher_t *ctx, } ctx->sha_out[ctx->sha_bufCnt] = *datap++; length--; - if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) + if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { sha512_transform(ctx, &ctx->sha_out[0]); ctx->sha_bufCnt = 0; @@ -385,7 +385,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) /* pad extra space with zeroes */ padByte = 0; - while(ctx->sha_bufCnt != 112) + while(ctx->sha_bufCnt != 112) { sha512_write(ctx, &padByte, 1); } @@ -408,7 +408,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) ctx->sha_out[126] = bitLength >> 8; ctx->sha_out[127] = bitLength; sha512_transform(ctx, &ctx->sha_out[0]); - + /* return results in ctx->sha_out[0...63] */ datap = &ctx->sha_out[0]; j = 0; @@ -429,7 +429,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) /** * Implementation of hasher_t.get_hash for SHA224. */ -static void get_hash224(private_sha256_hasher_t *this, +static void get_hash224(private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); @@ -444,7 +444,7 @@ static void get_hash224(private_sha256_hasher_t *this, /** * Implementation of hasher_t.get_hash for SHA256. */ -static void get_hash256(private_sha256_hasher_t *this, +static void get_hash256(private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); @@ -489,11 +489,11 @@ static void get_hash512(private_sha512_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA224. */ -static void allocate_hash224(private_sha256_hasher_t *this, +static void allocate_hash224(private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha256_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -508,11 +508,11 @@ static void allocate_hash224(private_sha256_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA256. */ -static void allocate_hash256(private_sha256_hasher_t *this, +static void allocate_hash256(private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha256_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -527,11 +527,11 @@ static void allocate_hash256(private_sha256_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA384. */ -static void allocate_hash384(private_sha512_hasher_t *this, +static void allocate_hash384(private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha512_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -546,11 +546,11 @@ static void allocate_hash384(private_sha512_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA512. */ -static void allocate_hash512(private_sha512_hasher_t *this, +static void allocate_hash512(private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha512_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -577,7 +577,7 @@ static size_t get_hash_size256(private_sha256_hasher_t *this) { return HASH_SIZE_SHA256; } - + /** * Implementation of hasher_t.get_hash_size for SHA384. */ @@ -585,7 +585,7 @@ static size_t get_hash_size384(private_sha512_hasher_t *this) { return HASH_SIZE_SHA384; } - + /** * Implementation of hasher_t.get_hash_size for SHA512. */ @@ -650,7 +650,7 @@ static void destroy(sha2_hasher_t *this) sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm) { sha2_hasher_t *this; - + switch (algorithm) { case HASH_SHA224: @@ -686,9 +686,9 @@ sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm) return NULL; } this->hasher_interface.destroy = (void(*)(hasher_t*))destroy; - + /* initialize */ this->hasher_interface.reset(&this->hasher_interface); - + return this; } diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.h b/src/libstrongswan/plugins/sha2/sha2_hasher.h index 11f4fac26..ed57ae0bd 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.h +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.h @@ -32,7 +32,7 @@ typedef struct sha2_hasher_t sha2_hasher_t; * the SHA hash algorithm. */ struct sha2_hasher_t { - + /** * Generic hasher_t interface for this hasher. */ @@ -41,7 +41,7 @@ struct sha2_hasher_t { /** * Creates a new sha2_hasher_t. - * + * * @param algorithm HASH_SHA256, HASH_SHA384 or HASH_SHA512 * @return sha2_hasher_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index 0743f7b1a..90f7cec77 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -47,9 +47,9 @@ static void destroy(private_sha2_plugin_t *this) plugin_t *plugin_create() { private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, (hasher_constructor_t)sha2_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA256, @@ -58,7 +58,7 @@ plugin_t *plugin_create() (hasher_constructor_t)sha2_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)sha2_hasher_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index b59a1c343..831408c9e 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sqlite DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sqlite_la_DEPENDENCIES = am_libstrongswan_sqlite_la_OBJECTS = sqlite_plugin.lo \ @@ -60,6 +84,7 @@ libstrongswan_sqlite_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 6e4951f2d..721f1a126 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -19,7 +19,7 @@ #include <unistd.h> #include <library.h> #include <debug.h> -#include <utils/mutex.h> +#include <threading/mutex.h> typedef struct private_sqlite_database_t private_sqlite_database_t; @@ -32,12 +32,12 @@ struct private_sqlite_database_t { * public functions */ sqlite_database_t public; - + /** * sqlite database connection */ sqlite3 *db; - + /** * mutex used to lock execute() */ @@ -220,12 +220,12 @@ static enumerator_t* query(private_sqlite_database_t *this, char *sql, ...) va_list args; sqlite_enumerator_t *enumerator = NULL; int i; - + #if SQLITE_VERSION_NUMBER < 3005000 /* sqlite connections prior to 3.5 may be used by a single thread only, */ this->mutex->lock(this->mutex); #endif - + va_start(args, sql); stmt = run(this, sql, &args); if (stmt) @@ -254,7 +254,7 @@ static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) sqlite3_stmt *stmt; int affected = -1; va_list args; - + /* we need a lock to get our rowid/changes correctly */ this->mutex->lock(this->mutex); va_start(args, sql); @@ -316,7 +316,7 @@ sqlite_database_t *sqlite_database_create(char *uri) { char *file; private_sqlite_database_t *this; - + /** * parse sqlite:///path/to/file.db uri */ @@ -325,16 +325,16 @@ sqlite_database_t *sqlite_database_create(char *uri) return NULL; } file = uri + 9; - + this = malloc_thing(private_sqlite_database_t); - + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; this->public.db.destroy = (void(*)(database_t*))destroy; - + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + if (sqlite3_open(file, &this->db) != SQLITE_OK) { DBG1("opening SQLite database '%s' failed: %s", @@ -342,9 +342,9 @@ sqlite_database_t *sqlite_database_create(char *uri) destroy(this); return NULL; } - + sqlite3_busy_handler(this->db, (void*)busy_handler, this); - + return &this->public; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index bedf91e0f..955402bf9 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -47,9 +47,9 @@ static void destroy(private_sqlite_plugin_t *this) plugin_t *plugin_create() { private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->db->add_database(lib->db, (database_constructor_t)sqlite_database_create); diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 0e408ba7e..a8674d282 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/test_vectors DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_test_vectors_la_LIBADD = am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ @@ -64,6 +88,7 @@ libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -111,25 +136,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -141,11 +163,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -174,9 +199,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -199,7 +224,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -207,6 +232,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -215,10 +241,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -226,6 +254,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -270,9 +299,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -290,23 +319,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -352,178 +386,178 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< 3des_cbc.lo: test_vectors/3des_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT 3des_cbc.lo -MD -MP -MF $(DEPDIR)/3des_cbc.Tpo -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/3des_cbc.Tpo $(DEPDIR)/3des_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT 3des_cbc.lo -MD -MP -MF $(DEPDIR)/3des_cbc.Tpo -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/3des_cbc.Tpo $(DEPDIR)/3des_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/3des_cbc.c' object='3des_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c aes_cbc.lo: test_vectors/aes_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc.lo -MD -MP -MF $(DEPDIR)/aes_cbc.Tpo -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_cbc.Tpo $(DEPDIR)/aes_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc.lo -MD -MP -MF $(DEPDIR)/aes_cbc.Tpo -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_cbc.Tpo $(DEPDIR)/aes_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_cbc.c' object='aes_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c aes_xcbc.lo: test_vectors/aes_xcbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_xcbc.c' object='aes_xcbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c blowfish.lo: test_vectors/blowfish.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/blowfish.c' object='blowfish.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c camellia_cbc.lo: test_vectors/camellia_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_cbc.lo -MD -MP -MF $(DEPDIR)/camellia_cbc.Tpo -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/camellia_cbc.Tpo $(DEPDIR)/camellia_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_cbc.lo -MD -MP -MF $(DEPDIR)/camellia_cbc.Tpo -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_cbc.Tpo $(DEPDIR)/camellia_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_cbc.c' object='camellia_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c cast.lo: test_vectors/cast.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/cast.c' object='cast.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c des.lo: test_vectors/des.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des.lo -MD -MP -MF $(DEPDIR)/des.Tpo -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/des.Tpo $(DEPDIR)/des.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des.lo -MD -MP -MF $(DEPDIR)/des.Tpo -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/des.Tpo $(DEPDIR)/des.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/des.c' object='des.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c idea.lo: test_vectors/idea.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea.lo -MD -MP -MF $(DEPDIR)/idea.Tpo -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/idea.Tpo $(DEPDIR)/idea.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea.lo -MD -MP -MF $(DEPDIR)/idea.Tpo -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/idea.Tpo $(DEPDIR)/idea.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/idea.c' object='idea.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c null.lo: test_vectors/null.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT null.lo -MD -MP -MF $(DEPDIR)/null.Tpo -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/null.Tpo $(DEPDIR)/null.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT null.lo -MD -MP -MF $(DEPDIR)/null.Tpo -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/null.Tpo $(DEPDIR)/null.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/null.c' object='null.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c rc5.lo: test_vectors/rc5.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rc5.lo -MD -MP -MF $(DEPDIR)/rc5.Tpo -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rc5.Tpo $(DEPDIR)/rc5.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rc5.lo -MD -MP -MF $(DEPDIR)/rc5.Tpo -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rc5.Tpo $(DEPDIR)/rc5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/rc5.c' object='rc5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c serpent_cbc.lo: test_vectors/serpent_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT serpent_cbc.lo -MD -MP -MF $(DEPDIR)/serpent_cbc.Tpo -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/serpent_cbc.Tpo $(DEPDIR)/serpent_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT serpent_cbc.lo -MD -MP -MF $(DEPDIR)/serpent_cbc.Tpo -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/serpent_cbc.Tpo $(DEPDIR)/serpent_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/serpent_cbc.c' object='serpent_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c twofish_cbc.lo: test_vectors/twofish_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT twofish_cbc.lo -MD -MP -MF $(DEPDIR)/twofish_cbc.Tpo -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/twofish_cbc.Tpo $(DEPDIR)/twofish_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT twofish_cbc.lo -MD -MP -MF $(DEPDIR)/twofish_cbc.Tpo -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/twofish_cbc.Tpo $(DEPDIR)/twofish_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/twofish_cbc.c' object='twofish_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c md2.lo: test_vectors/md2.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md2.lo -MD -MP -MF $(DEPDIR)/md2.Tpo -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md2.Tpo $(DEPDIR)/md2.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md2.lo -MD -MP -MF $(DEPDIR)/md2.Tpo -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md2.Tpo $(DEPDIR)/md2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md2.c' object='md2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c md4.lo: test_vectors/md4.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md4.lo -MD -MP -MF $(DEPDIR)/md4.Tpo -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md4.Tpo $(DEPDIR)/md4.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md4.lo -MD -MP -MF $(DEPDIR)/md4.Tpo -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md4.Tpo $(DEPDIR)/md4.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md4.c' object='md4.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c md5.lo: test_vectors/md5.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5.lo -MD -MP -MF $(DEPDIR)/md5.Tpo -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5.Tpo $(DEPDIR)/md5.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5.lo -MD -MP -MF $(DEPDIR)/md5.Tpo -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md5.Tpo $(DEPDIR)/md5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md5.c' object='md5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c md5_hmac.lo: test_vectors/md5_hmac.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hmac.lo -MD -MP -MF $(DEPDIR)/md5_hmac.Tpo -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5_hmac.Tpo $(DEPDIR)/md5_hmac.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hmac.lo -MD -MP -MF $(DEPDIR)/md5_hmac.Tpo -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md5_hmac.Tpo $(DEPDIR)/md5_hmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md5_hmac.c' object='md5_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c sha1.lo: test_vectors/sha1.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1.lo -MD -MP -MF $(DEPDIR)/sha1.Tpo -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1.Tpo $(DEPDIR)/sha1.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1.lo -MD -MP -MF $(DEPDIR)/sha1.Tpo -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha1.Tpo $(DEPDIR)/sha1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha1.c' object='sha1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c sha1_hmac.lo: test_vectors/sha1_hmac.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hmac.lo -MD -MP -MF $(DEPDIR)/sha1_hmac.Tpo -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1_hmac.Tpo $(DEPDIR)/sha1_hmac.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hmac.lo -MD -MP -MF $(DEPDIR)/sha1_hmac.Tpo -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha1_hmac.Tpo $(DEPDIR)/sha1_hmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha1_hmac.c' object='sha1_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c sha2.lo: test_vectors/sha2.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2.lo -MD -MP -MF $(DEPDIR)/sha2.Tpo -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2.Tpo $(DEPDIR)/sha2.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2.lo -MD -MP -MF $(DEPDIR)/sha2.Tpo -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha2.Tpo $(DEPDIR)/sha2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha2.c' object='sha2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c sha2_hmac.lo: test_vectors/sha2_hmac.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hmac.lo -MD -MP -MF $(DEPDIR)/sha2_hmac.Tpo -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2_hmac.Tpo $(DEPDIR)/sha2_hmac.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hmac.lo -MD -MP -MF $(DEPDIR)/sha2_hmac.Tpo -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha2_hmac.Tpo $(DEPDIR)/sha2_hmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha2_hmac.c' object='sha2_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c fips_prf.lo: test_vectors/fips_prf.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF $(DEPDIR)/fips_prf.Tpo -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_prf.Tpo $(DEPDIR)/fips_prf.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF $(DEPDIR)/fips_prf.Tpo -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fips_prf.Tpo $(DEPDIR)/fips_prf.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/fips_prf.c' object='fips_prf.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c rng.lo: test_vectors/rng.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/rng.c' object='rng.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c mostlyclean-libtool: -rm -f *.lo @@ -543,7 +577,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -551,29 +585,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -594,13 +633,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -631,6 +674,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -652,6 +696,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -660,18 +706,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -710,6 +766,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c index 63bbb1261..a4e06180a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c @@ -30,7 +30,7 @@ crypter_test_vector_t blowfish1 = { }; /** - * Test vector by Chilkat Software + * Test vector by Chilkat Software * (www.chilkatsoft.com/p/php_blowfish.asp) */ crypter_test_vector_t blowfish2 = { diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c index 8502df7ad..4dc1cc174 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c @@ -33,7 +33,7 @@ monobit_t monobit_all = { static bool test_monobit(monobit_t *param, chunk_t data) { int i, j, bits = 0; - + for (i = 0; i < data.len; i++) { for (j = 0; j < 8; j++) @@ -87,15 +87,15 @@ static bool test_poker(poker_t *param, chunk_t data) { int i, counter[16]; double sum = 0.0; - + memset(counter, 0, sizeof(counter)); - + for (i = 0; i < data.len; i++) { counter[data.ptr[i] & 0x0F]++; counter[(data.ptr[i] & 0xF0) >> 4]++; } - + for (i = 0; i < countof(counter); i++) { sum += (counter[i] * counter[i]) / 5000.0 * 16.0; @@ -145,10 +145,10 @@ runs_t runs_all = { static bool test_runs(runs_t *param, chunk_t data) { int i, j, zero_runs[7], one_runs[7], zero = 0, one = 0, longrun = 0; - + memset(one_runs, 0, sizeof(zero_runs)); memset(zero_runs, 0, sizeof(one_runs)); - + for (i = 0; i < data.len; i++) { for (j = 0; j < 8; j++) @@ -189,7 +189,7 @@ static bool test_runs(runs_t *param, chunk_t data) } } } - + DBG2(" Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, " "longruns: %d", zero_runs[1], zero_runs[2], zero_runs[3], @@ -197,12 +197,12 @@ static bool test_runs(runs_t *param, chunk_t data) one_runs[1], one_runs[2], one_runs[3], one_runs[4], one_runs[5], one_runs[6], longrun); - + if (longrun) { return FALSE; } - + for (i = 1; i < countof(zero_runs); i++) { if (zero_runs[i] <= param->lower[i] || diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index b96dc0c9a..7ad8c3c73 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -108,9 +108,9 @@ plugin_t *plugin_create() { private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); int i; - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + for (i = 0; i < countof(crypter); i++) { lib->crypto->add_test_vector(lib->crypto, @@ -136,7 +136,7 @@ plugin_t *plugin_create() lib->crypto->add_test_vector(lib->crypto, RANDOM_NUMBER_GENERATOR, rng[i]); } - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am index e9668b4e4..853b1cebc 100644 --- a/src/libstrongswan/plugins/x509/Makefile.am +++ b/src/libstrongswan/plugins/x509/Makefile.am @@ -9,8 +9,8 @@ libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ x509_cert.h x509_cert.c \ x509_crl.h x509_crl.c \ x509_ac.h x509_ac.c \ + x509_pkcs10.h x509_pkcs10.c \ x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c \ - ietf_attr_list.h ietf_attr_list.c + x509_ocsp_response.h x509_ocsp_response.c libstrongswan_x509_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 56cb04769..428643254 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,24 +37,46 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/x509 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_x509_la_LIBADD = am_libstrongswan_x509_la_OBJECTS = x509_plugin.lo x509_cert.lo \ - x509_crl.lo x509_ac.lo x509_ocsp_request.lo \ - x509_ocsp_response.lo ietf_attr_list.lo + x509_crl.lo x509_ac.lo x509_pkcs10.lo x509_ocsp_request.lo \ + x509_ocsp_response.lo libstrongswan_x509_la_OBJECTS = $(am_libstrongswan_x509_la_OBJECTS) libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -60,6 +84,7 @@ libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -231,9 +260,9 @@ libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ x509_cert.h x509_cert.c \ x509_crl.h x509_crl.c \ x509_ac.h x509_ac.c \ + x509_pkcs10.h x509_pkcs10.c \ x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c \ - ietf_attr_list.h ietf_attr_list.c + x509_ocsp_response.h x509_ocsp_response.c libstrongswan_x509_la_LDFLAGS = -module -avoid-version all: all-am @@ -249,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -269,23 +298,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -305,31 +339,31 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ietf_attr_list.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_ac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_cert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_crl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_ocsp_request.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_ocsp_response.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_pkcs10.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_plugin.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -352,7 +386,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -360,29 +394,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -403,13 +442,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -440,6 +483,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -461,6 +505,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -469,18 +515,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -519,6 +575,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.c b/src/libstrongswan/plugins/x509/ietf_attr_list.c deleted file mode 100644 index 17f6949b2..000000000 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <string.h> -#include <stdio.h> - -#include <debug.h> -#include <library.h> - -#include <asn1/oid.h> -#include <asn1/asn1.h> -#include <asn1/asn1_parser.h> -#include <utils/lexparser.h> - -#include "ietf_attr_list.h" - -/** - * Private definition of ietfAttribute kinds - */ -typedef enum { - IETF_ATTRIBUTE_OCTETS = 0, - IETF_ATTRIBUTE_OID = 1, - IETF_ATTRIBUTE_STRING = 2 -} ietfAttribute_t; - -typedef struct ietfAttr_t ietfAttr_t; - -/** - * Private definition of an ietfAttribute - */ -struct ietfAttr_t { - /** - * IETF attribute kind - */ - ietfAttribute_t kind; - - /** - * IETF attribute valuse - */ - chunk_t value; - - /** - * Compares two ietfAttributes - * - * return -1 if this is earlier in the alphabet than other - * return 0 if this equals other - * return +1 if this is later in the alphabet than other - * - * @param this calling object - * @param other other object - */ - int (*compare) (const ietfAttr_t *this ,const ietfAttr_t *other); - - /** - * Destroys the ietfAttr_t object. - * - * @param this ietfAttr_t to destroy - */ - void (*destroy) (ietfAttr_t *this); -}; - -/** - * Implements ietfAttr_t.compare. - */ -static int ietfAttr_compare(const ietfAttr_t *this ,const ietfAttr_t *other) -{ - int cmp_len, len, cmp_value; - - /* OID attributes are appended after STRING and OCTETS attributes */ - if (this->kind != IETF_ATTRIBUTE_OID && other->kind == IETF_ATTRIBUTE_OID) - { - return -1; - } - if (this->kind == IETF_ATTRIBUTE_OID && other->kind != IETF_ATTRIBUTE_OID) - { - return 1; - } - - cmp_len = this->value.len - other->value.len; - len = (cmp_len < 0)? this->value.len : other->value.len; - cmp_value = memcmp(this->value.ptr, other->value.ptr, len); - - return (cmp_value == 0)? cmp_len : cmp_value; -} - -/** - * Implements ietfAttr_t.destroy. - */ -static void ietfAttr_destroy(ietfAttr_t *this) -{ - free(this->value.ptr); - free(this); -} - -/** - * Creates an ietfAttr_t object. - */ -static ietfAttr_t *ietfAttr_create(ietfAttribute_t kind, chunk_t value) -{ - ietfAttr_t *this = malloc_thing(ietfAttr_t); - - /* initialize */ - this->kind = kind; - this->value = chunk_clone(value); - - /* function */ - this->compare = ietfAttr_compare; - this->destroy = ietfAttr_destroy; - - return this; -} - -/** - * Adds an ietfAttr_t object to a sorted linked list - */ -static void ietfAttr_add(linked_list_t *list, ietfAttr_t *attr) -{ - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *current_attr; - bool found = FALSE; - - while (iterator->iterate(iterator, (void **)¤t_attr)) - { - int cmp = attr->compare(attr, current_attr); - - if (cmp > 0) - { - continue; - } - if (cmp == 0) - { - attr->destroy(attr); - } - else - { - iterator->insert_before(iterator, attr); - } - found = TRUE; - break; - } - iterator->destroy(iterator); - if (!found) - { - list->insert_last(list, attr); - } -} - -/* - * Described in header. - */ -bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b) -{ - bool result = TRUE; - - /* lists must have the same number of attributes */ - if (list_a->get_count(list_a) != list_b->get_count(list_b)) - { - return FALSE; - } - /* empty lists - no attributes */ - if (list_a->get_count(list_a) == 0) - { - return TRUE; - } - - /* compare two alphabetically-sorted lists */ - { - iterator_t *iterator_a = list_a->create_iterator(list_a, TRUE); - iterator_t *iterator_b = list_b->create_iterator(list_b, TRUE); - ietfAttr_t *attr_a, *attr_b; - - while (iterator_a->iterate(iterator_a, (void **)&attr_a) && - iterator_b->iterate(iterator_b, (void **)&attr_b)) - { - if (attr_a->compare(attr_a, attr_b) != 0) - { - /* we have a mismatch */ - result = FALSE; - break; - } - } - iterator_a->destroy(iterator_a); - iterator_b->destroy(iterator_b); - } - return result; -} - -/* - * Described in header. - */ -void ietfAttr_list_list(linked_list_t *list, FILE *out) -{ - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *attr; - bool first = TRUE; - - while (iterator->iterate(iterator, (void **)&attr)) - { - if (first) - { - first = FALSE; - } - else - { - fprintf(out, ", "); - } - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - case IETF_ATTRIBUTE_STRING: - fprintf(out, "%.*s", (int)attr->value.len, attr->value.ptr); - break; - case IETF_ATTRIBUTE_OID: - { - int oid = asn1_known_oid(attr->value); - - if (oid == OID_UNKNOWN) - { - fprintf(out, "0x#B", &attr->value); - } - else - { - fprintf(out, "%s", oid_names[oid]); - } - } - break; - default: - break; - } - } - iterator->destroy(iterator); -} - -/* - * Described in header. - */ -void ietfAttr_list_create_from_string(char *msg, linked_list_t *list) -{ - chunk_t line = { msg, strlen(msg) }; - - while (eat_whitespace(&line)) - { - chunk_t group; - - /* extract the next comma-separated group attribute */ - if (!extract_token(&group, ',', &line)) - { - group = line; - line.len = 0; - } - - /* remove any trailing spaces */ - while (group.len > 0 && *(group.ptr + group.len - 1) == ' ') - { - group.len--; - } - - /* add the group attribute to the list */ - if (group.len > 0) - { - ietfAttr_t *attr = ietfAttr_create(IETF_ATTRIBUTE_STRING, group); - - ietfAttr_add(list, attr); - } - } -} - -/** - * ASN.1 definition of ietfAttrSyntax - */ -static const asn1Object_t ietfAttrSyntaxObjects[] = -{ - { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_BODY }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */ - { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT | - ASN1_BODY }, /* 4 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ - { 2, "oid", ASN1_OID, ASN1_OPT | - ASN1_BODY }, /* 6 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "string", ASN1_UTF8STRING, ASN1_OPT | - ASN1_BODY }, /* 8 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define IETF_ATTR_OCTETS 4 -#define IETF_ATTR_OID 6 -#define IETF_ATTR_STRING 8 - -/* - * Described in header. - */ -void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case IETF_ATTR_OCTETS: - case IETF_ATTR_OID: - case IETF_ATTR_STRING: - { - ietfAttribute_t kind = (objectID - IETF_ATTR_OCTETS) / 2; - ietfAttr_t *attr = ietfAttr_create(kind, object); - ietfAttr_add(list, attr); - } - break; - default: - break; - } - } - parser->destroy(parser); -} - -/* - * Described in header. - */ -chunk_t ietfAttr_list_encode(linked_list_t *list) -{ - chunk_t ietfAttributes; - size_t size = 0; - u_char *pos; - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *attr; - - /* precalculate the total size of all values */ - while (iterator->iterate(iterator, (void **)&attr)) - { - size_t len = attr->value.len; - - size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len; - } - iterator->destroy(iterator); - - pos = asn1_build_object(&ietfAttributes, ASN1_SEQUENCE, size); - - iterator = list->create_iterator(list, TRUE); - while (iterator->iterate(iterator, (void **)&attr)) - { - chunk_t ietfAttribute; - asn1_t type = ASN1_NULL; - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - type = ASN1_OCTET_STRING; - break; - case IETF_ATTRIBUTE_STRING: - type = ASN1_UTF8STRING; - break; - case IETF_ATTRIBUTE_OID: - type = ASN1_OID; - break; - } - ietfAttribute = asn1_simple_object(type, attr->value); - - /* copy ietfAttribute into ietfAttributes chunk */ - memcpy(pos, ietfAttribute.ptr, ietfAttribute.len); - pos += ietfAttribute.len; - free(ietfAttribute.ptr); - } - iterator->destroy(iterator); - - return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes); -} - -/* - * Described in header. - */ -void ietfAttr_list_destroy(linked_list_t *list) -{ - list->destroy_offset(list, offsetof(ietfAttr_t, destroy)); -} diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h deleted file mode 100644 index 5807a899e..000000000 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (C) 2007 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup ietf_attr_list ietf_attr_list - * @{ @ingroup x509_p - */ - -#ifndef IETF_ATTR_LIST_H_ -#define IETF_ATTR_LIST_H_ - -#include <library.h> -#include <utils/linked_list.h> - - -/** - * @brief Compare two linked lists of ietfAttr_t objects for equality - * - * @param list_a first alphabetically-sorted list - * @param list_b second alphabetically-sorted list - * @return TRUE if equal - */ -bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b); - -/** - * @brief Lists a linked list of ietfAttr_t objects - * - * @param list alphabetically-sorted linked list of attributes - * @param out output file - */ -void ietfAttr_list_list(linked_list_t *list, FILE *out); - -/** - * @brief Create a linked list of ietfAttr_t objects from a string - * - * @param msg string with comma-separated group names - * @param list alphabetically-sorted linked list of attributes - */ -void ietfAttr_list_create_from_string(char *msg, linked_list_t *list); - -/** - * @brief Create a linked list of ietfAttr_t objects from an ASN.1-coded chunk - * - * @param chunk chunk containing ASN.1-coded attributes - * @param list alphabetically-sorted linked list of attributes - * @param level0 parsing level - */ -void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0); - -/** - * @brief Encode a linked list of ietfAttr_t objects into an ASN.1-coded chunk - * - * @param list alphabetically-sorted linked list of attributes - * @return chunk containing ASN.1-coded attributes - */ -chunk_t ietfAttr_list_encode(linked_list_t *list); - -/** - * @brief Destroys a linked list of ietfAttr_t objects - * - * @param list list to be destroyed - */ -void ietfAttr_list_destroy(linked_list_t *list); - -#endif /** IETF_ATTR_LIST_H_ @}*/ - diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 638f96b44..79ff80933 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -1,9 +1,10 @@ /* * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter - * Copyright (C) 2002-2008 Andreas Steffen + * Copyright (C) 2002-2009 Andreas Steffen + * Copyright (C) 2009 Martin Willi * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,7 +18,6 @@ */ #include "x509_ac.h" -#include "ietf_attr_list.h" #include <time.h> @@ -26,14 +26,14 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <asn1/pem.h> #include <utils/identification.h> #include <utils/linked_list.h> #include <credentials/certificates/x509.h> +#include <credentials/ietf_attributes/ietf_attributes.h> #include <credentials/keys/private_key.h> -extern identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, - int level0, chunk_t *authKeySerialNumber); +extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, + int level0, chunk_t *authKeySerialNumber); typedef struct private_x509_ac_t private_x509_ac_t; @@ -46,7 +46,7 @@ struct private_x509_ac_t { * public functions */ x509_ac_t public; - + /** * X.509 attribute certificate encoding in ASN.1 DER format */ @@ -81,7 +81,7 @@ struct private_x509_ac_t { * ID representing the holder */ identification_t *entityName; - + /** * ID representing the attribute certificate issuer */ @@ -100,17 +100,17 @@ struct private_x509_ac_t { /** * List of charging attributes */ - linked_list_t *charging; + ietf_attributes_t *charging; /** * List of groub attributes */ - linked_list_t *groups; + ietf_attributes_t *groups; /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; + chunk_t authKeyIdentifier; /** * Authority Key Serial Number @@ -132,19 +132,19 @@ struct private_x509_ac_t { */ chunk_t signature; - /** - * Holder certificate - */ + /** + * Holder certificate + */ certificate_t *holderCert; - /** - * Signer certificate - */ + /** + * Signer certificate + */ certificate_t *signerCert; - /** - * Signer private key; - */ + /** + * Signer private key; + */ private_key_t *signerKey; /** @@ -153,30 +153,13 @@ struct private_x509_ac_t { refcount_t ref; }; -static u_char ASN1_group_oid_str[] = { - 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04 -}; - -static const chunk_t ASN1_group_oid = chunk_from_buf(ASN1_group_oid_str); - -static u_char ASN1_authorityKeyIdentifier_oid_str[] = { - 0x06, 0x03, - 0x55, 0x1d, 0x23 -}; - -static const chunk_t ASN1_authorityKeyIdentifier_oid = - chunk_from_buf(ASN1_authorityKeyIdentifier_oid_str); - -static u_char ASN1_noRevAvail_ext_str[] = { +static chunk_t ASN1_noRevAvail_ext = chunk_from_chars( 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x38, 0x04, 0x02, 0x05, 0x00 -}; - -static const chunk_t ASN1_noRevAvail_ext = chunk_from_buf(ASN1_noRevAvail_ext_str); +); /** * declaration of function implemented in x509_cert.c @@ -294,7 +277,7 @@ static const asn1Object_t acObjects[] = { 3, "baseCertificateID", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 21 */ { 4, "issuerSerial", ASN1_SEQUENCE, ASN1_NONE }, /* 22 */ { 5, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 23 */ - { 5, "serial", ASN1_INTEGER, ASN1_BODY }, /* 24 */ + { 5, "serial", ASN1_INTEGER, ASN1_BODY }, /* 24 */ { 5, "issuerUID", ASN1_BIT_STRING, ASN1_OPT | ASN1_BODY }, /* 25 */ { 5, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ @@ -302,7 +285,7 @@ static const asn1Object_t acObjects[] = { 3, "objectDigestInfo", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 28 */ { 4, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 29 */ { 5, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 30 */ - { 5, "otherObjectTypeID", ASN1_OID, ASN1_OPT | + { 5, "otherObjectTypeID", ASN1_OID, ASN1_OPT | ASN1_BODY }, /* 31 */ { 5, "end opt", ASN1_EOC, ASN1_END }, /* 32 */ { 5, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 33 */ @@ -430,10 +413,14 @@ static bool parse_certificate(private_x509_ac_t *this) DBG2(" need to parse accessIdentity"); break; case OID_CHARGING_IDENTITY: - ietfAttr_list_create_from_chunk(object, this->charging, level); + DBG2("-- > --"); + this->charging = ietf_attributes_create_from_encoding(object); + DBG2("-- < --"); break; case OID_GROUP: - ietfAttr_list_create_from_chunk(object, this->groups, level); + DBG2("-- > --"); + this->groups = ietf_attributes_create_from_encoding(object); + DBG2("-- < --"); break; case OID_ROLE: parse_roleSyntax(object, level); @@ -459,7 +446,7 @@ static bool parse_certificate(private_x509_ac_t *this) break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + level, &this->authKeySerialNumber); break; case OID_TARGET_INFORMATION: DBG2(" need to parse targetInformation"); @@ -547,10 +534,10 @@ static chunk_t build_attr_cert_validity(private_x509_ac_t *this) /** * build attribute type */ -static chunk_t build_attribute_type(const chunk_t type, chunk_t content) +static chunk_t build_attribute_type(int type, chunk_t content) { - return asn1_wrap(ASN1_SEQUENCE, "cm", - type, + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(type), asn1_wrap(ASN1_SET, "m", content)); } @@ -560,7 +547,7 @@ static chunk_t build_attribute_type(const chunk_t type, chunk_t content) static chunk_t build_attributes(private_x509_ac_t *this) { return asn1_wrap(ASN1_SEQUENCE, "m", - build_attribute_type(ASN1_group_oid, ietfAttr_list_encode(this->groups))); + build_attribute_type(OID_GROUP, this->groups->get_encoding(this->groups))); } /** @@ -568,31 +555,30 @@ static chunk_t build_attributes(private_x509_ac_t *this) */ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) { - chunk_t keyIdentifier; + chunk_t keyIdentifier = chunk_empty; chunk_t authorityCertIssuer; chunk_t authorityCertSerialNumber; - x509_t *x509 = (x509_t*)this->signerCert; - identification_t *issuer = this->signerCert->get_issuer(this->signerCert); - public_key_t *public = this->signerCert->get_public_key(this->signerCert); + identification_t *issuer; + public_key_t *public; + x509_t *x509; + x509 = (x509_t*)this->signerCert; + issuer = this->signerCert->get_issuer(this->signerCert); + public = this->signerCert->get_public_key(this->signerCert); if (public) { - identification_t *keyid = public->get_id(public, ID_PUBKEY_SHA1); - - this->authKeyIdentifier = keyid = keyid->clone(keyid); - keyIdentifier = keyid->get_encoding(keyid); + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyIdentifier)) + { + this->authKeyIdentifier = chunk_clone(keyIdentifier); + } public->destroy(public); } - else - { - keyIdentifier = chunk_empty; - } authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1, - issuer->get_encoding(issuer)); + issuer->get_encoding(issuer)); authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2, - x509->get_serial(x509)); - return asn1_wrap(ASN1_SEQUENCE, "cm", - ASN1_authorityKeyIdentifier_oid, + x509->get_serial(x509)); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_SEQUENCE, "cmm", keyIdentifier, @@ -618,7 +604,7 @@ static chunk_t build_extensions(private_x509_ac_t *this) */ static chunk_t build_attr_cert_info(private_x509_ac_t *this) { - return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm", + return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm", ASN1_INTEGER_1, build_holder(this), build_v2_form(this), @@ -636,14 +622,14 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) static chunk_t build_ac(private_x509_ac_t *this) { chunk_t signatureValue; - chunk_t attributeCertificateInfo; + chunk_t attributeCertificateInfo; attributeCertificateInfo = build_attr_cert_info(this); this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, attributeCertificateInfo, &signatureValue); - return asn1_wrap(ASN1_SEQUENCE, "mcm", + return asn1_wrap(ASN1_SEQUENCE, "mmm", attributeCertificateInfo, asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), asn1_bitstring("m", signatureValue)); @@ -676,12 +662,20 @@ static identification_t* get_holderIssuer(private_x509_ac_t *this) /** * Implementation of ac_t.get_authKeyIdentifier. */ -static identification_t* get_authKeyIdentifier(private_x509_ac_t *this) +static chunk_t get_authKeyIdentifier(private_x509_ac_t *this) { return this->authKeyIdentifier; } /** + * Implementation of certificate_t.get_groups. + */ +static ietf_attributes_t* get_groups(private_x509_ac_t *this) +{ + return this->groups ? this->groups->get_ref(this->groups) : NULL; +} + +/** * Implementation of certificate_t.get_type */ static certificate_type_t get_type(private_x509_ac_t *this) @@ -710,7 +704,7 @@ static identification_t* get_issuer(private_x509_ac_t *this) */ static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject) { - return ID_MATCH_NONE; + return ID_MATCH_NONE; } /** @@ -718,24 +712,12 @@ static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject */ static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer) { - id_match_t match; - - if (issuer->get_type(issuer) == ID_PUBKEY_SHA1) - { - if (this->authKeyIdentifier) - { - match = issuer->matches(issuer, this->authKeyIdentifier); - } - else - { - match = ID_MATCH_NONE; - } - } - else + if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr && + chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer))) { - match = this->issuerName->matches(this->issuerName, issuer); + return ID_MATCH_PERFECT; } - return match; + return this->issuerName->matches(this->issuerName, issuer); } /** @@ -747,7 +729,7 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + /* check if issuer is an X.509 AA certificate */ if (issuer->get_type(issuer) != CERT_X509) { @@ -762,19 +744,20 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) key = issuer->get_public_key(issuer); /* compare keyIdentifiers if available, otherwise use DNs */ - if (this->authKeyIdentifier && key) + if (this->authKeyIdentifier.ptr && key) { - identification_t *subjectKeyIdentifier = key->get_id(key, ID_PUBKEY_SHA1); + chunk_t fingerprint; - if (!subjectKeyIdentifier->equals(subjectKeyIdentifier, - this->authKeyIdentifier)) + if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + !chunk_equals(fingerprint, this->authKeyIdentifier)) { return FALSE; } } - else + else { - if (!this->issuerName->equals(this->issuerName, issuer->get_subject(issuer))) + if (!this->issuerName->equals(this->issuerName, + issuer->get_subject(issuer))) { return FALSE; } @@ -815,16 +798,8 @@ static private_x509_ac_t* get_ref(private_x509_ac_t *this) static bool get_validity(private_x509_ac_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; - - if (when) - { - t = *when; - } - else - { - t = time(NULL); - } + time_t t = when ? *when : time(NULL); + if (not_before) { *not_before = this->notBefore; @@ -849,12 +824,12 @@ static bool is_newer(private_x509_ac_t *this, ac_t *that) this_cert->get_validity(this_cert, &now, &this_update, NULL); that_cert->get_validity(that_cert, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" attr cert from %T is %s - existing attr_cert from %T %s", + DBG1(" attr cert from %T is %s - existing attr cert from %T %s", &this_update, FALSE, new ? "newer":"not newer", &that_update, FALSE, new ? "replaced":"retained"); return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -870,14 +845,14 @@ static bool equals(private_x509_ac_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if ((certificate_t*)this == other) { return TRUE; } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -895,14 +870,13 @@ static void destroy(private_x509_ac_t *this) DESTROY_IF(this->holderIssuer); DESTROY_IF(this->entityName); DESTROY_IF(this->issuerName); - DESTROY_IF(this->authKeyIdentifier); DESTROY_IF(this->holderCert); DESTROY_IF(this->signerCert); DESTROY_IF(this->signerKey); - - ietfAttr_list_destroy(this->charging); - ietfAttr_list_destroy(this->groups); + DESTROY_IF(this->charging); + DESTROY_IF(this->groups); free(this->serialNumber.ptr); + free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); free(this); } @@ -914,12 +888,13 @@ static void destroy(private_x509_ac_t *this) static private_x509_ac_t *create_empty(void) { private_x509_ac_t *this = malloc_thing(private_x509_ac_t); - + /* public functions */ this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial; this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial; this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer; - this->public.interface.get_authKeyIdentifier = (identification_t* (*)(ac_t*))get_authKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(ac_t*))get_authKeyIdentifier; + this->public.interface.get_groups = (ietf_attributes_t* (*)(ac_t*))get_groups; this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -938,187 +913,108 @@ static private_x509_ac_t *create_empty(void) this->encoding = chunk_empty; this->serialNumber = chunk_empty; this->holderSerial = chunk_empty; + this->authKeyIdentifier = chunk_empty; this->holderIssuer = NULL; this->entityName = NULL; this->issuerName = NULL; - this->authKeyIdentifier = NULL; this->holderCert = NULL; this->signerCert = NULL; this->signerKey = NULL; - this->charging = linked_list_create(); - this->groups = linked_list_create(); + this->charging = NULL; + this->groups = NULL; this->ref = 1; return this; } /** - * create X.509 attribute certificate from a chunk + * See header. */ -static private_x509_ac_t* create_from_chunk(chunk_t chunk) +x509_ac_t *x509_ac_load(certificate_type_t type, va_list args) { - private_x509_ac_t *this = create_empty(); - - this->encoding = chunk; - if (!parse_certificate(this)) - { - destroy(this); - return NULL; - } - return this; -} + chunk_t blob = chunk_empty; -/** - * create X.509 crl from a file - */ -static private_x509_ac_t* create_from_file(char *path) -{ - bool pgp = FALSE; - chunk_t chunk; - private_x509_ac_t *this; - - if (!pem_asn1_load_file(path, NULL, &chunk, &pgp)) + while (TRUE) { - return NULL; + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; } - - this = create_from_chunk(chunk); - - if (this == NULL) + if (blob.ptr) { - DBG1(" could not parse loaded attribute certificate file '%s'", path); - return NULL; - } - DBG1(" loaded attribute certificate file '%s'", path); - return this; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for certificate loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** X.509 attribute certificate to build */ - private_x509_ac_t *ac; -}; + private_x509_ac_t *ac = create_empty(); -/** - * Implementation of builder_t.build - */ -static private_x509_ac_t* build(private_builder_t *this) -{ - private_x509_ac_t *ac = this->ac; - - free(this); - - /* synthesis if encoding does not exist */ - if (ac && ac->encoding.ptr == NULL) - { - if (ac->holderCert && ac->signerCert && ac->signerKey) + ac->encoding = chunk_clone(blob); + if (parse_certificate(ac)) { - ac->encoding = build_ac(ac); - return ac; + return &ac->public; } destroy(ac); - return NULL; - } - else - { - return ac; } + return NULL; } /** - * Implementation of builder_t.add + * See header. */ -static void add(private_builder_t *this, builder_part_t part, ...) +x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) { - va_list args; - certificate_t *cert; - chunk_t chunk; + private_x509_ac_t *ac; - va_start(args, part); - switch (part) + ac = create_empty(); + while (TRUE) { - case BUILD_FROM_FILE: - if (this->ac) - { - destroy(this->ac); - } - this->ac = create_from_file(va_arg(args, char*)); - break; - case BUILD_BLOB_ASN1_DER: - if (this->ac) - { - destroy(this->ac); - } - chunk = va_arg(args, chunk_t); - this->ac = create_from_chunk(chunk_clone(chunk)); - break; - case BUILD_NOT_BEFORE_TIME: - this->ac->notBefore = va_arg(args, time_t); - break; - case BUILD_NOT_AFTER_TIME: - this->ac->notAfter = va_arg(args, time_t); - break; - case BUILD_SERIAL: - chunk = va_arg(args, chunk_t); - this->ac->serialNumber = chunk_clone(chunk); - break; - case BUILD_IETF_GROUP_ATTR: - ietfAttr_list_create_from_string(va_arg(args, char*), - this->ac->groups); - break; - case BUILD_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->ac->holderCert = cert->get_ref(cert); - } - break; - case BUILD_SIGNING_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->ac->signerCert = cert->get_ref(cert); - } - break; - case BUILD_SIGNING_KEY: - this->ac->signerKey = va_arg(args, private_key_t*); - this->ac->signerKey->get_ref(this->ac->signerKey); - break; - default: - /* abort if unsupported option */ - if (this->ac) - { - destroy(this->ac); - } - builder_cancel(&this->public); - break; + switch (va_arg(args, builder_part_t)) + { + case BUILD_NOT_BEFORE_TIME: + ac->notBefore = va_arg(args, time_t); + continue; + case BUILD_NOT_AFTER_TIME: + ac->notAfter = va_arg(args, time_t); + continue; + case BUILD_SERIAL: + ac->serialNumber = chunk_clone(va_arg(args, chunk_t)); + continue; + case BUILD_IETF_GROUP_ATTR: + ac->groups = ietf_attributes_create_from_string(va_arg(args, char*)); + continue; + case BUILD_CERT: + ac->holderCert = va_arg(args, certificate_t*); + ac->holderCert->get_ref(ac->holderCert); + continue; + case BUILD_SIGNING_CERT: + ac->signerCert = va_arg(args, certificate_t*); + ac->signerCert->get_ref(ac->signerCert); + continue; + case BUILD_SIGNING_KEY: + ac->signerKey = va_arg(args, private_key_t*); + ac->signerKey->get_ref(ac->signerKey); + continue; + case BUILD_END: + break; + default: + destroy(ac); + return NULL; + } + break; } - va_end(args); -} -/** - * Builder construction function - */ -builder_t *x509_ac_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_AC) + if (ac->signerKey && ac->holderCert && ac->signerCert && + ac->holderCert->get_type(ac->holderCert) == CERT_X509 && + ac->signerCert->get_type(ac->signerCert) == CERT_X509) { - return NULL; + ac->encoding = build_ac(ac); + return &ac->public; } - - this = malloc_thing(private_builder_t); - - this->ac = create_empty(); - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + destroy(ac); + return NULL; } diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h index 958d5c57a..da0988c6e 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.h +++ b/src/libstrongswan/plugins/x509/x509_ac.h @@ -2,6 +2,7 @@ * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter * Copyright (C) 2002-2008 Andreas Steffen + * Copyright (C) 2009 Martin Willi * * Hochschule fuer Technik Rapperswil * @@ -24,6 +25,7 @@ #ifndef X509_AC_H_ #define X509_AC_H_ +#include <credentials/builder.h> #include <credentials/certificates/ac.h> typedef struct x509_ac_t x509_ac_t; @@ -40,18 +42,28 @@ struct x509_ac_t { }; /** - * Create the building facility for X.509 attribute certificates. + * Load a X.509 attribute certificate. * - * The resulting builder accepts: - * BUILD_USER_CERT: user certificate, exactly one - * BUILD_SIGNER_CERT: signer certificate, exactly one - * BUILD_SIGNER_KEY: signer private key, exactly one - * BUILD_SERIAL: serial number, exactly one - * BUILD_GROUP_ATTR: group attribute, optional, several possible + * @param type certificate type, CERT_X509_AC only + * @param args builder_part_t argument list + * @return X.509 Attribute certificate, NULL on failure + */ +x509_ac_t *x509_ac_load(certificate_type_t type, va_list args); + +/** + * Generate a X.509 attribute certificate. + * + * Accepted build parts: + * BUILD_USER_CERT: user certificate + * BUILD_SIGNER_CERT: signer certificate + * BUILD_SIGNER_KEY: signer private key + * BUILD_SERIAL: serial number + * BUILD_GROUP_ATTR: group attribute, several possible * * @param type certificate type, CERT_X509_AC only - * @return builder instance to build X.509 attribute certificates + * @param args builder_part_t argument list + * @return X.509 Attribute certificate, NULL on failure */ -builder_t *x509_ac_builder(certificate_type_t type); +x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args); #endif /** X509_AC_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 6fe1809c2..3b729236e 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -3,7 +3,7 @@ * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss * Copyright (C) 2002 Mario Strasser * Copyright (C) 2000-2006 Andreas Steffen - * Copyright (C) 2006-2008 Martin Willi + * Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -33,11 +33,11 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <asn1/pem.h> #include <crypto/hashers/hasher.h> #include <credentials/keys/private_key.h> #include <utils/linked_list.h> #include <utils/identification.h> +#include <selectors/traffic_selector.h> /** * Different kinds of generalNames @@ -65,17 +65,17 @@ struct private_x509_cert_t { * Public interface for this certificate. */ x509_cert_t public; - + /** * X.509 certificate encoding in ASN.1 DER format */ chunk_t encoding; - + /** * SHA1 hash of the DER encoding of this X.509 certificate */ chunk_t encoding_hash; - + /** * X.509 certificate body over which signature is computed */ @@ -85,100 +85,109 @@ struct private_x509_cert_t { * Version of the X.509 certificate */ u_int version; - + /** * Serial number of the X.509 certificate */ chunk_t serialNumber; - + /** * ID representing the certificate issuer */ identification_t *issuer; - + /** * Start time of certificate validity */ time_t notBefore; - + /** * End time of certificate validity */ time_t notAfter; - + /** * ID representing the certificate subject */ identification_t *subject; - + /** * List of subjectAltNames as identification_t */ linked_list_t *subjectAltNames; - + /** * List of crlDistributionPoints as allocated char* */ linked_list_t *crl_uris; - + /** - * List ocspAccessLocations as identification_t + * List of ocspAccessLocations as allocated char* */ linked_list_t *ocsp_uris; - + /** - * certificates embedded public key + * List of ipAddrBlocks as traffic_selector_t + */ + linked_list_t *ipAddrBlocks; + + /** + * certificate's embedded public key */ public_key_t *public_key; - + /** * Subject Key Identifier */ - chunk_t subjectKeyID; - + chunk_t subjectKeyIdentifier; + /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; - + chunk_t authKeyIdentifier; + /** * Authority Key Serial Number */ chunk_t authKeySerialNumber; - + + /** + * Path Length Constraint + */ + int pathLenConstraint; + /** * x509 constraints and other flags */ x509_flag_t flags; - + /** * Signature algorithm */ int algorithm; - + /** * Signature */ chunk_t signature; - + /** * Certificate parsed from blob/file? */ bool parsed; - + /** * reference count */ refcount_t ref; }; -static u_char ASN1_sAN_oid_buf[] = { +static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( 0x06, 0x03, 0x55, 0x1D, 0x11 -}; -static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_sAN_oid_buf); +); /** - * ASN.1 definition of a basicConstraints extension + * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -187,12 +196,14 @@ static const asn1Object_t basicConstraintsObjects[] = { { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define BASIC_CONSTRAINTS_CA 1 +#define BASIC_CONSTRAINTS_CA 1 +#define BASIC_CONSTRAINTS_PATH_LEN 2 /** * Extracts the basicConstraints extension */ -static bool parse_basicConstraints(chunk_t blob, int level0) +static void parse_basicConstraints(chunk_t blob, int level0, + private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; @@ -204,19 +215,39 @@ static bool parse_basicConstraints(chunk_t blob, int level0) while (parser->iterate(parser, &objectID, &object)) { - if (objectID == BASIC_CONSTRAINTS_CA) + switch (objectID) { - isCA = object.len && *object.ptr; - DBG2(" %s", isCA ? "TRUE" : "FALSE"); + case BASIC_CONSTRAINTS_CA: + isCA = object.len && *object.ptr; + DBG2(" %s", isCA ? "TRUE" : "FALSE"); + if (isCA) + { + this->flags |= X509_CA; + } + break; + case BASIC_CONSTRAINTS_PATH_LEN: + if (isCA) + { + if (object.len == 0) + { + this->pathLenConstraint = 0; + } + else if (object.len == 1) + { + this->pathLenConstraint = *object.ptr; + } + /* we ignore path length constraints > 127 */ + } + break; + default: + break; } } parser->destroy(parser); - - return isCA; } /** - * ASN.1 definition of otherName + * ASN.1 definition of otherName */ static const asn1Object_t otherNameObjects[] = { {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ @@ -262,14 +293,14 @@ static bool parse_otherName(chunk_t blob, int level0) } } success = parser->success(parser); - + end: parser->destroy(parser); return success; } /** - * ASN.1 definition of generalName + * ASN.1 definition of generalName */ static const asn1Object_t generalNameObjects[] = { { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */ @@ -292,10 +323,10 @@ static const asn1Object_t generalNameObjects[] = { { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define GN_OBJ_OTHER_NAME 0 -#define GN_OBJ_RFC822_NAME 2 -#define GN_OBJ_DNS_NAME 4 -#define GN_OBJ_X400_ADDRESS 6 +#define GN_OBJ_OTHER_NAME 0 +#define GN_OBJ_RFC822_NAME 2 +#define GN_OBJ_DNS_NAME 4 +#define GN_OBJ_X400_ADDRESS 6 #define GN_OBJ_DIRECTORY_NAME 8 #define GN_OBJ_EDI_PARTY_NAME 10 #define GN_OBJ_URI 12 @@ -310,16 +341,16 @@ static identification_t *parse_generalName(chunk_t blob, int level0) asn1_parser_t *parser; chunk_t object; int objectID ; - + identification_t *gn = NULL; - + parser = asn1_parser_create(generalNameObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { id_type_t id_type = ID_ANY; - + switch (objectID) { case GN_OBJ_RFC822_NAME: @@ -356,14 +387,14 @@ static identification_t *parse_generalName(chunk_t blob, int level0) goto end; } } - + end: parser->destroy(parser); return gn; } /** - * ASN.1 definition of generalNames + * ASN.1 definition of generalNames */ static const asn1Object_t generalNamesObjects[] = { { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ @@ -381,18 +412,18 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis asn1_parser_t *parser; chunk_t object; int objectID; - + parser = asn1_parser_create(generalNamesObjects, blob); parser->set_top_level(parser, level0); parser->set_flags(parser, implicit, FALSE); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == GENERAL_NAMES_GN) { identification_t *gn = parse_generalName(object, parser->get_level(parser)+1); - + if (gn) { list->insert_last(list, (void *)gn); @@ -403,7 +434,7 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis } /** - * ASN.1 definition of a authorityKeyIdentifier extension + * ASN.1 definition of a authorityKeyIdentifier extension */ static const asn1Object_t authKeyIdentifierObjects[] = { { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -422,26 +453,25 @@ static const asn1Object_t authKeyIdentifierObjects[] = { /** * Extracts an authoritykeyIdentifier */ -identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, +chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber) { asn1_parser_t *parser; chunk_t object; int objectID; - identification_t *authKeyIdentifier = NULL; - + chunk_t authKeyIdentifier = chunk_empty; + *authKeySerialNumber = chunk_empty; - + parser = asn1_parser_create(authKeyIdentifierObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { - switch (objectID) + switch (objectID) { case AUTH_KEY_ID_KEY_ID: - authKeyIdentifier = identification_create_from_encoding( - ID_PUBKEY_SHA1, object); + authKeyIdentifier = chunk_clone(object); break; case AUTH_KEY_ID_CERT_ISSUER: /* TODO: x509_parse_generalNames(object, level+1, TRUE); */ @@ -458,7 +488,7 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, } /** - * ASN.1 definition of a authorityInfoAccess extension + * ASN.1 definition of a authorityInfoAccess extension */ static const asn1Object_t authInfoAccessObjects[] = { { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ @@ -481,13 +511,13 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, chunk_t object; int objectID; int accessMethod = OID_UNKNOWN; - + parser = asn1_parser_create(authInfoAccessObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { - switch (objectID) + switch (objectID) { case AUTH_INFO_ACCESS_METHOD: accessMethod = asn1_known_oid(object); @@ -501,7 +531,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, { identification_t *id; char *uri; - + id = parse_generalName(object, parser->get_level(parser)+1); if (id == NULL) @@ -528,7 +558,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, break; } } - + end: parser->destroy(parser); } @@ -547,26 +577,37 @@ static const asn1Object_t extendedKeyUsageObjects[] = { /** * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned */ -static bool parse_extendedKeyUsage(chunk_t blob, int level0) +static void parse_extendedKeyUsage(chunk_t blob, int level0, + private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; int objectID; - bool ocsp_signing = FALSE; - + parser = asn1_parser_create(extendedKeyUsageObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { - if (objectID == EXT_KEY_USAGE_PURPOSE_ID && - asn1_known_oid(object) == OID_OCSP_SIGNING) + if (objectID == EXT_KEY_USAGE_PURPOSE_ID) { - ocsp_signing = TRUE; + switch (asn1_known_oid(object)) + { + case OID_SERVER_AUTH: + this->flags |= X509_SERVER_AUTH; + break; + case OID_CLIENT_AUTH: + this->flags |= X509_CLIENT_AUTH; + break; + case OID_OCSP_SIGNING: + this->flags |= X509_OCSP_SIGNER; + break; + default: + break; + } } } parser->destroy(parser); - return ocsp_signing; } /** @@ -600,24 +641,24 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, chunk_t object; int objectID; linked_list_t *list = linked_list_create(); - + parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == CRL_DIST_POINTS_FULLNAME) { identification_t *id; - + /* append extracted generalNames to existing chained list */ x509_parse_generalNames(object, parser->get_level(parser)+1, TRUE, list); - + while (list->remove_last(list, (void**)&id) == SUCCESS) { char *uri; - + if (asprintf(&uri, "%Y", id) > 0) { this->crl_uris->insert_last(this->crl_uris, uri); @@ -631,6 +672,147 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, } /** + * ASN.1 definition of ipAddrBlocks according to RFC 3779 + */ +static const asn1Object_t ipAddrBlocksObjects[] = { + { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ + { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ + { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ + { 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ + { 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ + { 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ + { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ + { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ + { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ + { 2, "end choice/loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define IP_ADDR_BLOCKS_FAMILY 2 +#define IP_ADDR_BLOCKS_INHERIT 3 +#define IP_ADDR_BLOCKS_PREFIX 6 +#define IP_ADDR_BLOCKS_MIN 9 +#define IP_ADDR_BLOCKS_MAX 10 + +static bool check_address_object(ts_type_t ts_type, chunk_t object) +{ + switch (ts_type) + { + case TS_IPV4_ADDR_RANGE: + if (object.len > 5) + { + DBG1("IPv4 address object is larger than 5 octets"); + return FALSE; + } + break; + case TS_IPV6_ADDR_RANGE: + if (object.len > 17) + { + DBG1("IPv6 address object is larger than 17 octets"); + return FALSE; + } + break; + default: + DBG1("unknown address family"); + return FALSE; + } + if (object.len == 0) + { + DBG1("An ASN.1 bit string must contain at least the initial octet"); + return FALSE; + } + if (object.len == 1 && object.ptr[0] != 0) + { + DBG1("An empty ASN.1 bit string must contain a zero initial octet"); + return FALSE; + } + if (object.ptr[0] > 7) + { + DBG1("number of unused bits is too large"); + return FALSE; + } + return TRUE; +} + +static void parse_ipAddrBlocks(chunk_t blob, int level0, + private_x509_cert_t *this) +{ + asn1_parser_t *parser; + chunk_t object, min_object; + ts_type_t ts_type = 0; + traffic_selector_t *ts; + int objectID; + + parser = asn1_parser_create(ipAddrBlocksObjects, blob); + parser->set_top_level(parser, level0); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case IP_ADDR_BLOCKS_FAMILY: + ts_type = 0; + if (object.len == 2 && object.ptr[0] == 0) + { + if (object.ptr[1] == 1) + { + ts_type = TS_IPV4_ADDR_RANGE; + } + else if (object.ptr[1] == 2) + { + ts_type = TS_IPV6_ADDR_RANGE; + } + else + { + break; + } + DBG2(" %N", ts_type_name, ts_type); + } + break; + case IP_ADDR_BLOCKS_INHERIT: + DBG1("inherit choice is not supported"); + break; + case IP_ADDR_BLOCKS_PREFIX: + if (!check_address_object(ts_type, object)) + { + goto end; + } + ts = traffic_selector_create_from_rfc3779_format(ts_type, + object, object); + DBG2(" %R", ts); + this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); + break; + case IP_ADDR_BLOCKS_MIN: + if (!check_address_object(ts_type, object)) + { + goto end; + } + min_object = object; + break; + case IP_ADDR_BLOCKS_MAX: + if (!check_address_object(ts_type, object)) + { + goto end; + } + ts = traffic_selector_create_from_rfc3779_format(ts_type, + min_object, object); + DBG2(" %R", ts); + this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); + break; + default: + break; + } + } + this->flags |= X509_IP_ADDR_BLOCKS; + +end: + parser->destroy(parser); +} + +/** * ASN.1 definition of an X.509v3 x509_cert */ static const asn1Object_t certObjects[] = { @@ -671,6 +853,7 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_NOT_AFTER 9 #define X509_OBJ_SUBJECT 10 #define X509_OBJ_SUBJECT_PUBLIC_KEY_INFO 11 +#define X509_OBJ_OPTIONAL_EXTENSIONS 16 #define X509_OBJ_EXTN_ID 19 #define X509_OBJ_CRITICAL 20 #define X509_OBJ_EXTN_VALUE 21 @@ -678,6 +861,11 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_SIGNATURE 25 /** + * forward declaration + */ +static bool issued_by(private_x509_cert_t *this, certificate_t *issuer); + +/** * Parses an X.509v3 certificate */ static bool parse_certificate(private_x509_cert_t *this) @@ -688,14 +876,14 @@ static bool parse_certificate(private_x509_cert_t *this) int extn_oid = OID_UNKNOWN; int sig_alg = OID_UNKNOWN; bool success = FALSE; - bool critical; - + bool critical = FALSE; + parser = asn1_parser_create(certObjects, this->encoding); - + while (parser->iterate(parser, &objectID, &object)) { u_int level = parser->get_level(parser)+1; - + switch (objectID) { case X509_OBJ_TBS_CERTIFICATE: @@ -703,7 +891,15 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_VERSION: this->version = (object.len) ? (1+(u_int)*object.ptr) : 1; - DBG2(" v%d", this->version); + if (this->version < 1 || this->version > 3) + { + DBG1("X.509v%d not supported", this->version); + goto end; + } + else + { + DBG2(" X.509v%d", this->version); + } break; case X509_OBJ_SERIAL_NUMBER: this->serialNumber = object; @@ -726,13 +922,22 @@ static bool parse_certificate(private_x509_cert_t *this) DBG2(" '%Y'", this->subject); break; case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: + DBG2("-- > --"); this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); + DBG2("-- < --"); if (this->public_key == NULL) { goto end; } break; + case X509_OBJ_OPTIONAL_EXTENSIONS: + if (this->version != 3) + { + DBG1("Only X.509v3 certificates have extensions"); + goto end; + } + break; case X509_OBJ_EXTN_ID: extn_oid = asn1_known_oid(object); break; @@ -750,45 +955,50 @@ static bool parse_certificate(private_x509_cert_t *this) { goto end; } - this->subjectKeyID = object; + this->subjectKeyIdentifier = object; break; case OID_SUBJECT_ALT_NAME: x509_parse_generalNames(object, level, FALSE, this->subjectAltNames); break; case OID_BASIC_CONSTRAINTS: - if (parse_basicConstraints(object, level)) - { - this->flags |= X509_CA; - } + parse_basicConstraints(object, level, this); break; case OID_CRL_DISTRIBUTION_POINTS: parse_crlDistributionPoints(object, level, this); break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + level, &this->authKeySerialNumber); break; case OID_AUTHORITY_INFO_ACCESS: parse_authorityInfoAccess(object, level, this); break; case OID_EXTENDED_KEY_USAGE: - if (parse_extendedKeyUsage(object, level)) - { - this->flags |= X509_OCSP_SIGNER; - } + parse_extendedKeyUsage(object, level, this); + break; + case OID_IP_ADDR_BLOCKS: + parse_ipAddrBlocks(object, level, this); break; case OID_NS_REVOCATION_URL: case OID_NS_CA_REVOCATION_URL: case OID_NS_CA_POLICY_URL: case OID_NS_COMMENT: - if (!asn1_parse_simple_object(&object, ASN1_IA5STRING, + if (!asn1_parse_simple_object(&object, ASN1_IA5STRING, level, oid_names[extn_oid].name)) { goto end; } break; default: + if (critical && lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.x509.enforce_critical", FALSE)) + { + DBG1("critical %s extension not supported", + (extn_oid == OID_UNKNOWN) ? "unknown" : + (char*)oid_names[extn_oid].name); + goto end; + } break; } break; @@ -809,9 +1019,28 @@ static bool parse_certificate(private_x509_cert_t *this) } } success = parser->success(parser); - + end: parser->destroy(parser); + if (success) + { + hasher_t *hasher; + + /* check if the certificate is self-signed */ + if (issued_by(this, &this->public.interface.interface)) + { + this->flags |= X509_SELF_SIGNED; + } + /* create certificate hash */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + DBG1(" unable to create hash of certificate, SHA1 not supported"); + return NULL; + } + hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); + hasher->destroy(hasher); + } return success; } @@ -847,13 +1076,15 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje identification_t *current; enumerator_t *enumerator; id_match_t match, best; - - if (this->encoding_hash.ptr && subject->get_type(subject) == ID_CERT_DER_SHA1 && - chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + + if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID) { - return ID_MATCH_PERFECT; + if (chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } } - + best = this->subject->matches(this->subject, subject); enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames); while (enumerator->enumerate(enumerator, ¤t)) @@ -861,15 +1092,15 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje match = current->matches(current, subject); if (match > best) { - best = match; + best = match; } } enumerator->destroy(enumerator); - return best; + return best; } /** - * Implementation of certificate_t.has_subject. + * Implementation of certificate_t.has_issuer. */ static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer) { @@ -878,7 +1109,7 @@ static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer } /** - * Implementation of certificate_t.issued_by + * Implementation of certificate_t.issued_by. */ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) { @@ -886,7 +1117,7 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + if (&this->public.interface.interface == issuer) { if (this->flags & X509_SELF_SIGNED) @@ -910,17 +1141,18 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) return FALSE; } - /* get the public key of the issuer */ - key = issuer->get_public_key(issuer); - /* determine signature scheme */ scheme = signature_scheme_from_oid(this->algorithm); - - if (scheme == SIGN_UNKNOWN || key == NULL) + if (scheme == SIGN_UNKNOWN) + { + return FALSE; + } + /* get the public key of the issuer */ + key = issuer->get_public_key(issuer); + if (!key) { return FALSE; } - /* TODO: add a lightweight check option (comparing auth/subject keyids only) */ valid = key->verify(key, scheme, this->tbsCertificate, this->signature); key->destroy(key); return valid; @@ -936,7 +1168,7 @@ static public_key_t* get_public_key(private_x509_cert_t *this) } /** - * Implementation of certificate_t.asdf + * Implementation of certificate_t.get_ref */ static private_x509_cert_t* get_ref(private_x509_cert_t *this) { @@ -958,16 +1190,8 @@ static x509_flag_t get_flags(private_x509_cert_t *this) static bool get_validity(private_x509_cert_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; - - if (when) - { - t = *when; - } - else - { - t = time(NULL); - } + time_t t = when ? *when : time(NULL); + if (not_before) { *not_before = this->notBefore; @@ -986,7 +1210,7 @@ static bool is_newer(certificate_t *this, certificate_t *that) { time_t this_update, that_update, now = time(NULL); bool new; - + this->get_validity(this, &now, &this_update, NULL); that->get_validity(that, &now, &that_update, NULL); new = this_update > that_update; @@ -995,7 +1219,7 @@ static bool is_newer(certificate_t *this, certificate_t *that) &that_update, FALSE, new ? "replaced":"retained"); return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -1011,7 +1235,7 @@ static bool equals(private_x509_cert_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if (this == (private_x509_cert_t*)other) { return TRUE; @@ -1022,7 +1246,7 @@ static bool equals(private_x509_cert_t *this, certificate_t *other) } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -1039,14 +1263,47 @@ static chunk_t get_serial(private_x509_cert_t *this) } /** + * Implementation of x509_t.get_subjectKeyIdentifier. + */ +static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this) +{ + if (this->subjectKeyIdentifier.ptr) + { + return this->subjectKeyIdentifier; + } + else + { + chunk_t fingerprint; + + if (this->public_key->get_fingerprint(this->public_key, + KEY_ID_PUBKEY_SHA1, &fingerprint)) + { + return fingerprint; + } + else + { + return chunk_empty; + } + } +} + +/** * Implementation of x509_t.get_authKeyIdentifier. */ -static identification_t *get_authKeyIdentifier(private_x509_cert_t *this) +static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) { return this->authKeyIdentifier; } /** + * Implementation of x509_t.get_pathLenConstraint. + */ +static int get_pathLenConstraint(private_x509_cert_t *this) +{ + return this->pathLenConstraint; +} + +/** * Implementation of x509_cert_t.create_subjectAltName_enumerator. */ static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this) @@ -1071,7 +1328,15 @@ static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this) } /** - * Implementation of certificate_t.asdf + * Implementation of x509_cert_t.create_ipAddrBlock_enumerator. + */ +static enumerator_t* create_ipAddrBlock_enumerator(private_x509_cert_t *this) +{ + return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks); +} + +/** + * Implementation of certificate_t.destroy. */ static void destroy(private_x509_cert_t *this) { @@ -1081,10 +1346,11 @@ static void destroy(private_x509_cert_t *this) offsetof(identification_t, destroy)); this->crl_uris->destroy_function(this->crl_uris, free); this->ocsp_uris->destroy_function(this->ocsp_uris, free); + this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy)); DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); - DESTROY_IF(this->authKeyIdentifier); + chunk_free(&this->authKeyIdentifier); chunk_free(&this->encoding); chunk_free(&this->encoding_hash); if (!this->parsed) @@ -1103,7 +1369,7 @@ static void destroy(private_x509_cert_t *this) static private_x509_cert_t* create_empty(void) { private_x509_cert_t *this = malloc_thing(private_x509_cert_t); - + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; @@ -1119,16 +1385,19 @@ static private_x509_cert_t* create_empty(void) this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; - this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint; this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; - + this->public.interface.create_ipAddrBlock_enumerator = (enumerator_t* (*)(x509_t*))create_ipAddrBlock_enumerator; + this->encoding = chunk_empty; this->encoding_hash = chunk_empty; this->tbsCertificate = chunk_empty; - this->version = 3; - this->serialNumber = chunk_empty; + this->version = 1; + this->serialNumber = chunk_empty; this->notBefore = 0; this->notAfter = 0; this->public_key = NULL; @@ -1137,111 +1406,96 @@ static private_x509_cert_t* create_empty(void) this->subjectAltNames = linked_list_create(); this->crl_uris = linked_list_create(); this->ocsp_uris = linked_list_create(); - this->subjectKeyID = chunk_empty; - this->authKeyIdentifier = NULL; + this->ipAddrBlocks = linked_list_create(); + this->subjectKeyIdentifier = chunk_empty; + this->authKeyIdentifier = chunk_empty; this->authKeySerialNumber = chunk_empty; + this->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; this->algorithm = 0; this->signature = chunk_empty; this->flags = 0; this->ref = 1; this->parsed = FALSE; - - return this; -} -/** - * create an X.509 certificate from a chunk - */ -static private_x509_cert_t *create_from_chunk(chunk_t chunk) -{ - hasher_t *hasher; - private_x509_cert_t *this = create_empty(); - - this->encoding = chunk; - this->parsed = TRUE; - if (!parse_certificate(this)) - { - destroy(this); - return NULL; - } - - /* check if the certificate is self-signed */ - if (issued_by(this, &this->public.interface.interface)) - { - this->flags |= X509_SELF_SIGNED; - } - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1(" unable to create hash of certificate, SHA1 not supported"); - destroy(this); - return NULL; - } - hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); - hasher->destroy(hasher); - return this; } /** - * create an X.509 certificate from a file + * Encode a linked list of subjectAltNames */ -static private_x509_cert_t *create_from_file(char *path) +chunk_t x509_build_subjectAltNames(linked_list_t *list) { - bool pgp = FALSE; - chunk_t chunk; - private_x509_cert_t *this; - - if (!pem_asn1_load_file(path, NULL, &chunk, &pgp)) + chunk_t subjectAltNames = chunk_empty; + enumerator_t *enumerator; + identification_t *id; + + if (list->get_count(list) == 0) { - return NULL; + return chunk_empty; } - this = create_from_chunk(chunk); - - if (this == NULL) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &id)) { - DBG1(" could not parse loaded certificate file '%s'",path); - return NULL; + int context; + chunk_t name; + + switch (id->get_type(id)) + { + case ID_RFC822_ADDR: + context = ASN1_CONTEXT_S_1; + break; + case ID_FQDN: + context = ASN1_CONTEXT_S_2; + break; + case ID_IPV4_ADDR: + case ID_IPV6_ADDR: + context = ASN1_CONTEXT_S_7; + break; + default: + DBG1("encoding %N as subjectAltName not supported", + id_type_names, id->get_type(id)); + enumerator->destroy(enumerator); + free(subjectAltNames.ptr); + return chunk_empty; + } + name = asn1_wrap(context, "c", id->get_encoding(id)); + subjectAltNames = chunk_cat("mm", subjectAltNames, name); } - DBG1(" loaded certificate file '%s'", path); - return this; -} + enumerator->destroy(enumerator); -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for certificate loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded certificate */ - private_x509_cert_t *cert; - /** additional flags to enforce */ - x509_flag_t flags; - /** certificate to sign, if we generate a new cert */ - certificate_t *sign_cert; - /** private key to sign, if we generate a new cert */ - private_key_t *sign_key; -}; + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_SUBJECT_ALT_NAME), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", subjectAltNames) + ) + ); +} /** * Generate and sign a new certificate */ -static bool generate(private_builder_t *this) +static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, + private_key_t *sign_key, int digest_alg) { - chunk_t extensions = chunk_empty; + chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; + chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; + chunk_t ocspSigning = chunk_empty; + chunk_t basicConstraints = chunk_empty, subjectAltNames = chunk_empty; + chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; + chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; identification_t *issuer, *subject; - chunk_t key_info, key; + chunk_t key_info; signature_scheme_t scheme; hasher_t *hasher; - - subject = this->cert->subject; - if (this->sign_cert) + enumerator_t *enumerator; + char *uri; + + subject = cert->subject; + if (sign_cert) { - issuer = this->sign_cert->get_subject(this->sign_cert); - if (!this->cert->public_key) + issuer = sign_cert->get_subject(sign_cert); + if (!cert->public_key) { return FALSE; } @@ -1249,216 +1503,355 @@ static bool generate(private_builder_t *this) else { /* self signed */ issuer = subject; - if (!this->cert->public_key) + if (!cert->public_key) { - this->cert->public_key = this->sign_key->get_public_key(this->sign_key); + cert->public_key = sign_key->get_public_key(sign_key); } - this->flags |= X509_SELF_SIGNED; + cert->flags |= X509_SELF_SIGNED; } - this->cert->issuer = issuer->clone(issuer); - if (!this->cert->notBefore) + cert->issuer = issuer->clone(issuer); + if (!cert->notBefore) { - this->cert->notBefore = time(NULL); + cert->notBefore = time(NULL); } - if (!this->cert->notAfter) - { /* defaults to 1 years from now on */ - this->cert->notAfter = this->cert->notBefore + 60 * 60 * 24 * 365; + if (!cert->notAfter) + { /* defaults to 1 year from now */ + cert->notAfter = cert->notBefore + 60 * 60 * 24 * 365; } - this->cert->flags = this->flags; - - switch (this->sign_key->get_type(this->sign_key)) + + /* select signature scheme */ + cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key)); + if (cert->algorithm == OID_UNKNOWN) { - case KEY_RSA: - this->cert->algorithm = OID_SHA1_WITH_RSA; - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - break; - default: - return FALSE; + return FALSE; } - - switch (this->cert->public_key->get_type(this->cert->public_key)) + scheme = signature_scheme_from_oid(cert->algorithm); + + if (!cert->public_key->get_encoding(cert->public_key, + KEY_PUB_SPKI_ASN1_DER, &key_info)) { - case KEY_RSA: - key = this->cert->public_key->get_encoding(this->cert->public_key); - key_info = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); - break; - default: - return FALSE; + return FALSE; + } + + /* encode subjectAltNames */ + subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); + + /* encode CRL distribution points extension */ + enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); + while (enumerator->enumerate(enumerator, &uri)) + { + chunk_t distributionPoint; + + distributionPoint = asn1_wrap(ASN1_SEQUENCE, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(uri, strlen(uri)))))); + + crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, + distributionPoint); + } + enumerator->destroy(enumerator); + if (crlDistributionPoints.ptr) + { + crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); + } + + /* encode OCSP URIs in authorityInfoAccess extension */ + enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); + while (enumerator->enumerate(enumerator, &uri)) + { + chunk_t accessDescription; + + accessDescription = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_OCSP), + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(uri, strlen(uri)))); + authorityInfoAccess = chunk_cat("mm", authorityInfoAccess, + accessDescription); + } + enumerator->destroy(enumerator); + if (authorityInfoAccess.ptr) + { + authorityInfoAccess = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_AUTHORITY_INFO_ACCESS), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", authorityInfoAccess))); + } + + /* build CA basicConstraint for CA certificates */ + if (cert->flags & X509_CA) + { + chunk_t pathLenConstraint = chunk_empty; + + if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) + { + char pathlen = (char)cert->pathLenConstraint; + + pathLenConstraint = asn1_integer("c", chunk_from_thing(pathlen)); + } + basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", + asn1_build_known_oid(OID_BASIC_CONSTRAINTS), + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + pathLenConstraint))); + } + + /* add serverAuth extendedKeyUsage flag */ + if (cert->flags & X509_SERVER_AUTH) + { + serverAuth = asn1_build_known_oid(OID_SERVER_AUTH); + } + if (cert->flags & X509_CLIENT_AUTH) + { + clientAuth = asn1_build_known_oid(OID_CLIENT_AUTH); + } + + /* add ocspSigning extendedKeyUsage flag */ + if (cert->flags & X509_OCSP_SIGNER) + { + ocspSigning = asn1_build_known_oid(OID_OCSP_SIGNING); + } + + if (serverAuth.ptr || clientAuth.ptr || ocspSigning.ptr) + { + extendedKeyUsage = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EXTENDED_KEY_USAGE), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "mmm", + serverAuth, clientAuth, ocspSigning))); + } + + /* add subjectKeyIdentifier to CA and OCSP signer certificates */ + if (cert->flags & (X509_CA | X509_OCSP_SIGNER)) + { + chunk_t keyid; + + if (cert->public_key->get_fingerprint(cert->public_key, + KEY_ID_PUBKEY_SHA1, &keyid)) + { + subjectKeyIdentifier = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_SUBJECT_KEY_ID), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_OCTET_STRING, "c", keyid))); + } + } + + /* add the keyid authKeyIdentifier for non self-signed certificates */ + if (sign_key) + { + chunk_t keyid; + + if (sign_key->get_fingerprint(sign_key, KEY_ID_PUBKEY_SHA1, &keyid)) + { + authKeyIdentifier = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_AUTHORITY_KEY_ID), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", + asn1_wrap(ASN1_CONTEXT_S_0, "c", keyid)))); + } } - - if (this->cert->subjectAltNames->get_count(this->cert->subjectAltNames)) + if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr || + crlDistributionPoints.ptr) { - /* TODO: encode subjectAltNames */ + extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", + asn1_wrap(ASN1_SEQUENCE, "mmmmmmm", + basicConstraints, subjectKeyIdentifier, + authKeyIdentifier, subjectAltNames, + extendedKeyUsage, crlDistributionPoints, + authorityInfoAccess)); } - - this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm", + + cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2), - asn1_integer("c", this->cert->serialNumber), - asn1_algorithmIdentifier(this->cert->algorithm), + asn1_integer("c", cert->serialNumber), + asn1_algorithmIdentifier(cert->algorithm), issuer->get_encoding(issuer), asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_from_time(&this->cert->notBefore, ASN1_UTCTIME), - asn1_from_time(&this->cert->notAfter, ASN1_UTCTIME)), + asn1_from_time(&cert->notBefore, ASN1_UTCTIME), + asn1_from_time(&cert->notAfter, ASN1_UTCTIME)), subject->get_encoding(subject), key_info, extensions); - - if (!this->sign_key->sign(this->sign_key, scheme, - this->cert->tbsCertificate, &this->cert->signature)) + + if (!sign_key->sign(sign_key, scheme, cert->tbsCertificate, &cert->signature)) { return FALSE; } - this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "ccm", - this->cert->tbsCertificate, - asn1_algorithmIdentifier(this->cert->algorithm), - asn1_bitstring("c", this->cert->signature)); - + cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", cert->tbsCertificate, + asn1_algorithmIdentifier(cert->algorithm), + asn1_bitstring("c", cert->signature)); + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { return FALSE; } - hasher->allocate_hash(hasher, this->cert->encoding, - &this->cert->encoding_hash); + hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash); hasher->destroy(hasher); return TRUE; } /** - * Implementation of builder_t.build + * See header. */ -static private_x509_cert_t *build(private_builder_t *this) +x509_cert_t *x509_cert_load(certificate_type_t type, va_list args) { - private_x509_cert_t *cert; - - if (this->cert) + x509_flag_t flags = 0; + chunk_t blob = chunk_empty; + + while (TRUE) { - this->cert->flags |= this->flags; - if (!this->cert->encoding.ptr) - { /* generate a new certificate */ - if (!this->sign_key || !generate(this)) - { - destroy(this->cert); - free(this); + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_X509_FLAG: + flags |= va_arg(args, x509_flag_t); + continue; + case BUILD_END: + break; + default: return NULL; - } } + break; + } + + if (blob.ptr) + { + private_x509_cert_t *cert = create_empty(); + + cert->encoding = chunk_clone(blob); + cert->parsed = TRUE; + if (parse_certificate(cert)) + { + cert->flags |= flags; + return &cert->public; + } + destroy(cert); } - cert = this->cert; - free(this); - return cert; + return NULL; } /** - * Implementation of builder_t.add + * See header. */ -static void add(private_builder_t *this, builder_part_t part, ...) +x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) { - va_list args; - chunk_t chunk; - bool handled = TRUE; - - va_start(args, part); - switch (part) + private_x509_cert_t *cert; + certificate_t *sign_cert = NULL; + private_key_t *sign_key = NULL; + hash_algorithm_t digest_alg = HASH_SHA1; + + cert = create_empty(); + while (TRUE) { - case BUILD_FROM_FILE: - this->cert = create_from_file(va_arg(args, char*)); - break; - case BUILD_BLOB_ASN1_DER: - chunk = va_arg(args, chunk_t); - this->cert = create_from_chunk(chunk_clone(chunk)); - break; - case BUILD_X509_FLAG: - this->flags = va_arg(args, x509_flag_t); - break; - case BUILD_SIGNING_KEY: - this->sign_key = va_arg(args, private_key_t*); - break; - case BUILD_SIGNING_CERT: - this->sign_cert = va_arg(args, certificate_t*); - break; - default: - /* all other parts need an empty cert */ - if (!this->cert) + switch (va_arg(args, builder_part_t)) + { + case BUILD_X509_FLAG: + cert->flags |= va_arg(args, x509_flag_t); + continue; + case BUILD_SIGNING_KEY: + sign_key = va_arg(args, private_key_t*); + continue; + case BUILD_SIGNING_CERT: + sign_cert = va_arg(args, certificate_t*); + continue; + case BUILD_PUBLIC_KEY: + cert->public_key = va_arg(args, public_key_t*); + cert->public_key->get_ref(cert->public_key); + continue; + case BUILD_SUBJECT: + cert->subject = va_arg(args, identification_t*); + cert->subject = cert->subject->clone(cert->subject); + continue; + case BUILD_SUBJECT_ALTNAMES: { - this->cert = create_empty(); + enumerator_t *enumerator; + identification_t *id; + linked_list_t *list; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &id)) + { + cert->subjectAltNames->insert_last(cert->subjectAltNames, + id->clone(id)); + } + enumerator->destroy(enumerator); + continue; } - handled = FALSE; - break; - } - if (handled) - { - va_end(args); - return; - } - - switch (part) - { - case BUILD_PUBLIC_KEY: - { - public_key_t *key = va_arg(args, public_key_t*); - this->cert->public_key = key->get_ref(key); - break; - } - case BUILD_SUBJECT: - { - identification_t *id = va_arg(args, identification_t*); - this->cert->subject = id->clone(id); - break; - } - case BUILD_SUBJECT_ALTNAME: - { - identification_t *id = va_arg(args, identification_t*); - this->cert->subjectAltNames->insert_last( - this->cert->subjectAltNames, id->clone(id)); - break; - } - case BUILD_NOT_BEFORE_TIME: - this->cert->notBefore = va_arg(args, time_t); - break; - case BUILD_NOT_AFTER_TIME: - this->cert->notAfter = va_arg(args, time_t); - break; - case BUILD_SERIAL: - { - chunk_t serial = va_arg(args, chunk_t); - this->cert->serialNumber = chunk_clone(serial); - break; - } - default: - /* abort if unsupported option */ - if (this->cert) + case BUILD_CRL_DISTRIBUTION_POINTS: { - destroy(this->cert); + enumerator_t *enumerator; + linked_list_t *list; + char *uri; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &uri)) + { + cert->crl_uris->insert_last(cert->crl_uris, strdup(uri)); + } + enumerator->destroy(enumerator); + continue; } - builder_cancel(&this->public); - break; + case BUILD_OCSP_ACCESS_LOCATIONS: + { + enumerator_t *enumerator; + linked_list_t *list; + char *uri; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &uri)) + { + cert->ocsp_uris->insert_last(cert->ocsp_uris, strdup(uri)); + } + enumerator->destroy(enumerator); + continue; + } + case BUILD_PATHLEN: + cert->pathLenConstraint = va_arg(args, int); + if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) + { + cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + } + continue; + case BUILD_NOT_BEFORE_TIME: + cert->notBefore = va_arg(args, time_t); + continue; + case BUILD_NOT_AFTER_TIME: + cert->notAfter = va_arg(args, time_t); + continue; + case BUILD_SERIAL: + cert->serialNumber = chunk_clone(va_arg(args, chunk_t)); + continue; + case BUILD_DIGEST_ALG: + digest_alg = va_arg(args, int); + continue; + case BUILD_END: + break; + default: + destroy(cert); + return NULL; + } + break; } - va_end(args); -} -/** - * Builder construction function - */ -builder_t *x509_cert_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509) + if (sign_key && generate(cert, sign_cert, sign_key, digest_alg)) { - return NULL; + return &cert->public; } - - this = malloc_thing(private_builder_t); - - this->cert = NULL; - this->flags = 0; - this->sign_cert = NULL; - this->sign_key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + destroy(cert); + return NULL; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h index 5ebe1567d..772117f1c 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.h +++ b/src/libstrongswan/plugins/x509/x509_cert.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ typedef struct x509_cert_t x509_cert_t; +#include <credentials/builder.h> #include <credentials/certificates/x509.h> /** @@ -37,11 +38,29 @@ struct x509_cert_t { }; /** - * Create the building facility for x509 certificates + * Load a X.509 certificate. + * + * This function takes a BUILD_BLOB_ASN1_DER. + * + * @param type certificate type, CERT_X509 only + * @param args builder_part_t argument list + * @return X.509 certificate, NULL on failure + */ +x509_cert_t *x509_cert_load(certificate_type_t type, va_list args); + +/** + * Generate a X.509 certificate. + * + * To issue a self-signed certificate, the function takes: + * BUILD_SUBJECT, BUILD_SUBJECT_ALTNAMES, BUILD_SIGNING_KEY, BUILD_X509_FLAG, + * BUILD_NOT_BEFORE_TIME, BUILD_NOT_AFTER_TIME, BUILD_SERIAL, BUILD_DIGEST_ALG. + * To issue certificates from a CA, additionally pass: + * BUILD_SIGNING_CERT and BUILD_PUBLIC_KEY. * * @param type certificate type, CERT_X509 only - * @return builder instance to build certificate + * @param args builder_part_t argument list + * @return X.509 certificate, NULL on failure */ -builder_t *x509_cert_builder(certificate_type_t type); +x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args); #endif /** X509_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index f502668cb..b9ef3218b 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ typedef struct revoked_t revoked_t; #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <asn1/pem.h> #include <credentials/certificates/x509.h> #include <utils/linked_list.h> @@ -37,12 +36,12 @@ struct revoked_t { * serial of the revoked certificate */ chunk_t serial; - + /** * date of revocation */ time_t date; - + /** * reason for revocation */ @@ -58,7 +57,7 @@ struct private_x509_crl_t { * public functions */ x509_crl_t public; - + /** * X.509 crl encoding in ASN.1 DER format */ @@ -73,12 +72,12 @@ struct private_x509_crl_t { * Version of the X.509 crl */ u_int version; - + /** * ID representing the crl issuer */ identification_t *issuer; - + /** * CRL number */ @@ -98,27 +97,27 @@ struct private_x509_crl_t { * list of revoked certificates as revoked_t */ linked_list_t *revoked; - + /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; + chunk_t authKeyIdentifier; /** * Authority Key Serial Number */ chunk_t authKeySerialNumber; - + /** * Signature algorithm */ int algorithm; - + /** * Signature */ chunk_t signature; - + /** * reference counter */ @@ -128,8 +127,8 @@ struct private_x509_crl_t { /** * from x509_cert */ -extern identification_t* x509_parse_authorityKeyIdentifier( - chunk_t blob, int level0, +extern chunk_t x509_parse_authorityKeyIdentifier( + chunk_t blob, int level0, chunk_t *authKeySerialNumber); /** @@ -141,7 +140,7 @@ static const asn1Object_t crlObjects[] = { { 2, "version", ASN1_INTEGER, ASN1_OPT | ASN1_BODY }, /* 2 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ + { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */ { 2, "thisUpdate", ASN1_EOC, ASN1_RAW }, /* 6 */ { 2, "nextUpdate", ASN1_EOC, ASN1_RAW }, /* 7 */ @@ -151,7 +150,7 @@ static const asn1Object_t crlObjects[] = { { 4, "userCertificate", ASN1_INTEGER, ASN1_BODY }, /* 10 */ { 4, "revocationDate", ASN1_EOC, ASN1_RAW }, /* 11 */ { 4, "crlEntryExtensions", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 12 */ + ASN1_LOOP }, /* 12 */ { 5, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */ { 6, "extnID", ASN1_OID, ASN1_BODY }, /* 14 */ { 6, "critical", ASN1_BOOLEAN, ASN1_DEF | @@ -239,7 +238,7 @@ static bool parse(private_x509_crl_t *this) revoked = malloc_thing(revoked_t); revoked->serial = userCertificate; revoked->date = asn1_parse_time(object, level); - revoked->reason = CRL_UNSPECIFIED; + revoked->reason = CRL_REASON_UNSPECIFIED; this->revoked->insert_last(this->revoked, (void *)revoked); break; case CRL_OBJ_CRL_ENTRY_EXTN_ID: @@ -269,7 +268,7 @@ static bool parse(private_x509_crl_t *this) { this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + level, &this->authKeySerialNumber); } else if (extn_oid == OID_CRL_NUMBER) { @@ -338,17 +337,18 @@ static chunk_t get_serial(private_x509_crl_t *this) /** * Implementation of crl_t.get_authKeyIdentifier. */ -static identification_t* get_authKeyIdentifier(private_x509_crl_t *this) +static chunk_t get_authKeyIdentifier(private_x509_crl_t *this) { return this->authKeyIdentifier; } + /** * Implementation of crl_t.create_enumerator. */ static enumerator_t* create_enumerator(private_x509_crl_t *this) { return enumerator_create_filter( - this->revoked->create_enumerator(this->revoked), + this->revoked->create_enumerator(this->revoked), (void*)filter, NULL, NULL); } @@ -373,24 +373,12 @@ static identification_t* get_issuer(private_x509_crl_t *this) */ static id_match_t has_issuer(private_x509_crl_t *this, identification_t *issuer) { - id_match_t match; - - if (issuer->get_type(issuer) == ID_PUBKEY_SHA1) - { - if (this->authKeyIdentifier) - { - match = issuer->matches(issuer, this->authKeyIdentifier); - } - else - { - match = ID_MATCH_NONE; - } - } - else + if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr && + chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer))) { - match = this->issuer->matches(this->issuer, issuer); + return ID_MATCH_PERFECT; } - return match; + return this->issuer->matches(this->issuer, issuer); } /** @@ -402,7 +390,7 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + /* check if issuer is an X.509 CA certificate */ if (issuer->get_type(issuer) != CERT_X509) { @@ -417,17 +405,17 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer) key = issuer->get_public_key(issuer); /* compare keyIdentifiers if available, otherwise use DNs */ - if (this->authKeyIdentifier && key) + if (this->authKeyIdentifier.ptr && key) { - identification_t *subjectKeyIdentifier = key->get_id(key, ID_PUBKEY_SHA1); + chunk_t fingerprint; - if (!subjectKeyIdentifier->equals(subjectKeyIdentifier, - this->authKeyIdentifier)) + if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + !chunk_equals(fingerprint, this->authKeyIdentifier)) { return FALSE; } } - else + else { if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer))) { @@ -470,16 +458,8 @@ static private_x509_crl_t* get_ref(private_x509_crl_t *this) static bool get_validity(private_x509_crl_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; - - if (when) - { - t = *when; - } - else - { - t = time(NULL); - } + time_t t = when ? *when : time(NULL); + if (not_before) { *not_before = this->thisUpdate; @@ -498,7 +478,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) { chunk_t that_crlNumber = that->get_serial(that); bool new; - + /* compare crlNumbers if available - otherwise use thisUpdate */ if (this->crlNumber.ptr != NULL && that_crlNumber.ptr != NULL) { @@ -507,7 +487,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) &this->crlNumber, new ? "newer":"not newer", &that_crlNumber, new ? "replaced":"retained"); } - else + else { certificate_t *this_cert = &this->public.crl.certificate; certificate_t *that_cert = &that->certificate; @@ -523,7 +503,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) } return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -539,14 +519,14 @@ static bool equals(private_x509_crl_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if ((certificate_t*)this == other) { return TRUE; } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -563,7 +543,7 @@ static void destroy(private_x509_crl_t *this) { this->revoked->destroy_function(this->revoked, free); DESTROY_IF(this->issuer); - DESTROY_IF(this->authKeyIdentifier); + free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); free(this); } @@ -575,9 +555,9 @@ static void destroy(private_x509_crl_t *this) static private_x509_crl_t* create_empty(void) { private_x509_crl_t *this = malloc_thing(private_x509_crl_t); - + this->public.crl.get_serial = (chunk_t (*)(crl_t*))get_serial; - this->public.crl.get_authKeyIdentifier = (identification_t* (*)(crl_t*))get_authKeyIdentifier; + this->public.crl.get_authKeyIdentifier = (chunk_t (*)(crl_t*))get_authKeyIdentifier; this->public.crl.create_enumerator = (enumerator_t* (*)(crl_t*))create_enumerator; this->public.crl.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.crl.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer; @@ -592,138 +572,51 @@ static private_x509_crl_t* create_empty(void) this->public.crl.certificate.equals = (bool (*)(certificate_t*, certificate_t *other))equals; this->public.crl.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.crl.certificate.destroy = (void (*)(certificate_t *this))destroy; - + this->encoding = chunk_empty; this->tbsCertList = chunk_empty; this->issuer = NULL; this->crlNumber = chunk_empty; this->revoked = linked_list_create(); - this->authKeyIdentifier = NULL; + this->authKeyIdentifier = chunk_empty; this->authKeySerialNumber = chunk_empty; this->ref = 1; - - return this; -} -/** - * create an X.509 crl from a chunk - */ -static private_x509_crl_t* create_from_chunk(chunk_t chunk) -{ - private_x509_crl_t *this = create_empty(); - - this->encoding = chunk; - if (!parse(this)) - { - destroy(this); - return NULL; - } return this; } /** - * create an X.509 crl from a file + * See header. */ -static private_x509_crl_t* create_from_file(char *path) +x509_crl_t *x509_crl_load(certificate_type_t type, va_list args) { - bool pgp = FALSE; - chunk_t chunk; - private_x509_crl_t *this; - - if (!pem_asn1_load_file(path, NULL, &chunk, &pgp)) - { - return NULL; - } - - this = create_from_chunk(chunk); - - if (this == NULL) - { - DBG1(" could not parse loaded crl file '%s'",path); - return NULL; - } - DBG1(" loaded crl file '%s'", path); - return this; -} + chunk_t blob = chunk_empty; -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for certificate loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded CRL */ - private_x509_crl_t *crl; -}; - -/** - * Implementation of builder_t.build - */ -static private_x509_crl_t *build(private_builder_t *this) -{ - private_x509_crl_t *crl = this->crl; - - free(this); - return crl; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->crl) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { - case BUILD_FROM_FILE: - { - va_start(args, part); - this->crl = create_from_file(va_arg(args, char*)); - va_end(args); - return; - } case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->crl = create_from_chunk(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->crl) + if (blob.ptr) { - destroy(this->crl); - } - builder_cancel(&this->public); -} + private_x509_crl_t *crl = create_empty(); -/** - * Builder construction function - */ -builder_t *x509_crl_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_CRL) - { - return NULL; + crl->encoding = chunk_clone(blob); + if (parse(crl)) + { + return &crl->public; + } + destroy(crl); } - - this = malloc_thing(private_builder_t); - - this->crl = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; -} + return NULL; +}; diff --git a/src/libstrongswan/plugins/x509/x509_crl.h b/src/libstrongswan/plugins/x509/x509_crl.h index daa8e4846..890650162 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.h +++ b/src/libstrongswan/plugins/x509/x509_crl.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ typedef struct x509_crl_t x509_crl_t; +#include <credentials/builder.h> #include <credentials/certificates/crl.h> /** @@ -36,13 +37,13 @@ struct x509_crl_t { crl_t crl; }; - /** - * Create the building facility for x509 certificate revocation lists. + * Load a X.509 CRL. * * @param type certificate type, CERT_X509_CRL only - * @return builder instance to build certificate + * @param args builder_part_t argument list + * @return X.509 CRL, NULL on failure */ -builder_t *x509_crl_builder(certificate_type_t type); +x509_crl_t *x509_crl_load(certificate_type_t type, va_list args); #endif /** X509_CRL_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index 4020d8d95..f86f87751 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2007 Andreas Steffen * Hochschule fuer Technik Rapperswil * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen @@ -39,12 +39,12 @@ struct private_x509_ocsp_request_t { * public functions */ x509_ocsp_request_t public; - + /** * CA the candidates belong to */ x509_t *ca; - + /** * Requestor name, subject of cert used if not set */ @@ -54,56 +54,50 @@ struct private_x509_ocsp_request_t { * Requestor certificate, included in request */ certificate_t *cert; - + /** * Requestor private key to sign request */ private_key_t *key; - + /** * list of certificates to check, x509_t */ linked_list_t *candidates; - + /** * nonce used in request */ chunk_t nonce; - + /** * encoded OCSP request */ chunk_t encoding; - + /** * reference count */ refcount_t ref; }; -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /** * build requestorName @@ -120,7 +114,7 @@ static chunk_t build_requestorName(private_x509_ocsp_request_t *this) return asn1_wrap(ASN1_CONTEXT_C_1, "m", asn1_simple_object(ASN1_CONTEXT_C_4, this->requestor->get_encoding(this->requestor))); - + } return chunk_empty; } @@ -133,7 +127,7 @@ static chunk_t build_Request(private_x509_ocsp_request_t *this, chunk_t serialNumber) { return asn1_wrap(ASN1_SEQUENCE, "m", - asn1_wrap(ASN1_SEQUENCE, "cmmm", + asn1_wrap(ASN1_SEQUENCE, "mmmm", asn1_algorithmIdentifier(OID_SHA1), asn1_simple_object(ASN1_OCTET_STRING, issuerNameHash), asn1_simple_object(ASN1_OCTET_STRING, issuerKeyHash), @@ -151,7 +145,7 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) certificate_t *cert; chunk_t list = chunk_empty; public_key_t *public; - + cert = (certificate_t*)this->ca; public = cert->get_public_key(cert); if (public) @@ -159,23 +153,21 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher) { - identification_t *keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid) + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, + &issuerKeyHash)) { enumerator_t *enumerator; - - issuerKeyHash = keyid->get_encoding(keyid); - + issuer = cert->get_subject(cert); hasher->allocate_hash(hasher, issuer->get_encoding(issuer), &issuerNameHash); hasher->destroy(hasher); - + enumerator = this->candidates->create_enumerator(this->candidates); while (enumerator->enumerate(enumerator, &x509)) { chunk_t request, serialNumber; - + serialNumber = x509->get_serial(x509); request = build_Request(this, issuerNameHash, issuerKeyHash, serialNumber); @@ -204,7 +196,7 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) static chunk_t build_nonce(private_x509_ocsp_request_t *this) { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng) { @@ -232,7 +224,7 @@ static chunk_t build_acceptableResponses(private_x509_ocsp_request_t *this) */ static chunk_t build_requestExtensions(private_x509_ocsp_request_t *this) { - return asn1_wrap(ASN1_CONTEXT_C_2, "m", + return asn1_wrap(ASN1_CONTEXT_C_2, "m", asn1_wrap(ASN1_SEQUENCE, "mm", build_nonce(this), build_acceptableResponses(this))); @@ -258,7 +250,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, int oid; signature_scheme_t scheme; chunk_t certs, signature; - + switch (this->key->get_type(this->key)) { /* TODO: use a generic mapping function */ @@ -268,14 +260,14 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, break; case KEY_ECDSA: oid = OID_ECDSA_WITH_SHA1; - scheme = SIGN_ECDSA_WITH_SHA1; + scheme = SIGN_ECDSA_WITH_SHA1_DER; break; default: DBG1("unable to sign OCSP request, %N signature not supported", key_type_names, this->key->get_type(this->key)); return chunk_empty; } - + if (!this->key->sign(this->key, scheme, tbsRequest, &signature)) { DBG1("creating OCSP signature failed, skipped"); @@ -288,7 +280,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, this->cert->get_encoding(this->cert))); } return asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_SEQUENCE, "cmm", + asn1_wrap(ASN1_SEQUENCE, "cmm", asn1_algorithmIdentifier(oid), asn1_bitstring("m", signature), certs)); @@ -301,7 +293,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, static chunk_t build_OCSPRequest(private_x509_ocsp_request_t *this) { chunk_t tbsRequest, optionalSignature = chunk_empty; - + tbsRequest = build_tbsRequest(this); if (this->key) { @@ -325,7 +317,7 @@ static certificate_type_t get_type(private_x509_ocsp_request_t *this) static identification_t* get_subject(private_x509_ocsp_request_t *this) { certificate_t *ca = (certificate_t*)this->ca; - + if (this->requestor) { return this->requestor; @@ -343,7 +335,7 @@ static identification_t* get_subject(private_x509_ocsp_request_t *this) static identification_t* get_issuer(private_x509_ocsp_request_t *this) { certificate_t *ca = (certificate_t*)this->ca; - + return ca->get_subject(ca); } @@ -363,11 +355,11 @@ static id_match_t has_subject(private_x509_ocsp_request_t *this, match = current->has_subject(current, subject); if (match > best) { - best = match; + best = match; } } enumerator->destroy(enumerator); - return best; + return best; } /** @@ -416,7 +408,7 @@ static bool get_validity(private_x509_ocsp_request_t *this, time_t *when, } return cert->get_validity(cert, when, not_before, not_after); } - + /** * Implementation of certificate_t.get_encoding. */ @@ -432,7 +424,7 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if (this == (private_x509_ocsp_request_t*)other) { return TRUE; @@ -443,7 +435,7 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other) } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -484,7 +476,7 @@ static void destroy(private_x509_ocsp_request_t *this) static private_x509_ocsp_request_t *create_empty() { private_x509_ocsp_request_t *this = malloc_thing(private_x509_ocsp_request_t); - + this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -497,7 +489,7 @@ static private_x509_ocsp_request_t *create_empty() this->public.interface.interface.equals = (bool(*)(certificate_t*, certificate_t *other))equals; this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy; - + this->ca = NULL; this->requestor = NULL; this->cert = NULL; @@ -506,30 +498,60 @@ static private_x509_ocsp_request_t *create_empty() this->encoding = chunk_empty; this->candidates = linked_list_create(); this->ref = 1; - + return this; } -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for certificate loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** OCSP request to build */ - private_x509_ocsp_request_t *req; -}; - -/** - * Implementation of builder_t.build - */ -static x509_ocsp_request_t *build(private_builder_t *this) +x509_ocsp_request_t *x509_ocsp_request_gen(certificate_type_t type, va_list args) { private_x509_ocsp_request_t *req; - - req = this->req; - free(this); + certificate_t *cert; + private_key_t *private; + identification_t *subject; + + req = create_empty(); + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_CA_CERT: + cert = va_arg(args, certificate_t*); + if (cert->get_type(cert) == CERT_X509) + { + req->ca = (x509_t*)cert->get_ref(cert); + } + continue; + case BUILD_CERT: + cert = va_arg(args, certificate_t*); + if (cert->get_type(cert) == CERT_X509) + { + req->candidates->insert_last(req->candidates, + cert->get_ref(cert)); + } + continue; + case BUILD_SIGNING_CERT: + cert = va_arg(args, certificate_t*); + req->cert = cert->get_ref(cert); + continue; + case BUILD_SIGNING_KEY: + private = va_arg(args, private_key_t*); + req->key = private->get_ref(private); + continue; + case BUILD_SUBJECT: + subject = va_arg(args, identification_t*); + req->requestor = subject->clone(subject); + continue; + case BUILD_END: + break; + default: + destroy(req); + return NULL; + } + break; + } if (req->ca) { req->encoding = build_OCSPRequest(req); @@ -539,76 +561,3 @@ static x509_ocsp_request_t *build(private_builder_t *this) return NULL; } -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - va_list args; - certificate_t *cert; - identification_t *subject; - private_key_t *private; - - va_start(args, part); - switch (part) - { - case BUILD_CA_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->req->ca = (x509_t*)cert->get_ref(cert); - } - break; - case BUILD_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->req->candidates->insert_last(this->req->candidates, - cert->get_ref(cert)); - } - break; - case BUILD_SIGNING_CERT: - cert = va_arg(args, certificate_t*); - this->req->cert = cert->get_ref(cert); - break; - case BUILD_SIGNING_KEY: - private = va_arg(args, private_key_t*); - this->req->key = private->get_ref(private); - break; - case BUILD_SUBJECT: - subject = va_arg(args, identification_t*); - this->req->requestor = subject->clone(subject); - break; - default: - /* cancel if option not supported */ - if (this->req) - { - destroy(this->req); - } - builder_cancel(&this->public); - break; - } - va_end(args); -} - -/** - * Builder construction function - */ -builder_t *x509_ocsp_request_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_OCSP_REQUEST) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->req = create_empty(); - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.h b/src/libstrongswan/plugins/x509/x509_ocsp_request.h index ffaa3c634..4c0e4b8f2 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef X509_OCSP_REQUEST_H_ #define X509_OCSP_REQUEST_H_ +#include <credentials/builder.h> #include <credentials/certificates/ocsp_request.h> typedef struct x509_ocsp_request_t x509_ocsp_request_t; @@ -37,7 +38,7 @@ struct x509_ocsp_request_t { }; /** - * Create the building facility for OCSP requests. + * Generate a X.509 OCSP request. * * The resulting builder accepts: * BUILD_CA_CERT: CA of the checked certificates, exactly one @@ -46,9 +47,10 @@ struct x509_ocsp_request_t { * BUILD_SIGNING_CERT: certificate to create requestor signature, optional * BUILD_SIGNING_KEY: private key to create requestor signature, optional * - * @param type certificate type, CERT_X509_OCSP_REQUEST only - * @return builder instance to build OCSP requests + * @param type certificate type, CERT_X509_OCSP_REQUEST only + * @param args builder_part_t argument list + * @return OCSP request, NULL on failure */ -builder_t *x509_ocsp_request_builder(certificate_type_t type); +x509_ocsp_request_t *x509_ocsp_request_gen(certificate_type_t type, va_list args); #endif /** X509_OCSP_REQUEST_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 1b3187258..948d7ad85 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -1,5 +1,5 @@ /** - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2007 Andreas Steffen * Hochschule fuer Technik Rapperswil * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen @@ -45,42 +45,42 @@ struct private_x509_ocsp_response_t { * Public interface for this ocsp object. */ x509_ocsp_response_t public; - + /** * complete encoded OCSP response */ chunk_t encoding; - + /** * data for signature verficiation */ chunk_t tbsResponseData; - + /** * signature algorithm (OID) */ int signatureAlgorithm; - + /** * signature */ chunk_t signature; - + /** * name or keyid of the responder */ identification_t *responderId; - + /** * time of response production */ time_t producedAt; - + /** * latest nextUpdate in this OCSP response */ time_t usableUntil; - + /** * list of included certificates */ @@ -95,7 +95,7 @@ struct private_x509_ocsp_response_t { * Nonce required for ocsp request and response */ chunk_t nonce; - + /** * reference counter */ @@ -130,29 +130,23 @@ typedef struct { #define OCSP_BASIC_RESPONSE_VERSION 1 /* some OCSP specific prefabricated ASN.1 constants */ -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /** * Implementaiton of ocsp_response_t.get_status @@ -167,14 +161,15 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, single_response_t *response; cert_validation_t status = VALIDATION_FAILED; certificate_t *issuercert = &issuer->interface; - + enumerator = this->responses->create_enumerator(this->responses); while (enumerator->enumerate(enumerator, &response)) { hasher_t *hasher; identification_t *id; - chunk_t hash; - + key_encoding_type_t type; + chunk_t hash, fingerprint; + /* check serial first, is cheaper */ if (!chunk_equals(subject->get_serial(subject), response->serialNumber)) { @@ -184,22 +179,23 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, if (response->issuerKeyHash.ptr) { public_key_t *public; - + public = issuercert->get_public_key(issuercert); if (!public) { continue; } switch (response->hashAlgorithm) - { /* TODO: generic mapper function */ + { case OID_SHA1: - id = public->get_id(public, ID_PUBKEY_SHA1); + type = KEY_ID_PUBKEY_SHA1; break; default: public->destroy(public); continue; } - if (!chunk_equals(response->issuerKeyHash, id->get_encoding(id))) + if (!public->get_fingerprint(public, type, &fingerprint) || + !chunk_equals(response->issuerKeyHash, fingerprint)) { public->destroy(public); continue; @@ -209,7 +205,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, /* check issuerNameHash, if available */ else if (response->issuerNameHash.ptr) { - hasher = lib->crypto->create_hasher(lib->crypto, + hasher = lib->crypto->create_hasher(lib->crypto, hasher_algorithm_from_oid(response->hashAlgorithm)); if (!hasher) { @@ -233,7 +229,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, *revocation_reason = response->revocationReason; *this_update = response->thisUpdate; *next_update = response->nextUpdate; - + break; } enumerator->destroy(enumerator); @@ -310,7 +306,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, bool success = FALSE; single_response_t *response; - + response = malloc_thing(single_response_t); response->hashAlgorithm = OID_UNKNOWN; response->issuerNameHash = chunk_empty; @@ -318,7 +314,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, response->serialNumber = chunk_empty; response->status = VALIDATION_FAILED; response->revocationTime = 0; - response->revocationReason = CRL_UNSPECIFIED; + response->revocationReason = CRL_REASON_UNSPECIFIED; response->thisUpdate = UNDEFINED_TIME; /* if nextUpdate is missing, we give it a short lifetime */ response->nextUpdate = this->producedAt + OCSP_DEFAULT_LIFETIME; @@ -357,7 +353,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, { response->revocationReason = *object.ptr; } - break; + break; case SINGLE_RESPONSE_CERT_STATUS_UNKNOWN: response->status = VALIDATION_FAILED; break; @@ -370,7 +366,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, { this->usableUntil = response->nextUpdate; } - break; + break; } } success = parser->success(parser); @@ -400,14 +396,14 @@ static const asn1Object_t responsesObjects[] = { /** * Parse all responses */ -static bool parse_responses(private_x509_ocsp_response_t *this, +static bool parse_responses(private_x509_ocsp_response_t *this, chunk_t blob, int level0) { asn1_parser_t *parser; chunk_t object; int objectID; bool success = FALSE; - + parser = asn1_parser_create(responsesObjects, blob); parser->set_top_level(parser, level0); @@ -484,7 +480,7 @@ static const asn1Object_t basicResponseObjects[] = { /** * Parse a basicOCSPResponse */ -static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, +static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, chunk_t blob, int level0) { asn1_parser_t *parser; @@ -496,7 +492,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, certificate_t *cert; bool success = FALSE; bool critical; - + parser = asn1_parser_create(basicResponseObjects, blob); parser->set_top_level(parser, level0); @@ -525,7 +521,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, break; case BASIC_RESPONSE_ID_BY_KEY: this->responderId = identification_create_from_encoding( - ID_PUBKEY_INFO_SHA1, object); + ID_KEY_ID, object); DBG2(" '%Y'", this->responderId); break; case BASIC_RESPONSE_PRODUCED_AT: @@ -622,15 +618,15 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) case OCSP_RESPONSE_STATUS: status = (ocsp_status_t)*object.ptr; switch (status) - { - case OCSP_SUCCESSFUL: + { + case OCSP_SUCCESSFUL: break; default: DBG1(" ocsp response status: %N", ocsp_status_names, status); goto end; } - break; + break; case OCSP_RESPONSE_TYPE: responseType = asn1_known_oid(object); break; @@ -689,35 +685,33 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + if (issuer->get_type(issuer) != CERT_X509) { return FALSE; } - if (this->responderId->get_type(this->responderId) == ID_DER_ASN1_DN) + if (this->responderId->get_type(this->responderId) == ID_KEY_ID) { - if (!this->responderId->equals(this->responderId, - issuer->get_subject(issuer))) + chunk_t fingerprint; + + key = issuer->get_public_key(issuer); + if (!key || + !key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + !chunk_equals(fingerprint, + this->responderId->get_encoding(this->responderId))) { + DESTROY_IF(key); return FALSE; } + key->destroy(key); } else { - bool equal; - public_key_t *public = issuer->get_public_key(issuer); - - if (public == NULL) + if (!this->responderId->equals(this->responderId, + issuer->get_subject(issuer))) { return FALSE; } - equal = this->responderId->equals(this->responderId, - public->get_id(public, ID_PUBKEY_SHA1)); - public->destroy(public); - if (!equal) - { - return FALSE; - } } if (!(x509->get_flags(x509) & X509_OCSP_SIGNER) && !(x509->get_flags(x509) & X509_CA)) @@ -754,16 +748,8 @@ static public_key_t* get_public_key(private_x509_ocsp_response_t *this) static bool get_validity(private_x509_ocsp_response_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; + time_t t = when ? *when : time(NULL); - if (when == NULL) - { - t = time(NULL); - } - else - { - t = *when; - } if (not_before) { *not_before = this->producedAt; @@ -791,7 +777,7 @@ static bool is_newer(certificate_t *this, certificate_t *that) &that_update, FALSE, new ? "replaced":"retained"); return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -807,7 +793,7 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if (this == (private_x509_ocsp_response_t*)other) { return TRUE; @@ -818,7 +804,7 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other) } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -853,12 +839,12 @@ static void destroy(private_x509_ocsp_response_t *this) /** * load an OCSP response */ -static x509_ocsp_response_t *load(chunk_t data) +static x509_ocsp_response_t *load(chunk_t blob) { private_x509_ocsp_response_t *this; - + this = malloc_thing(private_x509_ocsp_response_t); - + this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer; this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -874,9 +860,9 @@ static x509_ocsp_response_t *load(chunk_t data) this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy; this->public.interface.get_status = (cert_validation_t(*)(ocsp_response_t*, x509_t *subject, x509_t *issuer, time_t *revocation_time,crl_reason_t *revocation_reason,time_t *this_update, time_t *next_update))get_status; this->public.interface.create_cert_enumerator = (enumerator_t*(*)(ocsp_response_t*))create_cert_enumerator; - + this->ref = 1; - this->encoding = data; + this->encoding = chunk_clone(blob); this->tbsResponseData = chunk_empty; this->responderId = NULL; this->producedAt = UNDEFINED_TIME; @@ -895,78 +881,32 @@ static x509_ocsp_response_t *load(chunk_t data) return &this->public; } - -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for certificate loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded response */ - x509_ocsp_response_t *res; -}; - -/** - * Implementation of builder_t.build - */ -static x509_ocsp_response_t *build(private_builder_t *this) +x509_ocsp_response_t *x509_ocsp_response_load(certificate_type_t type, + va_list args) { - x509_ocsp_response_t *res = this->res; - - free(this); - return res; -} + chunk_t blob = chunk_empty; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->res) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->res = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->res) + if (blob.ptr) { - destroy((private_x509_ocsp_response_t*)this->res); + return load(blob); } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *x509_ocsp_response_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_OCSP_RESPONSE) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->res = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + return NULL; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.h b/src/libstrongswan/plugins/x509/x509_ocsp_response.h index 06a9fd3c7..7a525626e 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef X509_OCSP_RESPONSE_H_ #define X509_OCSP_RESPONSE_H_ +#include <credentials/builder.h> #include <credentials/certificates/ocsp_response.h> typedef struct x509_ocsp_response_t x509_ocsp_response_t; @@ -37,11 +38,13 @@ struct x509_ocsp_response_t { }; /** - * Create the building facility for OCSP responses. + * Load a X.509 OCSP response. * * @param type certificate type, CERT_X509_OCSP_RESPONSE only - * @return builder instance to build OCSP responses + * @param args builder_part_t argument list + * @return OCSP response, NULL on failure */ -builder_t *x509_ocsp_response_builder(certificate_type_t type); +x509_ocsp_response_t *x509_ocsp_response_load(certificate_type_t type, + va_list args); #endif /** X509_OCSP_RESPONSE_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c new file mode 100644 index 000000000..6d750c98c --- /dev/null +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -0,0 +1,707 @@ +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Copyright (C) 2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "x509_pkcs10.h" + +#include <library.h> +#include <debug.h> +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> +#include <credentials/keys/private_key.h> +#include <utils/linked_list.h> +#include <utils/identification.h> + +typedef struct private_x509_pkcs10_t private_x509_pkcs10_t; + +/** + * Private data of a x509_pkcs10_t object. + */ +struct private_x509_pkcs10_t { + /** + * Public interface for this certificate. + */ + x509_pkcs10_t public; + + /** + * PKCS#10 certificate request encoding in ASN.1 DER format + */ + chunk_t encoding; + + /** + * PKCS#10 request body over which signature is computed + */ + chunk_t certificationRequestInfo; + + /** + * Version of the PKCS#10 certificate request + */ + u_int version; + + /** + * ID representing the certificate subject + */ + identification_t *subject; + + /** + * List of subjectAltNames as identification_t + */ + linked_list_t *subjectAltNames; + + /** + * certificate's embedded public key + */ + public_key_t *public_key; + + /** + * challenge password + */ + chunk_t challengePassword; + + /** + * Signature algorithm + */ + int algorithm; + + /** + * Signature + */ + chunk_t signature; + + /** + * Is the certificate request self-signed? + */ + bool self_signed; + + /** + * Certificate request parsed from blob/file? + */ + bool parsed; + + /** + * reference count + */ + refcount_t ref; +}; + +/** + * Imported from x509_cert.c + */ +extern void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list); +extern chunk_t x509_build_subjectAltNames(linked_list_t *list); + +/** + * Implementation of certificate_t.get_type. + */ +static certificate_type_t get_type(private_x509_pkcs10_t *this) +{ + return CERT_PKCS10_REQUEST; +} + +/** + * Implementation of certificate_t.get_subject and get_issuer. + */ +static identification_t* get_subject(private_x509_pkcs10_t *this) +{ + return this->subject; +} + +/** + * Implementation of certificate_t.has_subject and has_issuer. + */ +static id_match_t has_subject(private_x509_pkcs10_t *this, identification_t *subject) +{ + return this->subject->matches(this->subject, subject); +} + +/** + * Implementation of certificate_t.issued_by. + */ +static bool issued_by(private_x509_pkcs10_t *this, certificate_t *issuer) +{ + public_key_t *key; + signature_scheme_t scheme; + + if (&this->public.interface.interface != issuer) + { + return FALSE; + } + if (this->self_signed) + { + return TRUE; + } + + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->algorithm); + if (scheme == SIGN_UNKNOWN) + { + return FALSE; + } + + /* get the public key contained in the certificate request */ + key = this->public_key; + if (!key) + { + return FALSE; + } + return key->verify(key, scheme, this->certificationRequestInfo, + this->signature); +} + +/** + * Implementation of certificate_t.get_public_key. + */ +static public_key_t* get_public_key(private_x509_pkcs10_t *this) +{ + this->public_key->get_ref(this->public_key); + return this->public_key; +} + +/** + * Implementation of certificate_t.get_validity. + */ +static bool get_validity(private_x509_pkcs10_t *this, time_t *when, + time_t *not_before, time_t *not_after) +{ + if (not_before) + { + *not_before = 0; + } + if (not_after) + { + *not_after = ~0; + } + return TRUE; +} + +/** + * Implementation of certificate_t.is_newer. + */ +static bool is_newer(certificate_t *this, certificate_t *that) +{ + return FALSE; +} + +/** + * Implementation of certificate_t.get_encoding. + */ +static chunk_t get_encoding(private_x509_pkcs10_t *this) +{ + return chunk_clone(this->encoding); +} + +/** + * Implementation of certificate_t.equals. + */ +static bool equals(private_x509_pkcs10_t *this, certificate_t *other) +{ + chunk_t encoding; + bool equal; + + if (this == (private_x509_pkcs10_t*)other) + { + return TRUE; + } + if (other->get_type(other) != CERT_PKCS10_REQUEST) + { + return FALSE; + } + if (other->equals == (void*)equals) + { /* skip allocation if we have the same implementation */ + return chunk_equals(this->encoding, ((private_x509_pkcs10_t*)other)->encoding); + } + encoding = other->get_encoding(other); + equal = chunk_equals(this->encoding, encoding); + free(encoding.ptr); + return equal; +} + +/** + * Implementation of certificate_t.get_ref + */ +static private_x509_pkcs10_t* get_ref(private_x509_pkcs10_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of certificate_t.get_challengePassword. + */ +static chunk_t get_challengePassword(private_x509_pkcs10_t *this) +{ + return this->challengePassword; +} + +/** + * Implementation of pkcs10_t.create_subjectAltName_enumerator. + */ +static enumerator_t* create_subjectAltName_enumerator(private_x509_pkcs10_t *this) +{ + return this->subjectAltNames->create_enumerator(this->subjectAltNames); +} + +/** + * ASN.1 definition of a PKCS#10 extension request + */ +static const asn1Object_t extensionRequestObjects[] = { + { 0, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "extnID", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 3 */ + { 2, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 4 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 5 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKCS10_EXTN_ID 2 +#define PKCS10_EXTN_CRITICAL 3 +#define PKCS10_EXTN_VALUE 4 + +/** + * Parses a PKCS#10 extension request + */ +static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, int level0) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + int extn_oid = OID_UNKNOWN; + bool success = FALSE; + bool critical; + + parser = asn1_parser_create(extensionRequestObjects, blob); + parser->set_top_level(parser, level0); + + while (parser->iterate(parser, &objectID, &object)) + { + u_int level = parser->get_level(parser)+1; + + switch (objectID) + { + case PKCS10_EXTN_ID: + extn_oid = asn1_known_oid(object); + break; + case PKCS10_EXTN_CRITICAL: + critical = object.len && *object.ptr; + DBG2(" %s", critical ? "TRUE" : "FALSE"); + break; + case PKCS10_EXTN_VALUE: + { + switch (extn_oid) + { + case OID_SUBJECT_ALT_NAME: + x509_parse_generalNames(object, level, FALSE, + this->subjectAltNames); + break; + default: + break; + } + break; + } + default: + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + return success; +} + +/** + * Parses a PKCS#10 challenge password + */ +static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, int level) +{ + char tag; + + if (blob.len < 2) + { + DBG1("L%d - challengePassword: ASN.1 object smaller than 2 octets", + level); + return FALSE; + } + tag = *blob.ptr; + if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING) + { + DBG1("L%d - challengePassword: ASN.1 object is not a character string", + level); + return FALSE; + } + if (asn1_length(&blob) == ASN1_INVALID_LENGTH) + { + DBG1("L%d - challengePassword: ASN.1 object has an invalid length", + level); + return FALSE; + } + DBG2("L%d - challengePassword:", level); + DBG4(" '%.*s'", blob.len, blob.ptr); + return TRUE; +} + +/** + * ASN.1 definition of a PKCS#10 certificate request + */ +static const asn1Object_t certificationRequestObjects[] = { + { 0, "certificationRequest", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "certificationRequestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */
+ { 2, "version", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 3 */ + { 2, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_RAW }, /* 4 */ + { 2, "attributes", ASN1_CONTEXT_C_0, ASN1_LOOP }, /* 5 */ + { 3, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 6 */ + { 4, "type", ASN1_OID, ASN1_BODY }, /* 7 */ + { 4, "values", ASN1_SET, ASN1_LOOP }, /* 8 */ + { 5, "value", ASN1_EOC, ASN1_RAW }, /* 9 */ + { 4, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ + { 2, "end loop", ASN1_EOC, ASN1_END }, /* 11 */ + { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 12 */ + { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 13 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKCS10_CERT_REQUEST_INFO 1 +#define PKCS10_VERSION 2 +#define PKCS10_SUBJECT 3 +#define PKCS10_SUBJECT_PUBLIC_KEY_INFO 4 +#define PKCS10_ATTR_TYPE 7 +#define PKCS10_ATTR_VALUE 9 +#define PKCS10_ALGORITHM 12 +#define PKCS10_SIGNATURE 13 + +/** + * Parses a PKCS#10 certificate request + */ +static bool parse_certificate_request(private_x509_pkcs10_t *this) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + int attr_oid = OID_UNKNOWN; + bool success = FALSE; + + parser = asn1_parser_create(certificationRequestObjects, this->encoding); + + while (parser->iterate(parser, &objectID, &object)) + { + u_int level = parser->get_level(parser)+1; + + switch (objectID) + { + case PKCS10_CERT_REQUEST_INFO: + this->certificationRequestInfo = object; + break; + case PKCS10_VERSION: + if (object.len > 0 && *object.ptr != 0) + { + DBG1("PKCS#10 certificate request format is not version 1"); + goto end; + } + break; + case PKCS10_SUBJECT: + this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); + DBG2(" '%Y'", this->subject); + break; + case PKCS10_SUBJECT_PUBLIC_KEY_INFO: + this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, + KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); + if (this->public_key == NULL) + { + goto end; + } + break; + case PKCS10_ATTR_TYPE: + attr_oid = asn1_known_oid(object); + break; + case PKCS10_ATTR_VALUE: + switch (attr_oid) + { + case OID_EXTENSION_REQUEST: + if (!parse_extension_request(this, object, level)) + { + goto end; + } + break; + case OID_CHALLENGE_PASSWORD: + if (!parse_challengePassword(this, object, level)) + { + goto end; + } + break; + default: + break; + } + break; + case PKCS10_ALGORITHM: + this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); + break; + case PKCS10_SIGNATURE: + this->signature = object; + break; + default: + break; + } + } + success = parser->success(parser); + +end: + parser->destroy(parser); + if (success) + { + /* check if the certificate request is self-signed */ + if (issued_by(this, &this->public.interface.interface)) + { + this->self_signed = TRUE; + } + else + { + DBG1("certificate request is not self-signed"); + success = FALSE; + } + } + return success; +} + +/** + * Implementation of certificate_t.destroy + */ +static void destroy(private_x509_pkcs10_t *this) +{ + if (ref_put(&this->ref)) + { + this->subjectAltNames->destroy_offset(this->subjectAltNames, + offsetof(identification_t, destroy)); + DESTROY_IF(this->subject); + DESTROY_IF(this->public_key); + chunk_free(&this->encoding); + if (!this->parsed) + { /* only parsed certificate requests point these fields to "encoded" */ + chunk_free(&this->certificationRequestInfo); + chunk_free(&this->challengePassword); + chunk_free(&this->signature); + } + free(this); + } +} + +/** + * create an empty but initialized PKCS#10 certificate request + */ +static private_x509_pkcs10_t* create_empty(void) +{ + private_x509_pkcs10_t *this = malloc_thing(private_x509_pkcs10_t); + + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer; + this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; + this->public.interface.get_challengePassword = (chunk_t (*)(pkcs10_t*))get_challengePassword; + this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(pkcs10_t*))create_subjectAltName_enumerator; + + this->encoding = chunk_empty; + this->certificationRequestInfo = chunk_empty; + this->subject = NULL; + this->public_key = NULL; + this->subjectAltNames = linked_list_create(); + this->challengePassword = chunk_empty; + this->signature = chunk_empty; + this->ref = 1; + this->self_signed = FALSE; + this->parsed = FALSE; + + return this; +} + +/** + * Generate and sign a new certificate request + */ +static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key, + int digest_alg) +{ + chunk_t key_info, subjectAltNames, attributes; + chunk_t extensionRequest = chunk_empty; + chunk_t challengePassword = chunk_empty; + signature_scheme_t scheme; + identification_t *subject; + + subject = cert->subject; + cert->public_key = sign_key->get_public_key(sign_key); + + /* select signature scheme */ + cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key)); + if (cert->algorithm == OID_UNKNOWN) + { + return FALSE; + } + scheme = signature_scheme_from_oid(cert->algorithm); + + if (!cert->public_key->get_encoding(cert->public_key, + KEY_PUB_SPKI_ASN1_DER, &key_info)) + { + return FALSE; + } + + /* encode subjectAltNames */ + subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); + + if (subjectAltNames.ptr) + { + extensionRequest = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EXTENSION_REQUEST), + asn1_wrap(ASN1_SET, "m", + asn1_wrap(ASN1_SEQUENCE, "m", subjectAltNames) + )); + } + if (cert->challengePassword.len > 0) + { + asn1_t type = asn1_is_printablestring(cert->challengePassword) ? + ASN1_PRINTABLESTRING : ASN1_T61STRING; + + challengePassword = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_CHALLENGE_PASSWORD), + asn1_wrap(ASN1_SET, "m", + asn1_simple_object(type, cert->challengePassword) + ) + ); + } + attributes = asn1_wrap(ASN1_CONTEXT_C_0, "mm", extensionRequest, + challengePassword); + + cert->certificationRequestInfo = asn1_wrap(ASN1_SEQUENCE, "ccmm", + ASN1_INTEGER_0, + subject->get_encoding(subject), + key_info, + attributes); + + if (!sign_key->sign(sign_key, scheme, cert->certificationRequestInfo, + &cert->signature)) + { + return FALSE; + } + + cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", + cert->certificationRequestInfo, + asn1_algorithmIdentifier(cert->algorithm), + asn1_bitstring("c", cert->signature)); + return TRUE; +} + +/** + * See header. + */ +x509_pkcs10_t *x509_pkcs10_load(certificate_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (blob.ptr) + { + private_x509_pkcs10_t *cert = create_empty(); + + cert->encoding = chunk_clone(blob); + cert->parsed = TRUE; + if (parse_certificate_request(cert)) + { + return &cert->public; + } + destroy(cert); + } + return NULL; +} + +/** + * See header. + */ +x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args) +{ + private_x509_pkcs10_t *cert; + private_key_t *sign_key = NULL; + hash_algorithm_t digest_alg = HASH_SHA1; + + cert = create_empty(); + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_SIGNING_KEY: + sign_key = va_arg(args, private_key_t*); + continue; + case BUILD_SUBJECT: + cert->subject = va_arg(args, identification_t*); + cert->subject = cert->subject->clone(cert->subject); + continue; + case BUILD_SUBJECT_ALTNAMES: + { + enumerator_t *enumerator; + identification_t *id; + linked_list_t *list; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &id)) + { + cert->subjectAltNames->insert_last(cert->subjectAltNames, + id->clone(id)); + } + enumerator->destroy(enumerator); + continue; + } + case BUILD_PASSPHRASE: + cert->challengePassword = chunk_clone(va_arg(args, chunk_t)); + continue; + case BUILD_DIGEST_ALG: + digest_alg = va_arg(args, int); + continue; + case BUILD_END: + break; + default: + destroy(cert); + return NULL; + } + break; + } + + if (sign_key && generate(cert, sign_key, digest_alg)) + { + return &cert->public; + } + destroy(cert); + return NULL; +} + diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.h b/src/libstrongswan/plugins/x509/x509_pkcs10.h new file mode 100644 index 000000000..f9490b1dc --- /dev/null +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Copyright (C) 2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup x509_pkcs10 x509_pkcs10 + * @{ @ingroup x509_p + */ + +#ifndef X509_PKCS10_H_ +#define X509_PKCS10_H_ + +typedef struct x509_pkcs10_t x509_pkcs10_t; + +#include <credentials/builder.h> +#include <credentials/certificates/pkcs10.h> + +/** + * Implementation of pkcs10_t/certificate_t using own ASN.1 parser. + */ +struct x509_pkcs10_t { + + /** + * Implements the pkcs10_t interface + */ + pkcs10_t interface; +}; + +/** + * Load a PKCS#10 certificate. + * + * This function takes a BUILD_BLOB_ASN1_DER. + * + * @param type certificate type, CERT_PKCS10_REQUEST only + * @param args builder_part_t argument list + * @return PKCS#10 certificate request, NULL on failure + */ +x509_pkcs10_t *x509_pkcs10_load(certificate_type_t type, va_list args); + +/** + * Generate a PKCS#10 certificate request. + * + * To issue a self-signed certificate request, the function takes: + * BUILD_SUBJECT, BUILD_SUBJECT_ALTNAMES, BUILD_SIGNING_KEY, BUILD_DIGEST_ALG. + * + * @param type certificate type, CERT_PKCS10_REQUEST only + * @param args builder_part_t argument list + * @return PKCS#10 certificate request, NULL on failure + */ +x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args); + +#endif /** X509_PKCS10_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index 9ed7f95bd..94c49b1e1 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #include "x509_crl.h" #include "x509_ocsp_request.h" #include "x509_ocsp_response.h" +#include "x509_pkcs10.h" typedef struct private_x509_plugin_t private_x509_plugin_t; @@ -41,15 +42,23 @@ struct private_x509_plugin_t { static void destroy(private_x509_plugin_t *this) { lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_cert_builder); + (builder_function_t)x509_cert_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_ac_builder); + (builder_function_t)x509_cert_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_crl_builder); + (builder_function_t)x509_ac_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_ocsp_request_builder); + (builder_function_t)x509_ac_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_ocsp_response_builder); + (builder_function_t)x509_crl_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_ocsp_request_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_ocsp_response_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_pkcs10_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_pkcs10_load); free(this); } @@ -59,19 +68,27 @@ static void destroy(private_x509_plugin_t *this) plugin_t *plugin_create() { private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, - (builder_constructor_t)x509_cert_builder); + (builder_function_t)x509_cert_gen); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + (builder_function_t)x509_cert_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + (builder_function_t)x509_ac_gen); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, - (builder_constructor_t)x509_ac_builder); + (builder_function_t)x509_ac_load); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, - (builder_constructor_t)x509_crl_builder); + (builder_function_t)x509_crl_load); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, - (builder_constructor_t)x509_ocsp_request_builder); + (builder_function_t)x509_ocsp_request_gen); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, - (builder_constructor_t)x509_ocsp_response_builder); + (builder_function_t)x509_ocsp_response_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + (builder_function_t)x509_pkcs10_gen); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + (builder_function_t)x509_pkcs10_load); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 1d4e39586..3720aeaeb 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/xcbc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_xcbc_la_LIBADD = am_libstrongswan_xcbc_la_OBJECTS = xcbc_plugin.lo xcbc.lo xcbc_prf.lo \ @@ -59,6 +83,7 @@ libstrongswan_xcbc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index dd63af005..b9f03eeac 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -23,7 +23,7 @@ typedef struct private_xcbc_t private_xcbc_t; /** * Private data of a xcbc_t object. - * + * * The variable names are the same as in the RFC. */ struct private_xcbc_t { @@ -31,42 +31,42 @@ struct private_xcbc_t { * Public xcbc_t interface. */ xcbc_t xcbc; - + /** * Block size, in bytes */ u_int8_t b; - + /** * crypter using k1 */ crypter_t *k1; - + /** * k2 */ u_int8_t *k2; - + /** * k3 */ u_int8_t *k3; - + /** * E */ u_int8_t *e; - + /** * remaining, unprocessed bytes in append mode */ u_int8_t *remaining; - + /** * number of bytes in remaining */ int remaining_bytes; - + /** * TRUE if we have zero bytes to xcbc in final() */ @@ -79,34 +79,34 @@ struct private_xcbc_t { static void update(private_xcbc_t *this, chunk_t data) { chunk_t iv; - + if (data.len) { this->zero = FALSE; } - + if (this->remaining_bytes + data.len <= this->b) { /* no complete block, just copy into remaining */ memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len); this->remaining_bytes += data.len; return; } - + iv = chunk_alloca(this->b); memset(iv.ptr, 0, iv.len); - + /* (3) For each block M[i], where i = 1 ... n-1: * XOR M[i] with E[i-1], then encrypt the result with Key K1, * yielding E[i]. */ - + /* append data to remaining bytes, process block M[1] */ memcpy(this->remaining + this->remaining_bytes, data.ptr, this->b - this->remaining_bytes); data = chunk_skip(data, this->b - this->remaining_bytes); memxor(this->e, this->remaining, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); - + /* process blocks M[2] ... M[n-1] */ while (data.len > this->b) { @@ -115,7 +115,7 @@ static void update(private_xcbc_t *this, chunk_t data) memxor(this->e, this->remaining, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); } - + /* store remaining bytes of block M[n] */ memcpy(this->remaining, data.ptr, data.len); this->remaining_bytes = data.len; @@ -127,10 +127,10 @@ static void update(private_xcbc_t *this, chunk_t data) static void final(private_xcbc_t *this, u_int8_t *out) { chunk_t iv; - + iv = chunk_alloca(this->b); memset(iv.ptr, 0, iv.len); - + /* (4) For block M[n]: */ if (this->remaining_bytes == this->b && !this->zero) { @@ -165,9 +165,9 @@ static void final(private_xcbc_t *this, u_int8_t *out) memxor(this->e, this->k3, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); } - + memcpy(out, this->e, this->b); - + /* (2) Define E[0] = 0x00000000000000000000000000000000 */ memset(this->e, 0, this->b); this->remaining_bytes = 0; @@ -181,13 +181,13 @@ static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out) { /* update E, do not process last block */ update(this, data); - + if (out) { /* if not in append mode, process last block and output result */ final(this, out); } } - + /** * Implementation of xcbc_t.get_block_size. */ @@ -225,8 +225,8 @@ static void set_key(private_xcbc_t *this, chunk_t key) k1 = chunk_alloca(this->b); iv = chunk_alloca(this->b); memset(iv.ptr, 0, iv.len); - - /* + + /* * (1) Derive 3 128-bit keys (K1, K2 and K3) from the 128-bit secret * key K, as follows: * K1 = 0x01010101010101010101010101010101 encrypted with Key K @@ -263,7 +263,7 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) { private_xcbc_t *this; crypter_t *crypter; - + crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) { @@ -275,13 +275,13 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) crypter->destroy(crypter); return NULL; } - + this = malloc_thing(private_xcbc_t); this->xcbc.get_mac = (void (*)(xcbc_t *,chunk_t,u_int8_t*))get_mac; this->xcbc.get_block_size = (size_t (*)(xcbc_t *))get_block_size; this->xcbc.set_key = (void (*)(xcbc_t *,chunk_t))set_key; this->xcbc.destroy = (void (*)(xcbc_t *))destroy; - + this->b = crypter->get_block_size(crypter); this->k1 = crypter; this->k2 = malloc(this->b); diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h index a334c675b..f28e0b8e0 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.h +++ b/src/libstrongswan/plugins/xcbc/xcbc.h @@ -32,34 +32,34 @@ typedef struct xcbc_t xcbc_t; * described in RFC3566. */ struct xcbc_t { - + /** * Generate message authentication code. - * + * * If buffer is NULL, no result is given back. A next call will - * append the data to already supplied data. If buffer is not NULL, + * append the data to already supplied data. If buffer is not NULL, * the mac of all apended data is calculated, returned and the * state of the xcbc_t is reseted. - * + * * @param data chunk of data to authenticate * @param buffer pointer where the generated bytes will be written */ void (*get_mac) (xcbc_t *this, chunk_t data, u_int8_t *buffer); - + /** * Get the block size of this xcbc_t object. - * + * * @return block size in bytes */ size_t (*get_block_size) (xcbc_t *this); - + /** * Set the key for this xcbc_t object. - * + * * @param key key to set */ void (*set_key) (xcbc_t *this, chunk_t key); - + /** * Destroys a xcbc_t object. */ @@ -68,7 +68,7 @@ struct xcbc_t { /** * Creates a new xcbc_t object. - * + * * @param algo underlying crypto algorithm * @param key_size key size to use, if required for algorithm * @return xcbc_t object, NULL if not supported diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 25f59c650..3eb7f0927 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -50,12 +50,12 @@ static void destroy(private_xcbc_plugin_t *this) plugin_t *plugin_create() { private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, + + lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, + lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, (signer_constructor_t)xcbc_signer_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c index a90f2d44f..2459dc616 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c @@ -27,8 +27,8 @@ struct private_xcbc_prf_t { /** * Public xcbc_prf_t interface. */ - xcbc_prf_t public; - + xcbc_prf_t public; + /** * xcbc to use for generation. */ @@ -100,7 +100,7 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo) { private_xcbc_prf_t *this; xcbc_t *xcbc; - + switch (algo) { case PRF_AES128_XCBC: @@ -113,17 +113,17 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo) { return NULL; } - + this = malloc_thing(private_xcbc_prf_t); this->xcbc = xcbc; - + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h index bbf5b972a..d2db9af41 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h @@ -27,12 +27,12 @@ typedef struct xcbc_prf_t xcbc_prf_t; /** * Implementation of prf_t on CBC block cipher using XCBC, RFC3664/RFC4434. - * + * * This simply wraps a xcbc_t in a prf_t. More a question of * interface matching. */ struct xcbc_prf_t { - + /** * Generic prf_t interface for this xcbc_prf_t class. */ @@ -41,7 +41,7 @@ struct xcbc_prf_t { /** * Creates a new xcbc_prf_t object. - * + * * @param algo algorithm to implement * @return xcbc_prf_t object, NULL if hash not supported */ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c index b394bb251..1c98d39d7 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c @@ -29,12 +29,12 @@ struct private_xcbc_signer_t { * Public interface of xcbc_signer_t. */ xcbc_signer_t public; - + /** * Assigned xcbc function. */ xcbc_t *xcbc; - + /** * Block size (truncation of XCBC MAC) */ @@ -54,7 +54,7 @@ static void get_signature(private_xcbc_signer_t *this, else { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; - + this->xcbc->get_mac(this->xcbc, data, mac); memcpy(buffer, mac, this->block_size); } @@ -73,12 +73,12 @@ static void allocate_signature (private_xcbc_signer_t *this, else { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; - + this->xcbc->get_mac(this->xcbc, data, mac); chunk->ptr = malloc(this->block_size); chunk->len = this->block_size; - + memcpy(chunk->ptr, mac, this->block_size); } } @@ -90,12 +90,12 @@ static bool verify_signature(private_xcbc_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; - + if (signature.len != this->block_size) { return FALSE; } - + this->xcbc->get_mac(this->xcbc, data, mac); return memeq(signature.ptr, mac, this->block_size); } @@ -142,7 +142,7 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) private_xcbc_signer_t *this; size_t trunc; xcbc_t *xcbc; - + switch (algo) { case AUTH_AES_XCBC_96: @@ -156,11 +156,11 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) { return NULL; } - + this = malloc_thing(private_xcbc_signer_t); this->xcbc = xcbc; this->block_size = min(trunc, xcbc->get_block_size(xcbc)); - + /* interface functions */ this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; @@ -169,7 +169,7 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h index dc0087392..181cfe299 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h @@ -29,7 +29,7 @@ typedef struct xcbc_signer_t xcbc_signer_t; * Implementation of signer_t based on CBC symmetric cypher. XCBC, RFC3566. */ struct xcbc_signer_t { - + /** * generic signer_t interface for this signer */ |